Upgrade to Pro — share decks privately, control downloads, hide ads and more …

Testing with YAML

BABAROT
February 25, 2019
Technology
5
4.6k

Testing with YAML

YAML のテストについて Policy as Code の考え方を取り入れて Sentinel のようにテストするツールを作った

BABAROT

February 25, 2019
Tweet

More Decks by BABAROT

See All by BABAROT
Cloud Functions in Go at Mercari
b4b4r07
9
4.8k
Insert an Example of Software Engineer Here
b4b4r07
4
1.4k
Kubernetes manifests management and operation in Mercari
b4b4r07
26
6.1k
tfnotify - Show Terraform execution plan beautifully on GitHub
b4b4r07
5
12k
Micoservices Platform in Mercari
b4b4r07
3
130
Terraform Ops for Microservices
b4b4r07
16
14k
シェルスクリプトを書く技術
b4b4r07
2
910

Other Decks in Technology

See All in Technology
20230519_企業でのChatGPT活用と注意点(15min版)_v1.00_共有用
doradora09
0
220
Oracle Database Technology Night #67 Oracle Database High Availability concept
oracle4engineer
PRO
0
390
Amazon EventBridge Schedulerを用いて Amazon QuickSightの運用を改善した話
shogo452
1
200
Start graceful degradation
line_developers
PRO
3
920
DevSecOpsへの展開〜全てのチームの能力を最大限に引き出す/Expanding to DevSecOps
newrelic2023
0
190
CyberAgent AI事業本部MLOps研修基礎編
hosimesi11
2
290
「時系列データ」を ChatGPT で活かすには?!
soracom
PRO
0
130
思わず目にとまる コンテンツの作り方、届け方 / how-to-create-deliver-content-catches-the-eye
carta_engineering
0
170
Save the state
keithyokoma
0
140
初学者が1ヶ月ほどAWS CDKを勉強してみた - AWS CDK Conference Japan 2023
sakaguchi
0
570
全世界のユーザー体験の改善にNew Relic Mobileをどのように活用したか/How New Relic Mobile was used to improve the global user experience
isaoshimizu
1
350
C# の async/await は実際にどうやって動いているか
nenonaninu
1
6k

Featured

See All Featured
Optimizing for Happiness
mojombo
366
66k
Mobile First: as difficult as doing things right
swwweet
213
8k
Art, The Web, and Tiny UX
lynnandtonic
285
18k
"I'm Feeling Lucky" - Building Great Search Experiences for Today's Users (#IAC19)
danielanewman
217
21k
A Modern Web Designer's Workflow
chriscoyier
689
190k
Rebuilding a faster, lazier Slack
samanthasiow
70
7.7k
YesSQL, Process and Tooling at Scale
rocio
158
13k
Facilitating Awesome Meetings
lara
35
4.8k
How New CSS Is Changing Everything About Graphic Design on the Web
jensimmons
214
12k
Building a Scalable Design System with Sketch
lauravandoore
451
31k
The Cult of Friendly URLs
andyhume
70
5.2k
Bootstrapping a Software Product
garrettdimon
PRO
299
110k

Transcript

  1. YAMLΛςετ͢Δ
    @b4b4r07 (Feb 25, 2019) / mercari.go #6
    %YAML 1.2
    ---
    YAML: YAML Ain't Markup Language
    What It Is: YAML is a human friendly data serialization
    standard for all programming languages.
    YAML Resources:
    YAML 1.2 (3rd Edition): http://yaml.org/spec/1.2/spec.html
    YAML 1.1 (2nd Edition): http://yaml.org/spec/1.1/
    YAML 1.0 (1st Edition): http://yaml.org/spec/1.0/
    YAML Issues Page: https://github.com/yaml/yaml/issues
    ...

