Tweet
Tweet

Slide 1

Slide 1 text

Building Infrastructure you can (mostly) trust.

Slide 2

Slide 2 text

TEMP HUM NOISE LUX PAX GATEWAY 1 IN OUT GATEWAY 2 IN OUT GATEWAY N IN OUT CLOUD INTERNAL

Slide 3

Slide 3 text

DEADLINE: TBD :) * improve code TO DO

Slide 4

Slide 4 text

Deployment Guide: SQL Server rev. 12 DEADLINE: ASAP * SQL Server (HA) :( TO DO 1 / 23

Slide 5

Slide 5 text

Deploy for upcoming Exposition? S. Miller to: me, A. Chyornyj

Slide 6

Slide 6 text

TERMINAL > terraform plan -out="iot.tfplan" Plan: 8 to add, 0 to change, 0 to destroy. ──────────────────────────────────────── Saved the plan to: iot.tfplan Run the following command to apply: terraform apply "iot.tfplan"

Slide 7

Slide 7 text

Out-Group external partners General Public OSS contributions You In-Group associated teams, rest of organization Neighbours direct teammates

Slide 8

Slide 8 text

01 Works On My Machine Trusting Yourself

Slide 9

Slide 9 text

CODE EDITOR resource "yandex_compute_instance" "exposition" { name = "vdnkh-1" platform_id = "standard-v1" zone = var.yandex_zone resources { cores = 20 memory = 48 } boot_disk { auto_delete = true initialize_params { image_id = data.yandex_compute_image.ubuntu.image_id } } !!" Trustable Code

Slide 10

Slide 10 text

TERMINAL > git log -1 commit dbbb68b7cd862a95467940a3636813117d3bd2cd (HEAD !# main) Author: Kerim Satirli Date: Tue Nov 9 09:41:00 2021 +0200 linting Trustable Code

Slide 11

Slide 11 text

TERMINAL > git log !$show-signature -1 commit dbbb68b7cd862a95467940a3636813117d3bd2cd (HEAD !# main) gpg: Signature made Tue Nov 9 09:41:00 2021 gpg: using RSA key DAC9F8147655C16210FC5BA84E06DF3A215B79A8 gpg: Good signature "[email protected]" Author: Kerim Satirli Date: Tue Nov 9 09:41:00 2021 +0200 linting Trustable Code

Slide 12

Slide 12 text

github.com/operatehappy/packer-hashicorp Trustable Code

Slide 13

Slide 13 text

TERMINAL > terraform validate │ │ Error: Reference to undeclared input variable │ │ on compute.tf line 5 │ in resource "yandex_compute_instance" "exposition": │ │ 5: zone = var.yandex_zon │ │ An input variable with the name "yandex_zon" has not been │ declared. │ │ Did you mean "yandex_zone"? │ Validation (basic)

Slide 14

Slide 14 text

TERMINAL > pre-commit run !$all-files Check for added large files............................Passed Check for case conflicts...............................Passed Check for merge conflicts..............................Passed Terraform fmt..........................................Passed Terraform validate.....................................Passed Validation (basic)

Slide 15

Slide 15 text

TERMINAL > tflint Validation (advanced) 1 issue(s) found: Notice: resource name `exposition-test` must match the following format: snake_case (terraform_naming_convention) on compute.tf line 2: 2: resource "yandex_compute_instance" "exposition-test" { Reference: github.com/terraform-linters/tflint/blob/master/ docs/rules/terraform_naming_convention.md

Slide 16

Slide 16 text

CODE EDITOR Version Pinning terraform { required_providers { yandex = { source = "yandex-cloud/yandex" version = "0.66.0" } } required_version = "1.0.10" }

Slide 17

Slide 17 text

CODE EDITOR Version Pinning terraform { required_providers { yandex = { source = "yandex-cloud/yandex" version = "0.66.0" } } required_version = "1.0.10" }

Slide 18

Slide 18 presenter notes

Learn more about the Terraform 1.0 Compatibility Promises.

Slide 18 text

Compatibility Promises https://www.terraform.io/docs/language

Slide 19

Slide 19 text

TERMINAL > terraform init Initializing provider plugins!!" - Finding yandex-cloud/yandex versions matching "0.66.0"!!" - Installing yandex-cloud/yandex v0.66.0!!" - Installed yandex-cloud/yandex v0.66.0 (key ID E40F590B50BB8E40) Version Pinning

Slide 20

Slide 20 text

CODE EDITOR Version Pinning providers "registry.terraform.io/yandex-cloud/yandex" { version = "0.66.0" constrains = "0.66.0" hashes = [ "h1:oThGd+Ls!!"84poGbY=", "zh:2eb19ceb!!"bc734a96", "zh:3f094b5b!!"3647a69d", "zh:43f1c9f0!!"996adb2c", "zh:44ca4c74!!"928943c9", "zh:609f33ad!!"9f1592ce", "zh:6da9c95b!!"1d179d88", "zh:6deacbba!!"bc2031a1", "zh:77283a62!!"60a436da", "zh:8a12d8cb!!"a683aa4c", "zh:9c91491d!!"2d40e0fc", "zh:b3b37f83!!"4ca284fd", "zh:dc8cd0d2!!"fff4016f", "zh:e298c674!!"f5e72b26", ] }

