SlideShare une entreprise Scribd logo

TerraformとAzureを組み合わせて使うときの勘所

Kyohei Moriyama
Kyohei Moriyama

TerraformとAzureを組み合わせて使うときの勘所

Ingénierie
1  sur  33
Télécharger pour lire hors ligne
Azure Terraform Azure 2018 6 14 1 @MoriyamaKyohei
Azure !
!
!
Terraform x Azure 10 5 1. Terraform x Azure x ? 2. Terraform x Azure x ?state 3. Terraform x Azure x CredenDal 4. Terraform x CI/CD Tool x MSI x Azure
Q. V Azure Resource “ ” A. Azure CLI
$ az login $ az account list-locaWons !
!
!
!
Q. State Azure A. Blob remoteState.X configuraZon file Azure
Terraform x State Terraform “State” “state” ”terraform.tfstate” local “state” plans state purpose > Terraform must store state about your managed infrastructure and configuration. This state is used by Terraform to map real world resources to your configuration, keep track of metadata, and to improve performance for large infrastructures. > > This state is stored by default in a local file named "terraform.tfstate", but it can also be stored remotely, which works better in a team environment. > > Terraform uses this local state to create plans and make changes to your infrastructure. Prior to any operation, Terraform does a refresh to update the state with the real infrastructure. > > For more information on why Terraform requires state and why Terraform cannot function without state, please see the page state purpose. Hashicorp Terraform Documentation -
TerraformxStatepurpose > The primary motivation people have for using remote state files is in an attempt to improve using Terraform with teams. State files can easily result in conflicts when two people modify infrastructure at the same time. > > _Remote state_ is _the recommended solution_ to this problem. At the time of writing, remote state works well but there are still scenarios that can result in state conflicts. A priority for future versions of Terraform is to improve this. “Remote State” Terraform “Remote State” Terraform Hashicorp Terraform Documentation -
Blob(Object) Storage $ python –version && mkdir terraform-demo && cd terraform-demo && virtualenv env && source env/bin/ac]vate && pip install azure-cli $ az login To sign in, use a web browser to open the page h`ps://microsob.com/devicelogin and enter the code FYT6E7UGR to authen]cate. # -> browser login $ az group create -n terraform-demo -l japaneast $ az storage account create --name myterrastatestore --resource-group terraform-demo --loca]on japaneast --sku Standard_RAGRS --encryp]on blob $ az storage account keys list --account-name myterrastatestore --resource-group terraform-demo $ az storage container create --name statestorecont --account-key 7p+SUZrcBuE2rUoUAT1RdvcarapOLlI1Qcl1LHAhWzYuz+Gv/w+Znwd7mcSqnITrgMN5NKc296ZfSWw1K21x wQ== --account-name myterrastatestore OS/Security Terraform okay
Terraform blobStorage #------------------------------------------------------- # Statement of Resource Group #------------------------------------------------------- resource "azurerm_resource_group" "terraform-blob" { name = "terraform-state-blob” loca^on = "Japan East” } #------------------------------------------------------- # Crea^ng storage blob / account and container #------------------------------------------------------- resource "azurerm_storage_account" "terraform-blob" { name = "decodeterraformblob” resource_group_name = "${azurerm_resource_group.terraform-blob.name}” loca^on = "${azurerm_resource_group.terraform-blob.loca^on}” account_^er = "Standard” account_replica^on_type = ”RAGRS” } resource "azurerm_storage_container" "terraform-blob" { name = "terraformblobstatefile” resource_group_name = "${azurerm_resource_group.terraform-blob.name}” storage_account_name = "${azurerm_storage_account.terraform-blob.name}” container_access_type = "private” }
remoteState.tf terraform { backend "azurerm" { storage_account_name = "myterrastatestore" container_name = "statestorecont" key = "prod.terraform.tfstate" access_key = "lo1EmEyuHAaRfBXkASHXONB431foHh0CwXE3p3qwR0KTZp mrQsAbMdAD54I7Lae801Om7v0VVH5PCqfVc0+GOA==" } } ! Key
Q. terraform plan az login A. az login Auth Token Expire Time default RBAC Service principal Azure
TerraformxAzure Terraform Azure Provider Azure Azure CLI Auth Token Auth Token `$HOME/.azure/accessTokens.json` Auth Token Expire
RBAC RolebasedAccess Control AzureOn-Premises Sector 1 Sector 2 .. Region NA Region SA Division Mktg .. Division Sales .. Project 1 Project 2 .. Subscription per Sector Resource Group per Project Tags Region, Division, Project “Standard” VNet per Division in separate resource group Billing Tracked per Division Subnet On “standard” Vnet assigned to each Project Users,Groupsand PasswordSyncAcXve Directory ExpressRoute(s) IT Director’ Office Azure Active Directory Infrastructure Admins and Support Project Team Roles Network Admins Owners of SubscripXons VNet Contributors of “standard” VNet RGs Virtual Machine Contributors of Project RGs and “standard” VNet RGs Appropriate Role on Project RGs
AzureCLI RBAC Serviceprincipal azlogin OAuth web applica@on SP(azure cli control) ①Login ②Login Code ③Login Code ④Login Code+ User Creden@al ⑥Auth Token $HOME/.azure/accessToken.json ⑦Auth Token ⑤ Azure CLI Web Token Expired Time !
RBAC Serviceprincipal $# default 1 --years opYon $ az ad sp create-for-rbac AppId DisplayName Name Password Tenant ---------------------------- ------------------------- --------------------------- ------------------------- ---------------------- 15ac61e0-35a0-4969-97c9-1309420aabae azure-cli-2018-06-14-07-26-27 h]p://azure-cli-2018-06-14-07-26- 27 8d3f937e-6818-48fd-b36a-93e8fa9709f8 72f988bf-86f1-41af-91ab-2d7cd011db47 $ #subscripYon ID $ az account list Name CloudName SubscripYonId State IsDefault ---------------------------------- ----------- ------------------------------------ ------- ----------- Visual Studio Enterprise AzureCloud 2fasdfasd5a3-asdf65-4asdf-8bd9-d8asdfsdfdef8 Enabled Microsoa Azure XXXX AzureCloud casdfasdf-s7fd1-46dd-87asfdsfasdff375 Enabled True $# $ az login --service-principal -u h]p://azure-cli-2018-06-14-07-26-27 -p "8d3f937e-6818-48fd-b36a- 93e8fa9709f8" --tenant "72f988bf-86f1-41af-91ab-2d7cd011db47"
Credential tf [azureCred.<] variable subscripEon_id {} variable tenant_id {} variable client_id {} variable client_secret {} provider "azurerm" { subscripEon_id = " ${var. subscripEon_id} " tenant_id = " ${var. tenant_id} " client_id = " ${var.client_id} " #app id → client id client_secret = "${var.client_secret}" #Password → client secret } [terraform.<vars] subscripEon_id = ”xxxxxxxxx-xxxxxxxxxx-sdfasdfasf375" tenant_id = ”asdfasdfasdf-asdf-asdf-asdfasdfasdfasdf” client_id = “15ac61e0-35a0-4969-97c9-1309420aabae” client_secret = “8d3f937e-6818-48fd-b36a-93e8fa9709f8”
Q. terraform plan az login CI/CD token A. Azure
Token [ ] Azure Azure AD Auth Token Token Token Code [ ] Azure MSI Managed Service Identity
ManagedServiceIdenVty Tenant - Subscription Resource Group A Azure AcDve Directory Resource Group B MSI VM [Management VM] $az login --idenDty MSI endpoint Management VM Resource Group A Token Get Auth Token $terraform init/plan /apply/destroy VM
MSI →Marketplace TerraformVM Terraform/Azure CLI/MSI VM Extension VM
Deploy ! State blob ! MSI ! Terraform
…
MSI Staging RG Production RG Management RG
Test and Staging Phase Maven Build and App Test Staging Deploy Production Deploy E2E Test Go to Production Phase
Let’s try AKS with Terraform!!
Terraform Azure oif(2018/06/14) Microsoft Microsoft M r Microsoft r r Microsoft i tr r r s r Microsoft c r c

