Core Track Guardrails-first chapter in core learning path.

Estimated Time

  • Reading: 20-25 min
  • Lab: 45-60 min
  • Quiz: 10-15 min

Prerequisites

Source Code References

  • .pre-commit-config.yaml Members
  • main.tf Members

Sign in to view source code.

What You Will Produce

A reproducible lab result plus quiz verification and incident-safe operating evidence.

Core Exercises (Required)

  1. Drift Detection: Manually change a label on a Kubernetes namespace using kubectl and run terraform plan. Observe how Terraform detects the drift.
  2. Review a Plan: Generate a plan for the kind_cluster and identify every resource that Terraform proposes to create or modify.
  3. Trigger a Lock: Open two terminal windows and try to run terraform plan at the exact same time. Document the behavior of the state lock.

Challenge Exercise (Optional)

Drift Remediation Without the Playbook: Introduce intentional configuration drift in your Kind cluster by manually editing a resource label. Then write a complete remediation plan using only Terraform commands, without consulting the drift playbook.

Done When

You have completed this chapter when:

  • You can explain and demonstrate the plan -> review -> apply workflow.
  • You have successfully provisioned a 3-node Kind cluster using Terraform.
  • You can identify infrastructure drift and explain the reconciliation path.
  • You understand the “deny-by-default” policy for destructive actions.

Knowledge Check

Before finishing this chapter, complete the Quiz to verify your understanding of the guardrail principles.