Terraform: Difference between revisions

From Chorke Wiki
Jump to navigation Jump to search
← Older edit
VisualWikitext
No edit summary
 
(36 intermediate revisions by the same user not shown)
Line 1: Line 1:
<syntaxhighlight lang="bash">
{|class='wikitable'
|valign='top' style='width:50%'|
<syntaxhighlight lang='bash'>
curl -fsSL https://apt.releases.hashicorp.com/gpg\
curl -fsSL https://apt.releases.hashicorp.com/gpg\
  | sudo tee /etc/apt/keyrings/hashicorp.asc >/dev/null
  | sudo tee /etc/apt/keyrings/hashicorp.asc >/dev/null


cat << EOF | sudo tee /etc/apt/sources.list.d/hashicorp.list >/dev/null
DISTRIBUTION=$(. /etc/os-release && echo "${VERSION_CODENAME}")
cat << SRC | sudo tee /etc/apt/sources.list.d/hashicorp.list >/dev/null
deb [arch=$(dpkg --print-architecture)\
deb [arch=$(dpkg --print-architecture)\
  signed-by=/etc/apt/keyrings/hashicorp.asc]\
  signed-by=/etc/apt/keyrings/hashicorp.asc]\
  https://apt.releases.hashicorp.com $(lsb_release -cs) main
  https://apt.releases.hashicorp.com ${DISTRIBUTION} main
EOF
SRC


sudo apt update  && sudo apt list  --upgradeable
sudo apt update  && sudo apt list  --upgradeable
Line 13: Line 16:
terraform version
terraform version
</syntaxhighlight>
</syntaxhighlight>
|valign='top' style='width:50%'|
|}


==Structure==
==Structure==
{|
{|class='wikitable mw-collapsible'
| valign="top" |
!scope='col' style='text-align:left' colspan='2'|
<syntaxhighlight lang="text">
Structure
|-
|valign='top' style='width:50%'|
<syntaxhighlight lang='text'>
sdlc/
sdlc/
├─ main.tf             # Main Terraform config file
├─ main.tf                   # Main Terraform config file
├─ variables.tf         # Variable declarations
├─ variables.tf             # Variable declarations
├─ terraform.tfvars     # Variable assigned
├─ terraform.tfvars         # Variable assigned
├─ outputs.tf           # Output definitions
├─ outputs.tf               # Output definitions
├─ provider.tf         # Provider-specific config
├─ provider.tf               # Provider-specific config
├─ terraform.tfstate   # Terraform state file
├─ terraform.tfstate         # Terraform state file
├─ dev.tf               # Dev  Env config for development
├─ terraform.tfstate.backup  # Terraform state backup file
├─ prod.tf             # Prod Env config for production
├─ terraform.auto.tfvars    # User Sensitive Data
├─ modules/             # Directory for custom modules
├─ dev.tf                   # Dev  Env config for development
│  ├─ module1/         # Custom module 1
├─ prod.tf                   # Prod Env config for production
│  │  ├─ main.tf       # Module-specific Terraform config
├─ modules/                 # Directory for custom modules
│  │  ├─ variables.tf   # Module-specific variables
│  ├─ module1/               # Custom module 1
│  │  └─ outputs.tf     # Module-specific outputs
│  │  ├─ main.tf             # Module-specific Terraform config
│  └─ module2/         # Custom module 2
│  │  ├─ variables.tf       # Module-specific variables
│  │  └─ outputs.tf         # Module-specific outputs
│  └─ module2/               # Custom module 2
│    ├─ main.tf
│    ├─ main.tf
│    ├─ variables.tf
│    ├─ variables.tf
│    └─ outputs.tf
│    └─ outputs.tf
├─ environments/       # Directory for env
├─ environments/             # Directory for env
│  ├─ dev/             # Development env
│  ├─ dev/                   # Development env
│  │  ├─ main.tf       # Env specific Terraform config
│  │  ├─ main.tf             # Env specific Terraform config
│  │  ├─ variables.tf
│  │  ├─ variables.tf
│  │  └─ outputs.tf
│  │  └─ outputs.tf
│  └─ prod/             # Production env
│  └─ prod/                 # Production env
│    ├─ main.tf
│    ├─ main.tf
│    ├─ variables.tf
│    ├─ variables.tf
│    └─ outputs.tf
│    └─ outputs.tf
├─ scripts/             # Scripts or utility for IaC
├─ scripts/                 # Scripts or utility for IaC
└── README.md
└── README.md
</syntaxhighlight>
</syntaxhighlight>
|valign='top' style='width:50%'|
|}


==Summary==
==Summary==
{|class='wikitable mw-collapsible'
!scope='col' style='text-align:left'|
Summary
|-
|valign='top'|
* <code>variables.tf</code> is essentially the variable declarations needed to make the module work. More specifically, the variables you want to be able to pass into the module for it to work the way you want it to.
* <code>variables.tf</code> is essentially the variable declarations needed to make the module work. More specifically, the variables you want to be able to pass into the module for it to work the way you want it to.


