모던 테라폼 (Modern Terraform)

Byungjin Park ·  posquit0.com ·  posquit0 Copyright ©
2023 All Rights Reserved. Modern Terraform ݽ؍ పۄಬ ߅ ߽૓ (Byungjin Park) · ௿۽٘ (Claud) · Site Reliability Engineer @ ׼Ӕಕ੉  HUG Seoul 📅 April 11, 2023

speaker ߊ಴੗ ࣗѐ Byungjin Park ·  posquit0.com · 
posquit0 Copyright © 2023 All Rights Reserved. ߅߽૓ / @posquit0 / ௿۽٘ (Claud) (അ) Site Reliability Engineer @ ׼Ӕಕ੉ (੹) Director of Infrastructure Division @ ஠ࢎ௏ܻই (੹) Software Architect @ ১פযझ   (੹) Co-founder & Software Engineer @ ஠೒ۖ HashiCorp Ambassador / AWS Community Builder   Ҵઁ೧ఊ؀ഥ DEFCON CTF ࠄࢶ 6ഥ ૓୹ ೞद௏೐ ೠҴ ࢎਊ੗ ݽ੐ ਍৔ ೠҴ੄ য়೑ࣗझ ઺ GitHub 18,000ѐ ੉࢚੄ झఋܳ ߉਷ ೐۽ં౟

v1.0 ੉റ ઱ਃ ߸҃ࢎ೦ Byungjin Park ·  posquit0.com ·
 posquit0 Copyright © 2023 All Rights Reserved. [नӏ ޙߨ] moved ࠶۾ਸ ੉ਊೠ ܻಂష݂ పۄಬ ௏٘੄ ୭࢚ਤ ۨ߰ী ੿੄ೞח नӏ ࠶۾ਵ۽, ௏٘ ܻಂష݂ী ٮܲ పۄಬ ࢚క   ߸҃ ࢎ೦ਸ ݺद੸(expilcitly)ਵ۽ ೧Ѿೞӝ ਤೠ ӝמ from җ to ف о૑ ੋ੗ ч(arguments)ਸ ੿੄ೞৈ ࢎਊ - from: ௏٘ ߸҃ ੹ ܻࣗझ੄ పۄಬ ࢚క ҃۽ - to: ௏٘ ߸҃ റ ܻࣗझ੄ పۄಬ ࢚క ҃۽ moved ࠶۾ ܾܻૉ ߡ੹: Terraform v1.1 https://developer.hashicorp.com/terraform/language/modules/develop/refactoring పۄಬ ݽٕ ੘ࢿ੗ ੑ੢ীࢲח ݽٕ ߸҃ࢎ೦ী ٮܲ పۄಬ ࢚క ݃੉Ӓۨ੉࣌ਸ ੗زച оמ   (ݽٕ ࢎਊ੗о ૒੽ terraform state mv ݺ۸যܳ प೯ೞ૑ ঋইب ߈৔)

 posquit0 Copyright © 2023 All Rights Reserved. [नӏ ޙߨ] moved ࠶۾ਸ ੉ਊೠ ܻಂష݂ పۄಬ ݽٕ ੘ࢿ द moved ࠶۾ ҙܻ ੹ۚ ੌ߈ పۄಬ ݽٕ ౵ੌ ҳࢿ moved ࠶۾ ҙܻ ౵ੌ ҳࢿ - ೞա੄ ౵ੌীࢲ ݽٚ moved ࠶۾ ҙܻ (migrations.tf ഑਷ moves.tf ١) - moved ࠶۾਷ ૑਋૑ ݈Ҋ ૑ࣘ ҙܻೡ Ѫ - ৈ۞ ࢎਊ੗ܳ ࠁਬೠ ݽٕ੉ۄݶ ౠ൤ ؊ ઺ਃ - ઱ࢳਸ ࢎਊೞৈ զ૞ ߂ ܻಂష݂ ҙ۲ рױೠ ࢸݺ ੘ࢿ - Git җ э਷ VCS۽ ഛੋೞח Ѫب ߑߨ - ೞ૑݅ ࢎਊ੗ ੽Ӕࢿ ѐࢶ ೙ਃ

