Ce diaporama a bien été signalé.
Nous utilisons votre profil LinkedIn et vos données d’activité pour vous proposer des publicités personnalisées et pertinentes. Vous pouvez changer vos préférences de publicités à tout moment.

Terraform modules and best-practices - September 2018

2 686 vues

Publié le

Slides for my "Terraform modules and best-practices" talk on meetups during September 2018.

Some links from the slides:

Publié dans : Technologie
  • Soyez le premier à commenter

Terraform modules and best-practices - September 2018

  1. 1. Terraform, modules and more by Anton Babenko September 2018
  2. 2. Agenda • Introduction • Frequent Terraform Questions • Terraform Modules • Q&A • Bar/coffee talk
  3. 3. Anton Babenko Terraform AWS fanatic Organise {HashiСorp, AWS, DevOps} User Groups in Norway DevOpsDays Oslo (29-30th October 2018) I 💚 open-source — github.com/antonbabenko • terraform-community-modules + terraform-aws-modules • antonbabenko/terrapin — Terraform modules generator • antonbabenko/pre-commit-terraform — make your configurations nicer • antonbabenko/modules.tf-lambda — from visual diagram to Terraform • antonbabenko/terraform-best-practices twitter.com/antonbabenko linkedin.com/in/antonbabenko medium.com/@anton.babenko
  4. 4. October 22-24, 2018 | San Francisco Use the code HUG-COM20TK1 for 20% off your General Admission ticket
  5. 5. Application Delivery with HashiCorp https://www.hashicorp.com/resources/application-delivery-hashicorp Write Test Package Provision Deploy Connect Secure
  6. 6. Write, plan, and create infrastructure as code www.terraform.io
  7. 7. Google Cloud Deployment Manager Azure Resource Manager
  8. 8. Write, plan, and create infrastructure as code www.terraform.io
  9. 9. Plus100+moreproviders Write, plan, and create infrastructure as code www.terraform.io
  10. 10. Why Terraform and not AWS CloudFormation, Azure ARM, Google Cloud Deployment Manager? • Terraform manages 100+ providers, has easier syntax (HCL), has native support for modules and remote states, has teamwork related features, is an open-source project. • Provides a high-level abstraction of infrastructure (IaC) • Allows for composition and combination • Supports parallel management of resources (graph, fast) • Separates planning from execution (dry-run)
  11. 11. Terraform’s Goals • Unify the view of resources using infrastructure as code • Support the modern data center (IaaS, PaaS, SaaS) • Expose a way for individuals and teams to safely and predictably change infrastructure • Provide a workflow that is technology agnostic • Manage anything with an API
  12. 12. Terraform — is a universal tool to manage anything that has an API • GSuite resources • Dropbox user files • New Relic alerts • Datadog users, monitors • Jira issues • See All Terraform providers
  13. 13. What are the tools/solutions out there? • Terraform Registry (https://registry.terraform.io/) — collection of public Terraform modules for common infrastructure configurations for any provider. • Terraform linter to detect errors that can not be detected by `terraform plan` — https://github.com/wata727/tflint • Terraform version manager — https://github.com/kamatama41/tfenv • A web dashboard to inspect Terraform States — https://github.com/camptocamp/ terraboard • Jsonnet — The data templating language — http://jsonnet.org
  14. 14. Atlantis — Start working on Terraform as a team A unified workflow for collaborating on Terraform through GitHub, GitLab and Bitbucket https://www.runatlantis.io
  15. 15. Terragrunt Thin wrapper for Terraform that provides extra tools for working with multiple Terraform modules https://github.com/gruntwork-io/terragrunt/ No logo found Check issue #570 for details
  16. 16. How to handle secrets in Terraform? • Can you accept secrets to be saved in state file in plaintext? Probably not. • AWS IAM password & access secret keys — use PGP as keybase.io • AWS RDS — set dummy password and change after DB is created • AWS RDS — use iam_database_authentication_enabled = true • EC2 instance user-data + AWS KMS • EC2 instance user-data + AWS System Manager’s Parameter Store • AWS Secrets Manager • https://github.com/opencredo/terrahelp • Other options: • Secure remote state location (S3 bucket policy, KMS key)
  17. 17. How to integrate Terraform with …?
  18. 18. Terraform Modules https://www.terraform-best-practices.com/key-concepts
  19. 19. Types of Terraform modules Resource modules (terraform-aws-modules, for eg): • Create resources (obviously) • Few relations to other modules (usually) • Very flexible Infrastructure modules: • Use specific version of resource modules • Company-wide standards (eg, tags and names) • May use code generators (jsonnet, cookiecutter, etc) Compositions: • Use specific version of infrastructure or resource modules • Provide all the values for region, environment, module, etc • Terragrunt is awesome https://www.terraform-best-practices.com/key-concepts
  20. 20. Traits of good Terraform modules • Clean code • Feature-rich • Sane defaults • Tests • Examples • Documentation • … (secure, versioning, lifecycle-readiness) Read more: https://medium.com/@anton.babenko/using-terraform-continuously- common-traits-in-modules-8036b71764db
  21. 21. Collection of Terraform AWS modules supported by the community (100+ contributors). More than 1,5 million downloads since September 2017. (VPC, Autoscaling, RDS, Security Groups, ELB, ALB, Redshift, SNS, SQS, IAM, EKS, ECS…) github.com/terraform-aws-modules registry.terraform.io/modules/terraform-aws-modules
  22. 22. cloudcraft.co features • Manage AWS components in browser (EC2 instances, autoscaling groups, RDS, etc) • Connect components • Import live AWS infrastructure • Calculate the budget • Share link to a blueprint • Export as image • Embed drawing to wiki, Confluence, etc
  23. 23. Infrastructure as code generator — from visual diagrams to Terraform
  24. 24. ✓ cloudcraft.co — design, plan and visualize ✓ terraform-aws-modules — building blocks of AWS infrastructure ✓ Terraform — infrastructure as code
  25. 25. modules.tf notes ✓ Deployed for beta users: https://cloudcraft.co/app?beta ✓ Generates potentially ready-to-use Terraform configurations ✓ Suits best for bootstrapping ✓ Enforces Terraform best practices ✓ Batteries included (terraform-aws-modules, terragrunt, pre-commit, …) ✓ 100% free for all & open-source (https://github.com/antonbabenko/modules.tf-lambda ) ✓ Want to sponsor, or a sticker? Contact me.
  26. 26. What’s next? • Involve more people and use code-generators (Terrapin, modules.tf) • Terraform refactoring (Terrible) • Dependency hell problem with modules • Get acknowledgement and support from AWS • Your ideas?
  27. 27. What is your Terraform question or problem? Hints: Testing? Versioning? Code structure? Working as a team? CI/CD? Automation? Integration with other tools? modules.tf ? Terrible? Code generation? Missing tools/features? Syntax sugar (features and types of variables)? How to contribute?
  28. 28. So, how to get started with Terraform? • https://www.terraform.io/intro/getting-started/ install.html • Follow instructions in README.md, check examples, open issues and pull requests • Maybe read a book ("Getting Started with Terraform" or "Terraform Up & Running") • Try hands-on arcade — https://play.instruqt.com/ hashicorp/tracks/terraform-arcade
  29. 29. Thanks! Gracias! Grazie! anton@antonbabenko.com twitter.com/antonbabenko