Recommandé

Administering and Monitoring SolrCloud Clusters
Administering and Monitoring SolrCloud ClustersAdministering and Monitoring SolrCloud Clusters
Administering and Monitoring SolrCloud ClustersSematext Group, Inc.
 
Amazed by AWS Series #4
Amazed by AWS Series #4Amazed by AWS Series #4
Amazed by AWS Series #4Amazon Web Services Korea
 
Terraform 0.9 + good practices
Terraform 0.9 + good practicesTerraform 0.9 + good practices
Terraform 0.9 + good practicesRadek Simko
 
Declarative & workflow based infrastructure with Terraform
Declarative & workflow based infrastructure with TerraformDeclarative & workflow based infrastructure with Terraform
Declarative & workflow based infrastructure with TerraformRadek Simko
 
Infrastructure as Code in Google Cloud
Infrastructure as Code in Google CloudInfrastructure as Code in Google Cloud
Infrastructure as Code in Google CloudRadek Simko
 
Terraforming the Kubernetes Land
Terraforming the Kubernetes LandTerraforming the Kubernetes Land
Terraforming the Kubernetes LandRadek Simko
 
Terraform introduction
Terraform introductionTerraform introduction
Terraform introductionJason Vance
 
Failsafe Mechanism for Yahoo Homepage
Failsafe Mechanism for Yahoo HomepageFailsafe Mechanism for Yahoo Homepage
Failsafe Mechanism for Yahoo HomepageKit Chan
 

Recommandé

Administering and Monitoring SolrCloud Clusters
Administering and Monitoring SolrCloud ClustersAdministering and Monitoring SolrCloud Clusters
Administering and Monitoring SolrCloud ClustersSematext Group, Inc.
 
Amazed by AWS Series #4
Amazed by AWS Series #4Amazed by AWS Series #4
Amazed by AWS Series #4Amazon Web Services Korea
 
Terraform 0.9 + good practices
Terraform 0.9 + good practicesTerraform 0.9 + good practices
Terraform 0.9 + good practicesRadek Simko
 
Declarative & workflow based infrastructure with Terraform
Declarative & workflow based infrastructure with TerraformDeclarative & workflow based infrastructure with Terraform
Declarative & workflow based infrastructure with TerraformRadek Simko
 
Infrastructure as Code in Google Cloud
Infrastructure as Code in Google CloudInfrastructure as Code in Google Cloud
Infrastructure as Code in Google CloudRadek Simko
 
Terraforming the Kubernetes Land
Terraforming the Kubernetes LandTerraforming the Kubernetes Land
Terraforming the Kubernetes LandRadek Simko
 
Terraform introduction
Terraform introductionTerraform introduction
Terraform introductionJason Vance
 
Failsafe Mechanism for Yahoo Homepage
Failsafe Mechanism for Yahoo HomepageFailsafe Mechanism for Yahoo Homepage
Failsafe Mechanism for Yahoo HomepageKit Chan
 
Refactoring terraform
Refactoring terraformRefactoring terraform
Refactoring terraformNell Shamrell-Harrington
 
Useful Kafka tools
Useful Kafka toolsUseful Kafka tools
Useful Kafka toolsDale Lane
 
Intro to Terraform
Intro to TerraformIntro to Terraform
Intro to TerraformJosh Michielsen
 
Introduction to cloudforecast
Introduction to cloudforecastIntroduction to cloudforecast
Introduction to cloudforecastMasahiro Nagano
 
Describing Kafka security in AsyncAPI
Describing Kafka security in AsyncAPIDescribing Kafka security in AsyncAPI
Describing Kafka security in AsyncAPIDale Lane
 
Replacing Squid with ATS
Replacing Squid with ATSReplacing Squid with ATS
Replacing Squid with ATSKit Chan
 
Tuning Solr for Logs
Tuning Solr for LogsTuning Solr for Logs
Tuning Solr for LogsSematext Group, Inc.
 
Using Terraform.io (Human Talks Montpellier, Epitech, 2014/09/09)
Using Terraform.io (Human Talks Montpellier, Epitech, 2014/09/09)Using Terraform.io (Human Talks Montpellier, Epitech, 2014/09/09)
Using Terraform.io (Human Talks Montpellier, Epitech, 2014/09/09)Stephane Jourdan
 
Terraform Introduction
Terraform IntroductionTerraform Introduction
Terraform Introductionsoniasnowfrog
 
Infrastructure as Code & Terraform 101
Infrastructure as Code & Terraform 101Infrastructure as Code & Terraform 101
Infrastructure as Code & Terraform 101Kristoffer Ahl
 
Przemysław Iwanek - ABC AWS, budowanie infrastruktury przy pomocy Terraform
Przemysław Iwanek - ABC AWS, budowanie infrastruktury przy pomocy TerraformPrzemysław Iwanek - ABC AWS, budowanie infrastruktury przy pomocy Terraform
Przemysław Iwanek - ABC AWS, budowanie infrastruktury przy pomocy Terraformjzielinski_pl
 
Terraform Cosmos DB
Terraform Cosmos DBTerraform Cosmos DB
Terraform Cosmos DBMoisés Elías Araya
 
