apricote/presentations
1
0
Fork 0
mirror of https://github.com/apricote/presentations.git synced 2026-01-13 13:01:03 +00:00
Code Issues Projects Releases Packages Wiki Activity

[tf] add terraform presentation

Browse source
This commit is contained in:
Julian Tölle 2019-03-27 23:18:59 +01:00 committed by Julian Tölle
parent e194238133
commit c37e4c4095
8 changed files with 648 additions and 82 deletions
Download patch file Download diff file Expand all files Collapse all files

3
Makefile Normal file
View file

@ -0,0 +1,3 @@
start:
xdg-open http://localhost:8000/
python -m http.server

70
cicd/index.html
View file

@ -1,33 +1,34 @@
<!doctype html>
<!DOCTYPE html>
<html lang="en">
<head>
<meta charset="utf-8">
<meta name="viewport" content="width=device-width, initial-scale=1.0, maximum-scale=1.0, user-scalable=no">
<head>
<meta charset="utf-8" />
<meta
name="viewport"
content="width=device-width, initial-scale=1.0, maximum-scale=1.0, user-scalable=no"
/>
<title>CI/CD at TrackCode</title>
<link rel="stylesheet" href="../reveal/css/reveal.css">
<link rel="stylesheet" href="../reveal/css/theme/moon.css" id="theme">
<link rel="stylesheet" href="../reveal/lib/css/atom-one-dark.css">
<link rel="shortcut icon" href="favicon.png">
<link rel="stylesheet" href="../reveal/css/reveal.css" />
<link rel="stylesheet" href="../reveal/css/theme/moon.css" id="theme" />
<link rel="stylesheet" href="../reveal/lib/css/atom-one-dark.css" />
<link rel="shortcut icon" href="favicon.png" />
<style>
@import url(https://cdn.rawgit.com/tonsky/FiraCode/1.204/distr/fira_code.css);
.reveal code {
font-family: 'Fira Code', monospace;
font-family: "Fira Code", monospace;
}
</style>
</head>
<body>
</head>
<body>
<div class="reveal">
<div class="slides">
<!-- Use external markdown resource, separate slides by three newlines; vertical slides by two newlines -->
<section data-markdown="cicd.md" data-separator-vertical="^\n--\n$"></section>
<section
data-markdown="cicd.md"
data-separator-vertical="^\n--\n$"
></section>
</div>
</div>
@ -35,7 +36,6 @@
<script src="../reveal/js/reveal.js "></script>
<script>
Reveal.initialize({
controlsTutorial: false,
center: false,
@ -43,15 +43,33 @@
// Optional libraries used to extend on reveal.js
dependencies: [
{ src: '../reveal/lib/js/classList.js', condition: function () { return !document.body.classList; } },
{ src: '../reveal/plugin/markdown/marked.js', condition: function () { return !!document.querySelector('[data-markdown]'); } },
{ src: '../reveal/plugin/markdown/markdown.js', condition: function () { return !!document.querySelector('[data-markdown]'); } },
{ src: '../reveal/plugin/highlight/highlight.js', async: true, callback: function () { hljs.initHighlightingOnLoad(); } }
{
src: "../reveal/lib/js/classList.js",
condition: function() {
return !document.body.classList;
}
},
{
src: "../reveal/plugin/markdown/marked.js",
condition: function() {
return !!document.querySelector("[data-markdown]");
}
},
{
src: "../reveal/plugin/markdown/markdown.js",
condition: function() {
return !!document.querySelector("[data-markdown]");
}
},
{
src: "../reveal/plugin/highlight/highlight.js",
async: true,
callback: function() {
hljs.initHighlightingOnLoad();
}
}
]
});
</script>
</body>
</body>
</html>

33
index.html
View file

@ -1,16 +1,16 @@
<!DOCTYPE html>
<html lang="en">
<head>
<meta charset="utf-8">
<head>
<meta charset="utf-8" />
<title>Apricotes Presentations</title>
</head>
<body id="home">
</head>
<body id="home">
<h1>Apricotes Presentations</h1>
<h3>
<a href="https://www.meetup.com/JavaScript-Meetup-Bielefeld/">JavaScript Meetup Bielefeld</a>
<a href="https://www.meetup.com/JavaScript-Meetup-Bielefeld/"
>JavaScript Meetup Bielefeld</a
>
</h3>
<ul>
<li>
@ -21,18 +21,23 @@
</li>
</ul>
<h3>
<a href="https://www.meetup.com/Cloud-Lab-Bielefeld">CloudLab Bielefeld</a>
<a href="https://www.meetup.com/Cloud-Lab-Bielefeld"
>CloudLab Bielefeld</a
>
</h3>
<ul>
<li>
<a href="./cicd/index.html">#1 July 18 - CI/CD at TrackCode using Jenkins, Helm and Kubernetes</a>
<a href="./cicd/index.html"
>#1 July 18 - CI/CD at TrackCode using Jenkins, Helm and Kubernetes</a
>
</li>
<li>
<a href="./terraform/index.html"
>#2 March 19 - Terraform - Theory and Practice</a
>
</li>
</ul>
</body>
</body>
</html>