    View Slide

  2. BABAROT / @b4b4r07
    Mercari, Inc.

    SRE, Microservices Platform
    Blog / tellme.tokyo

    View Slide

  3. Kubernetes YAML ΍

    Terraform ͸ॻ͖·͔͢ʁ
    Question:

    View Slide

  4. Infrastructure as Code ͷਁಁ
    ˎҎԼʮIaCʯͱه͢

    View Slide

  5. IaC ͷਁಁ
    •Terraform ΍ Kubernetes ͷීٴͰঢ়ଶɾఆٛΛίʔυʹ͢Δ͜ͱ͕

    ଟ͘ͳͬͨ
    •ΠϯϑϥྖҬҎ֎ʹ͓͍ͯ΋ɺιϑτ΢ΣΞͷঢ়ଶ΍ͦͷઃఆΛ

    JSON ΍ YAML ͱ͍ͬͨݴޠͰ࣋ͭ͜ͱ͕ଟ͘ͳͬͨ
    https://trends.google.co.jp/trends/explore?date=today%205-y&q=infrastructure%20as%20code

    View Slide

  6. • Πϯϑϥͷঢ়ଶΛઃఆϑΝΠϧͰॻ͘
    • ιϑτ΢ΣΞ։ൃͷख๏ΛԠ༻Ͱ͖Δ
    • ϨϏϡʔ
    • ςετ
    • etc
    apiVersion: v1
    kind: Pod
    metadata:
    name: nginx-pod
    spec:
    containers:
    - name: nginx-container
    image: nginx
    ports:
    - containerPort: 80
    IaC ͱ͸
    Kubernetes Pod ͷ YAML

    View Slide

  7. • Πϯϑϥͷঢ়ଶΛઃఆϑΝΠϧͰॻ͘
    • ιϑτ΢ΣΞ։ൃͷख๏ΛԠ༻Ͱ͖Δ
    • ϨϏϡʔ
    • ςετ
    • etc
    apiVersion: v1
    kind: Pod
    metadata:
    name: nginx-pod
    spec:
    containers:
    - name: nginx-container
    image: nginx
    ports:
    - containerPort: 80
    Kubernetes Pod ͷ YAML
    IaC ͱ͸

    View Slide

  8. YAML Λςετ͢Δ

    View Slide

  9. View Slide

  10. Policy as Code
    •HashiCorp ͕ఏএͨ͠ߟ͑ํ
    •ઃఆϑΝΠϧʹ͓͚Δ “͜͏͋Δ΂͖” ΛϙϦγʔͱͯ͠ه͢
    •੍໿߲໨ (deploy region, etc)
    •ϨϏϡʔ߲໨ (like style guide)
    Why Policy as Code? - HashiCorp Blog
    Code Policy
    Infrastructure
    IaC
    Policy
    as Code

    View Slide

  11. Policy as Code
    Policy as Code - Sentinel by HashiCorp
    •HashiCorp Sentinel ʂ
    •HashiCorp ੡඼Ͱ࢖͏͜ͱ͕Ͱ͖Δ

    πʔϧ / ࿈ܞ͕Ͱ͖Δ
    •ྫ͑͹ Terraform ͷઃఆɺ
    •Ͳ͜ͷ Region ʹσϓϩΠ͢Δ͔
    •Instance ͸࠷௿Կ୆֬อ͞ΕΔ͔
    •ͳͲΛϙϦγʔͱͯ͠ίʔυԽͰ͖Δ
    •ͦΕΛνΣοΫͰ͖Δ

    View Slide

  12. Policy as Code
    Policy as Code - Sentinel by HashiCorp
    •HashiCorp Sentinel ʂ
    •HashiCorp ੡඼Ͱ࢖͏͜ͱ͕Ͱ͖Δ

    πʔϧ / ࿈ܞ͕Ͱ͖Δ
    •ྫ͑͹ Terraform ͷઃఆɺ
    •Ͳ͜ͷ Region ʹσϓϩΠ͢Δ͔
    •Instance ͸࠷௿Կ୆֬อ͞ΕΔ͔
    •ͳͲΛϙϦγʔͱͯ͠ίʔυԽͰ͖Δ
    •ͦΕΛνΣοΫͰ͖Δ
    Kubernetes YAML Ͱ΋΍Γ͍ͨ

