History of Infrastructure as a Code testing

Transcript

1. History of Infrastructure as a Code testing 2020/4/24 Infra Study

   Meetup #1

2. 8IP
   *
   BN w ໦ଜ
   ༐ଠ
   w 2VJQQFSελσΟαϓϦ&/(-*4)
   43&
   w (JUIVC
   w IUUQTHJUIVCDPNZVUBDIBPT
   w

   ޷͖ͳ΋ͷ
   w (PMBOH $POUBJOFS .VTJD #PPLT ໙ྨ
   w ࠷ۙVUFSOͱ͍͏πʔϧͷDPMMBCPSBUPSʹͳͬͨͷͰɺੋඇ࢖ͬ ͍ͯͩ͘͞ɻ

3. "HFOEB w *OGSBTUSVDUVSF
   BT
   B
   $PEFͷςετ
   w ςετπʔϧΛ೥୅ॱʹฒ΂ͯߟ͑Δ
   w ·ͱΊ

4. Infrastructure as a Codeͷςετ ߴਫ४ςετ
   .VMUJ
   UJFS
   TFSWJDFͷEFQMPZͱUFTU தਫ४ςετ
   4FSWFS
   3PMFͷCVJMEͱςετ ௿ਫ४ςετ
   ఆٛϑΝΠϧͷ༗ޮੑͷςετ

5. πʔϧΛ೥୅ॱʹฒ΂ͯߟ͑Δ • ೥͸Githubͷinitial commitͷ೔࣌Λऔಘͯ͠൑அɻ • πʔϧʹؔͯ͠͸ࣗ෼͕஌͍ͬͯͨ΋ͷɺௐ΂ͯΈ ͨ΋ͷΛൈਮɻ • ͜Μͳͷ΋͋ΔΑʂͬͯͷ͕͋ͬͨΒɺޙͰڭ͑ͯ ͍ͩ͘͞

   ><

6. 2011೥ʹग़ͨπʔϧ • bats (shell) • https://github.com/sstephenson/bats • chefspec(Ruby) • https://github.com/chefspec/chefspec

   • rspec-puppets(Ruby) • https://github.com/rodjek/rspec-puppet

7. 2012೥ʹग़ͨπʔϧ • test-kitchen (Ruby) • https://github.com/test-kitchen/test-kitchen

8. 2011-12೥ͷಛ௃ • chefspec,rspec-puppetsͳͲͷߏ੒؅ཧͷઃఆ஋ͷΈͷ༗ޮ ੑtest͢Δπʔϧ͕ଟ͍ɻ(௿ਫ४ςετ) • chef͸2008೥ɺpuppet͸2005೥ • bats͸shellͷϑϨʔϜϫʔΫͰ൚༻ੑ͸ߴ͍͕ɺ௚઀ίϚϯ υΛଧͭͷͰந৅౓͸௿͍ •

   test-kitchen͸vagrantͳͲͰVMΛ্ཱͪ͛ͯςετग़དྷΔ͕ chefʹಛԽ͍ͯ͠Δɻ

9. 2013೥ʹग़ͨπʔϧ • Serverspec(Ruby) • https://github.com/mizzy/Serverspec

10. 2015೥ʹग़ͨπʔϧ ͦͷ̍ • testinfra(Python) • https://github.com/philpep/testinfra • awspec (Ruby) •

    https://github.com/k1LoW/awspec • Dockerspec(Ruby) • https://github.com/zuazo/dockerspec • goss(Golang) • https://github.com/aelsabbahy/goss

11. 2015೥ʹग़ͨπʔϧ ͦͷ2 • infrataster(Ruby) • https://github.com/ryotarai/infrataster • molecule(Python) • https://github.com/ansible-community/molecule

    • Open Policy Agent(Golang) • https://github.com/open-policy-agent/opa

12. 2013-15೥ͷಛ௃ • ServerspecͷϦϦʔε͕2013೥ɻ2015೥͋ͨΓʹServerspecͷӨڹΛड͚ɺ Provisioning testingͱݺ͹ΕΔதਫ४ςετ͕ग़དྷΔπʔϧ͕૿͑࢝ΊΔɻ • IaaS͕େ෼ҰൠԽ࢝͠Ίͯ͘Δͷ΋͜ͷࠒ • awspec,infratasterͳͲɺprovisioning͚ͩͰ͸ͳ͘ɺμΠφϛοΫΠϯϑϥετϥΫ νϟϓϥοτϑΥʔϜ

