Terraform - HackMD

--- title: Terraform tags: terraform --- [toc] # Demo git url: https://gitlab.com/homway/terraformDemo # 示意圖 ![](https://i.imgur.com/rI2b31H.png) # 安裝 ## Ubuntu ```shell= sudo apt-get update && sudo apt-get install -y gnupg software-properties-common curl curl -fsSL https://apt.releases.hashicorp.com/gpg | sudo apt-key add - sudo apt-add-repository "deb [arch=amd64] https://apt.releases.hashicorp.com $(lsb_release -cs) main" sudo apt-get update && sudo apt-get install terraform ``` ## Enable tab completion ```shell= terraform -install-autocomplete ``` # 文件 * https://www.terraform.io/language * https://learn.hashicorp.com/terraform * Provider: https://registry.terraform.io/providers/hashicorp/google/latest/docs * Module: https://github.com/orgs/terraform-google-modules/repositories # 文件與目錄 * 副檔名: *.tf * UTF8格式, LF 結尾 * 資料夾視為完整的模組，子資料夾視為獨立模組 # command * init: 初始化專案 * plan: 測試執行 * apply: 正式執行 * destroy: 刪除資源 # 版本約束 * = 指定特定版本 * != 不使用特定版本 * \>,>=,<,<= 大約(等於) 或小於(等於)指定版本 * ~> 只允許更新補丁號版本 # variable ```typescript= variable "變數名稱" { type = string description = "說明" default = "預設值" } ``` # 資料型別 * string * number * bool * list(type): 從0開始的相同元素集合 * map(type): key/value的相同元素集合 * set(type): 唯一值的相同元素集合 * object({attr: type, ...}): 具名屬性的集合，每個屬性都有型別 * tuple(type, ...): 從0開始的不同屬性集合 # 傳入變數 * terraform.tfvars * *.auto.tfvars * export TF_VAR_variable123 = abc * terraform plan -var abc=123 * terraform plan -var-file abc.tfvars # 注意事項 * updated in-place: 更新屬性 * will be destroyed: 刪除重建 # backend * gcs * gitlab * terraform cloud # terrafomr cloud * 最多五個用戶免費 * 在狀態文件中跟踪您的真實基礎設施 * 允許您使用其遠程狀態後端在您的基礎設施上進行協作 * 版本控制來管理對基礎架構的更改 # VSCode * 安裝 hashicorp.terraform * 喜好設定 -> 鍵盤快速鍵 -> editor.action.triggerSuggest * 註解: Ctrl + K, C * 取消註解: Ctrl + K, U * 設定格式化: 喜好設定 -> 設定 -> 工作區 * .vscode -> settings.json ```json { "editor.defaultFormatter": "hashicorp.terraform", "editor.formatOnSave": true } ``` * .gitignore: https://github.com/github/gitignore/blob/main/Terraform.gitignore # 啟動服務 ``` gcloud services list gcloud services enable artifactregistry.googleapis.com \ compute.googleapis.com \ run.googleapis.com \ sqladmin.googleapis.com \ networkmanagement \ vpcaccess.googleapis.com ``` # import ```shell= terraform import google_compute_network.network-name projects/{{project}}/global/networks/{{name}} ``` # google_compute_network ```shell= terraform import google_compute_network.default projects/golden-sandbox-342310/global/networks/default ``` # google_compute_firewall ```shell= terraform import google_compute_firewall.rule-name projects/{{project}}/global/firewalls/{{name}} terraform import google_compute_firewall.default-allow-iap-lb projects/golden-sandbox-342310/global/firewalls/default-allow-iap-lb terraform import google_compute_firewall.default-allow-iap-ssh projects/golden-sandbox-342310/global/firewalls/default-allow-iap-ssh terraform import google_compute_firewall.default-allow-vpn projects/golden-sandbox-342310/global/firewalls/default-allow-vpn ``` # google_cloud_run_service ``` terraform import google_cloud_run_service.admin-webapi locations/asia-east1/namespaces/golden-sandbox-342310/services/admin-webapi terraform import google_cloud_run_service.ezpay-web locations/asia-east1/namespaces/golden-sandbox-342310/services/ezpay-web ``` # google_compute_region_network_endpoint_group ``` terraform import google_compute_region_network_endpoint_group.admin-webapi-cloudrun projects/golden-sandbox-342310/regions/asia-east1/networkEndpointGroups/admin-webapi-cloudrun terraform import google_compute_region_network_endpoint_group.ezpay-web-cloudrun projects/golden-sandbox-342310/regions/asia-east1/networkEndpointGroups/ezpay-web-cloudrun ``` # google_compute_backend_service ``` terraform import google_compute_backend_service.admin-webapi-backend projects/golden-sandbox-342310/global/backendServices/admin-webapi-backend terraform import google_compute_backend_service.ezpay-web-backend projects/golden-sandbox-342310/global/backendServices/ezpay-web-backend ``` # google_compute_global_address ``` terraform import google_compute_global_address.admin-web-lb-ip projects/golden-sandbox-342310/global/addresses/admin-web-lb-ip ``` # google_compute_managed_ssl_certificate ``` terraform import google_compute_managed_ssl_certificate.admin-web-cert projects/golden-sandbox-342310/global/sslCertificates/admin-web-cert ``` # google_compute_global_forwarding_rule ``` terraform import google_compute_global_forwarding_rule.admin-web-lb-forwarding-rule-2 projects/golden-sandbox-342310/global/forwardingRules/admin-web-lb-forwarding-rule-2 ``` # google_compute_target_https_proxy ``` terraform import google_compute_target_https_proxy.admin-web-lb-target-proxy-2 projects/golden-sandbox-342310/global/targetHttpsProxies/admin-web-lb-target-proxy-2 ``` # google_compute_url_map ``` terraform import google_compute_url_map.admin-web-lb projects/golden-sandbox-342310/global/urlMaps/admin-web-lb ```