使用 Terraform 配置客户帐户(工作区、模块、?)最佳实践? [英] Provisioning customer accounts with Terraform (workspaces, Modules, ?) Best Practice?
问题描述
我需要在 AWS 中创建和管理多个客户环境,并且我希望利用 Terraform 来部署所有必要的资源.除了用于访问其中一台服务器的 URL 之外,每个客户环境基本相同.
I have the need to create and manage multiple customer environments in AWS and I'm wanting to leverage Terraform to deploy all of the necessary resources. Each customer environment is basically the same with the exception of the URL they use to access one of the servers.
我已经建立了一个 Terraform 配置,可以为给定客户部署所有资源.但是...我如何采用相同的配置并将其应用于下一个客户,而无需复制整个 Terraform 目录并为每个客户复制该目录.(我可以有 100 个)
I have put together a Terraform configuration that deploys all of the resources for a given customer. BUT... How do I take that same configuration and apply it to the next customer without copying the entire Terraform directory and duplicating that for every customer. (I could have 100's of these)
我听说过工作区和模块或两者兼有.有人看过关于这方面的最佳实践文章吗?
I've heard workspaces and modules or both. Anyone seen a best-practice article out there on this?
谢谢
推荐答案
你应该模块化你的代码,然后您可以轻松地重用该模块(来自 git 存储库),并为该客户使用不同的变量.在这种情况下,对于每个客户,您最终只会得到一个配置主模块的文件.
You should modulerize your code, then you can easily reuse that module(from a git repository) with different variables to be used for that customer. In this case for each customer, you will end up with only a file that configures the main module.
每个客户都有一个目录,其中包含一个加载模块并对其进行配置的 terraform 文件.如果您在该目录中使用 terraform apply ,那么状态也将在该目录中.为确保您的团队也可以部署和进行更改,建议使用 后端 比如S3,所以状态会写在那里.请注意,您必须在他们各自的目录中为每个客户配置一个后端.确保每个客户的后端不冲突(例如在 S3 中使用不同的路径).
Have one directory for each customer, with a terraform file that loads up the module(s) and configures it. If you use terraform apply in that directory then the state will also be in that directory. To make sure your team can also deploy and make changes it is suggested to use a backend such as S3, so the state will be written there. Note that you have to configure a backend for each customer in their respective directory. Make sure the backend for each customer don't clash(For example use a different path in S3).
Nicki Watt 对此做了很好的介绍.您可以在这里观看视频和这里.
Nicki Watt gave a good presentation on this. You can view the video here and slides at here.
这篇关于使用 Terraform 配置客户帐户(工作区、模块、?)最佳实践?的文章就介绍到这了,希望我们推荐的答案对大家有所帮助,也希望大家多多支持IT屋!
