Infrastructure as code
with Terraform
By Yaron Tal
Preperation
- ID
- Slides en code: https://go.ytal.nl
TODO
- Knowledge test
- About Appfactory
- About me
- Infrastructure as code
- Terraform basics
- Coffee
- Using terraform
- What's next
- At Appfactory
Quick quiz.
About Appfactory
Continuous Delivery Pipeline
Intelligent Platform
Feedback from whole stack
About me
- Yaron Tal
- Web-Developer, sysadmin, Operations, Kubernetes
- KPN Appfactory
- ytal.nl
Infrastructure as code
- ARM, Cloudformation, Terraform, Pulumi
- Automated tests, pipeline, peer reviews, modules
- Reproducebility, reusability
Terraform
- Resouces in JSON-isch HCL
- Dependency graph
- Provider -> API
HCL
resource "azurerm_resource_group" "myterraformgroup" {
name = "myResourceGroup"
location = "westeurope"
tags = {
environment = "Terraform Demo"
}
}
Provider
- Read statefile and state
- Calculate diff and dependencies
- Call provider functions
- Update statefile
Username: tfuser[id]
Password: tfpass[id]
Web-cli: [ip]:3000/wetty
SSH: ssh tfuser[id]@[ip]
- terraform init
- terraform apply
- terraform state list
- terraform state show azurerm_public_ip.myterraformpublicip (might need a second apply)
- ssh to the ip
- terraform destroy
Statefiles
- Updated after every apply
- Contains all state information
- Needed for doing updates or destroy
- Remote state
- Working together, jenkins, locking and sensitive data
Next steps
- Automated tests and runs (jenkins, bamboo, github actions)
- Integration with configuration management
- Modules: https://registry.terraform.io/
Variables
variable aws-location {
default = "eu-west-1"
}
Outputs
output "workers.private_ips" {
description = "private IP addresses of all regular worker nodes"
value = [
"${concat(vcd_vm.green.*.network_config.0.ip_address, vcd_vm.blue.*.network_config.0.ip_address)}"
]
}
module "harbor-lb" {
source = "git::ssh://git@appfactory.git:7999/terraform-vcd-lb.git"
prefix = "${format("%.4s", var.customer-prefix)}"
lb-name = "harbor"
dns-name = "harbor"
external-ip = "123.45.67.89"
internal-port-0 = 9034
external-port-0 = 80
pool-names = ["${module.vcd.compute.stripped_hostnames}"]
pool-ips = ["${module.vcd.compute.private_ips}"]
lb-monitor-id = "${module.vcd.vcd-lb-http-monitor.id}"
app-profile-id = "${module.vcd.vcd-lb-app-profile.id}"
transparent = true
nsx-ip = "172.16.14.1"
}
Further reading
- Documentation: https://www.terraform.io/docs
- Provider
- Virtual machine resource
- Tutorials: https://learn.hashicorp.com/terraform