    View Slide

  13. View Slide

  14. Stein

    View Slide

  15. • ઃఆϑΝΠϧͷϙϦγʔΛίʔυԽͰ͖Δ
    • JSON, YAML, HCL
    • Policy as Code Λ࣮ફ͢Δ Linter
    • Terraform ͷΑ͏ʹ HCL Ͱϧʔϧ࡞੒Ͱ͖Δ
    • ๛෋ͳ Interpolations
    • υΩϡϝϯτ
    Stein
    Stein Documentations

    View Slide

  16. apiVersion: v1
    kind: Pod
    metadata:
    name: nginx-pod
    namespace: x-echo-jp-dev
    spec:
    containers:
    - name: nginx-container
    image: nginx
    ports:
    - containerPort: 80

    View Slide

  17. apiVersion: v1
    kind: Pod
    metadata:
    name: nginx-pod
    namespace: x-echo-jp-dev
    spec:
    containers:
    - name: nginx-container
    image: nginx
    ports:
    - containerPort: 80
    লུͰ͖Δ
    ͚Ͳͤͨ͘͞ͳ͍
    ྫ͑͹

    View Slide

  18. rule "namespace_specification" {
    description = "Check namespace name is not empty”
    conditions = [
    "${jsonpath("metadata.namespace") != ""}",
    ]
    report {
    level = "ERROR"
    message = "Namespace is not specified"
    }
    }

    View Slide

  19. rule "namespace_specification" {
    description = "Check namespace name is not empty”
    conditions = [
    "${jsonpath("metadata.namespace") != ""}",
    ]
    report {
    level = "ERROR"
    message = "Namespace is not specified"
    }
    }
    ϧʔϧͷఆٛ

    View Slide

  20. rule "namespace_specification" {
    description = "Check namespace name is not empty”
    conditions = [
    "${jsonpath("metadata.namespace") != ""}",
    ]
    report {
    level = "ERROR"
    message = "Namespace is not specified"
    }
    }
    ϧʔϧ͕੒ޭ͢Δ͔ࣦഊ͢Δ͔ͷ৚݅

    View Slide

  21. rule "namespace_specification" {
    description = "Check namespace name is not empty”
    conditions = [
    "${jsonpath("metadata.namespace") != ""}",
    ]
    report {
    level = "ERROR"
    message = "Namespace is not specified"
    }
    }
    ϧʔϧ͕ࣦഊͨ͠Β͜ͷϑΥʔϚοτʹैͬͯ
    Τϥʔ͕Ϩϙʔτ͞ΕΔ (ऴྃίʔυ1)

    View Slide

  22. $ stein apply
    x-echo-jp/development/Pod/test.yaml
    [ERROR] rule.namespace_specification Namespace is not specified
    =====================
    7 error(s), 2 warn(s)
    •Stein Λ࢖͏͜ͱͰɺSentinel ͷΑ͏ʹ Policy as Code Λ࣮ફͰ͖Δ
    •Sentinel ͸ HashiCorp ੡඼ʹɺStein ͸೚ҙͷઃఆϑΝΠϧʹ
    •੍໿߲໨ͷݕূ΍ϨϏϡʔ؍఺ͷࢦఠΛػցతʹͰ͖Δ
    •ʮ஫ҙਂ͘ݟͳ͚Ε͹͍͚ͳ͍ʯʮຖճࢦఠ͢ΔʯͳͲ͸

    ػցతʹνΣοΫͯ͠ϙϦγʔΛϧʔϧԽ͢Δ΂͖

    View Slide

  23. GoͰ࡞ͬͨܦҢ

    View Slide

  24. ϒϩάʹॻ͍ͨ
    •hashicorp/hcl2 Λ࢖ͬͯಠࣗ DSL Λఆٛ͢Δ | tellme.tokyo
    •Kubernetes ͳͲͷ YAML ΛಠࣗͷϧʔϧΛ΋ͱʹςετ͢Δ |
    tellme.tokyo

    View Slide

  25. Thank you

    View Slide