This is a good question so I’ll broadcast my thoughts here in case people want to have a separate discussion. I generally advise people to:
•
Group resources prioritized by (1) risk class, and (2) commonality. For example, the managed compute/storage/networking goes into one stack (or one set of stacks) and app code goes into another stack. This means primarily that app team does not have permissions to nuke the prod DB,
etc., which is good.
•
Try to share low-level infrastructure, but don’t try too hard. The lower level you go, the less portable your code will be between environments. For example, you will have a
completely different ingress stack in prod and staging — it is not necessary (or in some cases, possible) to completely replicate that. Classically this applies to AWS resources, but it also applies to low-level k8s resources, too. Stuff like
Ingress
, persistent volume storage classes,
etc.
•
Try hard to share app-level code between environments. Apps resources like
Deployment
should have a “portable core” that can be deployed in a variety of places, hooking up to a variety of infrastructure. If it’s not portable you will probably cause yourself pain later.