· Cloud · 2 min read
Converting an existing stack to Terraform and Kubernetes
An incremental approach to Infrastructure as Code without breaking production.
Converting a live stack to Terraform and Kubernetes is a control problem, not a tooling problem. The goal is to make infrastructure repeatable and auditable without taking production down. The safest approach is incremental and measured.
Start by capturing a baseline of your current infrastructure. Document network layout, identity structure, storage, and security groups. These are the hardest to change later. Decide which resources must be managed by code and which can remain managed outside for now. This clarity prevents scope creep.
Import and map before refactor
Create a resource map between existing infrastructure and your planned modules. Use import tooling to pull current resources into state. Avoid refactors until you can reproduce the current state with code. The first milestone is not a cleaner design. It is a faithful representation of reality.
Once the baseline is stable, move in slices. Convert one service end to end, validate in staging, and release to production. Then move the next service. This reduces risk and makes rollback clearer. Track drift regularly and pause if drift grows. Drift is a signal that the system is not under control.
Treat the conversion as a program of changes, not a single change. Limit parallel work so the team can focus on a clean audit trail. Use a short change log and link it to the runbook for deployment.
Continuous validation
Add drift detection and a clear review process for infrastructure changes. Ensure code reviews include cost and security implications. Keep a simple change log so teams know what changed and why.
Document operational ownership for each module and service. If a resource is managed by code, the owners should know who approves changes. This avoids last minute blockers during releases.
IaC conversion succeeds when the focus is control and repeatability. A slow, disciplined rollout beats a fast and fragile one every time.
Treat state files as production assets. Back them up, restrict access, and document recovery steps. A lost or corrupted state file can create more downtime than a failed deployment.
Plan the interface between Terraform and Kubernetes carefully. Decide what is provisioned by Terraform and what is managed by Kubernetes controllers. Overlapping ownership leads to drift and hidden conflicts.
Keep module design boring. Avoid deep abstraction at the start. A plain module that maps to one service is easier to review, test, and maintain during a migration program.