Introductory Overview to Managing AWS with Terraform
Introductory Overview to Managing AWS with TerraformIntroductory Overview to Managing AWS with Terraform
Introductory Overview to Managing AWS with TerraformMichael Heyns
 
Introduction To Terraform
Introduction To TerraformIntroduction To Terraform
Introduction To TerraformSasitha Iresh
 
How to create a secured cloudera cluster
How to create a secured cloudera clusterHow to create a secured cloudera cluster
How to create a secured cloudera clusterTiago Simões
 
Terraform at Scale - All Day DevOps 2017
Terraform at Scale - All Day DevOps 2017Terraform at Scale - All Day DevOps 2017
Terraform at Scale - All Day DevOps 2017Jonathon Brouse
 
How to create a multi tenancy for an interactive data analysis
How to create a multi tenancy for an interactive data analysisHow to create a multi tenancy for an interactive data analysis
How to create a multi tenancy for an interactive data analysisTiago Simões
 
Terraform day02
Terraform day02Terraform day02
Terraform day02Gourav Varma
 
How to configure a hive high availability connection with zeppelin
How to configure a hive high availability connection with zeppelinHow to configure a hive high availability connection with zeppelin
How to configure a hive high availability connection with zeppelinTiago Simões
 
Streamline Hadoop DevOps with Apache Ambari
Streamline Hadoop DevOps with Apache AmbariStreamline Hadoop DevOps with Apache Ambari
Streamline Hadoop DevOps with Apache AmbariAlejandro Fernandez
 
Terraform Tips and Tricks - LAOUC 2022
Terraform Tips and Tricks - LAOUC 2022Terraform Tips and Tricks - LAOUC 2022
Terraform Tips and Tricks - LAOUC 2022Nelson Calero
 
Final terraform
Final terraformFinal terraform
Final terraformGourav Varma
 

Contenu connexe

Tendances

Useful Kafka tools
Useful Kafka toolsUseful Kafka tools
Useful Kafka toolsDale Lane
 
Introduction to cloudforecast
Introduction to cloudforecastIntroduction to cloudforecast
Introduction to cloudforecastMasahiro Nagano
 
Describing Kafka security in AsyncAPI
Describing Kafka security in AsyncAPIDescribing Kafka security in AsyncAPI
Describing Kafka security in AsyncAPIDale Lane
 
Replacing Squid with ATS
Replacing Squid with ATSReplacing Squid with ATS
Replacing Squid with ATSKit Chan
 
Using Terraform.io (Human Talks Montpellier, Epitech, 2014/09/09)
Using Terraform.io (Human Talks Montpellier, Epitech, 2014/09/09)Using Terraform.io (Human Talks Montpellier, Epitech, 2014/09/09)
Using Terraform.io (Human Talks Montpellier, Epitech, 2014/09/09)Stephane Jourdan
 
Terraform Introduction
Terraform IntroductionTerraform Introduction
Terraform Introductionsoniasnowfrog
 
Infrastructure as Code & Terraform 101
Infrastructure as Code & Terraform 101Infrastructure as Code & Terraform 101
Infrastructure as Code & Terraform 101Kristoffer Ahl
 
Przemysław Iwanek - ABC AWS, budowanie infrastruktury przy pomocy Terraform
Przemysław Iwanek - ABC AWS, budowanie infrastruktury przy pomocy TerraformPrzemysław Iwanek - ABC AWS, budowanie infrastruktury przy pomocy Terraform
Przemysław Iwanek - ABC AWS, budowanie infrastruktury przy pomocy Terraformjzielinski_pl
 
Introductory Overview to Managing AWS with Terraform
Introductory Overview to Managing AWS with TerraformIntroductory Overview to Managing AWS with Terraform
Introductory Overview to Managing AWS with TerraformMichael Heyns
 
Introduction To Terraform
Introduction To TerraformIntroduction To Terraform
Introduction To TerraformSasitha Iresh
 
How to create a secured cloudera cluster
How to create a secured cloudera clusterHow to create a secured cloudera cluster
How to create a secured cloudera clusterTiago Simões
 
Terraform at Scale - All Day DevOps 2017
Terraform at Scale - All Day DevOps 2017Terraform at Scale - All Day DevOps 2017
Terraform at Scale - All Day DevOps 2017Jonathon Brouse
 
How to create a multi tenancy for an interactive data analysis
How to create a multi tenancy for an interactive data analysisHow to create a multi tenancy for an interactive data analysis
How to create a multi tenancy for an interactive data analysisTiago Simões
 
How to configure a hive high availability connection with zeppelin
How to configure a hive high availability connection with zeppelinHow to configure a hive high availability connection with zeppelin
How to configure a hive high availability connection with zeppelinTiago Simões
 
Streamline Hadoop DevOps with Apache Ambari
Streamline Hadoop DevOps with Apache AmbariStreamline Hadoop DevOps with Apache Ambari
Streamline Hadoop DevOps with Apache AmbariAlejandro Fernandez
 

Tendances (20)

Refactoring terraform
Refactoring terraformRefactoring terraform
Refactoring terraform
 
Useful Kafka tools
Useful Kafka toolsUseful Kafka tools
Useful Kafka tools
 
Intro to Terraform
Intro to TerraformIntro to Terraform
Intro to Terraform
 
Introduction to cloudforecast
Introduction to cloudforecastIntroduction to cloudforecast
Introduction to cloudforecast
 
Describing Kafka security in AsyncAPI
Describing Kafka security in AsyncAPIDescribing Kafka security in AsyncAPI
Describing Kafka security in AsyncAPI
 
Replacing Squid with ATS
Replacing Squid with ATSReplacing Squid with ATS
Replacing Squid with ATS
 
Tuning Solr for Logs
Tuning Solr for LogsTuning Solr for Logs
Tuning Solr for Logs
 
Using Terraform.io (Human Talks Montpellier, Epitech, 2014/09/09)
Using Terraform.io (Human Talks Montpellier, Epitech, 2014/09/09)Using Terraform.io (Human Talks Montpellier, Epitech, 2014/09/09)
Using Terraform.io (Human Talks Montpellier, Epitech, 2014/09/09)
 
Terraform Introduction
Terraform IntroductionTerraform Introduction
Terraform Introduction
 
Infrastructure as Code & Terraform 101
Infrastructure as Code & Terraform 101Infrastructure as Code & Terraform 101
Infrastructure as Code & Terraform 101
 