 posquit0 Copyright © 2023 All Rights Reserved. [ӝמ ѐࢶ] count ২࣌ ࢸ੿ী ٮܲ పۄಬ ࢚క ੌࠗ ੗ز ݃੉Ӓۨ੉࣌ ױੌ ܻࣗझ ੿੄ীࢲ count ӝ߈ ׮઺ ܻࣗझ ੿੄۽ ߸҃ೠ ҃਋ ӝઓ ܻࣗझ ࢚క ੗ز ݃੉Ӓۨ੉࣌ count ӝ߈ ׮઺ ܻࣗझ ੿੄ীࢲ ױੌ ܻࣗझ ੿੄۽ ߸҃ೠ ҃਋ ੋؙझ 0 ੄ ୐ ߣ૩ ܻࣗझ ࢚క ੗ز ݃੉Ӓۨ੉࣌ count ч ഝࢿച / ࠺ഝࢿചী ٮܲ ୐ ߣ૩ ܻࣗझ ੗ز ݃੉Ӓۨ੉࣌ ܾܻૉ ߡ੹: Terraform v1.1 https://github.com/hashicorp/terraform/pull/29605 count ղ ઺р ܻࣗझ ୶о/࢏ઁ۽ ੋೠ ࣽࢲ ߸҃਷ ই૒ ޷૑ਗ

 posquit0 Copyright © 2023 All Rights Reserved. [नӏ ޙߨ] terraform ࠶۾ ղ పۄಬ ௿ۄ਋٘ ࢸ੿ పۄಬ ௿ۄ਋٘ ഑਷ పۄಬ ূఠ೐ۄ੉ૉ ੉ਊ द ؊ ӟ޻ೠ ా೤ਸ ਤೠ ࢸ੿   ӝઓ backend “remote” ࠶۾ਸ ؀नೞৈ ࢎਊೞӝܳ ӂ੢ ਕ௼झಕ੉झ੄ tags ӝמਸ ഝਊೞৈ కӒ ӝ߈ ਕ௼झಕ੉झ ࢶఖ оמ terraform ࠶۾ ղ cloud ೞਤ ࠶۾ ܾܻૉ ߡ੹: Terraform v1.1 https://developer.hashicorp.com/terraform/language/settings/terraform-cloud ӝઓ backend “remote” ࠶۾੄ workspaces.pre fi x ӝמ਷ ૑ਗغ૑ ঋ਺

 posquit0 Copyright © 2023 All Rights Reserved. [नӏ ޙߨ] variable ੿੄ द nullable ২࣌ ૑ਗ పۄಬ ੑ۱ ߸ࣻо null чਸ о૕ ࣻ ੓ח ૑ܳ Ѿ੿ೞח ࣘࢿ null чਸ ೲਊೞ૑ ঋب۾ ࢸ੿ೞৈ ؘ੉ఠ ਬബࢿ Ѩࢎ(Validation) ۽૒ਸ ױࣽചೡ ࣻ ੓਺ variable ࠶۾ ղ nullable नӏ ࣘࢿ ୶о ܾܻૉ ߡ੹: Terraform v1.1 https://developer.hashicorp.com/terraform/language/values/variables#disallowing-null-input-values nullable = false ੋ ࢚కীࢲ default чਸ ੿੄ೠ ҃਋, ࢎਊ੗о ೧׼ ੑ۱ ߸ࣻী null ਸ ੑ۱ೞݶ ੗زਵ۽ default ч ࢎਊ

 posquit0 Copyright © 2023 All Rights Reserved. [नӏ ޙߨ] precondition & postcondition ਸ ੉ਊೠ ؘ੉ఠ Ѩૐ ܻࣗझ / ؘ੉ఠ ࣗझ / ইਓು੄ ࢤࢿ ੹੉ա റী ࢚కܳ ѨૐೞҊ, Ѩૐী पಁೠ   ҃਋ ࢎਊ੗ ੿੄ য়ܨ ݫद૑ܳ ୹۱ റ प೯ਸ ઺ױೞח ӝמ   resource / data ࠶۾਷ lifecycle ೞਤী precondition / postcondition ࢸ੿ output ࠶۾਷ precondition ࢸ੿݅ ૑ਗ resource / data / output ࠶۾ ղ नӏ ؘ੉ఠ Ѩૐ ۽૒ ઁҕ ܾܻૉ ߡ੹: Terraform v1.2 https://developer.hashicorp.com/terraform/language/expressions/custom-conditions#preconditions-and-postconditions precondition: ࢸ੿җ ࢚క чী ؀ೠ ӝ؀(expection) ഑਷ о੿(assumption)ਸ ੿੄   postcondition: Ѿҗী ؀ೠ ࠁ੢(guarantee) ഑਷ ઱੢(assertion)ਸ ੿੄