BIN
terraform/favicon.png Normal file
View file

Binary file not shown.
Side by side

After

Width:  |  Height:  |  Size: 1.1 KiB

75
terraform/index.html Normal file
View file

@ -0,0 +1,75 @@
<!DOCTYPE html>
<html lang="en">
<head>
<meta charset="utf-8" />
<meta
name="viewport"
content="width=device-width, initial-scale=1.0, maximum-scale=1.0, user-scalable=no"
/>
<title>Terraform - Theory and Practice</title>
<link rel="stylesheet" href="../reveal/css/reveal.css" />
<link rel="stylesheet" href="../reveal/css/theme/moon.css" id="theme" />
<link rel="stylesheet" href="../reveal/lib/css/atom-one-dark.css" />
<link rel="shortcut icon" href="favicon.png" />
<style>
@import url(https://cdn.rawgit.com/tonsky/FiraCode/1.204/distr/fira_code.css);
.reveal code {
font-family: "Fira Code", monospace;
}
</style>
</head>
<body>
<div class="reveal">
<div class="slides">
<!-- Use external markdown resource, separate slides by three newlines; vertical slides by two newlines -->
<section
data-markdown="terraform.md"
data-separator-vertical="^\n--\n$"
></section>
</div>
</div>
<script src=" ../reveal/lib/js/head.min.js "></script>
<script src="../reveal/js/reveal.js "></script>
<script>
Reveal.initialize({
controlsTutorial: false,
center: false,
history: true,
// Optional libraries used to extend on reveal.js
dependencies: [
{
src: "../reveal/lib/js/classList.js",
condition: function() {
return !document.body.classList;
}
},
{
src: "../reveal/plugin/markdown/marked.js",
condition: function() {
return !!document.querySelector("[data-markdown]");
}
},
{
src: "../reveal/plugin/markdown/markdown.js",
condition: function() {
return !!document.querySelector("[data-markdown]");
}
},
{
src: "../reveal/plugin/highlight/highlight.js",
async: true,
callback: function() {
hljs.initHighlightingOnLoad();
}
}
]
});
</script>
</body>
</html>

