Testing with YAML

Transcript

1. YAMLΛςετ͢Δ @b4b4r07 (Feb 25, 2019) / mercari.go #6 %YAML 1.2

   --- YAML: YAML Ain't Markup Language What It Is: YAML is a human friendly data serialization standard for all programming languages. YAML Resources: YAML 1.2 (3rd Edition): http://yaml.org/spec/1.2/spec.html YAML 1.1 (2nd Edition): http://yaml.org/spec/1.1/ YAML 1.0 (1st Edition): http://yaml.org/spec/1.0/ YAML Issues Page: https://github.com/yaml/yaml/issues ...

2. BABAROT / @b4b4r07 Mercari, Inc.
 SRE, Microservices Platform Blog /

   tellme.tokyo

3. Kubernetes YAML ΍
 Terraform ͸ॻ͖·͔͢ʁ Question:

4. Infrastructure as Code ͷਁಁ ˎҎԼʮIaCʯͱه͢

5. IaC ͷਁಁ •Terraform ΍ Kubernetes ͷීٴͰঢ়ଶɾఆٛΛίʔυʹ͢Δ͜ͱ͕
 ଟ͘ͳͬͨ •ΠϯϑϥྖҬҎ֎ʹ͓͍ͯ΋ɺιϑτ΢ΣΞͷঢ়ଶ΍ͦͷઃఆΛ
 JSON ΍

   YAML ͱ͍ͬͨݴޠͰ࣋ͭ͜ͱ͕ଟ͘ͳͬͨ https://trends.google.co.jp/trends/explore?date=today%205-y&q=infrastructure%20as%20code

6. • Πϯϑϥͷঢ়ଶΛઃఆϑΝΠϧͰॻ͘ • ιϑτ΢ΣΞ։ൃͷख๏ΛԠ༻Ͱ͖Δ • ϨϏϡʔ • ςετ • etc

   apiVersion: v1 kind: Pod metadata: name: nginx-pod spec: containers: - name: nginx-container image: nginx ports: - containerPort: 80 IaC ͱ͸ Kubernetes Pod ͷ YAML

7. • Πϯϑϥͷঢ়ଶΛઃఆϑΝΠϧͰॻ͘ • ιϑτ΢ΣΞ։ൃͷख๏ΛԠ༻Ͱ͖Δ • ϨϏϡʔ • ςετ • etc

   apiVersion: v1 kind: Pod metadata: name: nginx-pod spec: containers: - name: nginx-container image: nginx ports: - containerPort: 80 Kubernetes Pod ͷ YAML IaC ͱ͸

8. YAML Λςετ͢Δ

9. None

10. Policy as Code •HashiCorp ͕ఏএͨ͠ߟ͑ํ •ઃఆϑΝΠϧʹ͓͚Δ “͜͏͋Δ΂͖” ΛϙϦγʔͱͯ͠ه͢ •੍໿߲໨ (deploy

    region, etc) •ϨϏϡʔ߲໨ (like style guide) Why Policy as Code? - HashiCorp Blog Code Policy Infrastructure IaC Policy as Code

11. Policy as Code Policy as Code - Sentinel by HashiCorp

    •HashiCorp Sentinel ʂ •HashiCorp ੡඼Ͱ࢖͏͜ͱ͕Ͱ͖Δ
 πʔϧ / ࿈ܞ͕Ͱ͖Δ •ྫ͑͹ Terraform ͷઃఆɺ •Ͳ͜ͷ Region ʹσϓϩΠ͢Δ͔ •Instance ͸࠷௿Կ୆֬อ͞ΕΔ͔ •ͳͲΛϙϦγʔͱͯ͠ίʔυԽͰ͖Δ •ͦΕΛνΣοΫͰ͖Δ

