Terraform交通整備 〜大事故を防ぐために〜

Transcript

1. Copyright coconala Inc. All Rights Reserved. Terraformަ௨੔උ ʙେࣄނΛ๷͙ͨΊʹʙ γεςϜϓϥοτϑΥʔϜ෦ ΠϯϑϥɾSREνʔϜ

   TeamManager ٢઒୓ݟ

2. Copyright coconala Inc. All Rights Reserved. 2 ࣗݾ঺հ ٢઒୓ݟʢΑ͔͠Θ ͨ͘Έʣ

   • ੜ·Ε ੩Ԭ → จܥେֶ͔ΒΤϯδχΞ΁ • ܦྺ ۚ༥SIer → ελʔτΞοϓ → ίίφϥ • झຯ ϥΠϒɾΠϕϯτʹߦ͘

3. Vision Ϗδϣϯɺϛογϣϯʹج͍ͮͨࣄۀΛల։ νʔϜ͕ߏங͍ͨ͠ͱࢥ ͏࠷ྑͳະདྷͷΠϝʔδ νʔϜ͕ߏங͍ͨ͠ͱࢥ ͏࠷ྑͳະདྷͷΠϝʔδ Mission νʔϜ͕࣮ݱ͍ͨ͠த৺ తͳ໨తʢଘࡏҙٛʣ ҰਓͻͱΓ͕ʮࣗ෼ͷετʔϦʔʯΛੜ͖͍ͯ͘ੈͷதΛ࡞Δ

   ݸਓͷ஌ࣝɾεΩϧɾܦݧΛՄࢹԽ͠ɺ ඞཁͱ͢Δ͢΂ͯͷਓʹ݁ͼ͚ͭɺ ݸਓΛΤϯύϫʔϝϯτ͢ΔϓϥοτϑΥʔϜΛఏڙ͢Δ ஌ࣝɾεΩϧɾܦݧͷϚονϯάαʔϏεΛల։ ࣄۀ಺༰ 3

4. ࣄ຿ɾൿॻɺܦཧɺਓࣄɺCSɺϚʔέςΟϯάɺσβΠϯɾ੍࡞ͳͲ ͷਓखෆ଍Λղফ اۀ๊͕͑Δ༷ʑͳܦӦ՝୊Λɺ ܦݧ΍஌ݟͷ๛෋ͳϓϩਓࡐΛ׆༻͢Δ͜ͱͰղܾ ඞཁͳ෼͚ͩ࣌ؒ՝ۚͰ Ϗδωε୅ߦͯ͘͠Ε͑ΔਓΛ঺հ ϋΠΫϥεͷۀ຿ҕୗ ίϯαϧλϯτΛ঺հ ઐ೚ελοϑΛ௨ͯ͡ɺݫબͨ͠ඇެ։ͷ໊࣮τοϓΫϦΤΠλʔ΁ ϩΰ΍ಈըɺϗʔϜϖʔδͳͲͷσβΠϯɾ੍࡞ܥͷδϟϯϧ

   Λఏڙ͠ΫϦΤʔλʔෆ଍Λղফ ίίφϥ͕ܖ໿ओମͱͳΓ ϋΠΫϥε໊࣮ΫϦΤΠλʔΛ঺հ ๏཯Q&AΛແྉͰӾཡɾ౤ߘͰ͖ɺ4,000໊Ҏ্ͷหޢ࢜Λ ෼໺ɾ஍ҬผͰݕࡧɾ໰͍߹Θ͕ͤՄೳʢ޿ࠂܝࡌ՝ۚϞσϧʣ ITਓࡐͷۀ຿ҕୗ ΤʔδΣϯτ หޢ࢜ͱϢʔβʔͷ ϚονϯάαʔϏε ECܕͷαʔϏε ϚʔέοτϓϨΠε ϚονϯάαʔϏε ֓ཁ 4 Ϗδωε໨తͷߪೖʹ ಛԽͨ͠αʔϏε ITϑϦʔϥϯεͱاۀΛϚονϯάɻεΩϧϚʔέοτɾ ςοΫΤʔδΣϯτ྆ํͰͷධՁσʔλΛ࿈ܞɾ׆༻༧ఆ