Line 84: Line 103:


* '''TL;DR''' <code>terraform.tfvars</code> is what you pass to your stack to make it meaningfully distinct from any other deployment. <code>variables.tf</code> declares the variable names that you need to pass to the stack.
* '''TL;DR''' <code>terraform.tfvars</code> is what you pass to your stack to make it meaningfully distinct from any other deployment. <code>variables.tf</code> declares the variable names that you need to pass to the stack.
|}
==Backend » HTTP==
{|class='wikitable mw-collapsible'
!scope='col' style='text-align:left' colspan='2'|
Backend » HTTP
|-
|valign='top' style='width:50%'|
<syntaxhighlight lang='bash'>
cat << HCL | tee -a ./backend.tf >/dev/null
terraform {
  backend "http" {
  }
}
HCL
</syntaxhighlight>
|valign='top' style='width:50%'|
<syntaxhighlight lang='bash'>
terraform init -backend-config=./nexus.http.tfbackend
terraform init -backend-config=./gitlab.http.tfbackend
terraform init -backend-config=./gitlab.http.tfbackend -reconfigure
terraform init -backend-config=./gitlab.http.tfbackend -migrate-state
</syntaxhighlight>
|-
|valign='top' colspan='2'|
<syntaxhighlight lang='bash'>
cat << HCL | tee -a ./gitlab.http.tfbackend >/dev/null
unlock_address = "https://gitlab.chorke.org/api/v4/projects/123/terraform/state/aws-chorke/unlock"
lock_address  = "https://gitlab.chorke.org/api/v4/projects/123/terraform/state/aws-chorke/lock"
address        = "https://gitlab.chorke.org/api/v4/projects/123/terraform/state/aws-chorke"
username      = "academia"
password      = "sadaqah!"
unlock_method  = DELETE
lock_method    = POST
retry_wait_min = 5
HCL
</syntaxhighlight>
|-
|valign='top' colspan='2'|
<syntaxhighlight lang='bash'>
cat << HCL | tee -a ./nexus.http.tfbackend >/dev/null
unlock_address = "https://nexus.chorke.org/repository/terraform/chorke-sdlc/state/aws-chorke/unlock"
lock_address  = "https://nexus.chorke.org/repository/terraform/chorke-sdlc/state/aws-chorke/lock"
address        = "https://nexus.chorke.org/repository/terraform/chorke-sdlc/state/aws-chorke"
username      = "academia@chorke.org"
password      = "sadaqah!"
unlock_method  = DELETE
lock_method    = POST
retry_wait_min = 5
HCL
</syntaxhighlight>
|}


==Playground==
==Playground==
{|
{|class='wikitable mw-collapsible'
| valign="top" |
!scope='col' style='text-align:left' colspan='3'|
Playground
|-
|valign='top' style='width:33%'|
  aws configure --profile academia
  aws configure --profile academia
  aws configure help
  aws configure help
Line 93: Line 171:
  aws configure
  aws configure


| valign="top" |
|valign='top' style='width:34%'|
  terraform fmt -diff  -recursive -write=false
  terraform fmt -diff  -recursive -write=false
  terraform fmt -diff  -recursive
  terraform fmt -diff  -recursive
Line 99: Line 177:
  terraform plan -out=tfplan
  terraform plan -out=tfplan


| valign="top" |
|valign='top' style='width:33%'|
<syntaxhighlight lang="bash">
<syntaxhighlight lang='bash'>
terraform init
terraform init
terraform plan
terraform plan
Line 106: Line 184:
terraform destroy
terraform destroy
</syntaxhighlight>
</syntaxhighlight>
|-
|-
| colspan="3" |
|valign='top'|
----
<syntaxhighlight lang='bash'>
|-
| valign="top" |
<syntaxhighlight lang="bash">
cat << INI | tee -a ${HOME}/.aws/config >/dev/null
cat << INI | tee -a ${HOME}/.aws/config >/dev/null
[default]
[default]
Line 121: Line 195:
</syntaxhighlight>
</syntaxhighlight>