Przemysław Iwanek - ABC AWS, budowanie infrastruktury przy pomocy Terraform
Przemysław Iwanek - ABC AWS, budowanie infrastruktury przy pomocy TerraformPrzemysław Iwanek - ABC AWS, budowanie infrastruktury przy pomocy Terraform
Przemysław Iwanek - ABC AWS, budowanie infrastruktury przy pomocy Terraform
 
Terraform Cosmos DB
Terraform Cosmos DBTerraform Cosmos DB
Terraform Cosmos DB
 
Introductory Overview to Managing AWS with Terraform
Introductory Overview to Managing AWS with TerraformIntroductory Overview to Managing AWS with Terraform
Introductory Overview to Managing AWS with Terraform
 
Introduction To Terraform
Introduction To TerraformIntroduction To Terraform
Introduction To Terraform
 
How to create a secured cloudera cluster
How to create a secured cloudera clusterHow to create a secured cloudera cluster
How to create a secured cloudera cluster
 
Terraform at Scale - All Day DevOps 2017
Terraform at Scale - All Day DevOps 2017Terraform at Scale - All Day DevOps 2017
Terraform at Scale - All Day DevOps 2017
 
How to create a multi tenancy for an interactive data analysis
How to create a multi tenancy for an interactive data analysisHow to create a multi tenancy for an interactive data analysis
How to create a multi tenancy for an interactive data analysis
 
Terraform day02
Terraform day02Terraform day02
Terraform day02
 
How to configure a hive high availability connection with zeppelin
How to configure a hive high availability connection with zeppelinHow to configure a hive high availability connection with zeppelin
How to configure a hive high availability connection with zeppelin
 
Streamline Hadoop DevOps with Apache Ambari
Streamline Hadoop DevOps with Apache AmbariStreamline Hadoop DevOps with Apache Ambari
Streamline Hadoop DevOps with Apache Ambari
 

Similaire à TerraformとAzureを組み合わせて使うときの勘所

Terraform Tips and Tricks - LAOUC 2022
Terraform Tips and Tricks - LAOUC 2022Terraform Tips and Tricks - LAOUC 2022
Terraform Tips and Tricks - LAOUC 2022Nelson Calero
 
Debasihish da final.ppt
Debasihish da final.pptDebasihish da final.ppt
Debasihish da final.pptKalkey
 
Atmosphere Conference 2015: Taming the Modern Datacenter
Atmosphere Conference 2015: Taming the Modern DatacenterAtmosphere Conference 2015: Taming the Modern Datacenter
Atmosphere Conference 2015: Taming the Modern DatacenterPROIDEA
 
Infrastructure as Code for Azure: ARM or Terraform?
Infrastructure as Code for Azure: ARM or Terraform?Infrastructure as Code for Azure: ARM or Terraform?
Infrastructure as Code for Azure: ARM or Terraform?Katherine Golovinova
 
A Hands-on Introduction on Terraform Best Concepts and Best Practices
A Hands-on Introduction on Terraform Best Concepts and Best Practices A Hands-on Introduction on Terraform Best Concepts and Best Practices
A Hands-on Introduction on Terraform Best Concepts and Best Practices Nebulaworks
 
Burn down the silos! Helping dev and ops gel on high availability websites
Burn down the silos! Helping dev and ops gel on high availability websitesBurn down the silos! Helping dev and ops gel on high availability websites
Burn down the silos! Helping dev and ops gel on high availability websitesLindsay Holmwood
 
glance replicator
glance replicatorglance replicator
glance replicatoririx_jp
 
Infrastructure as Code with Terraform
Infrastructure as Code with TerraformInfrastructure as Code with Terraform
Infrastructure as Code with TerraformPedro J. Molina
 
(BAC404) Deploying High Availability and Disaster Recovery Architectures with...
(BAC404) Deploying High Availability and Disaster Recovery Architectures with...(BAC404) Deploying High Availability and Disaster Recovery Architectures with...
(BAC404) Deploying High Availability and Disaster Recovery Architectures with...Amazon Web Services
 
Using Terraform to manage the configuration of a Cisco ACI fabric.
Using Terraform to manage the configuration of a Cisco ACI fabric.Using Terraform to manage the configuration of a Cisco ACI fabric.
Using Terraform to manage the configuration of a Cisco ACI fabric.Joel W. King
 
How to Make Android's Bootable Recovery Work For You by Drew Suarez
How to Make Android's Bootable Recovery Work For You by Drew SuarezHow to Make Android's Bootable Recovery Work For You by Drew Suarez
How to Make Android's Bootable Recovery Work For You by Drew SuarezShakacon
 
Docker container management
Docker container managementDocker container management
Docker container managementKarol Kreft
 
How to install squid proxy on server or how to install squid proxy on centos o
How to install squid proxy on server or how to install squid proxy on centos oHow to install squid proxy on server or how to install squid proxy on centos o
How to install squid proxy on server or how to install squid proxy on centos oProxiesforrent
 
leboncoin DataEngineering / Terraform - beginner to advanced
leboncoin DataEngineering / Terraform - beginner to advancedleboncoin DataEngineering / Terraform - beginner to advanced
leboncoin DataEngineering / Terraform - beginner to advancedleboncoin engineering
 
Bare-metal and Virtual Provisioning with Razor
Bare-metal and Virtual Provisioning with RazorBare-metal and Virtual Provisioning with Razor
Bare-metal and Virtual Provisioning with RazorKristian Reese
 
Harmonious Development: Via Vagrant and Puppet
Harmonious Development: Via Vagrant and PuppetHarmonious Development: Via Vagrant and Puppet
Harmonious Development: Via Vagrant and PuppetAchieve Internet
 
Keep it simple web development stack
Keep it simple web development stackKeep it simple web development stack
Keep it simple web development stackEric Ahn
 

Similaire à TerraformとAzureを組み合わせて使うときの勘所 (20)

Terraform Tips and Tricks - LAOUC 2022
Terraform Tips and Tricks - LAOUC 2022Terraform Tips and Tricks - LAOUC 2022
Terraform Tips and Tricks - LAOUC 2022
 
Final terraform
Final terraformFinal terraform
Final terraform
 
Debasihish da final.ppt
Debasihish da final.pptDebasihish da final.ppt
Debasihish da final.ppt
 
Atmosphere Conference 2015: Taming the Modern Datacenter
Atmosphere Conference 2015: Taming the Modern DatacenterAtmosphere Conference 2015: Taming the Modern Datacenter
Atmosphere Conference 2015: Taming the Modern Datacenter
 
Infrastructure as Code for Azure: ARM or Terraform?
Infrastructure as Code for Azure: ARM or Terraform?Infrastructure as Code for Azure: ARM or Terraform?
Infrastructure as Code for Azure: ARM or Terraform?
 
