Infrastructure avec Terraform et Ansible 30 min de lecture

Terraform : provisionner l'infrastructure

Comment fonctionne Terraform

Terraform utilise un langage declaratif (HCL) pour decrire l'infrastructure souhaitee. Il calcule les differences et applique les changements.

Le cycle Terraform

terraform init     # Telecharge les providers (AWS, Azure, GCP...)
terraform plan     # Calcule les changements a appliquer
terraform apply    # Applique les changements
terraform destroy  # Detruit l'infrastructure

Exemple : creer un cluster Kubernetes sur le cloud

# main.tf - Infrastructure complete pour notre application

# ── Provider ──
provider "aws" {
  region = var.region
}

# ── VPC et reseau ──
module "vpc" {
  source  = "terraform-aws-modules/vpc/aws"
  version = "5.0"

  name = "devops-vpc"
  cidr = "10.0.0.0/16"

  azs             = ["${var.region}a", "${var.region}b"]
  private_subnets = ["10.0.1.0/24", "10.0.2.0/24"]
  public_subnets  = ["10.0.101.0/24", "10.0.102.0/24"]

  enable_nat_gateway = true
}

# ── Cluster Kubernetes (EKS) ──
module "eks" {
  source  = "terraform-aws-modules/eks/aws"
  version = "19.0"

  cluster_name    = "devops-cluster"
  cluster_version = "1.28"
  vpc_id          = module.vpc.vpc_id
  subnet_ids      = module.vpc.private_subnets

  eks_managed_node_groups = {
    workers = {
      instance_types = ["t3.medium"]
      min_size       = 2
      max_size       = 5
      desired_size   = 3
    }
  }
}

# ── Base de donnees PostgreSQL ──
resource "aws_db_instance" "postgres" {
  engine            = "postgres"
  engine_version    = "15"
  instance_class    = "db.t3.medium"
  allocated_storage = 50
  db_name           = "monapp"
  username          = var.db_username
  password          = var.db_password
  skip_final_snapshot = true

  vpc_security_group_ids = [aws_security_group.db.id]
  db_subnet_group_name   = aws_db_subnet_group.main.name
}

# ── Outputs (utilises par Ansible) ──
output "cluster_endpoint" {
  value = module.eks.cluster_endpoint
}

output "db_endpoint" {
  value = aws_db_instance.postgres.endpoint
}

Variables et tfstate

# variables.tf
variable "region" {
  default = "eu-west-1"
}

variable "db_username" {
  sensitive = true
}

variable "db_password" {
  sensitive = true
}

# terraform.tfvars (NE JAMAIS committer !)
region      = "eu-west-1"
db_username = "admin"
db_password = "super-secret-password"
Etat Terraform : Le fichier terraform.tfstate contient l'etat reel de l'infrastructure. En equipe, stockez-le sur un backend distant (S3, GCS) avec verrouillage pour eviter les conflits.
Connectez-vous pour suivre votre progression