Managing Terraform Module Versioning and Dependencies
0 likes137 views
The document outlines the Terraform configuration for deploying cloud infrastructure using various AWS resources and modules, including settings for server instances and load balancers. It details the structure of modules, parameterization, and lifecycle management while emphasizing the integration of HashiCorp tools. Additional focus is on dependency management among modules and the use of GitHub for version control of module sources.
![resource “aws_instance” “foo” {
count = 1
instance_type = “m5.large”
tags = [
“foo”
]
}](https://image.slidesharecdn.com/cloudnatives-irvine-200302171015/85/Managing-Terraform-Module-Versioning-and-Dependencies-4-320.jpg)
![resource “aws_instance” “foo” {
count = 3
instance_type = “m5.large”
tags = [
“foo”
]
}](https://image.slidesharecdn.com/cloudnatives-irvine-200302171015/85/Managing-Terraform-Module-Versioning-and-Dependencies-5-320.jpg)
![$ deploy.sh [module] [vpc] [region] [environment]](https://image.slidesharecdn.com/cloudnatives-irvine-200302171015/85/Managing-Terraform-Module-Versioning-and-Dependencies-29-320.jpg)
![$ deploy.sh [module] [vpc] [region] [environment]](https://image.slidesharecdn.com/cloudnatives-irvine-200302171015/85/Managing-Terraform-Module-Versioning-and-Dependencies-43-320.jpg)
![$ for module in $(./deps.sh); do
deploy.sh [module] [vpc] [region] [environment]
done](https://image.slidesharecdn.com/cloudnatives-irvine-200302171015/85/Managing-Terraform-Module-Versioning-and-Dependencies-44-320.jpg)
Managing Terraform Module Versioning and Dependencies
- 2. ● Cloud Engineer, Kong ● Previously Zenedge, DreamHost, Blizzard ● Nginx/OpenResty, Terraform contributor ● Various shenanigans, holliganery, nogoodknickery
- 3. 3
- 4. resource “aws_instance” “foo” { count = 1 instance_type = “m5.large” tags = [ “foo” ] }
- 5. resource “aws_instance” “foo” { count = 3 instance_type = “m5.large” tags = [ “foo” ] }
- 6. 6
- 7. module "servers" { source = "./app-cluster" servers = 5 }
- 8. ● Abstraction ● Parameterization ● Re-use ● Versioning ● Decoupling 8
- 9. 9
- 10. ● aws_acm_certificate ● aws_route53_record ● aws_acm_certificate_validation ● aws_kms_key ● aws_launch_configuration ● aws_autoscaling_group ● aws_lb ● aws_instance ● aws_iam_role_policy_attachment ● aws_kms_alias ● aws_kms_grant ● aws_subnet_ids ● aws_caller_identity ● aws_vpc ● aws_route53_zone ● aws_lb_listener ● aws_lb_target_group ● aws_route53_record ● aws_security_group_rule ● aws_vpc_endpoint_service ● aws_iam_policy ● aws_s3_bucket ● aws_iam_role ● aws_iam_service_linked_role ● aws_vpc_endpoint_service_allowed_ principal ● aws_route ● aws_db_subnet_group ● aws_elasticache_subnet_group 10
- 11. module "worker-pool" { source = "worker" servers = 3 volume_size = 20 instance_type = “m5.large” } module "batch-pool" { source = "worker" servers = 2 volume_size = 500 instance_type = “c5.xlarge” }
- 12. 12
- 13. 13
- 14. ● Testing internal implementation ● New feature sets ● Parameter/call design deprecation ● Provider lifecycle support 14
- 15. module "consul" { source = "hashicorp/consul/aws" version = "0.0.5" servers = 3 }
- 17. 17 ● Terraform Registry ● Git (GitHub) ● Mercurial
- 18. module "vpc" { source = "git@github.com:corp/tfmodule-vpc.git ?ref=master" }
- 19. 19
- 20. module "vpc" { source = "git@github.com:corp/tfmodule-vpc.git?ref=${var.vpc-version}" }
- 21. 21