 posquit0 Copyright © 2023 All Rights Reserved. Plan ױ҅ী ݽٚ чਸ ঌ ࣻ ੓ӝ ٸޙী Plan ױ҅ীࢲ ૊द Ѩૐ ࣻ೯ ੑ۱ ߸ࣻ (Variable) ੄ Validation పۄಬ੄ ࢎਊ੗ ੿੄ ؘ੉ఠ Ѩૐ ੹ۚ (Terraform Condition Check Strategy) https://developer.hashicorp.com/terraform/language/expressions/custom-conditions#conditions-checked-only-during-apply Known After Apply ੄ ҃਋, postcondition पಁ द apply о ઺рী ઺ױغ૑݅ ੉੹ ੘স੉ ܀ߔغ૑ ঋ਺ী ઱੄ ೙ਃ As Early As Possible !! Ѩૐী ࢎਊೡ ؘ੉ఠ чਸ ঌѱ غח द੼ী ٮۄ ҳ࠙ - Apply ੹ чਸ ঌ ࣻ ੓ח ҃਋ (Known Before Apply): Plan ױ҅ীࢲ ࣻ೯ - Apply റ чਸ ঌ ࣻ ੓ח ҃਋ (Known After Apply): Apply ױ҅ীࢲ ࣻ೯ precondition & postcondition [नӏ ޙߨ] precondition & postcondition ਸ ੉ਊೠ ؘ੉ఠ Ѩૐ

 posquit0 Copyright © 2023 All Rights Reserved. [नӏ ޙߨ] lifecycle ೞਤ replace_triggered_by ২࣌ ૑ਗ lifecycle ࠶۾ ղ replace_triggred_by ২࣌੄ чਵ۽ ܻࣗझ ࢚క ઱ࣗ੄ ߓৌ ࢸ੿ Local Variables / Input Variables ࢎਊ ࠛо => Terraform v1.4 ী ୶оػ terraform_data ܻࣗझܳ ഝਊೞৈ ਋ഥ оמ ܻࣗझ Ү୓ܳ ੌਵఃח ੄ઓࢿ ੿੄ ܾܻૉ ߡ੹: Terraform v1.2 https://developer.hashicorp.com/terraform/language/meta-arguments/lifecycle#replace_triggered_by

 posquit0 Copyright © 2023 All Rights Reserved. [नӏ ޙߨ] variable ੿੄ द object ఋੑ ղ optional ࣘࢿ ૑ਗ ੉੹ীח object ؘ੉ఠ ఋੑਵ۽ ੑ۱ ߸ࣻܳ ੿੄ೠ ҃਋,   ݽٚ object ࣘࢿ чਸ ੹׳ೞ૑ ঋਵݶ য়ܨ ߊࢤ => ݆਷ ࢎۈٜ੉ any ؘ੉ఠ ఋੑਸ tricky ೞѱ ࢎਊ optional ࣘࢿਸ ૑ਗೞח object ؘ੉ఠ ఋੑ ܾܻૉ ߡ੹: Terraform v1.3 https://developer.hashicorp.com/terraform/language/expressions/type-constraints#optional-object-type-attributes module_variable_optional_attrs प೷प ݽ٘ ઔস! optional(type, default) - (Required) type: object ղ ೧׼ ࣘࢿ੄ ؘ੉ఠ ఋੑ ૑੿ - (Optional) default: object ղ ೧׼ ࣘࢿ ч੉ ੹׳غ૑ ঋਸ ҃਋ ࢎਊೡ ӝࠄ ч. ޷૑੿ दী null ч ࢎਊ