| valign="top" |
|valign='top'|
<syntaxhighlight lang="bash">
<syntaxhighlight lang='bash'>
cat << INI | tee -a ${HOME}/.aws/credentials >/dev/null
cat << INI | tee -a ${HOME}/.aws/credentials >/dev/null
[academia]
[academia]
Line 131: Line 205:
</syntaxhighlight>
</syntaxhighlight>


| valign="top" |
|valign='top'|
<syntaxhighlight lang="bash">
<syntaxhighlight lang='bash'>
cat << INI | tee -a ${HOME}/.aws/config >/dev/null
cat << INI | tee -a ${HOME}/.aws/config >/dev/null
[profile academia]
[profile academia]
Line 140: Line 214:
INI
INI
</syntaxhighlight>
</syntaxhighlight>
|-
| colspan="3" |
----
|-
|-
| valign="top" |
|valign='top'|
<syntaxhighlight lang="bash">
<syntaxhighlight lang='bash'>
export AWS_DEFAULT_PROFILE=academia
export AWS_DEFAULT_PROFILE=academia
export AWS_PROFILE=academia
export AWS_PROFILE=academia
Line 153: Line 223:
</syntaxhighlight>
</syntaxhighlight>


| valign="top" |
|valign='top'|
<syntaxhighlight lang="bash">
cdktf init --template="python" –local --providers="aws@5.58.0"
brew install cdktf
 
|valign='top'|
<syntaxhighlight lang='bash'>
cat ~/.terraform.d/credentials.tfrc.json
cat ~/.terraform.d/credentials.tfrc.json


cat ~/.aws/credentials  
cat ~/.aws/credentials  
cat ~/.aws/config  
cat ~/.aws/config  
</syntaxhighlight>
|-
|valign='top'|
<syntaxhighlight lang='bash'>
terraform init -backend-config=./gitlab.http.tfbackend
terraform init -backend-config=./nexus.http.tfbackend
</syntaxhighlight>
</syntaxhighlight>


| valign="top" |
|valign='top'|
<syntaxhighlight lang='bash'>
terraform init -backend-config=./nexus.http.tfbackend \
-migrate-state
</syntaxhighlight>
 
|valign='top'|
<syntaxhighlight lang='bash'>
terraform init -backend-config=./nexus.http.tfbackend \
-reconfigure
</syntaxhighlight>
|-
|valign='top'|
<syntaxhighlight lang='bash'>
cat <<-'HCL'| terraform console
format("Hello %s from %s", "Terraform", "env0")
HCL
</syntaxhighlight>
 
|valign='top'|
<syntaxhighlight lang='bash'>
echo 'cidrhost("10.10.0.0/16", 1)'|terraform console
echo 'cidrhost("10.10.1.0/24", 1)'|terraform console
echo 'cidrhost("10.10.2.0/24", 1)'|terraform console
</syntaxhighlight>
 
|valign='top'|
<syntaxhighlight lang='bash'>
echo 'cidrsubnet("10.10.0.0/16", 0, 0)'|terraform console
echo 'cidrsubnet("10.10.0.0/16", 8, 0)'|terraform console
echo 'cidrsubnet("10.10.0.0/16", 8, 1)'|terraform console
</syntaxhighlight>
|-
|valign='top'|
<syntaxhighlight lang='bash'>
echo 'cidrnetmask("10.10.0.0/16")'|terraform console
echo 'cidrnetmask("10.10.1.0/24")'|terraform console
echo 'cidrnetmask("10.10.2.0/24")'|terraform console
</syntaxhighlight>
 
|valign='top'|
<syntaxhighlight lang='bash'>
echo 'cidrsubnets("10.10.0.0/16", 2, 2, 2, 2)'|terraform console
echo 'cidrsubnets("10.10.0.0/16", 4, 4, 4, 4)'|terraform console
echo 'cidrsubnets("10.10.1.0/16", 8, 8, 8, 8)'|terraform console
</syntaxhighlight>
 