- 22. 22 type module struct { Source string `yaml:"source"` Version string `yaml:"version"` } cmd := exec.Command("git", "clone", "--single-branch", "--depth=1", "-b", version, repository, moduleName)
- 23. $ cat kong/worker/env/dev/us-west-2.yml module: source: "git@github.com:Kong/tf-module.git" version: "v0.23"
- 24. 24
- 25. $ cat kong/worker/env/dev/us-west-2.yml module: source: "git@github.com:Kong/tf-module.git" version: "v0.23"
- 26. $ cat kong/worker/env/dev/us-west-2.yml module: source: "git@github.com:Kong/tf-module.git" version: "v0.23"
- 27. $ cat kong/worker/env/ dev/us-west-2.yml module: source: "git@github.com:Kong/tf-module.git" version: "v0.23"
- 28. $ cat kong/worker/env/dev/ us-west-2.yml module: source: "git@github.com:Kong/tf-module.git" version: "v0.23"
- 29. $ deploy.sh [module] [vpc] [region] [environment]
- 30. 30
- 31. resource “aws_lb” “foo” { ... } output “lb_dns_name” { value = aws_lb.foo.dns_name } module "foo" { source = "../foo" } module “bar” { source = “../bar” lb = module.foo.lb_dns_name } Module Caller
- 32. ● Terraform manages lifecycle/dependency ● State file size/sync time ● Circular dependencies ● Terraform lifecycle limitations 32
- 33. data “aws_lb” “foo” { name = “foo” } resource “foo” “bar” { value = data.aws_lb.foo.dns_name }
- 34. ● Smaller state file ● Shorter sync time ● Provider-based definition of infrastructure ● Problem: missing data at runtime... 34
- 35. 35
- 36. 36
- 37. 37 module: source: "git@github.com:Kong/tf-module.git" version: "v0.23" depends: - vpc - controller
- 38. ● Each module has zero or more dependents ● Each module has zero or more dependencies ● Modules with no unresolved dependencies can execute simultaneously ● … this is starting to sound a little familiar 38
- 40. ● Collect all module dependencies ● Sort via tsort ● Apply modules in order of response 40
- 41. 41 $ cat worker.yml module: source: "git@github.com:Kong/tf-module.git" version: "v0.23" depends: - vpc - controller $ cat grafana.yml module: source: "git@github.com:Kong/tf-module.git" version: "v0.23" depends: - worker - prometheus
- 43. $ deploy.sh [module] [vpc] [region] [environment]
- 44. $ for module in $(./deps.sh); do deploy.sh [module] [vpc] [region] [environment] done
- 45. ● Small modules ● Version pinning (what do mean, no more go on green?) ● Indirect (data) dependencies ● Module vs caller - twice the commits! 45
- 46. 46
- 47. 47
- 48. 48
- 49. module “job” { source = “./kong/module/nomad-job” resources = { memory = 100 cpu = 100 } image = “nginx” count = 3 template { ... } ports { ... } }
- 50. 50
- 51. module "job" { source = "../nomad-job" name = "grafana" public = true jobspec = templatefile( format("%s/grafana.nomad.tmpl", path.module), { tag = "latest", } ) }
- 52. resource "aws_route53_record" "main" { count = var.public == true ? 1 : 0 zone_id = data.aws_route53_zone.zone.zone_id name = var.name type = "A" alias { name = data.aws_lb.worker.dns_name zone_id = data.aws_lb.worker.zone_id evaluate_target_health = false } }
- 53. resource "aws_route53_record" "main" { count = var.public == true ? 1 : 0 zone_id = data.aws_route53_zone.zone.zone_id name = var.name type = "A" alias { name = data.aws_lb.worker.dns_name zone_id = data.aws_lb.worker.zone_id evaluate_target_health = false } }
- 54. ● Re-using existing deployment pipelines ● Very strong integration of Hashicorp tools ● Nomad-powered lifecycle management ○ Canary / blue-green ○ Native Consul integration ○ Native Vault integration 54
- 55. 55