A Hands-on Introduction on Terraform Best Concepts and Best Practices
A Hands-on Introduction on Terraform Best Concepts and Best Practices A Hands-on Introduction on Terraform Best Concepts and Best Practices
A Hands-on Introduction on Terraform Best Concepts and Best Practices
 
Burn down the silos! Helping dev and ops gel on high availability websites
Burn down the silos! Helping dev and ops gel on high availability websitesBurn down the silos! Helping dev and ops gel on high availability websites
Burn down the silos! Helping dev and ops gel on high availability websites
 
glance replicator
glance replicatorglance replicator
glance replicator
 
Infrastructure as Code with Terraform
Infrastructure as Code with TerraformInfrastructure as Code with Terraform
Infrastructure as Code with Terraform
 
(BAC404) Deploying High Availability and Disaster Recovery Architectures with...
(BAC404) Deploying High Availability and Disaster Recovery Architectures with...(BAC404) Deploying High Availability and Disaster Recovery Architectures with...
(BAC404) Deploying High Availability and Disaster Recovery Architectures with...
 
Using Terraform to manage the configuration of a Cisco ACI fabric.
Using Terraform to manage the configuration of a Cisco ACI fabric.Using Terraform to manage the configuration of a Cisco ACI fabric.
Using Terraform to manage the configuration of a Cisco ACI fabric.
 
Percona toolkit
Percona toolkitPercona toolkit
Percona toolkit
 
How to Make Android's Bootable Recovery Work For You by Drew Suarez
How to Make Android's Bootable Recovery Work For You by Drew SuarezHow to Make Android's Bootable Recovery Work For You by Drew Suarez
How to Make Android's Bootable Recovery Work For You by Drew Suarez
 
Docker container management
Docker container managementDocker container management
Docker container management
 
How to install squid proxy on server or how to install squid proxy on centos o
How to install squid proxy on server or how to install squid proxy on centos oHow to install squid proxy on server or how to install squid proxy on centos o
How to install squid proxy on server or how to install squid proxy on centos o
 
infra-as-code
infra-as-codeinfra-as-code
infra-as-code
 
leboncoin DataEngineering / Terraform - beginner to advanced
leboncoin DataEngineering / Terraform - beginner to advancedleboncoin DataEngineering / Terraform - beginner to advanced
leboncoin DataEngineering / Terraform - beginner to advanced
 
Bare-metal and Virtual Provisioning with Razor
Bare-metal and Virtual Provisioning with RazorBare-metal and Virtual Provisioning with Razor
Bare-metal and Virtual Provisioning with Razor
 
Harmonious Development: Via Vagrant and Puppet
Harmonious Development: Via Vagrant and PuppetHarmonious Development: Via Vagrant and Puppet
Harmonious Development: Via Vagrant and Puppet
 
Keep it simple web development stack
Keep it simple web development stackKeep it simple web development stack
Keep it simple web development stack
 

Plus de Kyohei Moriyama

Self-Introduction with DevOps
Self-Introduction with DevOpsSelf-Introduction with DevOps
Self-Introduction with DevOpsKyohei Moriyama
 
Open@Microsoftを眺めてみる
Open@Microsoftを眺めてみるOpen@Microsoftを眺めてみる
Open@Microsoftを眺めてみるKyohei Moriyama
 
2017 10-06 マイクロビットプログラミング
2017 10-06 マイクロビットプログラミング2017 10-06 マイクロビットプログラミング
2017 10-06 マイクロビットプログラミングKyohei Moriyama
 
Amazonで買えるarduino互換ボードまとめ
Amazonで買えるarduino互換ボードまとめAmazonで買えるarduino互換ボードまとめ
Amazonで買えるarduino互換ボードまとめKyohei Moriyama
 
Sdn japan2016 hpe_switch_story_v2
Sdn japan2016 hpe_switch_story_v2Sdn japan2016 hpe_switch_story_v2
Sdn japan2016 hpe_switch_story_v2Kyohei Moriyama
 
Open stack and sdn hands-on and demo
Open stack and sdn hands-on and demoOpen stack and sdn hands-on and demo
Open stack and sdn hands-on and demoKyohei Moriyama
 

Plus de Kyohei Moriyama (11)

Goのはじめかた
GoのはじめかたGoのはじめかた
Goのはじめかた
 
Git operation 101
Git operation 101Git operation 101
Git operation 101
 
Self-Introduction with DevOps
Self-Introduction with DevOpsSelf-Introduction with DevOps
Self-Introduction with DevOps
 
Jenkins x azure
Jenkins x azureJenkins x azure
Jenkins x azure
 
Open@Microsoftを眺めてみる
Open@Microsoftを眺めてみるOpen@Microsoftを眺めてみる
Open@Microsoftを眺めてみる
 
2017 10-06 マイクロビットプログラミング
2017 10-06 マイクロビットプログラミング2017 10-06 マイクロビットプログラミング
2017 10-06 マイクロビットプログラミング
 
Amazonで買えるarduino互換ボードまとめ
Amazonで買えるarduino互換ボードまとめAmazonで買えるarduino互換ボードまとめ
Amazonで買えるarduino互換ボードまとめ
 
Sdn japan2016 hpe_switch_story_v2
Sdn japan2016 hpe_switch_story_v2Sdn japan2016 hpe_switch_story_v2
Sdn japan2016 hpe_switch_story_v2
 
Open stack and sdn hands-on and demo
Open stack and sdn hands-on and demoOpen stack and sdn hands-on and demo
Open stack and sdn hands-on and demo
 
Sightseeing
SightseeingSightseeing
Sightseeing
 
Dailymotion problem
Dailymotion problemDailymotion problem
Dailymotion problem
 

Dernier

ONLINE FOOD ORDER SYSTEM PROJECT REPORT.pdf
ONLINE FOOD ORDER SYSTEM PROJECT REPORT.pdfONLINE FOOD ORDER SYSTEM PROJECT REPORT.pdf
ONLINE FOOD ORDER SYSTEM PROJECT REPORT.pdfKamal Acharya
 
CCS335 _ Neural Networks and Deep Learning Laboratory_Lab Complete Record
CCS335 _ Neural Networks and Deep Learning Laboratory_Lab Complete RecordCCS335 _ Neural Networks and Deep Learning Laboratory_Lab Complete Record
CCS335 _ Neural Networks and Deep Learning Laboratory_Lab Complete RecordAsst.prof M.Gokilavani
 
Extrusion Processes and Their Limitations
Extrusion Processes and Their LimitationsExtrusion Processes and Their Limitations
Extrusion Processes and Their Limitations120cr0395
 