5. Copyright coconala Inc. All Rights Reserved. 5 ͖͔͚ͬ

6. Copyright coconala Inc. All Rights Reserved. 6 6೥෼ͷࢥ͍͕ίʔυʹڽॖ͞Ε͍ͯͨ ɾ࣮૷ͨ࣌͠΋୲౰ऀ΋όϥόϥ →

   ͦͷͨΊ͓ͷ͓ͷͷࢥ͏ߏ੒͕ݱࡏ·Ͱ࢒ͬͨ ɾ໋໊༳Ε͕ଟ͍ → module/awsͳͷ͔aws/moduleͳͷ͔ ɾmoduleͱͯ͠࡞੒͍ͯ͠Δ͕த਎͸resource͕1ͭ͋Δ͚ͩͱ͍͏͜ͱ ͕··͋Δ → moduleͷ༗༻ੑ͕Θ͔Βͣʹ࣮૷͞Ε͍ͯΔ ɾಉ͡ίʔυ͕module֎ʹ΋هड़͞Ε͍ͯͯɺmoduleͷςΠΛͳ͍ͯ͠ͳ ͔ͬͨ → ෆཁͳίʔυ͕ٯʹࠞཚΛট͍ͨ

7. Copyright coconala Inc. All Rights Reserved. 7 applyͰαʔϏεμ΢ϯͤͯ͞͠·ͬͨ • मਖ਼ϛεͰλʔήοτάϧʔϓ͕֎ΕΔࠩ෼Λݟམͱͨ͠

   • deleteʹ͸හײ͕ͩͬͨɺchangeͩͬͨͷ͕᠘ ~ resource "aws_autoscaling_group" "api_production" { + force_delete_warm_pool = false id = "api-prod" ~ launch_configuration = "api-prod_v1" -> "api-prod_v2" name = "api-prod" ~ target_group_arns = [ - "arn:aws:elasticloadbalancing:ap-northeast-1:XXX:targetgroup/api/v2” ]

8. Copyright coconala Inc. All Rights Reserved. 8 ෼ੳͱֶͼ • ͻͱͭͷPRͰෳ਺ͷରॲΛͨ͠

   ◦ ϦϑΝΫλ + terraformόʔδϣϯΞοϓ + ຊདྷͷมߋ ◦ ຊདྷ͋Δ΂͖planͷࠩ෼͕ݟ͑ͮΒ͘ͳͬͨ • ίʔυ͕ݹ͗ͯ͢ϦϑΝΫλͤ͟ΔΛಘͳ͔ͬͨ • terraformόʔδϣϯ͕ద੾ʹ؅ཧͰ͖͍ͯͳ͔ͬͨ • ো֐௚ޙʹ௚઀ݪҼ͕ຊ࡞ۀͰ͋Δ͜ͱΛ௥͑Δ·Ͱʹ࣌ؒΛཁͨ͠ ◦ ୭͕͍ͭ΍ͬͨͷ͔ه࿥͞Εͳ͍