 posquit0 Copyright © 2023 All Rights Reserved. [नӏ ޙߨ] startswith() ৬ endswith() ޙ੗ৌ Ѩૐ ೣࣻ ୶о startswith(string, pre fi x) ೣࣻח ઱য૓ ޙ੗ৌ੄ ੽فয(pre fi x)ܳ Ѩࢎ endswith(string, su ff i x) ೣࣻח ઱য૓ ޙ੗ৌ੄ ੽޷য(su ffi x)ܳ Ѩࢎ नӏ ޙ੗ৌ ೣࣻ startswith() ৬ endswith() ୶о ܾܻૉ ߡ੹: Terraform v1.3 https://github.com/hashicorp/terraform/pull/31220 ੉੹ীח regexall() ੿ӏ಴അध ೣࣻܳ ࢎਊ೧ঠ݅ ೮ਵա, ੉ઁ рױೠ ޙ੗ৌ ೣࣻ۽ ؀਽ оמ https://developer.hashicorp.com/terraform/language/functions/startswith https://developer.hashicorp.com/terraform/language/functions/endswith

 posquit0 Copyright © 2023 All Rights Reserved. [नӏ ܻࣗझ] terraform_data नӏ ࠽౟ੋ ܻࣗझ ઁҕ ࠽౟ੋ (Built-in)ਵ۽ ୶о ೐۽߄੉؊ ࢸ஖ হ੉ ࢎਊ оמ ੑ۱ ߸ࣻ (Input Variables) - (Optional) input: పۄಬ ࢚కী ੷੢ೡ ч. output ୹۱ чী apply റ ߈৔. - (Optional) triggers_replace: పۄಬ ࢚కী ੷੢ೡ ч ݾ۾. ч ߸҃ द ੤ࢤࢿ. ୹۱ ч (Outputs) - id: ܻࣗझ ੋझఢझ੄ Ҋਬ ID - output: input ੑ۱ ߸ࣻ۽ࠗఠ ҅࢑ػ ч (inputҗ زੌೠ ؘ੉ఠ ఋੑ) terraform_data नӏ ࠽౟ੋ ܻࣗझ ୶о ܾܻૉ ߡ੹: Terraform v1.4 https://developer.hashicorp.com/terraform/language/resources/terraform-data

 posquit0 Copyright © 2023 All Rights Reserved. [नӏ ܻࣗझ] terraform_data नӏ ࠽౟ੋ ܻࣗझ ઁҕ Use Case #1. Resource Lifecycle ҙܻী ࢎਊೡ чਸ ੷੢ೡ ٸ (with replace_triggered_by) revision јनী ٮܲ ੤ࢤࢿ ઱ӝ੸ੋ ӝ޻ ؘ੉ఠ ۽ప੉౴ replace_triggered_by ח resource ҃۽݅ ೲਊೞӝ ٸޙ!

2023 All Rights Reserved. [नӏ ޙߨ] check ࠶۾ਸ ੉ਊೠ ؘ੉ఠ Ѩૐ ӝמ ъച apply ੉റ ੋ೐ۄ ࢚కী ؀ೠ Ѩૐ ӝמ (Continuous Assertion) check ࠶۾ ղ ؘ੉ఠ ࣗझ ࡺ ইפۄ పۄಬ ௏٘ ղ ؘ੉ఠ ଵઑ оמ check ࠶۾਷ ೞա ੉࢚੄ assert ࠶۾ਸ ੿੄೧ঠ ೣ assert ࠶۾਷ condition & error_message ۽ ҳࢿ check ࠶۾ ܾܻૉ ৘੿ ߡ੹: Terraform v1.5 https://github.com/hashicorp/terraform/releases/tag/v1.5.0-alpha20230405 precondition / postcondition / validation җ ׳ܻ plan / apply ੄ प೯ਸ ઺ױೞ૑ ঋ਺ (soft-fail) v1.5 ޷ܻࠁӝ https://unfriendlygrinch.info/posts/terraform-check-block/

2023 All Rights Reserved. [नӏ ޙߨ] check ࠶۾ਸ ੉ਊೠ ؘ੉ఠ Ѩૐ ӝמ ъച s3-bucket ݽٕ v1.5 ޷ܻࠁӝ Use Case #2. పۄಬ ݽٕ ղ Soft Policy as Code ઁҕ ׮਺җ э਷ check ࠶۾ਸ ݽٕ ղী ղ੢ೞৈ ߓನ - Public Access Block ੉ ഝࢿചغয ੓חо? - ACL ੉ ࠺ഝࢿചغয ੓חо? - Lifecycle Rule ੉ ೞա ੉࢚ ੘ࢿغয ੓חо?

