search

y4h2 / personal-notes

my personal notes
0 stars 0 forks source link

Terraform #1

Open y4h2 opened 1 year ago

y4h2 commented 1 year ago

Current course: KodeKloud: Terraform Basics Traning Course

理解resource,datasource和variable:

useful providers:

y4h2 commented 1 year ago

Terraform helm provider:

doc

y4h2 commented 1 year ago

kubernetes copy secret to other namespace: source

#!/bin/bash

set -e

/bin/echo -n '{ "token": "'
kubectl get -n consul secrets/hashicorp-consul-bootstrap-acl-token --template={{.data.token}}
/bin/echo -n '"}'
data "external" "token" {
  program = ["sh", "${path.module}/consul-token.sh"]
}

resource "kubernetes_secret" "consul-token" {
  depends_on = [data.external.token]

  metadata {
    name      = "consul-token"
    namespace = "app"
  }

  data = {
    token = base64decode(data.external.token.result.token)
  }
}

terraform {
  required_providers {
    external = {
      source  = "hashicorp/external"
      version = ">= 2.0.0"
    }
  }
}
y4h2 commented 1 year ago

count example

variable "project-sapphire-users" {
     type = list(string)
     default = [ "mary", "jack", "jill", "mack", "buzz", "mater"]
}

resource "aws_iam_user" "users" {
  name = var.project-sapphire-users[count.index]

  count = length(var.project-sapphire-users)
}
y4h2 commented 1 year ago

input

通过.tfvars传值

variable "region" {
}

.tfvars文件

region = "us-east-1"
y4h2 commented 1 year ago

State file

.tfstate文件

state locking: 防止其他人同时deploy

!!!千万不要用git存state

example:

image

check state

terraform state show aws_s3_bucket.finance
y4h2 commented 1 year ago

variable interpolation

${..}

example

resource "local_file" "state" {
  filename = "/root/${var.local-state}"
  content  = "This configuration uses ${var.local-state} state"
}
y4h2 commented 1 year ago

Set Terraform backend dynamically

How to set Terraform backend configuration dynamically

main idea: use .hcl file

backend.tf

terraform {
    backend "remote" {}
}

backend.hcl

hostname     = "app.terraform.io"
organization = "ministry-of-magic"
workspaces { Name = "sorting-hat-api-prod" }

command terraform init -backend-config=backend.hcl

terraform workspace不能改变backend,只是在同一个backend内部切换

y4h2 commented 1 year ago

terrafrom environment variables: https://www.terraform.io/cli/config/environment-variables

TF_DATA_DIR change .terraform location

y4h2 commented 1 year ago

terraform output sensitive data

output "token_value" {
 value = tfe_team_token.test.token
 sensitive = true
}

terraform output -raw token_value

y4h2 commented 1 year ago

provisioner

Terraform可以在launch VM的时候运行脚本

y4h2 commented 1 year ago

taint: 需要手动升级时,可以先taint resource再untaint

y4h2 commented 1 year ago

debug:

y4h2 commented 1 year ago

import resource: terraform import command, 把资源导入到terraform的state中

  1. 创建resource block
  2. terraform import resource info
  3. update resource block to make sure when terraform apply there is nothing to change
y4h2 commented 1 year ago

terraform module

public module example

module "iam_iam-user" {
  source  = "terraform-aws-modules/iam/aws//modules/iam-user"
  version = "3.4.0"
  # insert the 1 required variable here
}

Publish module to registry

Gitlab registry

Access Private module

need to set up credential in TF_CLI_CONFIG_FILE example

y4h2 commented 1 year ago

functions

check with terraform console