$30 off During Our Annual Pro Sale. View Details »

Testing with YAML

BABAROT
February 25, 2019
Technology
5
4.8k

Testing with YAML

YAML のテストについて Policy as Code の考え方を取り入れて Sentinel のようにテストするツールを作った

BABAROT

February 25, 2019
Tweet

More Decks by BABAROT

See All by BABAROT
SLOをゼロからつくる
b4b4r07
13
5k
Cloud Functions in Go at Mercari
b4b4r07
9
5k
Insert an Example of Software Engineer Here
b4b4r07
4
1.6k
Kubernetes manifests management and operation in Mercari
b4b4r07
27
6.4k
tfnotify - Show Terraform execution plan beautifully on GitHub
b4b4r07
5
13k
Micoservices Platform in Mercari
b4b4r07
3
140
Terraform Ops for Microservices
b4b4r07
16
14k
シェルスクリプトを書く技術
b4b4r07
3
960

Other Decks in Technology

See All in Technology
開発組織の体制づくり、いつやるか問題
akiroom
0
1.4k
開発生産性向上へのコミットについて理解してもらうためのスライドテンプレートを作った話
ouchi2501
0
180
開発生産性の多角的接点〜1,000名のクリエイター組織 × 開発生産性〜 / Multifaceted touchpoints of development productivity
i35_267
3
440
eBPF for the rest of us - Golab 2023
fedepaol
0
300
device mapperによるディスクI/O障害のエミュレーション
sat
PRO
4
1.3k
從心開始的純軟之路
line_developers_tw
PRO
0
1k
エンタープライズSaaSへの挑戦〜顧客の事業を成長させるプロダクトマネジメントとは?〜 / pmconf2023
route06
2
540
APIシナリオテストツールとしてのrunn / 4 API testing tools
k1low
0
290
Kotlin製のGraphQLサーバーをNode.jsでモジュラモノリス化している話
hokaccha
1
2.1k
ROSCon 2023参加報告:Real-Time Workshop & Zenoh's Current Status and Forecast
takasehideki
1
210
LINEでのコミュニケーションにマスコットキーホルダーを使ってみる / LINEを使ったLT大会 #5
you
PRO
0
100
論文紹介: Improving Implicit Feedback-Based Recommendation through Multi-Behavior Alignment(Xin Xin et al., 2023)
hakubishin3
0
170

Featured

See All Featured
The Pragmatic Product Professional
lauravandoore
23
5.4k
The Success of Rails: Ensuring Growth for the Next 100 Years
eileencodes
26
5.7k
Designing on Purpose - Digital PM Summit 2013
jponch
108
6.2k
実際に使うSQLの書き方 徹底解説 / pgcon21j-tutorial
soudai
52
19k
StorybookのUI Testing Handbookを読んだ
zakiyama
9
4.1k
JazzCon 2018 Closing Keynote - Leadership for the Reluctant Leader
reverentgeek
177
10k
JavaScript: Past, Present, and Future - NDC Porto 2020
reverentgeek
39
4k
Automating Front-end Workflow
addyosmani
1354
200k
Distributed Sagas: A Protocol for Coordinating Microservices
caitiem20
318
20k
Keith and Marios Guide to Fast Websites
keithpitt
407
21k
Statistics for Hackers
jakevdp
788
220k
Embracing the Ebb and Flow
colly
77
3.8k

Transcript

  1. YAMLΛςετ͢Δ
    @b4b4r07 (Feb 25, 2019) / mercari.go #6
    %YAML 1.2
    ---
    YAML: YAML Ain't Markup Language
    What It Is: YAML is a human friendly data serialization
    standard for all programming languages.
    YAML Resources:
    YAML 1.2 (3rd Edition): http://yaml.org/spec/1.2/spec.html
    YAML 1.1 (2nd Edition): http://yaml.org/spec/1.1/
    YAML 1.0 (1st Edition): http://yaml.org/spec/1.0/
    YAML Issues Page: https://github.com/yaml/yaml/issues
    ...

