We develop rapidly with docker-compose orchestrated services, however, for production - we utilise the very best ideas that Kubernetes has to offer: SCALE! We can scale when needed, setting a maximum and minimum level of nodes for each application layer - scaling only when the load balancer needs it. This allowed us to reduce our devops costs by 40% whilst also maintaining an SLA of 99.87%.

Ok, so first - AWS Copilot is CloudFormation under the hood, but the way it works results in you not thinking about CFN anymore. AWS found the right balance with Copilot - it's insanely simple to setup production-ready multi-account environment with many services inside, with CI/CD out of the box etc etc. It's pretty new, but even now it was enough to launch Transcripto, which uses may be a dozen of different AWS services, all bound together by Copilot.

Because Pulumi uses real programming languages, you can actually write abstractions for your infrastructure code, which is incredibly empowering. You still 'describe' your desired state, but by having a programming language at your fingers, you can factor out patterns, and package it up for easier consumption.

Our whole DevOps stack consists of the following tools:

• GitHub (incl. GitHub Pages/Markdown for Documentation, GettingStarted and HowTo's) for collaborative review and code management tool
• Respectively Git as revision control system
• SourceTree as Git GUI
• Visual Studio Code as IDE
• CircleCI for continuous integration (automatize development process)
• Prettier / TSLint / ESLint as code linter
• SonarQube as quality gate
• Docker as container management (incl. Docker Compose for multi-container application management)
• VirtualBox for operating system simulation tests
• Kubernetes as cluster management for docker containers
• Heroku for deploying in test environments
• nginx as web server (preferably used as facade server in production environment)
• SSLMate (using OpenSSL) for certificate management
• Amazon EC2 (incl. Amazon S3) for deploying in stage (production-like) and production environments
• PostgreSQL as preferred database system
• Redis as preferred in-memory database/store (great for caching)

The main reason we have chosen Kubernetes over Docker Swarm is related to the following artifacts:

• Key features: Easy and flexible installation, Clear dashboard, Great scaling operations, Monitoring is an integral part, Great load balancing concepts, Monitors the condition and ensures compensation in the event of failure.
• Applications: An application can be deployed using a combination of pods, deployments, and services (or micro-services).
• Functionality: Kubernetes as a complex installation and setup process, but it not as limited as Docker Swarm.
• Monitoring: It supports multiple versions of logging and monitoring when the services are deployed within the cluster (Elasticsearch/Kibana (ELK), Heapster/Grafana, Sysdig cloud integration).
• Scalability: All-in-one framework for distributed systems.
• Other Benefits: Kubernetes is backed by the Cloud Native Computing Foundation (CNCF), huge community among container orchestration tools, it is an open source and modular tool that works with any OS.

We use Terraform to manage AWS cloud environment for the project. It is pretty complex, largely static, security-focused, and constantly evolving.

Terraform provides descriptive (declarative) way of defining the target configuration, where it can work out the dependencies between configuration elements and apply differences without re-provisioning the entire cloud stack.

Terraform is vendor-neutral in a way that it is using a common configuration language (HCL) with plugins (providers) for multiple cloud and service providers.

Terraform keeps track of the previous state of the deployment and applies incremental changes, resulting in faster deployment times.

Terraform allows us to share reusable modules between projects. We have built an impressive library of modules internally, which makes it very easy to assemble a new project from pre-fabricated building blocks.

Software is imperfect, and Terraform is no exception. Occasionally we hit annoying bugs that we have to work around. The interaction with any underlying APIs is encapsulated inside 3rd party Terraform providers, and any bug fixes or new features require a provider release. Some providers have very poor coverage of the underlying APIs.

Terraform is not great for managing highly dynamic parts of cloud environments. That part is better delegated to other tools or scripts.

Terraform state may go out of sync with the target environment or with the source configuration, which often results in painful reconciliation.

I personally am not a huge fan of vendor lock in for multiple reasons:

• I've seen cost saving moves to the cloud end up costing a fortune and trapping companies due to over utilization of cloud specific features.
• I've seen S3 failures nearly take down half the internet.
• I've seen companies get stuck in the cloud because they aren't built cloud agnostic.

I choose to use terraform for my cloud provisioning for these reasons:

• It's cloud agnostic so I can use it no matter where I am.
• It isn't difficult to use and uses a relatively easy to read language.
• It tests infrastructure before running it, and enables me to see and keep changes up to date.
• It runs from the same CLI I do most of my CM work from.