9. Copyright coconala Inc. All Rights Reserved. 9 ରࡦ • ίʔυͷෛ࠴Λղফ

   • ద੾ͳόʔδϣϯ؅ཧ • plan / applyͷ࢓૊ΈڧԽ • ӡ༻໘Ͱͷվળ

10. Copyright coconala Inc. All Rights Reserved. 10 ίʔυෛ࠴ղফ

11. Copyright coconala Inc. All Rights Reserved. 11 ίʔυͷෛ࠴Λղফ ɾεςʔτϑΝΠϧΛͲͷΑ͏ʹ෼͚Δ͔Λ ߟ͑Δ

    ɾαʔϏε / module ϨϕϧͰಉ༷ͷߏ੒Λ ͱΔΑ͏ʹ͢Δ ɾਖ਼ղ͸ͳ͘ɺ౎౓ߏ଄มߋΛߟ͑Δ ɾ৽ن࡞੒͔Βద༻͠ɺաڈͷ΋ͷ͸ਵ࣌ Ҡߦ͍ͯ͘͠

12. Copyright coconala Inc. All Rights Reserved. 12 ίʔυͷෛ࠴Λղফ ɾαʔϏε͝ͱʹ؅ཧϦϙδτϦɾAWSΞΧ΢ϯτΛ෼ ཭͍ͯ͠Δ

    ɾ৽αʔϏεΛཱͯΔͱ͖ʹVPC΍RDSͳͲɺಉ͡Α͏ ͳ΋ͷͷίʔυΛϓϦηοτͱ͍ͯ͠Δؾ͕ͨ͠ → ڞ௨moduleʹҠಈ ɾ·ͣ͸৽ཱͯ͘͠ΔαʔϏεΛڞ௨module΁ ɾطଘαʔϏε෼ΛimportͰҠ২ ɾmodule͸ΧϯϖΩͰ͋Δඞཁ͸ͳ͍

13. Copyright coconala Inc. All Rights Reserved. 13 ద੾ͳόʔδϣϯ؅ཧ

14. Copyright coconala Inc. All Rights Reserved. 14 ద੾ʹόʔδϣϯΞοϓΛ͔͚Δ όʔδϣϯ͝ͱʹ஫໨͢΂͖ػೳվળ͓ΑͼҰ෦deprecation͕ߦΘΕ͍ͯΔ •

    null_resourceͷඪ४Խʢ1.4ʣ • importϒϩοΫಋೖʢ1.5ʣ • testίϚϯυര஀ʢ1.6ʣ

15. Copyright coconala Inc. All Rights Reserved. 15 ద੾ʹόʔδϣϯΞοϓΛ͔͚Δ όʔδϣϯ͝ͱʹ஫໨͢΂͖ػೳվળ͓ΑͼҰ෦deprecation͕ߦΘΕ͍ͯΔ •

    null_resourceͷඪ४Խʢ1.4ʣ • importϒϩοΫಋೖʢ1.5ʣ • testίϚϯυര஀ʢ1.6ʣ → ࠷௿ݶ͸EOLରԠɺՄೳͰ͋Ε͹࠷৽൛͕๬·͍͠

16. Copyright coconala Inc. All Rights Reserved. 16 ద੾ʹόʔδϣϯΞοϓΛ͔͚Δ ϓϩόΠμ΋ਵ࣌ߋ৽͞Ε͍ͯΔʢؾ͍ͮͨΒ৽͘͠ͳ͍ͬͯΔϨϕϧʣ •

    hashicorp/aws ◦ 2ϲ݄Ͱ14όʔδϣϯϦϦʔε͍ͯ͠Δʢ5.18.0 → 5.28.0ʣ • hashicorp/google ◦ 2ϲ݄Ͱ10όʔδϣϯϦϦʔε͍ͯ͠Δʢ4.83.0 → 5.7.0ʣ

17. Copyright coconala Inc. All Rights Reserved. 17 ద੾ʹόʔδϣϯΞοϓΛ͔͚Δ ϓϩόΠμ΋ਵ࣌ߋ৽͞Ε͍ͯΔʢؾ͍ͮͨΒ৽͘͠ͳ͍ͬͯΔϨϕϧʣ •

    hashicorp/aws ◦ 2ϲ݄Ͱ14όʔδϣϯϦϦʔε͍ͯ͠Δʢ5.18.0 → 5.28.0ʣ • hashicorp/google ◦ 2ϲ݄Ͱ10όʔδϣϯϦϦʔε͍ͯ͠Δʢ4.83.0 → 5.7.0ʣ → terraformͷόʔδϣϯͱ࿈ಈ͍ͯ͠Δͱߟ͑ɺ͋Θͤͯ͋͛Δ → όά͕ࠞೖ͞ΕΔ͜ͱ͕͋ΔͨΊύονόʔδϣϯ্͕͕ͬͨΒૣ͋ͯ͘Δඞཁ͋Γ