AKTU Computer Networks notes --- Unit 3.pdf
AKTU Computer Networks notes --- Unit 3.pdfAKTU Computer Networks notes --- Unit 3.pdf
AKTU Computer Networks notes --- Unit 3.pdfankushspencer015
 
Introduction to Multiple Access Protocol.pptx
Introduction to Multiple Access Protocol.pptxIntroduction to Multiple Access Protocol.pptx
Introduction to Multiple Access Protocol.pptxupamatechverse
 
University management System project report..pdf
University management System project report..pdfUniversity management System project report..pdf
University management System project report..pdfKamal Acharya
 
Call for Papers - Educational Administration: Theory and Practice, E-ISSN: 21...
Call for Papers - Educational Administration: Theory and Practice, E-ISSN: 21...Call for Papers - Educational Administration: Theory and Practice, E-ISSN: 21...
Call for Papers - Educational Administration: Theory and Practice, E-ISSN: 21...Christo Ananth
 
(PRIYA) Rajgurunagar Call Girls Just Call 7001035870 [ Cash on Delivery ] Pun...
(PRIYA) Rajgurunagar Call Girls Just Call 7001035870 [ Cash on Delivery ] Pun...(PRIYA) Rajgurunagar Call Girls Just Call 7001035870 [ Cash on Delivery ] Pun...
(PRIYA) Rajgurunagar Call Girls Just Call 7001035870 [ Cash on Delivery ] Pun...ranjana rawat
 
Call Girls Pimpri Chinchwad Call Me 7737669865 Budget Friendly No Advance Boo...
Call Girls Pimpri Chinchwad Call Me 7737669865 Budget Friendly No Advance Boo...Call Girls Pimpri Chinchwad Call Me 7737669865 Budget Friendly No Advance Boo...
Call Girls Pimpri Chinchwad Call Me 7737669865 Budget Friendly No Advance Boo...roncy bisnoi
 
Processing & Properties of Floor and Wall Tiles.pptx
Processing & Properties of Floor and Wall Tiles.pptxProcessing & Properties of Floor and Wall Tiles.pptx
Processing & Properties of Floor and Wall Tiles.pptxpranjaldaimarysona
 
High Profile Call Girls Nagpur Meera Call 7001035870 Meet With Nagpur Escorts
High Profile Call Girls Nagpur Meera Call 7001035870 Meet With Nagpur EscortsHigh Profile Call Girls Nagpur Meera Call 7001035870 Meet With Nagpur Escorts
High Profile Call Girls Nagpur Meera Call 7001035870 Meet With Nagpur EscortsCall Girls in Nagpur High Profile
 
Java Programming :Event Handling(Types of Events)
Java Programming :Event Handling(Types of Events)Java Programming :Event Handling(Types of Events)
Java Programming :Event Handling(Types of Events)simmis5
 
Porous Ceramics seminar and technical writing
Porous Ceramics seminar and technical writingPorous Ceramics seminar and technical writing
Porous Ceramics seminar and technical writingrakeshbaidya232001
 
VIP Call Girls Ankleshwar 7001035870 Whatsapp Number, 24/07 Booking
VIP Call Girls Ankleshwar 7001035870 Whatsapp Number, 24/07 BookingVIP Call Girls Ankleshwar 7001035870 Whatsapp Number, 24/07 Booking
VIP Call Girls Ankleshwar 7001035870 Whatsapp Number, 24/07 Bookingdharasingh5698
 
Russian Call Girls in Nagpur Grishma Call 7001035870 Meet With Nagpur Escorts
Russian Call Girls in Nagpur Grishma Call 7001035870 Meet With Nagpur EscortsRussian Call Girls in Nagpur Grishma Call 7001035870 Meet With Nagpur Escorts
Russian Call Girls in Nagpur Grishma Call 7001035870 Meet With Nagpur EscortsCall Girls in Nagpur High Profile
 
(SHREYA) Chakan Call Girls Just Call 7001035870 [ Cash on Delivery ] Pune Esc...
(SHREYA) Chakan Call Girls Just Call 7001035870 [ Cash on Delivery ] Pune Esc...(SHREYA) Chakan Call Girls Just Call 7001035870 [ Cash on Delivery ] Pune Esc...
(SHREYA) Chakan Call Girls Just Call 7001035870 [ Cash on Delivery ] Pune Esc...ranjana rawat
 
(ANVI) Koregaon Park Call Girls Just Call 7001035870 [ Cash on Delivery ] Pun...
(ANVI) Koregaon Park Call Girls Just Call 7001035870 [ Cash on Delivery ] Pun...(ANVI) Koregaon Park Call Girls Just Call 7001035870 [ Cash on Delivery ] Pun...
(ANVI) Koregaon Park Call Girls Just Call 7001035870 [ Cash on Delivery ] Pun...ranjana rawat
 
Call Girls Service Nagpur Tanvi Call 7001035870 Meet With Nagpur Escorts
Call Girls Service Nagpur Tanvi Call 7001035870 Meet With Nagpur EscortsCall Girls Service Nagpur Tanvi Call 7001035870 Meet With Nagpur Escorts
Call Girls Service Nagpur Tanvi Call 7001035870 Meet With Nagpur EscortsCall Girls in Nagpur High Profile
 

Dernier (20)

ONLINE FOOD ORDER SYSTEM PROJECT REPORT.pdf
ONLINE FOOD ORDER SYSTEM PROJECT REPORT.pdfONLINE FOOD ORDER SYSTEM PROJECT REPORT.pdf
ONLINE FOOD ORDER SYSTEM PROJECT REPORT.pdf
 
CCS335 _ Neural Networks and Deep Learning Laboratory_Lab Complete Record
CCS335 _ Neural Networks and Deep Learning Laboratory_Lab Complete RecordCCS335 _ Neural Networks and Deep Learning Laboratory_Lab Complete Record
CCS335 _ Neural Networks and Deep Learning Laboratory_Lab Complete Record
 
Extrusion Processes and Their Limitations
Extrusion Processes and Their LimitationsExtrusion Processes and Their Limitations
Extrusion Processes and Their Limitations
 
AKTU Computer Networks notes --- Unit 3.pdf
AKTU Computer Networks notes --- Unit 3.pdfAKTU Computer Networks notes --- Unit 3.pdf
AKTU Computer Networks notes --- Unit 3.pdf
 
Introduction to Multiple Access Protocol.pptx
Introduction to Multiple Access Protocol.pptxIntroduction to Multiple Access Protocol.pptx
Introduction to Multiple Access Protocol.pptx
 
University management System project report..pdf
University management System project report..pdfUniversity management System project report..pdf
University management System project report..pdf
 
Call for Papers - Educational Administration: Theory and Practice, E-ISSN: 21...
Call for Papers - Educational Administration: Theory and Practice, E-ISSN: 21...Call for Papers - Educational Administration: Theory and Practice, E-ISSN: 21...
Call for Papers - Educational Administration: Theory and Practice, E-ISSN: 21...
 