|valign='top'|
terraform show


|}
|}


== References ==
==References==
{|
{|class='wikitable mw-collapsible'
| valign="top" |
!scope='col' style='text-align:left' colspan='3'|
References
|-
|valign='top' style='width:33%'|
* [https://www.reddit.com/r/Terraform/comments/yt8hag/variablestf_vs_terraformtfvars_whats_the/ Terraform » reddit » <code>variable.tf</code> vs. <code>terraform.tfvars</code>]
* [https://www.reddit.com/r/Terraform/comments/yt8hag/variablestf_vs_terraformtfvars_whats_the/ Terraform » reddit » <code>variable.tf</code> vs. <code>terraform.tfvars</code>]
* [https://medium.com/@biagolini/adding-untracked-resources-to-terraform-state-f056a6ab2adc Terraform » Adding Untracked Resources to TF State]
* [https://medium.com/@biagolini/adding-untracked-resources-to-terraform-state-f056a6ab2adc Terraform » Adding Untracked Resources to TF State]
Line 179: Line 312:
* [https://developer.hashicorp.com/terraform/cli/commands/fmt Terraform » <code>fmt</code>]
* [https://developer.hashicorp.com/terraform/cli/commands/fmt Terraform » <code>fmt</code>]


| valign="top" |
|valign='top' style='width:34%'|
* [https://www.reddit.com/r/Terraform/comments/yxtq02/items_to_include_in_gitignore_when_using_a_cli/ Terraform » Items to include in <code>.gitignore</code>]
* [https://www.reddit.com/r/Terraform/comments/yxtq02/items_to_include_in_gitignore_when_using_a_cli/ Terraform » Items to include in <code>.gitignore</code>]
* [https://developer.hashicorp.com/terraform/language/resources/behavior Terraform » Resources » Behavior]
* [https://developer.hashicorp.com/terraform/language/resources/behavior Terraform » Resources » Behavior]
Line 191: Line 324:
* [https://developer.hashicorp.com/terraform/cli/commands/get Terraform » <code>get</code>]
* [https://developer.hashicorp.com/terraform/cli/commands/get Terraform » <code>get</code>]


| valign="top" |
|valign='top' style='width:33%'|
* [https://stackoverflow.com/questions/67963719/ Terraform » <code>.terraform.lock.hcl</code> excluded from <code>.gitignore</code>]
* [https://stackoverflow.com/questions/67963719/ Terraform » <code>.terraform.lock.hcl</code> excluded from <code>.gitignore</code>]
* [https://medium.com/@arnobroekhof/using-sonatype-nexus-3-as-backend-provider-for-terraform-41e16d275fd7 Terraform » TFState » Sonatype Nexus 3]
* [https://medium.com/@arnobroekhof/using-sonatype-nexus-3-as-backend-provider-for-terraform-41e16d275fd7 Terraform » TFState » Sonatype Nexus 3]
Line 202: Line 335:
* [https://developer.hashicorp.com/terraform/language/state/locking Terraform » State Locking]
* [https://developer.hashicorp.com/terraform/language/state/locking Terraform » State Locking]
* [https://github.com/github/gitignore/blob/main/Terraform.gitignore Terraform » <code>.gitignore</code>]
* [https://github.com/github/gitignore/blob/main/Terraform.gitignore Terraform » <code>.gitignore</code>]
|-
|-
| colspan="3" |
|valign='top'|
----
|-
| valign="top" |
* [https://spacelift.io/blog/terraform-tfvars Terraform » <code>terraform.tfvars</code> vs. <code>variable.tf</code>]
* [https://spacelift.io/blog/terraform-tfvars Terraform » <code>terraform.tfvars</code> vs. <code>variable.tf</code>]
* [https://dev.to/leroykayanda/gitignore-ignore-terraform-files-40h6 Terraform » <code>.gitignore</code> & <code>.terraformignore</code>]
* [https://dev.to/leroykayanda/gitignore-ignore-terraform-files-40h6 Terraform » <code>.gitignore</code> & <code>.terraformignore</code>]
* [https://developer.hashicorp.com/terraform/language/expressions/operators Terraform » EL » Arithmetic & Logical Operators]
* [https://developer.hashicorp.com/terraform/language/expressions/operators Terraform » EL » Arithmetic & Logical Operators]
* [https://developer.hashicorp.com/terraform/language/expressions/references  Terraform » EL » References to Named Values]
* [https://developer.hashicorp.com/terraform/language/expressions/references  Terraform » EL » References to Named Values]
* [https://developer.hashicorp.com/terraform/language/settings/backends/remote#excluding-files-from-upload-with-terraformignore Terraform » Backend » <code>.terraformignore</code>]
* [https://support.hashicorp.com/hc/en-us/articles/4409321668499-How-to-identify-issues-with-the-terraformignore-file-configuration Terraform » <code>.terraformignore</code> » Issues]
* [https://support.hashicorp.com/hc/en-us/articles/4409321668499-How-to-identify-issues-with-the-terraformignore-file-configuration Terraform » <code>.terraformignore</code> » Issues]
* [https://developer.hashicorp.com/terraform/language/settings/backends/configuration Terraform » Backend » Configuration]
* [https://developer.hashicorp.com/terraform/language/settings/backends/configuration Terraform » Backend » Configuration]
* [https://developer.hashicorp.com/terraform/language/expressions/strings Terraform » EL » Strings & Templates]
* [https://developer.hashicorp.com/terraform/language/expressions/strings Terraform » EL » Strings & Templates]
* [https://developer.hashicorp.com/terraform/language/expressions/types Terraform » EL » Types & Values]
* [https://developer.hashicorp.com/terraform/language/expressions/types Terraform » EL » Types & Values]
* [https://developer.hashicorp.com/terraform/language/settings/backends/remote Terraform » Backend » Remote]
* [https://developer.hashicorp.com/terraform/language/expressions/function-calls Terraform » EL » Function Calls]
* [https://developer.hashicorp.com/terraform/language/expressions/function-calls Terraform » EL » Function Calls]


