Diese Präsentation wurde erfolgreich gemeldet.
Die SlideShare-Präsentation wird heruntergeladen. ×

OSDC 2019 | Terraform best practices with examples and arguments by Anton Babenko

Anzeige
Anzeige
Anzeige
Anzeige
Anzeige
Anzeige
Anzeige
Anzeige
Anzeige
Anzeige
Anzeige
Anzeige
Wird geladen in …3
×

Hier ansehen

1 von 81 Anzeige

OSDC 2019 | Terraform best practices with examples and arguments by Anton Babenko

Herunterladen, um offline zu lesen

This talk is for the developers who want to learn best practices in using Terraform at companies and projects of various size (from small to very large), get pros&cons on code structuring, compositions, tools. Also, attendees will be able to learn Terraform (and Terragrunt) tricks and gotchas.

This talk is for the developers who want to learn best practices in using Terraform at companies and projects of various size (from small to very large), get pros&cons on code structuring, compositions, tools. Also, attendees will be able to learn Terraform (and Terragrunt) tricks and gotchas.

Anzeige
Anzeige

Weitere Verwandte Inhalte

Diashows für Sie (20)

Ähnlich wie OSDC 2019 | Terraform best practices with examples and arguments by Anton Babenko (20)

Anzeige

Aktuellste (20)

OSDC 2019 | Terraform best practices with examples and arguments by Anton Babenko