(PRIYA) Rajgurunagar Call Girls Just Call 7001035870 [ Cash on Delivery ] Pun...
(PRIYA) Rajgurunagar Call Girls Just Call 7001035870 [ Cash on Delivery ] Pun...(PRIYA) Rajgurunagar Call Girls Just Call 7001035870 [ Cash on Delivery ] Pun...
(PRIYA) Rajgurunagar Call Girls Just Call 7001035870 [ Cash on Delivery ] Pun...
 
Call Girls Pimpri Chinchwad Call Me 7737669865 Budget Friendly No Advance Boo...
Call Girls Pimpri Chinchwad Call Me 7737669865 Budget Friendly No Advance Boo...Call Girls Pimpri Chinchwad Call Me 7737669865 Budget Friendly No Advance Boo...
Call Girls Pimpri Chinchwad Call Me 7737669865 Budget Friendly No Advance Boo...
 
Processing & Properties of Floor and Wall Tiles.pptx
Processing & Properties of Floor and Wall Tiles.pptxProcessing & Properties of Floor and Wall Tiles.pptx
Processing & Properties of Floor and Wall Tiles.pptx
 
High Profile Call Girls Nagpur Meera Call 7001035870 Meet With Nagpur Escorts
High Profile Call Girls Nagpur Meera Call 7001035870 Meet With Nagpur EscortsHigh Profile Call Girls Nagpur Meera Call 7001035870 Meet With Nagpur Escorts
High Profile Call Girls Nagpur Meera Call 7001035870 Meet With Nagpur Escorts
 
Java Programming :Event Handling(Types of Events)
Java Programming :Event Handling(Types of Events)Java Programming :Event Handling(Types of Events)
Java Programming :Event Handling(Types of Events)
 
Porous Ceramics seminar and technical writing
Porous Ceramics seminar and technical writingPorous Ceramics seminar and technical writing
Porous Ceramics seminar and technical writing
 
VIP Call Girls Ankleshwar 7001035870 Whatsapp Number, 24/07 Booking
VIP Call Girls Ankleshwar 7001035870 Whatsapp Number, 24/07 BookingVIP Call Girls Ankleshwar 7001035870 Whatsapp Number, 24/07 Booking
VIP Call Girls Ankleshwar 7001035870 Whatsapp Number, 24/07 Booking
 
Russian Call Girls in Nagpur Grishma Call 7001035870 Meet With Nagpur Escorts
Russian Call Girls in Nagpur Grishma Call 7001035870 Meet With Nagpur EscortsRussian Call Girls in Nagpur Grishma Call 7001035870 Meet With Nagpur Escorts
Russian Call Girls in Nagpur Grishma Call 7001035870 Meet With Nagpur Escorts
 
(SHREYA) Chakan Call Girls Just Call 7001035870 [ Cash on Delivery ] Pune Esc...
(SHREYA) Chakan Call Girls Just Call 7001035870 [ Cash on Delivery ] Pune Esc...(SHREYA) Chakan Call Girls Just Call 7001035870 [ Cash on Delivery ] Pune Esc...
(SHREYA) Chakan Call Girls Just Call 7001035870 [ Cash on Delivery ] Pune Esc...
 
(INDIRA) Call Girl Aurangabad Call Now 8617697112 Aurangabad Escorts 24x7
(INDIRA) Call Girl Aurangabad Call Now 8617697112 Aurangabad Escorts 24x7(INDIRA) Call Girl Aurangabad Call Now 8617697112 Aurangabad Escorts 24x7
(INDIRA) Call Girl Aurangabad Call Now 8617697112 Aurangabad Escorts 24x7
 
Water Industry Process Automation & Control Monthly - April 2024
Water Industry Process Automation & Control Monthly - April 2024Water Industry Process Automation & Control Monthly - April 2024
Water Industry Process Automation & Control Monthly - April 2024
 
(ANVI) Koregaon Park Call Girls Just Call 7001035870 [ Cash on Delivery ] Pun...
(ANVI) Koregaon Park Call Girls Just Call 7001035870 [ Cash on Delivery ] Pun...(ANVI) Koregaon Park Call Girls Just Call 7001035870 [ Cash on Delivery ] Pun...
(ANVI) Koregaon Park Call Girls Just Call 7001035870 [ Cash on Delivery ] Pun...
 
Call Girls Service Nagpur Tanvi Call 7001035870 Meet With Nagpur Escorts
Call Girls Service Nagpur Tanvi Call 7001035870 Meet With Nagpur EscortsCall Girls Service Nagpur Tanvi Call 7001035870 Meet With Nagpur Escorts
Call Girls Service Nagpur Tanvi Call 7001035870 Meet With Nagpur Escorts
 