Slide 21

Slide 21 text

▪ formatting ▪ linting ▪ version pinning Works On My Machine

Slide 22

Slide 22 text

02 Architecture to form Trust Relationships Trusting Your Team

Slide 23

Slide 23 text

CODE EDITOR variable "yandex_token" { type = string sensitive = true description = "IAM token for authentication." }

Slide 24

Slide 24 text

CODE EDITOR # see registry.terraform.io/providers/yandex-cloud/yandex/latest/docs#zone variable "yandex_zone" { type = string default = "ru-1c" # see cloud.yandex.com/en/docs/overview/concepts/geo-scope validation { condition = contains(["ru-1a", "ru-1c"], var.yandex_zone) error_message = "Value must be one of `ru-1a` or `ru-1c`." } }

Slide 25

Slide 25 text

CODE EDITOR Output output "console_compute_instances_overview" { description = "URL for Compute Overview." value = "console.cloud.yandex.com/!!"" } output "yandex_folder_id" { description = "Yandex.Cloud Folder ID." sensitive = true value = var.yandex_folder_id }

Slide 26

Slide 26 text

TERMINAL > terraform plan Terraform will perform the following actions: # yandex_compute_disk.os_disk will be created + resource "yandex_compute_disk" "os_disk" {} # yandex_compute_disk.data_disk will be created + resource "yandex_compute_disk" "data_disk" {} # yandex_compute_instance.main will be created + resource "yandex_compute_instance" "main" {} # yandex_dns_zone.main will be created + resource "yandex_dns_zone" "main" {} Codify Patterns

Slide 27

Slide 27 text

Codify Patterns https://github.com/im2nguyen/rover

Slide 28

Slide 28 text

Minimally Viable Pattern Networking Module ▪ Resources – vpc_network – vpc_subnet(s) – vpc_security_group ▪ Inputs / Outputs – var.cidr_range – dns_zone – iam_service_account Compute Module ▪ Resources – compute_instance – compute_disk(s) – dns_recordset(s) ▪ Inputs / Outputs – vpc_subnet – dns_zone – iam_service_account IAM Module ▪ Resources – resourcemanager_folder – iam_* ▪ Inputs / Outputs – var.zone – var.folder_id – iam_service_account

Slide 29

Slide 29 text

TERMINAL > cd module-example !& tree ├── examples ├── CHANGELOG.md ├── LICENSE ├── README.md ├── main.tf ├── output.tf ├── terraform.tf └── variables.tf Module Structure

Slide 30

Slide 30 text

CODE EDITOR resource "yandex_compute_instance" "exposition" { name = "vdnkh-1" platform_id = "standard-v1" zone = var.yandex_zone !!" } moved { from = yandex_compute_instance.exposition to = yandex_compute_instance.main } Config-driven Move (Terraform 1.1)

Slide 31

Slide 31 text

CODE EDITOR Module Defaults module "website" { source = "vdnkh/website/yandex" version = "1.0.0" folder_id = var.yandex_folder_id zone = var.yandex_zone }

Slide 32

Slide 32 text

CODE EDITOR Protecting Secrets provider "yandex" { token = var.yandex_token cloud_id = var.yandex_cloud_id folder_id = var.yandex_folder_id zone = var.yandex_zone }

Slide 33

Slide 33 text

CODE EDITOR Protecting Secrets variable "yandex_token" { type = string sensitive = true description = "IAM token for authentication." } output "var.yandex_folder_id" { description = "Yandex.Cloud Folder ID." sensitive = true value = var.yandex_folder_id }

Slide 34

Slide 34 text

TERMINAL > terraform-docs . README.md updated successfully Generated Docs

Slide 35

Slide 35 text

Generated Docs git.io/JX2mP

Slide 36

Slide 36 text

TEMP HUM NOISE LUX PAX GATEWAY 1 IN OUT GATEWAY 2 IN OUT QUARANTINE CLOUD GATEWAY N IN OUT INTERNAL

Slide 37

Slide 37 text

▪ validate your inputs ▪ over-document everything ▪ modularize with minimalism in mind Trust Relationships

Slide 38

Slide 38 presenter notes

Find more resources on github.com/ksatirli/building-infrastructure-you-can-mostly-trust.

Slide 38 text

▪ slides: ▪ code: Resources speakerdeck.com/ksatirli/building-infrastructure-you-can-mostly-trust github.com/ksatirli/building-infrastructure-you-can-mostly-trust

Slide 39

Slide 39 presenter notes

Find me on twitter.com/ksatirli.

Slide 39 text

Sr. Developer Advocate at HashiCorp he/him @ksatirli Kerim Satirli

Slide 40

Slide 40 text

Thank You @ksatirli [email protected]