| valign="top" |
|valign='top'|
* [https://developer.hashicorp.com/terraform/language/expressions/conditionals Terraform » EL » Conditional Expressions]
* [https://developer.hashicorp.com/terraform/language/expressions/conditionals Terraform » EL » Conditional Expressions]
* [https://developer.hashicorp.com/terraform/language/functions Terraform » Lang » Built-in Functions]
* [https://developer.hashicorp.com/terraform/language/expressions/version-constraints Terraform » EL » Version Constraints]
* [https://developer.hashicorp.com/terraform/language/expressions/version-constraints Terraform » EL » Version Constraints]
* [https://developer.hashicorp.com/terraform/language/functions/bcrypt Terraform » Lang » Hash » <code>bcrypt</code>]
* [https://developer.hashicorp.com/terraform/language/expressions/custom-conditions Terraform » EL » Custom Conditions]
* [https://developer.hashicorp.com/terraform/language/expressions/custom-conditions Terraform » EL » Custom Conditions]
* [https://developer.hashicorp.com/terraform/language/expressions/type-constraints Terraform » EL » Type Constraints]
* [https://developer.hashicorp.com/terraform/language/expressions/type-constraints Terraform » EL » Type Constraints]
* [https://developer.hashicorp.com/terraform/language/expressions/dynamic-blocks Terraform » EL » Dynamic Blocks]
* [https://developer.hashicorp.com/terraform/language/expressions/dynamic-blocks Terraform » EL » Dynamic Blocks]
* [https://developer.hashicorp.com/terraform/language/functions/uuid Terraform » Lang » Hash » <code>uuid</code>]
* [https://developer.hashicorp.com/tutorials/library?product=terraform Terraform » Tutorials » Library]
* [https://developer.hashicorp.com/terraform/language/upgrade-guides Terraform » Upgrade » v1.9]
* [https://developer.hashicorp.com/certifications Terraform » Certifications]
* [https://developer.hashicorp.com/terraform/language/expressions/splat Terraform » EL » Splat]
* [https://developer.hashicorp.com/terraform/language/expressions/splat Terraform » EL » Splat]
* [https://developer.hashicorp.com/terraform/language/expressions/for Terraform » EL » For]
* [https://developer.hashicorp.com/terraform/language/expressions/for Terraform » EL » For]