BIN
terraform/narando_logo.png Normal file
View file

Binary file not shown.
Side by side

After

Width:  |  Height:  |  Size: 16 KiB

458
terraform/terraform.md Normal file
View file

@ -0,0 +1,458 @@
<img src="./terraform_logo.svg" style="padding: 20px" alt="terraform logo">
## Theory and Practice
---
### Content
- About me
- Infrastructure as Code
- What is Terraform?
- <span style="color: #e74c3c">narando</span> Backstory
- Terraform at <span style="color: #e74c3c">narando</span>
- What is planned?
- Recap
---
### About me
![picture of me](https://www.gravatar.com/avatar/b1d145930b4db0d59a3d40df3688340f.jpg?s=200)
Julian Tölle
Developer @ <span style="color: #e74c3c">narando</span> & <span style="color: #f2f2f2">TrackCode</span>
Backend Development & DevOps
--
### About us
![narando Logo](./narando_logo.png) <!-- .element style="width: 50%" -->
- ~ 5 developers
- crowd-sourced audio production for blogs
- Node.js on AWS
---
### Infrastructure as Code
#### Domain
- Provisioning servers
- Configuring databases
- Firewall rules
- DNS
- configuring and deploying applications
--
### Infrastructure as Code
#### Before IaC
- servers and applications are configured manually
- new environments take days/weeks to be running
- copy&paste
- search&replace
--
### Infrastructure as Code
#### Definition
> Infrastructure as code (IaC) is the process of managing [...] data centers through machine-readable definition files, rather than [...] interactive configuration tools.
<small>From [Wikipedia](https://en.wikipedia.org/wiki/Infrastructure_as_code)</small>
--
### Infrastructure as Code
#### Benefits
- automation saves (expensive) time
- avoids human errors
- easier to review/verify
--
### Infrastructure as Code
#### Tools
- Chef
- Puppet
- Ansible
- AWS CloudFormation
- Terraform
---
### What is Terraform?
- open-source toolchain for IaC
- declarative approach
- providers for every big cloud
--
### What is Terraform?
#### HCL
```go
provider "aws" {
access_key = "ACCESS_KEY_HERE"
secret_key = "SECRET_KEY_HERE"
region = "eu-central-1"
}
resource "aws_instance" "www" {
ami = "ami-2757f631"
instance_type = "t2.micro"
}
```
--
### What is Terraform?
#### Resource Graph
```go
resource "aws_instance" "www" {
ami = "ami-2757f631"
instance_type = "t2.micro"
}
resource "cloudflare_record" "www" {
domain = "example.com"
type = "A"
value = "${aws_instance.www.public_ip}"
}
```
--
### What is Terraform?
#### Modules
- `*.tf` in a folder
- share a namespace
- input is called `variable`
- output is called `output`
```go
variable "env" {
type = "string"
default = "prod"
}
output "public_ip" {
type = "string"
value = "${aws_instance.www.public_ip"
}
```
--
### What is Terraform?
##### State
- contains all managed resources - "why does the container not receive traffic?"
- might be AWS specific
-
* used to produce "execution plan"
* JSON format
* can be local or remote (S3, TF Enterprise, etc.)
--
### What is Terraform?
#### `terraform plan`
1. Verify variables
2. Load state
3. Refresh resources
4. Diff state against desired state
5. Plan actions to reach desired state
--
### What is Terraform?
#### `terraform apply`
1. Load generated plan
2. Apply actions in sequence
---
### <span style="color: #e74c3c">narando</span> Backstory
#### Development History
- **2014-2015**: initial app
- **2016**: Maintenance Mode
- **January 2017**: Rewrite
- **~ May 2017**: live traffic for new services
--
### <span style="color: #e74c3c">narando</span> Backstory
#### Initial App
- Built by previous co-founder
- Ruby on Rails
- Heroku
- Addons for DB, Cache, DNS, Logs, Monitoring
- Only **prod** environment
> "Let's test this in production!"
--
### <span style="color: #e74c3c">narando</span> Backstory
#### Rewrite
- **Requirement**: multiple environments
- Node.js services
- Docker + Elastic Container Service
- All resources in AWS
---
### Terraform at <span style="color: #e74c3c">narando</span>
#### Initial Struggles
- AWS resources managed by hand
- scripts for deployments