  1. 1. Terraform Best Practices Anton Babenko @antonbabenko May 2019
  2. 2. Anton Babenko Terraform AWS fanatic since 2015 Organiser of HashiCorp UG, AWS UG, DevOps Norway, DevOpsDays Oslo I 💚 open-source: terraform-community-modules + terraform-aws-modules antonbabenko/pre-commit-terraform — clean code and documentation antonbabenko/tfvars-annotations — update terraform.tfvars using annotations (WIP) antonbabenko/modules.tf-lambda — generate Terraform code from visual diagrams antonbabenko/terragrunt-reference-architecture — Terragrunt reference architecture www.terraform-best-practices.com medium.com/@anton.babenko @antonbabenko — Twitter, GitHub, Linkedin
  3. 3. What do I do? All-things Terraform + AWS + DevOps Consulting Workshops Trainings Mentorship My email: anton@antonbabenko.com LinkedIn: https://www.linkedin.com/in/antonbabenko
  4. 4. Collection of open-source Terraform AWS modules supported by the community. More than 2 mil. downloads since September 2017. (VPC, Autoscaling, RDS, Security Groups, ELB, ALB, Redshift, SNS, SQS, IAM, EKS, ECS…) github.com/terraform-aws-modules registry.terraform.io/modules/terraform-aws-modules @antonbabenko
  5. 5. Cloudcraft.co — the best way to draw AWS diagrams @antonbabenko
  6. 6. cloudcraft.co features • Manage components in browser (EC2 instances, autoscaling groups, RDS, etc) • Connect components • Import live AWS infrastructure • Calculate the budget • Share link to a blueprint • Export as image • Embed drawing to wiki, Confluence, etc @antonbabenko
  7. 7. Infrastructure as code makes DevOps possible Key benefits: • Treat infrastructure like application code • Always know what changed • Validate infrastructure before deployment https://dzone.com/articles/infrastructure-as-code-the-benefits @antonbabenko
  8. 8. Tool for building, changing and versioning infrastructure safely and efficiently. www.terraform.io @antonbabenko
  9. 9. @antonbabenko
  10. 10. Google Cloud Deployment Manager Azure Resource Manager @antonbabenko
  11. 11. @antonbabenko
  12. 12. +morethan100providers @antonbabenko
  13. 13. Why Terraform and not AWS CloudFormation, Azure ARM, Google Cloud Deployment Manager? Terraform manages 100+ providers, has easier syntax (HCL), has native support for modules and remote states, has teamwork related features, is an open-source project. Provides a high-level abstraction of infrastructure (IaC) Allows for composition and combination Orchestration, not merely configuration Supports parallel management of resources (graph, fast) Separates planning from execution (dry-run) @antonbabenko
  14. 14. Terraform — universal tool for everything with an API Google G Suite Dropbox files and access New Relic metrics Datadog users and metrics Jira issues Minecraft, or even order Domino’s pizza All Terraform providers — https://www.terraform.io/docs/providers/index.html @antonbabenko
  15. 15. Let’s start! @antonbabenko
  16. 16. "Let’s manage AWS network stack" @antonbabenko
  17. 17. @antonbabenko
  18. 18. @antonbabenko
  19. 19. @antonbabenko
  20. 20. @antonbabenko
  21. 21. @antonbabenko
  22. 22. main.tf: 10-20 Kb 300+ LOC @antonbabenko
  23. 23. Emerging issues Code size is increasing Dependencies between resources become complicated @antonbabenko
  24. 24. Terraform modules @antonbabenko
  25. 25. Modules in Terraform are self-contained packages of Terraform configurations that are managed as a group. @antonbabenko
  26. 26. Types of Terraform modules Resource modules (github.com/terraform-aws-modules , for eg) Infrastructure modules @antonbabenko
  27. 27. Resource modules Create resources in a very flexible configuration Open-source @antonbabenko
  28. 28. Resource modules @antonbabenko
  29. 29. Resource modules @antonbabenko
  30. 30. Resource modules @antonbabenko
  31. 31. Resource modules @antonbabenko
  32. 32. Would you use Terraform module to manage AWS EC2 security group? @antonbabenko
  33. 33. @antonbabenko
  34. 34. Would you use Terraform module to manage AWS EC2 security group? Yes :) @antonbabenko
  35. 35. Infrastructure modules Consist of resource modules Enforce tags and company standards (encryption, naming) Use preprocessors, jsonnet, cookiecutter @antonbabenko
  36. 36. Infrastructure modules @antonbabenko
  37. 37. Infrastructure modules @antonbabenko
  38. 38. Infrastructure modules @antonbabenko
  39. 39. @antonbabenko
  40. 40. Terraform modules: do and don’t @antonbabenko
  41. 41. Very Frequent Problem: Terraform modules can’t be re-used, because they are very specific @antonbabenko
  42. 42. Exception: logical providers (template, random, local, http, external) Providers in modules — evil @antonbabenko
  43. 43. @antonbabenko
  44. 44. Provisioner — evil Avoid provisioner in all resources @antonbabenko
  45. 45. Provisioner — evil Avoid provisioner in all resources @antonbabenko
  46. 46. Provisioner — evil Avoid provisioner even in EC2 resources @antonbabenko
  47. 47. Provisioner — evil Avoid provisioner even in EC2 resources @antonbabenko
  48. 48. @antonbabenko
  49. 49. @antonbabenko
  50. 50. null_resource provisioner — good @antonbabenko
  51. 51. Traits of good Terraform modules Documentation and examples Feature rich Sane defaults Clean code Tests Read more: http://bit.ly/common-traits-in-terraform-modules @antonbabenko
  52. 52. Are Terraform modules enough? @antonbabenko
  53. 53. No, Terraform module is the beginning. @antonbabenko
  54. 54. - [x] Terraform modules - [ ] How to structure Terraform configurations? - [ ] Terraform workspaces - [ ] Terraform 0.12 @antonbabenko
  55. 55. How to structure Terraform configurations? How to call them? @antonbabenko
  56. 56. Call Terraform modules Use Terraform modules, because amount of resources and code is increasing How to organize Terraform configurations and invoke them? How to orchestrate modules? @antonbabenko
  57. 57. All-in-one Good: Declare variables and outputs in fewer places Bad: Large blast radius Everything is blocked at once Impossible to specify dependencies between modules (depends_on) @antonbabenko
  58. 58. 1-in-1 Good: Smaller blast radius Possible to join invocation Easier and faster to work with Bad: Declare variables and outputs in more places @antonbabenko
  59. 59. Which way do you group your code? All-in-one or 1-in-1? @antonbabenko
  60. 60. All-in-one 1-in-1 or @antonbabenko
  61. 61. Correct MFA (Most Frequent Answer): Somewhere in between @antonbabenko
  62. 62. All-in-one Undefined project scope Fast prototyping and initial development phase Small number of resources & developers Tightly connected resources 1-in-1 Defined project scope Different types of developers involved * Code reuse is encouraged (across organization and environments) Use Terragrunt @antonbabenko
  63. 63. What about Terraform workspaces? @antonbabenko
  64. 64. Problems with Terraform workspaces Terraform Workspaces aren’t infrastructure-as-code friendly. You can’t answer straight from the code: "How many workspaces do you have?" "What infrastructure has been deployed in workspaceX?" "What is the difference between workspaceX and workspaceY?" Introducing complexity almost in all cases. @antonbabenko
  65. 65. Solution — use re-usable modules instead of workspaces @antonbabenko
  66. 66. Terraform 0.12 beta1, beta2, rc1, … How will it help? @antonbabenko
  67. 67. Terraform 0.12 HCL2 — simplified syntax Loops ("for") Dynamic blocks ("for_each") Correct conditional operators (… ? … : …) Extended types of variables Templates in values Links between resources are supported (depends_on everywhere) Read more — https://www.hashicorp.com/blog/announcing-terraform-0-1-2-beta @antonbabenko
  68. 68. Everything will be all right after 0.12, or not? @antonbabenko
  69. 69. Well, there are different types of Terraform users @antonbabenko
  70. 70. Types of Terraform users Terraform developers Terraform users (everyone else) @antonbabenko
  71. 71. Terraform developers Write and support Terraform modules Implement company’s standards (security, encryption, integrations) Maintain reference architectures @antonbabenko
  72. 72. Terraform users (everyone) Use Terraform modules by specifying correct values Domain experts May not have "Terraform" in LinkedIn profile @antonbabenko
  73. 73. Terraform 0.12 for developers DevOps&Terraform developers Allow to implement flexible/dynamic/reusable Terraform modules @antonbabenko
  74. 74. Terraform 0.12 for users Terraform users Like HCL2 lightweight syntax more @antonbabenko
  75. 75. - [x] Terraform modules - Yes, must-have! - [x] How to structure Terraform configurations? - [x] One-in-one + terragrunt - [x] Terraform workspaces - No, please! - [x] More directories are easier to work with - [x] Terraform 0.12 - Awesome! - [x] 90% of benefits for Terraform developers - [x] 10% of benefits for Terraform users @antonbabenko Summary
  76. 76. Thanks! Questions? github.com/antonbabenko twitter.com/antonbabenko

×