12. Policy as Code Policy as Code - Sentinel by HashiCorp

    •HashiCorp Sentinel ʂ •HashiCorp ੡඼Ͱ࢖͏͜ͱ͕Ͱ͖Δ
 πʔϧ / ࿈ܞ͕Ͱ͖Δ •ྫ͑͹ Terraform ͷઃఆɺ •Ͳ͜ͷ Region ʹσϓϩΠ͢Δ͔ •Instance ͸࠷௿Կ୆֬อ͞ΕΔ͔ •ͳͲΛϙϦγʔͱͯ͠ίʔυԽͰ͖Δ •ͦΕΛνΣοΫͰ͖Δ Kubernetes YAML Ͱ΋΍Γ͍ͨ
13. None

14. Stein

15. • ઃఆϑΝΠϧͷϙϦγʔΛίʔυԽͰ͖Δ • JSON, YAML, HCL • Policy as Code

    Λ࣮ફ͢Δ Linter • Terraform ͷΑ͏ʹ HCL Ͱϧʔϧ࡞੒Ͱ͖Δ • ๛෋ͳ Interpolations • υΩϡϝϯτ Stein Stein Documentations

16. apiVersion: v1 kind: Pod metadata: name: nginx-pod namespace: x-echo-jp-dev spec:

    containers: - name: nginx-container image: nginx ports: - containerPort: 80

17. apiVersion: v1 kind: Pod metadata: name: nginx-pod namespace: x-echo-jp-dev spec:

    containers: - name: nginx-container image: nginx ports: - containerPort: 80 লུͰ͖Δ
    ͚Ͳͤͨ͘͞ͳ͍ ྫ͑͹

18. rule "namespace_specification" { description = "Check namespace name is not

    empty” conditions = [ "${jsonpath("metadata.namespace") != ""}", ] report { level = "ERROR" message = "Namespace is not specified" } }

19. rule "namespace_specification" { description = "Check namespace name is not

    empty” conditions = [ "${jsonpath("metadata.namespace") != ""}", ] report { level = "ERROR" message = "Namespace is not specified" } } ϧʔϧͷఆٛ

20. rule "namespace_specification" { description = "Check namespace name is not

    empty” conditions = [ "${jsonpath("metadata.namespace") != ""}", ] report { level = "ERROR" message = "Namespace is not specified" } } ϧʔϧ͕੒ޭ͢Δ͔ࣦഊ͢Δ͔ͷ৚݅

21. rule "namespace_specification" { description = "Check namespace name is not

    empty” conditions = [ "${jsonpath("metadata.namespace") != ""}", ] report { level = "ERROR" message = "Namespace is not specified" } } ϧʔϧ͕ࣦഊͨ͠Β͜ͷϑΥʔϚοτʹैͬͯ Τϥʔ͕Ϩϙʔτ͞ΕΔ (ऴྃίʔυ1)

22. $ stein apply x-echo-jp/development/Pod/test.yaml [ERROR] rule.namespace_specification Namespace is not specified

    ===================== 7 error(s), 2 warn(s) •Stein Λ࢖͏͜ͱͰɺSentinel ͷΑ͏ʹ Policy as Code Λ࣮ફͰ͖Δ •Sentinel ͸ HashiCorp ੡඼ʹɺStein ͸೚ҙͷઃఆϑΝΠϧʹ •੍໿߲໨ͷݕূ΍ϨϏϡʔ؍఺ͷࢦఠΛػցతʹͰ͖Δ •ʮ஫ҙਂ͘ݟͳ͚Ε͹͍͚ͳ͍ʯʮຖճࢦఠ͢ΔʯͳͲ͸
 ػցతʹνΣοΫͯ͠ϙϦγʔΛϧʔϧԽ͢Δ΂͖

23. GoͰ࡞ͬͨܦҢ

24. ϒϩάʹॻ͍ͨ •hashicorp/hcl2 Λ࢖ͬͯಠࣗ DSL Λఆٛ͢Δ | tellme.tokyo •Kubernetes ͳͲͷ YAML

    ΛಠࣗͷϧʔϧΛ΋ͱʹςετ͢Δ | tellme.tokyo

25. Thank you