In this talk we will be looking at what is in the new v0.13 release and what to look forward to. Besides awaited new modules improvements and provider syntax we will also focus on some other changes, such as simplified Terraform Cloud collaboration, a new stable validation rules feature and other improvements. We will also have a quick look at planning your upgrade with possible breaking changes and how to get started using v0.13 release.
3. BUILDING
BLOCKS_
“Abstraction of common blocks of
configuration into a reusable
infrastructure elements.”
— @sheriffjackson, 2018 blog
DRY code – Don’t Repeat Yourself
Everything is a module!
4. ABOUT
ME_ ●
Senior IT Consultant at The Scale Factory (DevOps consultancy,
AWS advanced consulting partner and K8s service provider)
●
IT system engineering and design background with extensive
Linux and virtualization experience
●
Certifications and competencies: AWS, CKA, RHEL, Hashi stack
●
Open source contributor and supporter
●
Fan of automation/simplifying things, hiking, cycling and travelling
5. TOPICS
COVERED_
●
Terraform time line
●
Module improvements
●
Provider ecosystem
●
Other enhancements and breaking
changes
●
How to get started and a demo
●
Conclusions and path forward
6. TERRAFORM
TIME LINE_
• Pre-v0.10 era (provisioners, state ENV, remote
state and locking)
• Period v0.10 – v0.11 (workspaces, core/provider
split, TF registry (private), module providers,
streamlined APPLY)
• Big changes with v0.12 (HCL2: 1st
class
expressions, gen.types, iterations/dyn.blocks,
structural plans and better error messages)
• Module and provider improvements in v0.13
HISTORY
2014 (initial v0.1.0) 2020 (v0.13) v0.14..1.0*2017 (v0.9-0.11) 2019 (v0.12)
7. MODULE
EXPANSION_
●
Improved module usability and functionality
●
Create multiple instances of a module from a single
module block:
– count (tuple/list)
– for_each (map)
●
Simplified configuration logic and better automation
●
Can create some indirect module-level dependencies
●
Cannot use provider blocks per module instance! *
(i.e. AWS regions)
9. MODULE
DEPENDENCIES_
• Dependencies types:
– implicit
– explicit
• Previously module instances were NOT nodes in dependency graph
(just separate namespaces, dependencies via I/O values)
• depends_on meta-argument ensures order of module resource
changes – create after any dependent resource changes have been
applied
• Far more coarse declaration of dependency than encouraged – last
resort! (*auto deps: easier to maintain and maximise concurrency)
11. PROVIDER
ECOSYSTEM_
• Improvements to Terraform Provider Registry
• Automatic install of 3rd
party providers
• Provider source block with namespace separation, defaults to
HashiCorp’s providers: [registry.terraform.io/][hashicorp/]type
• One provider per module, but nesting not recommended!
• Simplifying the installation of community providers:
– Official HashiCorp supported providers
– Partner-supported providers (needs required_providers now)
– Locally installed providers (3rd
party provider plugins):
./plugins/example.com/myorg/customplugin/0.1/linux_amd64/
12. OTHER
ENHANCEMENTS_
●
Custom variable validation rules (experimental since
v0.12, zero or more rules)
●
Terraform Cloud streamlined authentication process
(terraform login connects CLI to TF Cloud)
●
Providers mirror (terraform providers mirror)
●
Terraform CLI supports TLS 1.3
●
Breaking changes:
– Source for non-default providers
– Locking was improved and changes to the
TableStore schema now require a primary key
named LockID of type String
– macOS builds of Terraform CLI are no longer
compatible with macOS 10.10 Yosemite
– Terraform CLI now requires FreeBSD 11.2 or later.
13. variable "image_id" {
type = string
description = "The id of the machine image (AMI) to use for the server."
validation {
# regex(...) fails if it cannot find a match
condition = can(regex("^ami-", var.image_id))
error_message = "The image_id value must be a valid AMI id, starting
with "ami-"."
}
}
# NOT needed anymore
terraform {
experiments = [variable_validation]
}
Variable custom validation rules
14. HOW TO
GET STARTED_
●
Get binary from: releases.hashicorp.com
●
Ensure no pending configuration changes
●
Versioning or backup of code
●
Data resource reads can no longer be disabled - deps
●
Destroy-time provisioners cannot refer to other
resources – deprecated
●
New hierarchical namespace - explicit source for any
not HashiCorp-maintained providers
●
New directory structure for manually-installed
providers
●
terraform 0.13upgrade (gradual one release jumps)
●
Follow CHANGELOG for more details