    View Slide

  2. BABAROT / @b4b4r07
    Mercari, Inc.

    SRE, Microservices Platform
    Blog / tellme.tokyo

    View Slide

  3. Kubernetes YAML ΍

    Terraform ͸ॻ͖·͔͢ʁ
    Question:

    View Slide

  4. Infrastructure as Code ͷਁಁ
    ˎҎԼʮIaCʯͱه͢

    View Slide

  5. IaC ͷਁಁ
    •Terraform ΍ Kubernetes ͷීٴͰঢ়ଶɾఆٛΛίʔυʹ͢Δ͜ͱ͕

    ଟ͘ͳͬͨ
    •ΠϯϑϥྖҬҎ֎ʹ͓͍ͯ΋ɺιϑτ΢ΣΞͷঢ়ଶ΍ͦͷઃఆΛ

    JSON ΍ YAML ͱ͍ͬͨݴޠͰ࣋ͭ͜ͱ͕ଟ͘ͳͬͨ
    https://trends.google.co.jp/trends/explore?date=today%205-y&q=infrastructure%20as%20code

    View Slide

  6. • Πϯϑϥͷঢ়ଶΛઃఆϑΝΠϧͰॻ͘
    • ιϑτ΢ΣΞ։ൃͷख๏ΛԠ༻Ͱ͖Δ
    • ϨϏϡʔ
    • ςετ
    • etc
    apiVersion: v1
    kind: Pod
    metadata:
    name: nginx-pod
    spec:
    containers:
    - name: nginx-container
    image: nginx
    ports:
    - containerPort: 80
    IaC ͱ͸
    Kubernetes Pod ͷ YAML

    View Slide

  7. • Πϯϑϥͷঢ়ଶΛઃఆϑΝΠϧͰॻ͘
    • ιϑτ΢ΣΞ։ൃͷख๏ΛԠ༻Ͱ͖Δ
    • ϨϏϡʔ
    • ςετ
    • etc
    apiVersion: v1
    kind: Pod
    metadata:
    name: nginx-pod
    spec:
    containers:
    - name: nginx-container
    image: nginx
    ports:
    - containerPort: 80
    Kubernetes Pod ͷ YAML
    IaC ͱ͸

    View Slide

  8. YAML Λςετ͢Δ

    View Slide

  9. View Slide

  10. Policy as Code
    •HashiCorp ͕ఏএͨ͠ߟ͑ํ
    •ઃఆϑΝΠϧʹ͓͚Δ “͜͏͋Δ΂͖” ΛϙϦγʔͱͯ͠ه͢
    •੍໿߲໨ (deploy region, etc)
    •ϨϏϡʔ߲໨ (like style guide)
    Why Policy as Code? - HashiCorp Blog
    Code Policy
    Infrastructure
    IaC
    Policy
    as Code

    View Slide

  11. Policy as Code
    Policy as Code - Sentinel by HashiCorp
    •HashiCorp Sentinel ʂ
    •HashiCorp ੡඼Ͱ࢖͏͜ͱ͕Ͱ͖Δ

    πʔϧ / ࿈ܞ͕Ͱ͖Δ
    •ྫ͑͹ Terraform ͷઃఆɺ
    •Ͳ͜ͷ Region ʹσϓϩΠ͢Δ͔
    •Instance ͸࠷௿Կ୆֬อ͞ΕΔ͔
    •ͳͲΛϙϦγʔͱͯ͠ίʔυԽͰ͖Δ
    •ͦΕΛνΣοΫͰ͖Δ

    View Slide

  12. Policy as Code
    Policy as Code - Sentinel by HashiCorp
    •HashiCorp Sentinel ʂ
    •HashiCorp ੡඼Ͱ࢖͏͜ͱ͕Ͱ͖Δ

    πʔϧ / ࿈ܞ͕Ͱ͖Δ
    •ྫ͑͹ Terraform ͷઃఆɺ
    •Ͳ͜ͷ Region ʹσϓϩΠ͢Δ͔
    •Instance ͸࠷௿Կ୆֬อ͞ΕΔ͔
    •ͳͲΛϙϦγʔͱͯ͠ίʔυԽͰ͖Δ
    •ͦΕΛνΣοΫͰ͖Δ
    Kubernetes YAML Ͱ΋΍Γ͍ͨ