| valign="top" |
|valign='top'|
* [https://developer.hashicorp.com/terraform/language/functions/cidrnetmask Terraform » Lang » IP » <code>cidrnetmask</code>]
* [https://developer.hashicorp.com/terraform/language/functions/cidrnetmask Terraform » Lang » IP » <code>cidrnetmask</code>]
* [https://developer.hashicorp.com/terraform/language/functions/cidrsubnets Terraform » Lang » IP » <code>cidrsubnets</code>]
* [https://developer.hashicorp.com/terraform/language/functions/cidrsubnets Terraform » Lang » IP » <code>cidrsubnets</code>]
* [https://developer.hashicorp.com/terraform/language/functions/cidrsubnet Terraform » Lang » IP » <code>cidrsubnet</code>]
* [https://developer.hashicorp.com/terraform/language/functions/cidrsubnet Terraform » Lang » IP » <code>cidrsubnet</code>]
* [https://developer.hashicorp.com/terraform/language/functions Terraform » Lang » Built-in Functions]
* [https://developer.hashicorp.com/terraform/language/functions/bcrypt Terraform » Lang » Hash » <code>bcrypt</code>]
* [https://developer.hashicorp.com/terraform/language/functions/cidrhost Terraform » Lang » IP » <code>cidrhost</code>]
* [https://developer.hashicorp.com/terraform/language/functions/cidrhost Terraform » Lang » IP » <code>cidrhost</code>]
* [https://developer.hashicorp.com/terraform/language/tests/mocking Terraform » Lang » Test » <code>Mocks</code>]
* [https://developer.hashicorp.com/terraform/language/functions/uuid Terraform » Lang » Hash » <code>uuid</code>]
* [https://developer.hashicorp.com/terraform/language/functions/tostring Terraform » Lang » <code>tostring</code>]
* [https://developer.hashicorp.com/terraform/language/functions/tostring Terraform » Lang » <code>tostring</code>]
* [https://developer.hashicorp.com/terraform/language/tests Terraform » Lang » Test]
|-
|valign='top'|
* [https://spacelift.io/blog/terraform-cdk Terraform » Spacelift » AWS » CDKTF]
* [https://spacelift.io/blog/terraform-output Terraform » Spacelift » Output]
* [https://www.env0.com/blog/terraform-functions-guide-complete-list-with-examples Terraform » Functions » Guide]
* [https://medium.com/@satyen.167/terraform-console-and-output-d3acf1f533 Terraform » Console » Output]
* [https://spacelift.io/blog/terraform-test Terraform » Spacelift » Test]
* [https://developer.hashicorp.com/terraform/tutorials/cdktf/cdktf-install?variants=cdk-language%3Apython Terraform » CDK » Python]
|valign='top'|


|valign='top'|
|-
|-
| colspan="3" |
|valign='top'|
----
|-
| valign="top" |
* [https://registry.terraform.io/providers/hashicorp/azurerm/latest Terraform » Provider » azurerm]
* [https://registry.terraform.io/providers/hashicorp/azurerm/latest Terraform » Provider » azurerm]
* [https://registry.terraform.io/providers/hashicorp/azuread/latest Terraform » Provider » azuread]
* [https://registry.terraform.io/providers/hashicorp/azuread/latest Terraform » Provider » azuread]
Line 249: Line 391:
* [https://registry.terraform.io/providers/hashicorp/aws/latest Terraform » Provider » aws]
* [https://registry.terraform.io/providers/hashicorp/aws/latest Terraform » Provider » aws]


| valign="top" |
|valign='top'|
 
| valign="top" |


|valign='top'|
|-
|-
| colspan="3" |
|valign='top'|
----
|-
| valign="top" |
* [https://registry.terraform.io/modules/Azure/compute/azurerm/latest Terraform » Module » azurerm]
* [https://registry.terraform.io/modules/Azure/compute/azurerm/latest Terraform » Module » azurerm]
* [https://registry.terraform.io/modules/terraform-aws-modules/eks/aws/latest Terraform » Module » eks]
* [https://registry.terraform.io/modules/terraform-aws-modules/eks/aws/latest Terraform » Module » eks]


| valign="top" |
|valign='top'|
 
| valign="top" |


|valign='top'|
|-
|-
| colspan="3" |
|valign='top'|
----
|-
| valign="top" |
* [[Google Cloud CLI]]
* [[Google Cloud CLI]]
* [[Minikube]]
* [[Minikube]]
Line 281: Line 415:
* [[K9s]]
* [[K9s]]


| valign="top" |
|valign='top'|
* [https://docs.aws.amazon.com/cdk/api/v2/python/aws_cdk.aws_eks/NodegroupAmiType.html AWS » EKS » NodegroupAmiType]
* [https://kubedemy.io/aws-eks-part-1-deploy-eks-cluster-requirements AWS » EKS » Requirements]
* [https://docs.aws.amazon.com/eks/latest/userguide/kubernetes-versions.html AWS » EKS » Versions]
* [https://docs.aws.amazon.com/eks/latest/userguide/kubernetes-versions.html AWS » EKS » Versions]
* [[EKSctl|AWS » EKS » CLI]]
* [https://docs.aws.amazon.com/eks/latest/userguide/what-is-eks.html AWS » EKS]
* [https://gitlab.com/ipcalc/ipcalc <code>ipcalc</code>]
* [[Nexus]]
* [[Nexus]]
* [[CIDR]]
* [[CIDR]]
* [https://github.com/hashicorp/hcl HCL]
* [[Git]]
* [[Git]]


| valign="top" |
|valign='top'|
 
|}
|}

Latest revision as of 22:47, 19 January 2026

curl -fsSL https://apt.releases.hashicorp.com/gpg\
 | sudo tee /etc/apt/keyrings/hashicorp.asc >/dev/null