18. Copyright coconala Inc. All Rights Reserved. 18 ద੾ʹόʔδϣϯΞοϓΛ͔͚Δ όʔδϣϯΞοϓπʔϧ͸ҎԼ͕ީิ •

    dependabot • tfupdate • renovate • ࣗલͷεΫϦϓτ

19. Copyright coconala Inc. All Rights Reserved. 19 ద੾ʹόʔδϣϯΞοϓΛ͔͚Δ ͦΕͧΕʹྑ͠ѱ͠ •

    dependabot ◦ GithubΛར༻͍ͯ͠Ε͹΋ͬͱ΋ؾܰʹಋೖՄೳ ◦ PR͕େྔʹͰ͖ΔՄೳੑ͋Γ • tfupdate ◦ terraformͱϓϩόΠμͱผʑʹ্͛Δ͜ͱ͕Մೳ ◦ recursiveʹมߋͰ͖Δ • renovate ◦ tfenvΛར༻͍ͯ͠Δέʔεͷʮ.terraform-versionʯ΋ߋ৽ର৅ ◦ ʮ.terraform.lock.hclʯ΋Α͠ͳʹߋ৽

20. Copyright coconala Inc. All Rights Reserved. 20 ద੾ʹόʔδϣϯΞοϓΛ͔͚Δ ͦͷ΄͔ͷߟྀϙΠϯτ •

    ࣮ߦස౓ ◦ ߏ੒มߋ͕ͲΕ͘Β͍ೖΔ͔ʹΑͬͯΑ͍ͱߟ͑Δ ◦ ίίφϥͰ͸ि࣍Ͱ·Θ͍ͯ͠Δ • PRΛ࡞੒͢Δͷ͸πʔϧʹ͓೚ͤɺͨͩͦ͠ΕʹΑΔมߋ͸֬ೝ͢Δඞཁ͋Γ ◦ ࣍અҎ߱Ͱݴٴ

21. Copyright coconala Inc. All Rights Reserved. 21 plan / applyͷ࢓૊ΈڧԽ

22. Copyright coconala Inc. All Rights Reserved. 22 ਓͷखΛۃྗհࡏͤ͞ͳ͍ & ద༻͕໨ʹݟ͑ΔΑ͏ʹ͢Δ

    • ݱࡏͷӡ༻ ◦ PRΛ࡞੒ → ࠩ෼νΣοΫ͠plan݁ՌΛίϝϯτ·Ͱ͸ࣗಈ ◦ apply͸खಈͰ͋ΓɺmainϚʔδͱͷ੔߹ੑ͕͋΍͍͠

23. Copyright coconala Inc. All Rights Reserved. 23 ਓͷखΛۃྗհࡏͤ͞ͳ͍ & ద༻͕໨ʹݟ͑ΔΑ͏ʹ͢Δ

    • ͜Μͳ࢟ʹ͠Α͏ͱ͍ͯ͠Δ ※ ઈࢍਐߦத ◦ merge / push͞Ε͕ͨ࠷ޙɺ apply͞ΕΔ͸ͪΐͬͱා͍ ◦ plan͕ҙຯΛͳ͢Α͏ʹ͢Δ ◦ ͍ͭมԽ͕ద༻͞Ε͔ͨɺ ◦ ୭͕ঝೝͨ͠ͷ͔Λه࿥͢Δ

24. Copyright coconala Inc. All Rights Reserved. 24 ӡ༻໘Ͱͷվળ

25. Copyright coconala Inc. All Rights Reserved. 25 Τϥʔൃੜ֬཰ΛԼ͛Δ ਓͷ໨ʹΑΔΤϥʔͷ֬཰ΛԼ͛ΔΑ͏ͳϙϦγʔΛఆΊΔ •

    Ұ౓ͷplanมߋྔΛԼ͛Δ ◦ ಛੑͷҟͳΔมߋ͸ผʑͷPRΛͨͯΔ ◦ ͍ͭͰʹͳʹ͔Λ͍Εͳ͍ • ϨϏϡʔڧԽ ◦ Ͳ͏ͯ͠΋ଟ͘ͳΔͱ͖͸ηϧϑϨϏϡʔඞਢͱ͢Δ ▪ ࣮ଶͱͯ͠ͷมߋΛਤࣔ͢ΔɺηϧϑϨϏϡʔίϝϯτΛ࢒͢ͳͲ ◦ ϨϏϡΞʔ͸ʮQuestionʯΛ౤͔͚͛Δ ▪ ॳาతͳ͜ͱͰ΋ͳΜͰ΋͍͍ ▪ Ή͠ΖԿؾͳ͍͜ͱ͕ҙ֎ͱॏେͳ͜ͱͩͬͨ͜ͱ΋͋Δ → ͲΜͳʹؤுͬͯ΋100%ͷ୲อͱஅݴ͸ग़དྷͳ͍