- manually duplicating setup for **prod**
-
* new system went live in May 2017
* modifications became dangerous
--
### Terraform at <span style="color: #e74c3c">narando</span>
#### Rev. I - Proof of Concept
- one file with all resources
- ECS, EC2, VPC, RDS, Elasticache, IAM, ALB, Route53
- each with 1~5 TF resources
- only prod environment
- 554 LOC
--
### Terraform at <span style="color: #e74c3c">narando</span>
#### Rev. II - Adding Structure
- `modules/`
- encapsulates concern
- "central" modules like `modules/vpc`, `modules/cluster`, `modules/iam`
- "once-per-service" - `module/service`
- Container definition
- Loadbalancer Target
- DNS Entry
- Firewall Rules
--
### Terraform at <span style="color: #e74c3c">narando</span>
#### Rev. II - Adding Structure
- `env/$ENV`
- includes all modules
- root for state
- difference between environments
- **prod**: Elasticache
- **dev**: custom Redis
- same inputs/outputs
- can be easily swapped
--
### Terraform at <span style="color: #e74c3c">narando</span>
#### Rev. II - Directory Tree
```
├── env
│ ├── dev
│ │ ├── main.tf
│ │ ├── services.tf
│ │ └── vars.tf
│ └── prod
│ └── same as dev
└── modules
├── cluster
│ ├── vars.tf
│ ├── outputs.tf
│ └── main.tf
├── service
├── dns
└── vpc
```
--
### Terraform at <span style="color: #e74c3c">narando</span>
#### Rev. II - services.tf
- one `module/service` per service
- similar services
- db
- cache
- hostname
- container definition
- different services in **dev**/**prod**
--
### Terraform at <span style="color: #e74c3c">narando</span>
#### Rev. III - Splitting of services.tf
- services became more custom, more resources
- moved into own module
- 1 file per service
```
└── env
└── dev (prod)
└── services
├── feed-fetcher.tf
├── feeds.tf
├── notifier.tf
├── narrator.tf
├── publisher.tf
├── vars.tf
└── outputs.tf
```
--
### Terraform at <span style="color: #e74c3c">narando</span>
#### Pain Points (Structure)
- state updates are slow
- infrastructure is seperate from code (+CI/CD)
- not all values are auto-generated(/-filled)
- service definitions duplicated
--
### Terraform at <span style="color: #e74c3c">narando</span>
#### Pain Points (Process)
- manual `apply` by me
- repo might differ from deployed infrastructure
- CI does not create plans to review
- reviewers need to do this themselves
- iteration is slow
- missing `playground` environment
- smoke tests?
--
### Terraform at <span style="color: #e74c3c">narando</span>
#### Pain Points (Terraform)
- not all service providers have terraform providers
- drone / CICD
- gitea / VCS
- pointDNS
- some validations are only done during `apply`
---
### What is planned?
#### Upgrade Modules to support cross-repo setups
- Using `data` resources and naming schemas
- allows moving service-specific code into repos
```go
data "aws_ecs_cluster" "cluster" {
cluster_name = "${var.env}"
}
```
--
### What is planned?
#### Move service definitions into service repos
- integrated with usual review and deployment processes
- improves state update time
- single PR for related changes
- e.g. implement a new batch task (service repo)
- and configure the cron trigger (currently infrastructure repo)
--
### What is planned?
#### Automatic apply
- implement CD for core infrastructure repo
- probably with manual review at first
--
### What is planned?
#### Move Root DNS
- to Service Provider with Terraform Provider
- AWS / OVH / Cloudflare
- less manual work
---
### Recap
#### Things I like
- Exhaustive documentation
- huge list of offical providers
- community-built providers for new products
- declarative approach like K8s
- minial code, all configuration
- Hcl looks like Go and feels like Go
--
### Recap
#### Things I do not like
- side-effects between resources are not always documented
- searching in the dark for errors
- "why does the container not receive traffic?"
- might be AWS specific
- lots of concepts to learn
- failures do not roll back
- changes must be self-contained and backwards compatible