DISTRIBUTION=$(. /etc/os-release && echo "${VERSION_CODENAME}")
cat << SRC | sudo tee /etc/apt/sources.list.d/hashicorp.list >/dev/null
deb [arch=$(dpkg --print-architecture)\
 signed-by=/etc/apt/keyrings/hashicorp.asc]\
 https://apt.releases.hashicorp.com ${DISTRIBUTION} main
SRC

sudo apt update  && sudo apt list  --upgradeable
sudo apt upgrade && sudo apt install terraform
terraform version

Structure

Structure 

sdlc/
├─ main.tf                   # Main Terraform config file
├─ variables.tf              # Variable declarations
├─ terraform.tfvars          # Variable assigned
├─ outputs.tf                # Output definitions
├─ provider.tf               # Provider-specific config
├─ terraform.tfstate         # Terraform state file
├─ terraform.tfstate.backup  # Terraform state backup file
├─ terraform.auto.tfvars     # User Sensitive Data
├─ dev.tf                    # Dev  Env config for development
├─ prod.tf                   # Prod Env config for production
├─ modules/                  # Directory for custom modules
│  ├─ module1/               # Custom module 1
│  │  ├─ main.tf             # Module-specific Terraform config
│  │  ├─ variables.tf        # Module-specific variables
│  │  └─ outputs.tf          # Module-specific outputs
│  └─ module2/               # Custom module 2
│     ├─ main.tf
│     ├─ variables.tf
│     └─ outputs.tf
├─ environments/             # Directory for env
│  ├─ dev/                   # Development env
│  │  ├─ main.tf             # Env specific Terraform config
│  │  ├─ variables.tf
│  │  └─ outputs.tf
│  └─ prod/                  # Production env
│     ├─ main.tf
│     ├─ variables.tf
│     └─ outputs.tf
├─ scripts/                  # Scripts or utility for IaC
└── README.md

Summary

Summary

  • variables.tf is essentially the variable declarations needed to make the module work. More specifically, the variables you want to be able to pass into the module for it to work the way you want it to.
  • From a beginner's POV, the module in question is the root module. If you're unclear what I mean by this, this is the directory where you've got all your *.tf files when you're first starting out, and where you also have your terraform.tfvars file.
  • Once you get to the point that you're ready to write a separate module, then that module (in another dir) will itself have its own variables.tf file. So when you call the module, you will want to pass values to the variables named in the module's variables.tf file.
  • Rephrasing:
    • terraform.tfvars contains bootstrap values that get passed to the root module's variables.tf file.
    • When you call a module, you don't have access to a separate terraform.tfvars file, but you do expressly pass them when you call the module. Those variable names need to match the declared variables in the module's variables.tf file.
    • If you set a variable in terraform.tfvars but it doesn't exist in variables.tf, you'll get a warning that the variable doesn't exist and is therefore ignored.
  • Very briefly:
    • A collection of *.tf files in a single directory is a module
    • If those *.tf files exist in the root level directory of a stack (ie, where you cd to in order to run terraform), then you have the option of creating terraform.tfvars, rather than always editing values into variables.tf
    • If those *.tf files exist in a module other than the root level directory, you do not have the option of using terraform.tfvars in that directory
    • terraform.tfvars should be considered your way of setting variables for your deployment; if you're still editing variables.tf for every one of your unique deployments, then your stack still needs work before you can consider it ready to be shared with others
  • A bit murkier:
    • Naming the file variables.tf is merely a convention. You could call it yourname.tf and it'll still work just fine. Terraform will read all *.tf files in the directory and treat the contents the same regardless of how the file is named.
  • Murkier still:
    • There are other files along with terraform.tfvars that can be used, but just like terraform.tfvars, only used in the root module's directory.
  • Those files follow a naming format of *.auto.tfvars or *.auto.tfvars.json. The former follow the same formatting rules as terraform.tfvars, whereas the latter need to follow standard JSON notation.
  • A good example:
    • Would be a file named mypasswords.auto.tfvars
    • This allows you to have local password definitions that don't get checked into git/GitHub, whereas checking terraform.tfvars into the repo, while perhaps being too specific to your particular usage, won't end up compromising your deployments with an accidentally shared set of credentials. It could even contain a set of reasonable defaults that you and your team may want to change, depending on needs.
  • Heck:
    • You could create deployment1.auto.tfvars and completely ignore using terraform.tfvars, if that's how you want to roll.
    • I should note that variables.tf can set default values (overridden by whatever you set in terraform.tfvars), as well as doing validation on what is passed to it.
  • TL;DR terraform.tfvars is what you pass to your stack to make it meaningfully distinct from any other deployment. variables.tf declares the variable names that you need to pass to the stack.