26. Copyright coconala Inc. All Rights Reserved. 26 ςετͷݕ౼ ͍ΘΏΔςετπʔϧͰ͋ΔTerratest͸ෆ࠾༻ •

    ಈతςετͰ͋Γɺͱ͘ʹ୲อ͍ͨ͠ϙΠϯτʹ͸ޮ͔ͳ͍ ◦ applyͨ͠Βࣄނ͕ى͖ͨͷͰɺͦͷલʹݕ஌͍ͨ͠ͱ͍͏ಈػ͕ڧ͍ ▪ ࣄલʹݕ஌ͳΒvalidationͳͲ΄͔ͷํ๏͕·͞Δ ◦ ςετίʔυΛॻͨ͘Ίͷ޻਺΋ͦΕͳΓ ▪ ͦΕʹݟ߹͏୲อ͕Ͱ͖ͳ͍ → ஫จ௨ΓʹͰ͖ͨ͜ͱΛ୲อ͢Δ ΑΓ΋ ΨʔυϨʔϧ͕֑͔͋ͬͯΒམͪͳ͍ ঢ়گΛ࡞Γ͍ͨ

27. Copyright coconala Inc. All Rights Reserved. 27 ςετͷݕ౼ ΨʔυϨʔϧͷྫ •

    preconditionΛهࡌ • Open Policy Agentͷ૊ΈࠐΈ ※ઈࢍਐߦத ◦ ҰྫɿLBʹඥͮ͘λʔήοτάϧʔϓ͕θϩ͸NG ◦ Terraform CloudΛಋೖ͍ͯ͠Ε͹ɺCloudͷػೳͷҰ؀Ͱ૊ΈࠐΈՄೳ ◦ ίίφϥ͸Terraform CloudΛಋೖ͍ͯ͠ͳ͍ͨΊɺGithubActionsͷϑϩʔ಺ʹ૊ΈࠐΈ ༧ఆ • Sentinel ◦ Terraform Cloudݶఆ • terraform-compliance ◦ BDDͰهࡌ → ͜ΕΒΛCIʹ૊ΈࠐΜͰະવʹࣄނΛ๷͙

28. Copyright coconala Inc. All Rights Reserved. 28 ·ͱΊ • ίʔυͷෛ࠴Λղফ

    ◦ γεςϜͷม༰ͱڞʹϕετͳߏ੒͸ߟ͑௚͢ • ద੾ͳόʔδϣϯ؅ཧ ◦ GA࠷৽൛Λར༻͢Δͷ͕౰ͨΓલʹ • plan / applyͷ࢓૊ΈڧԽ ◦ ਓҝతͳϛεͷՄೳੑΛՄೳͳݶΓഉআ • ӡ༻໘Ͱͷվળ ◦ ӡ༻໘ʹ΋ϙϦγʔΛ ◦ ώτͷೖΕସ͑ͳͲͰܧଓతʹߦ͏ඞཁ͕͋Δ

29. ίίφϥ ΤϯδχΞͷX(Twitter) X /Twitterʢ@coconala_engʣ https://twitter.com/coconala_eng We are hiring!! ࠾༻ϗʔϜϖʔδ https://coconala.co.jp/recruit

    ΤϯδχΞ࠾༻ϗʔϜϖʔδ https://coconala.co.jp/recruit/engineer ίίφϥͷਓͱ૊৫Λ఻͑Δϒϩά ίίφϥLIVE https://blog.coconala.co.jp/m/m4e4abe8b17e5 ਓੜͷՄೳੑΛ޿͛ͨϢʔβʔετʔϦʔ Θͨ͠ͷεΩϧղ์ه https://blog.coconala.co.jp/m/me8a586112ad2 ίίφϥʹॴଐ͢ΔΤϯδχΞʹΑΔϒϩά ςοΫϒϩά https://zenn.dev/coconala 29