7
terraform/terraform_logo.svg Normal file
View file

@ -0,0 +1,7 @@
<svg xmlns="http://www.w3.org/2000/svg" viewBox="0 0 250 60.15" class="logo" height="120">
<path class="text" fill="#000" d="M77.35 7.86V4.63h-3v3.23h-1.46V.11h1.51v3.25h3V.11h1.51v7.75zm7 0h-1.2l-.11-.38a3.28 3.28 0 0 1-1.7.52c-1.06 0-1.52-.7-1.52-1.66 0-1.14.51-1.57 1.7-1.57h1.4v-.62c0-.62-.18-.84-1.11-.84a8.46 8.46 0 0 0-1.61.17L80 2.42a7.89 7.89 0 0 1 2-.26c1.83 0 2.37.62 2.37 2zm-1.43-2.11h-1.08c-.48 0-.61.13-.61.55s.13.56.59.56a2.37 2.37 0 0 0 1.1-.29zM87.43 8a7.12 7.12 0 0 1-2-.32l.2-1.07a6.77 6.77 0 0 0 1.73.24c.65 0 .74-.14.74-.56s-.07-.52-1-.73c-1.42-.33-1.59-.68-1.59-1.76s.49-1.65 2.16-1.65a8 8 0 0 1 1.75.2l-.14 1.11a10.66 10.66 0 0 0-1.6-.16c-.63 0-.74.14-.74.48s0 .48.82.68c1.63.41 1.78.62 1.78 1.77S89.19 8 87.43 8zm6.68-.11V4c0-.3-.13-.45-.47-.45a4.14 4.14 0 0 0-1.52.45v3.86h-1.46V0l1.46.22v2.47a5.31 5.31 0 0 1 2.13-.54c1 0 1.32.65 1.32 1.65v4.06zm2.68-6.38V.11h1.46v1.37zm0 6.38V2.27h1.46v5.59zm2.62-5.54c0-1.4.85-2.22 2.83-2.22a9.37 9.37 0 0 1 2.16.25l-.17 1.25a12.21 12.21 0 0 0-1.95-.2c-1 0-1.37.34-1.37 1.16V5.5c0 .81.33 1.16 1.37 1.16a12.21 12.21 0 0 0 1.95-.2l.17 1.25a9.37 9.37 0 0 1-2.16.25c-2 0-2.83-.81-2.83-2.22zM107.63 8c-2 0-2.53-1.06-2.53-2.2V4.36c0-1.15.54-2.2 2.53-2.2s2.53 1.06 2.53 2.2v1.41c.01 1.15-.53 2.23-2.53 2.23zm0-4.63c-.78 0-1.08.33-1.08 1v1.5c0 .63.3 1 1.08 1s1.08-.33 1.08-1V4.31c0-.63-.3-.96-1.08-.96zm6.64.09a11.57 11.57 0 0 0-1.54.81v3.6h-1.46v-5.6h1.23l.1.62a6.63 6.63 0 0 1 1.53-.73zM120.1 6a1.73 1.73 0 0 1-1.92 2 8.36 8.36 0 0 1-1.55-.16v2.26l-1.46.22v-8h1.16l.14.47a3.15 3.15 0 0 1 1.84-.59c1.17 0 1.79.67 1.79 1.94zm-3.48.63a6.72 6.72 0 0 0 1.29.15c.53 0 .73-.24.73-.75v-2c0-.46-.18-.71-.72-.71a2.11 2.11 0 0 0-1.3.51zM81.78 19.54h-8.89v-5.31H96.7v5.31h-8.9v26.53h-6z"></path>
<path class="text" fill="#000" d="M102.19 41.77a24.39 24.39 0 0 0 7.12-1.1l.91 4.4a25 25 0 0 1-8.56 1.48c-7.31 0-9.85-3.39-9.85-9V31.4c0-4.92 2.2-9.08 9.66-9.08s9.13 4.35 9.13 9.37v5h-13v1.2c.05 2.78 1.05 3.88 4.59 3.88zM97.65 32h7.41v-1.18c0-2.2-.67-3.73-3.54-3.73s-3.87 1.53-3.87 3.73zm28.54-4.33a45.65 45.65 0 0 0-6.19 3.39v15h-5.83V22.79h4.92l.38 2.58a26.09 26.09 0 0 1 6.12-3.06zm14.24 0a45.65 45.65 0 0 0-6.17 3.39v15h-5.83V22.79h4.92l.38 2.58a26.09 26.09 0 0 1 6.12-3.06zm19.51 18.4h-4.78l-.43-1.58a12.73 12.73 0 0 1-6.93 2.06c-4.25 0-6.07-2.92-6.07-6.93 0-4.73 2.06-6.55 6.79-6.55h5.59v-2.44c0-2.58-.72-3.49-4.45-3.49a32.53 32.53 0 0 0-6.45.72l-.72-4.45a30.38 30.38 0 0 1 8-1.1c7.31 0 9.47 2.58 9.47 8.41zm-5.83-8.8h-4.3c-1.91 0-2.44.53-2.44 2.29s.53 2.34 2.34 2.34a9.18 9.18 0 0 0 4.4-1.2zm23.75-19.79a17.11 17.11 0 0 0-3.35-.38c-2.29 0-2.63 1-2.63 2.77v2.92h5.93l-.33 4.64h-5.59v18.64h-5.83V27.43h-3.73v-4.64h3.73v-3.25c0-4.83 2.25-7.22 7.41-7.22a18.47 18.47 0 0 1 5 .67zm11.38 29.07c-8 0-10.13-4.4-10.13-9.18v-5.88c0-4.78 2.15-9.18 10.13-9.18s10.13 4.4 10.13 9.18v5.88c.01 4.78-2.15 9.18-10.13 9.18zm0-19.27c-3.11 0-4.3 1.39-4.3 4v6.26c0 2.63 1.2 4 4.3 4s4.3-1.39 4.3-4V31.3c0-2.63-1.19-4.02-4.3-4.02zm25.14.39a45.65 45.65 0 0 0-6.17 3.39v15h-5.83V22.79h4.92l.38 2.58a26.08 26.08 0 0 1 6.12-3.06zm16.02 18.4V29.82c0-1.24-.53-1.86-1.86-1.86a16.08 16.08 0 0 0-6.07 2v16.11h-5.83V22.79h4.45l.57 2a23.32 23.32 0 0 1 9.34-2.48 4.42 4.42 0 0 1 4.4 2.49 22.83 22.83 0 0 1 9.37-2.49c3.87 0 5.26 2.72 5.26 6.88v16.88h-5.83V29.82c0-1.24-.53-1.86-1.86-1.86a15.43 15.43 0 0 0-6.07 2v16.11z"></path>
<path class="rect-dark" fill="#4040B2" d="M36.4 20.2v18.93l16.4-9.46V10.72L36.4 20.2z"></path>
<path class="rect-light" fill="#5C4EE5" d="M18.2 10.72l16.4 9.48v18.93l-16.4-9.47V10.72z"></path>
<path class="rect-light" fill="#5C4EE5" d="M0 .15v18.94l16.4 9.47V9.62L0 .15zm18.2 50.53l16.4 9.47V41.21l-16.4-9.47v18.94z"></path>
</svg>
Side by side

After

Width:  |  Height:  |  Size: 3.6 KiB