Backend » HTTP

Backend » HTTP 

cat << HCL | tee -a ./backend.tf >/dev/null
terraform {
  backend "http" {
  }
}
HCL

terraform init -backend-config=./nexus.http.tfbackend


terraform init -backend-config=./gitlab.http.tfbackend
terraform init -backend-config=./gitlab.http.tfbackend -reconfigure
terraform init -backend-config=./gitlab.http.tfbackend -migrate-state

cat << HCL | tee -a ./gitlab.http.tfbackend >/dev/null
unlock_address = "https://gitlab.chorke.org/api/v4/projects/123/terraform/state/aws-chorke/unlock"
lock_address   = "https://gitlab.chorke.org/api/v4/projects/123/terraform/state/aws-chorke/lock"
address        = "https://gitlab.chorke.org/api/v4/projects/123/terraform/state/aws-chorke"
username       = "academia"
password       = "sadaqah!"
unlock_method  = DELETE
lock_method    = POST
retry_wait_min = 5
HCL

cat << HCL | tee -a ./nexus.http.tfbackend >/dev/null
unlock_address = "https://nexus.chorke.org/repository/terraform/chorke-sdlc/state/aws-chorke/unlock"
lock_address   = "https://nexus.chorke.org/repository/terraform/chorke-sdlc/state/aws-chorke/lock"
address        = "https://nexus.chorke.org/repository/terraform/chorke-sdlc/state/aws-chorke"
username       = "academia@chorke.org"
password       = "sadaqah!"
unlock_method  = DELETE
lock_method    = POST
retry_wait_min = 5
HCL

Playground

Playground 

aws configure --profile academia
aws configure help
aws configure list
aws configure

terraform fmt -diff  -recursive -write=false
terraform fmt -diff  -recursive
terraform fmt -check -recursive
terraform plan -out=tfplan

terraform init
terraform plan
terraform apply
terraform destroy

cat << INI | tee -a ${HOME}/.aws/config >/dev/null
[default]
region = ap-southeast-1
output = table

INI

cat << INI | tee -a ${HOME}/.aws/credentials >/dev/null
[academia]
aws_access_key_id = AKIBVWTF7RISAULV8Q6Q
aws_secret_access_key = w2JVkDIE9zRTIP/S4m7Mm4cWKlFEYlzg1iGzfCnj

INI

cat << INI | tee -a ${HOME}/.aws/config >/dev/null
[profile academia]
region = ap-southeast-1
output = json

INI

export AWS_DEFAULT_PROFILE=academia
export AWS_PROFILE=academia
aws ec2 describe-vpcs
aws s3 ls

cdktf init --template="python" –local --providers="aws@5.58.0"


brew install cdktf

cat ~/.terraform.d/credentials.tfrc.json

cat ~/.aws/credentials 
cat ~/.aws/config

terraform init -backend-config=./gitlab.http.tfbackend
terraform init -backend-config=./nexus.http.tfbackend

terraform init -backend-config=./nexus.http.tfbackend \
 -migrate-state

terraform init -backend-config=./nexus.http.tfbackend \
 -reconfigure

cat <<-'HCL'| terraform console
format("Hello %s from %s", "Terraform", "env0")
HCL

echo 'cidrhost("10.10.0.0/16", 1)'|terraform console
echo 'cidrhost("10.10.1.0/24", 1)'|terraform console
echo 'cidrhost("10.10.2.0/24", 1)'|terraform console

echo 'cidrsubnet("10.10.0.0/16", 0, 0)'|terraform console
echo 'cidrsubnet("10.10.0.0/16", 8, 0)'|terraform console
echo 'cidrsubnet("10.10.0.0/16", 8, 1)'|terraform console

echo 'cidrnetmask("10.10.0.0/16")'|terraform console
echo 'cidrnetmask("10.10.1.0/24")'|terraform console
echo 'cidrnetmask("10.10.2.0/24")'|terraform console

echo 'cidrsubnets("10.10.0.0/16", 2, 2, 2, 2)'|terraform console
echo 'cidrsubnets("10.10.0.0/16", 4, 4, 4, 4)'|terraform console
echo 'cidrsubnets("10.10.1.0/16", 8, 8, 8, 8)'|terraform console

terraform show

References

References

Retrieved from "https://wiki.chorke.org/index.php?title=Terraform&oldid=16214"