Terraform at Decathlon: from on-prem to 100% cloud
From a full on-prem infra and Terraform OSS, Decathlon decided to move to Terraform Enterprise to leverage security, team-related features, and to speed up their cloud journey.
Speaker: Vincent Logeon
For more information on this use case, read our Decathlon case study.
» Transcript
Hello, everybody. My name is Vincent Logeon. I've been an engineer at Decathlon for nine years. Currently I'm the project owner of Terraform Enterprise.
We administrate the solution with two coworkers and have a Level 2 engineer dedicated to support.
In this talk, Ie will start by speaking about the Decathlon context, our current usage of cloud providers, and the migration to public cloud. Second, why we chose Terraform: the reasons, the cons of the previous solution, and the pros of the usage of Terraform for Decathlon. In the third part, I will cover our usage of Terraform for Decathlon developers. And finally, I will speak about the key indicators of the presentation.
» Going All-Cloud
Regarding the Decathlon context, we started our journey with cloud a few years ago. We began with Amazon Web Services (AWS) and Terraform open source. During this time, as at other companies, some resources were hosted on-premises and some in the cloud. Historically, we have many owned on-premises datacenters in Europe and Asia to host our solutions.
In 2018, a big project was launched, to host 100% of our infrastructure in the cloud.
To reach this target, we used additional cloud service providers (CSPs), Google Cloud and Microsoft Azure, to perform this big step to our digital transformation.
We use it in different locations, such as Europe, Singapore, China, and the United States. We switched the Asian datacenters from on-premises to Azure and AWS in China in 2020. And, in 2021, we switched the European datacenters from on-premises to Google Cloud and AWS.
Today, we are proud to announce that 100% of our solutions are hosted on the public cloud. In addition to AWS, Google Cloud, and Azure, we are implementing Alibaba Cloud. Yandex will come in a second phase.
» Terraform's Role
Before Terraform Enterprise was implemented, we used a web interface and deployment tooling. It was a custom interface developed in the Symfony PHP framework, to provision a virtual machine on the cloud or on-premises. For AWS, we use CloudFormation, and for on-premises, a homemade tool.
It was a good deal at the time. It allowed our users to provision new resources on the cloud. But, after the provisioning, the user was in charge to complete change orders, to register the new resources in Decathlon's ecosystem.
» Cons of the Old Solution
For technical teams, it was a rush to deliver a virtual machine, and manual actions are a source of errors. And with those old solutions, when a user wanted to upgrade the compute, a new change order was requested. The user was not autonomous to perform changes. (Today, it's very simple for us.) The last drawback was to maintain multi-solutions, so that the operational team had to use and maintain two different tools. I asked the team for some feedback. The first concerns were maintenance and the support. They were not autonomous to update infrastructure, and automatic removal was not possible. Regarding our ops engineer feedback, the human mistakes due to the usage of forms, and just the compute was covered.
» The Pros of Using Terraform Enterprise
Now, I will speak about the promises of Terraform Enterprise implementation and the pros.
The promises were for us enabling self-service infrastructure deployment for over 500 developers, accelerating delivery of new projects, and customer experience across brands. And, finally, integrating core systems into a single infrastructure as code solutions.
The pros were states, the ability to perform rollbacks, more possibilities to perform GRP, and a friendly web interface for non-developers users. All the cons of the old solution became advantages with Terraform Enterprise. That's confirmed by our user feedback regarding the pros of Terraform Enterprise. For us, there was autonomy, from provisioning to removing. It's easy to update infrastructure, thanks to Terraform Stack.
For ops engineers, the user autonomy in case of error, and more possibilities offered by Terraform Enterprise to consume other services such as S3, load balancers, etc., and not just VMs.
Now, we can assume that we have a standard solution, and add the benefits of HashiCorp reports and the community help. This is the main added value of the usage of Terraform Enterprise.
Moreover, Terraform aims to incorporate more automated infrastructure deployment processes, turning the IT team's focus from operational tasks to development-orientated work.
It's a more efficient and effective way to manage disparate teams and brands worldwide.
Unlike a company-produced ticket-based infrastructure development system, Terraform is cloud-agnostic. It enables individual brands' developers to provision their own resources, faster than ever, by reusing encrypted access to scale resources across any cloud environment.
I have other feedback regarding the usage and adoption of Terraform Enterprise. Terraform enables developers to automatically build infrastructure in completely new ways that ensure testing, staging, and protection are well aligned.
Operational engineering also noted that each team can develop their own Terraform modules and share them across teams for better collaboration, with transparency and faster deployment of essential resources for everyone in every market.
Terraform Enterprise has been vital for the company and helps us to accelerate its infrastructure deployment by automating operational tasks, such as workspace backups. Additionally, the workflow allows for code reviews and approval workflow to minimize the impact of errors that may delay deployment.
For us, it's a big change in the daily activities of the teams. Terraform workspaces enable Decathlon developers to work across cloud providers and teams, and the environment is a single pane of glass. Teams can leverage the solutions and the built-in version control system (VCS) to automatically validate configuration changes for greater accuracy, fewer mistakes, and faster deployment.
Globally, all Terraform features, such as built-in automation, VCS, and teams management, allow IT teams to focus on business-related work.
» Training the Teams
Regarding Terraform adoption in Decathlon, in order to add to growth in our knowledge of Terraform and Terraform Enterprise, we proposed some training for our users, our developers. The training was open for internal and external resources, and all teams were invited to perform those courses.
The basic course helped us to start to use Terraform open source. The advanced course helped IT users to build resources, work on Terraform modules, and use Terraform Enterprise in Decathlon context. Regarding our context, we can talk about our "All in One" module.
The "All in One" module is a module deployed on one stack to integrate resources in the Decathlon ecosystem. We use custom providers or in-house providers to do this stuff.
I have an example: When a user needs to build something, for example, on Google Cloud, the user takes the "All in One" version. The cloud has variables to target the cloud providers.
The resource will be registered in an ecosystem, like the configuration management, the DNS, the bastion, anti-malware, the asset management, or the monitoring solution. We use in-house providers because our IPs are not published. Those providers are developed by internal resources. We use GitHub.
And we can note that we have 2,400 workspaces split in different organizations. We try to manage the complexity with Terraform administrators, to provide more simplicity to our users.
For advanced users, it's possible to share a module to benefit all the people in Decathlon. I have some examples: Google Cloud, GKE cluster, cloud storage, Redis, cloud SQL, load balancer.
» Next Steps
Now, I will speak regarding our project for 2022. We wish to implement the "Active/Active" module to increase the availability of Terraform Enterprise for our users. And we wish to use the Private Provider Registry to ease access to our in-house providers, not published externally.
Finally, I want to focus on the main added value for Decathlon users regarding the Decathlon achievements. We can note that we have 100% of our infrastructure hosted in public cloud.
We increased the security level of the company, and we reduced the time to market. And for our users, we provide a friendly web interface for non-developers. We minimize the code error and reduce the deployment delay. And we provide a catalog that covers the main needs, and our most experienced users participate in this offer.
Thank you.