TerraformとAzureを組み合わせて使うときの勘所

  • 1. Azure Terraform Azure 2018 6 14 1 @MoriyamaKyohei
  • 3. !
  • 4. !
  • 5. Terraform x Azure 10 5 1. Terraform x Azure x ? 2. Terraform x Azure x ?state 3. Terraform x Azure x CredenDal 4. Terraform x CI/CD Tool x MSI x Azure
  • 6. Q. V Azure Resource “ ” A. Azure CLI
  • 7. $ az login $ az account list-locaWons !
  • 8. !
  • 9. !
  • 10. !
  • 11. Q. State Azure A. Blob remoteState.X configuraZon file Azure
  • 12. Terraform x State Terraform “State” “state” ”terraform.tfstate” local “state” plans state purpose > Terraform must store state about your managed infrastructure and configuration. This state is used by Terraform to map real world resources to your configuration, keep track of metadata, and to improve performance for large infrastructures. > > This state is stored by default in a local file named "terraform.tfstate", but it can also be stored remotely, which works better in a team environment. > > Terraform uses this local state to create plans and make changes to your infrastructure. Prior to any operation, Terraform does a refresh to update the state with the real infrastructure. > > For more information on why Terraform requires state and why Terraform cannot function without state, please see the page state purpose. Hashicorp Terraform Documentation -
  • 13. TerraformxStatepurpose > The primary motivation people have for using remote state files is in an attempt to improve using Terraform with teams. State files can easily result in conflicts when two people modify infrastructure at the same time. > > _Remote state_ is _the recommended solution_ to this problem. At the time of writing, remote state works well but there are still scenarios that can result in state conflicts. A priority for future versions of Terraform is to improve this. “Remote State” Terraform “Remote State” Terraform Hashicorp Terraform Documentation -
  • 14. Blob(Object) Storage $ python –version && mkdir terraform-demo && cd terraform-demo && virtualenv env && source env/bin/ac]vate && pip install azure-cli $ az login To sign in, use a web browser to open the page h`ps://microsob.com/devicelogin and enter the code FYT6E7UGR to authen]cate. # -> browser login $ az group create -n terraform-demo -l japaneast $ az storage account create --name myterrastatestore --resource-group terraform-demo --loca]on japaneast --sku Standard_RAGRS --encryp]on blob $ az storage account keys list --account-name myterrastatestore --resource-group terraform-demo $ az storage container create --name statestorecont --account-key 7p+SUZrcBuE2rUoUAT1RdvcarapOLlI1Qcl1LHAhWzYuz+Gv/w+Znwd7mcSqnITrgMN5NKc296ZfSWw1K21x wQ== --account-name myterrastatestore OS/Security Terraform okay
  • 15. Terraform blobStorage #------------------------------------------------------- # Statement of Resource Group #------------------------------------------------------- resource "azurerm_resource_group" "terraform-blob" { name = "terraform-state-blob” loca^on = "Japan East” } #------------------------------------------------------- # Crea^ng storage blob / account and container #------------------------------------------------------- resource "azurerm_storage_account" "terraform-blob" { name = "decodeterraformblob” resource_group_name = "${azurerm_resource_group.terraform-blob.name}” loca^on = "${azurerm_resource_group.terraform-blob.loca^on}” account_^er = "Standard” account_replica^on_type = ”RAGRS” } resource "azurerm_storage_container" "terraform-blob" { name = "terraformblobstatefile” resource_group_name = "${azurerm_resource_group.terraform-blob.name}” storage_account_name = "${azurerm_storage_account.terraform-blob.name}” container_access_type = "private” }
  • 16. remoteState.tf terraform { backend "azurerm" { storage_account_name = "myterrastatestore" container_name = "statestorecont" key = "prod.terraform.tfstate" access_key = "lo1EmEyuHAaRfBXkASHXONB431foHh0CwXE3p3qwR0KTZp mrQsAbMdAD54I7Lae801Om7v0VVH5PCqfVc0+GOA==" } } ! Key
  • 17. Q. terraform plan az login A. az login Auth Token Expire Time default RBAC Service principal Azure
  • 18. TerraformxAzure Terraform Azure Provider Azure Azure CLI Auth Token Auth Token `$HOME/.azure/accessTokens.json` Auth Token Expire
  • 19. RBAC RolebasedAccess Control AzureOn-Premises Sector 1 Sector 2 .. Region NA Region SA Division Mktg .. Division Sales .. Project 1 Project 2 .. Subscription per Sector Resource Group per Project Tags Region, Division, Project “Standard” VNet per Division in separate resource group Billing Tracked per Division Subnet On “standard” Vnet assigned to each Project Users,Groupsand PasswordSyncAcXve Directory ExpressRoute(s) IT Director’ Office Azure Active Directory Infrastructure Admins and Support Project Team Roles Network Admins Owners of SubscripXons VNet Contributors of “standard” VNet RGs Virtual Machine Contributors of Project RGs and “standard” VNet RGs Appropriate Role on Project RGs
  • 20. AzureCLI RBAC Serviceprincipal azlogin OAuth web applica@on SP(azure cli control) ①Login ②Login Code ③Login Code ④Login Code+ User Creden@al ⑥Auth Token $HOME/.azure/accessToken.json ⑦Auth Token ⑤ Azure CLI Web Token Expired Time !
  • 21. RBAC Serviceprincipal $# default 1 --years opYon $ az ad sp create-for-rbac AppId DisplayName Name Password Tenant ---------------------------- ------------------------- --------------------------- ------------------------- ---------------------- 15ac61e0-35a0-4969-97c9-1309420aabae azure-cli-2018-06-14-07-26-27 h]p://azure-cli-2018-06-14-07-26- 27 8d3f937e-6818-48fd-b36a-93e8fa9709f8 72f988bf-86f1-41af-91ab-2d7cd011db47 $ #subscripYon ID $ az account list Name CloudName SubscripYonId State IsDefault ---------------------------------- ----------- ------------------------------------ ------- ----------- Visual Studio Enterprise AzureCloud 2fasdfasd5a3-asdf65-4asdf-8bd9-d8asdfsdfdef8 Enabled Microsoa Azure XXXX AzureCloud casdfasdf-s7fd1-46dd-87asfdsfasdff375 Enabled True $# $ az login --service-principal -u h]p://azure-cli-2018-06-14-07-26-27 -p "8d3f937e-6818-48fd-b36a- 93e8fa9709f8" --tenant "72f988bf-86f1-41af-91ab-2d7cd011db47"
  • 22. Credential tf [azureCred.<] variable subscripEon_id {} variable tenant_id {} variable client_id {} variable client_secret {} provider "azurerm" { subscripEon_id = " ${var. subscripEon_id} " tenant_id = " ${var. tenant_id} " client_id = " ${var.client_id} " #app id → client id client_secret = "${var.client_secret}" #Password → client secret } [terraform.<vars] subscripEon_id = ”xxxxxxxxx-xxxxxxxxxx-sdfasdfasf375" tenant_id = ”asdfasdfasdf-asdf-asdf-asdfasdfasdfasdf” client_id = “15ac61e0-35a0-4969-97c9-1309420aabae” client_secret = “8d3f937e-6818-48fd-b36a-93e8fa9709f8”
  • 23. Q. terraform plan az login CI/CD token A. Azure
  • 24. Token [ ] Azure Azure AD Auth Token Token Token Code [ ] Azure MSI Managed Service Identity
  • 25. ManagedServiceIdenVty Tenant - Subscription Resource Group A Azure AcDve Directory Resource Group B MSI VM [Management VM] $az login --idenDty MSI endpoint Management VM Resource Group A Token Get Auth Token $terraform init/plan /apply/destroy VM
  • 28.
  • 29. MSI Staging RG Production RG Management RG
  • 30. Test and Staging Phase Maven Build and App Test Staging Deploy Production Deploy E2E Test Go to Production Phase
  • 31.
  • 32. Let’s try AKS with Terraform!!
  • 33. Terraform Azure oif(2018/06/14) Microsoft Microsoft M r Microsoft r r Microsoft i tr r r s r Microsoft c r c