    View Slide

  13. View Slide

  14. Stein

    View Slide

  15. • ઃఆϑΝΠϧͷϙϦγʔΛίʔυԽͰ͖Δ
    • JSON, YAML, HCL
    • Policy as Code Λ࣮ફ͢Δ Linter
    • Terraform ͷΑ͏ʹ HCL Ͱϧʔϧ࡞੒Ͱ͖Δ
    • ๛෋ͳ Interpolations
    • υΩϡϝϯτ
    Stein
    Stein Documentations

    View Slide

  16. apiVersion: v1
    kind: Pod
    metadata:
    name: nginx-pod
    namespace: x-echo-jp-dev
    spec:
    containers:
    - name: nginx-container
    image: nginx
    ports:
    - containerPort: 80

    View Slide

  17. apiVersion: v1
    kind: Pod
    metadata:
    name: nginx-pod
    namespace: x-echo-jp-dev
    spec:
    containers:
    - name: nginx-container
    image: nginx
    ports:
    - containerPort: 80
    লུͰ͖Δ
    ͚Ͳͤͨ͘͞ͳ͍
    ྫ͑͹

    View Slide

  18. rule "namespace_specification" {
    description = "Check namespace name is not empty”
    conditions = [
    "${jsonpath("metadata.namespace") != ""}",
    ]
    report {
    level = "ERROR"
    message = "Namespace is not specified"
    }
    }

    View Slide

  19. rule "namespace_specification" {
    description = "Check namespace name is not empty”
    conditions = [
    "${jsonpath("metadata.namespace") != ""}",
    ]
    report {
    level = "ERROR"
    message = "Namespace is not specified"
    }
    }
    ϧʔϧͷఆٛ

    View Slide

  20. rule "namespace_specification" {
    description = "Check namespace name is not empty”
    conditions = [
    "${jsonpath("metadata.namespace") != ""}",
    ]
    report {
    level = "ERROR"
    message = "Namespace is not specified"
    }
    }
    ϧʔϧ͕੒ޭ͢Δ͔ࣦഊ͢Δ͔ͷ৚݅

    View Slide

  21. rule "namespace_specification" {
    description = "Check namespace name is not empty”
    conditions = [
    "${jsonpath("metadata.namespace") != ""}",
    ]
    report {
    level = "ERROR"
    message = "Namespace is not specified"
    }
    }
    ϧʔϧ͕ࣦഊͨ͠Β͜ͷϑΥʔϚοτʹैͬͯ
    Τϥʔ͕Ϩϙʔτ͞ΕΔ (ऴྃίʔυ1)

    View Slide

  22. $ stein apply
    x-echo-jp/development/Pod/test.yaml
    [ERROR] rule.namespace_specification Namespace is not specified
    =====================
    7 error(s), 2 warn(s)
    •Stein Λ࢖͏͜ͱͰɺSentinel ͷΑ͏ʹ Policy as Code Λ࣮ફͰ͖Δ
    •Sentinel ͸ HashiCorp ੡඼ʹɺStein ͸೚ҙͷઃఆϑΝΠϧʹ
    •੍໿߲໨ͷݕূ΍ϨϏϡʔ؍఺ͷࢦఠΛػցతʹͰ͖Δ
    •ʮ஫ҙਂ͘ݟͳ͚Ε͹͍͚ͳ͍ʯʮຖճࢦఠ͢ΔʯͳͲ͸

    ػցతʹνΣοΫͯ͠ϙϦγʔΛϧʔϧԽ͢Δ΂͖

    View Slide

  23. GoͰ࡞ͬͨܦҢ

    View Slide

  24. ϒϩάʹॻ͍ͨ
    •hashicorp/hcl2 Λ࢖ͬͯಠࣗ DSL Λఆٛ͢Δ | tellme.tokyo
    •Kubernetes ͳͲͷ YAML ΛಠࣗͷϧʔϧΛ΋ͱʹςετ͢Δ |
    tellme.tokyo

    View Slide

  25. Thank you

    View Slide