2023 All Rights Reserved. tfupdate: పۄಬ ௏٘ ղ ߡ੹ ಴അध ҙܻ بҳ GitHub: minamijoyo/tfupdate https://github.com/minamijoyo/tfupdate ୭न য়೑ࣗझ بҳ ࣗѐ Update version constraints in your Terraform con fi gurations ઱ਃ ӝמ - పۄಬ ௏٘ ղ Terraform / Providers / Modules ী ؀ೠ ߡ੹ ಴അध সؘ੉౟ - ઱য૓ ҃۽ ղী ݽٚ ೞਤ ٣۩షܻө૑ ܻழद࠳ ز੘ ૑ਗ - GitHub / GitLab / Terraform Registry ۽ࠗఠ ୭न ߡ੹ ੿ࠁ ઑഥ Terraform v0.12+ ߡ੹ ૑ਗ

2023 All Rights Reserved. tfautomv: పۄಬ moved ࠶۾ ੗ز ੘ࢿ GitHub: padok-team/tfautomv https://github.com/padok-team/tfautomv ୭न য়೑ࣗझ بҳ ࣗѐ Generate Terraform moved blocks automatically for painless refactoring ઱ਃ ӝמ - పۄಬ ௏٘ ܻಂష݂ റ Terraform v1.1 ী ୶оػ moved ࠶۾ ੗ز ࢤࢿ - terraform state mv ݺ۸য ୹۱ب ૑ਗ - ೐۽߄੉؊ী ੄ઓ੸੉૑ ঋҊ ݽٚ ೐۽߄੉؊ী زੌ ز੘ (Provider Agnostic)

2023 All Rights Reserved. tftarget: ܻࣗझ ఋѱ౴ਸ ੋఠۑ౭࠳ೞѱ ب৬઱ח بҳ GitHub: future-architect/tftarget https://github.com/future-architect/tftarget ୭न য়೑ࣗझ بҳ ࣗѐ Make ` terraform xxx -target=` easier ઱ਃ ӝמ - terraform CLI੄ -target= ২࣌ਸ ࢎਊ੗ ࢚ഐ੘ਊਸ ా೧ ࢎਊࢿਸ ѐࢶೠ   Terraform CLI Wrapper - plan / apply / destroy ݺ۸যী ؀೧ ܻࣗझ ఋѱ౴ ૑ਗ - ழझథ పۄಬ ߄੉ցܻ (terragrunt ١) ࢸ੿ оמ

extra Byungjin Park ·  posquit0.com ·  posquit0 Copyright
© 2023 All Rights Reserved. The Making of HashiCorp Terraform with Mitchell Hashimoto ೞद௏೐੄ ହস੗, ೞदݽషо ٜ۰઱ח Tera ff orm v1.0 ө૑੄ ৈ੿ਸ ഛੋೞप ࣻ ੓যਃ! 🤧 https://youtu.be/RNHQ91afYkE

extra Byungjin Park ·  posquit0.com ·  posquit0 Copyright
© 2023 All Rights Reserved. పۄಬ ݽٕ ഘࠁ github.com/tedilabs/ Terraform Public Registry: tedilabs GitHub: tedilabs 2021֙ࠗఠ য়೑ࣗझ ӝ߈ పۄಬ ݽٕ ੘ࢿ ߂ ҙܻ AWS / GitHub / HTTP ೐۽߄੉؊ ૑ਗ അ੤ 17ѐ੄ పۄಬ ಁః૑ ղী ୨ 110+ ѐ੄ పۄಬ ݽٕ ૑ਗ पઁ ഝਊ ױਤ੄ ѐ୓۽ ਽૘җ ୶࢚ച, ੤ࢎਊࢿী ୡ੼ਸ ݏ୸ ݽٕച GitHub ۨನ૑షܻী ⭐ח ௾ ൨੉ ؾפ׮. 🤣 ҕѐػ ݽٕ ௏٘ܳ ా೧ ߊ಴ ղਊ੄ ୭न పۄಬ ӝמਸ যڌѱ ഝਊೞח૑ ഛੋೡ ࣻ ੓যਃ.

모던 테라폼 (Modern Terraform)

모던 테라폼 (Modern Terraform)

More Decks by Byungjin Park

Other Decks in Programming

Featured

Transcript