    ͳͲͰ࡞੒ͨ͠resourceͦͷ΋ͷΛtest͢Δπʔϧ͕Ͱ࢝ΊΔɻ • OPAͷininitial commit͕͜ͷ࣌ظͳͷ͸ҙ֎ͩͬͨɻ • kubernetes΋͜ͷ࣌ظʹग़͍ͯΔ(2014೥) • ECS΋͜ͷ࣌ظ(2015೥)

13. 2016೥ʹग़ͨπʔϧ • container-structure-test(Golang) • https://github.com/GoogleContainerTools/container- structure-test • InSpec(Ruby) • https://github.com/inspec/inspec

    • Terratest(Golang) • https://github.com/gruntwork-io/terratest

14. 2016೥ͷಛ௃ • ͜ͷࠒͰProvisioning testingͷର৅͕Server͔ΒContainer΁ͷྲྀΕ Λײ͡Δ(container-strucure-test) • GolangͷίʔυͰE2E test͕ग़དྷΔTerratest͕ग़͍ͯΔɻ • InSpec͕ChefͷOSSͰ࡞ΒΕ͍ͯΔɻServerspecͱಉ༷ʹ

    Provisioning testingʹ࢖͑Δ͕ɺCompliance as codeͱॻ͍ͯ͋Δ Α͏ʹSecurityʹΑΓಛԽ͍ͯ͠Δɻ • Infrastructure as Codeͷൃച͕June 2016

15. 2017೥ʹग़ͨπʔϧ • kubeval(Golang) • https://github.com/instrumenta/kubeval • AWS CDK(TypeScript) • https://github.com/aws/aws-cdk

    • sentinel • https://www.terraform.io/docs/cloud/sentinel/index.html • sonobuoy(Golang) • https://github.com/vmware-tanzu/sonobuoy

16. 2018೥ʹग़ͨπʔϧ • cue(Golang) • https://github.com/cuelang/cue

17. 2019೥ʹग़ͨπʔϧ • conftest(Golang) • https://github.com/instrumenta/conftest

18. 2017-19೥ͷಛ௃ • kubeval,sentinel,cue,conftestͳͲɺઃఆϑΝΠϧͷpolicy validationΛ͢Δπʔϧ͕໨ཱͭΑ͏ʹͳ͍ͬͯΔɻ • sonobuoyͷΑ͏ͳk8sͷclusterͷ؀ڥ࡞Δߴਫ४ςετ πʔϧ͕ग़͖ͯͨɻ • AWS CDKͷinitial͕2017೥ɻGA͕2019೥

    • ςετπʔϧͰ͸ແ͍͚Ͳɺςετ΋಺แ͞Ε͍ͯΔͷ Ͱ঺հ͍ͯ͠·͢ɻ

19. 2020೥ʹग़ͨπʔϧ • ݟ͔ͭΒͳ͔ͬͨ

20. ·ͱΊ ͦͷ1 • ࠷ॳظͷIaCͷtestingπʔϧͰ͸௿ਫ४ςετͷπʔϧ͕ଟ ͔ͬͨ(chefspec,rspec-puppets) • Serverspecͷొ৔ҠߦɺIaaS͕ҰൠԽ͍ͯ͘͠ͳ͔Ͱαʔ όʔͷߏ੒Λςετ͢ΔProvisioning testingతͳ΋ͷ͕૿͑ ͍ͯͬͨɻ

    • awspec΍TerratestͳͲͷΑ͏ͳμΠφϛοΫΠϯϑϥετϥ ΫνϟʔΛςετ͢Δπʔϧ΋͋Δ͕ɺ͋·Γྲྀߦ͍ͬͯͳ ͍ɻ

21. ·ͱΊ ͦͷ2 • DockerΛ࢝Ίͱ͢ΔContainer͕ྲྀߦΓ࢝Ί͔ͯΒɺ Provisioning testingπʔϧ͸গ͠ԼՐؾຯʹ • Terraform,Kubernetes౳ͷΠϯϑϥετϥΫνϟఆٛ πʔϧ ͕ڧ͘ͳΓɺconftest΍cue౳ͷએݴతهड़Λ༻

    ͍ΔઃఆϑΝΠϧͷvalidation͕ग़དྷΔπʔϧ͕ྲྀߦΓ ࢝Ί͍ͯΔɻ • ࣍ʹྲྀߦΔςετ͸ʁ

22. ͋Γ͕ͱ͏͍͟͝·ͨ͠

23. ࢀߟࢿྉ • Infrastructure as Code(2016೥) • Serverspecɿએݴతهड़Ͱαʔόͷઃఆঢ়ଶΛςετՄೳͳ ൚༻ੑͷߴ͍ςετϑϨʔϜϫʔΫ • mizzy͞Μ͋Γ͕ͱ͏͍͟͝·͢ʂ

    • ֤ʑͷπʔϧͷrepository