This interactive, step-by-step workshop teaches you how to use HashiCorp Terraform, Google Cloud Source Repositories, and Google Cloud Build to manage Infrastructure as Code on Google Cloud Platform.
Goals
- No local system modification or installation - runs entirely in Google Cloud Shell
- Push-to-git to provision Infrastructure as Code
- Share and collaborate on code
Requirements
- A modern browser, such as Chrome, Firefox, or Safari
- An active Google Cloud account (one may be provided for Google-sponsored sessions)
In this section, you will connect to Google Cloud Shell using your browser, download the lab materials, and install prerequisite software.
-
Connect to the Google Cloud Console by visiting https://console.cloud.google.com in your browser.
If you were provided credentials as part of a Google-sponsored session, please use an incognito window or log out of your existing Google account, and then authenticate with the provided credentials.
-
Choose your project from the project picker
-
Launch Google Cloud Shell by clicking on the terminal icon in the blue header on the top-right portion of the screen as shown below:
If this is your first time opening Cloud Shell, it may take a minute to provision. You can learn more about Cloud Shell in the Cloud Shell documentation.
-
Download and extract the lab materials inside your Cloud Shell. The materials include initial configurations, some helpful shell scripts, and this README:
$ curl -sSfLo master.zip https://github.com/sethvargo/infra-as-code-workshop/archive/master.zip
$ unzip master.zip
$ cd infra-as-code-workshop-master
These are the lab materials we will use today.
-
Install and configure Terraform. Terraform is the tool this workshop uses for managing Infrastructure as Code.
$ ./scripts/00-install-terraform.sh
This script performs the following operations:
-
Downloads and installs Terraform using sethvargo/hashicorp-installer, which verifies the download can be trusted by validating the GPG signatures
-
Installs Terraform auto-completions (tab completions)
-
Creates a Google Cloud Storage bucket for Terraform to persist its state; we use a storage bucket so that Terraform's state is available to Google Cloud Build later
-
Configures Terraform to talk to the bucket
-
-
Verify that Terraform is installed and available:
$ terraform -v Terraform v0.11.8 (or similar output)
In this section, you will provision a Google Kubernetes Engine (GKE) with Terraform.
-
Enable the necessary APIs in your project. By default, projects do not have any services enabled. This script uses gcloud to enable the necessary APIs and services on your project. This only needs to be done once per project, but enabling a service is idempotent (it is safe to run multiple times).
$ ./scripts/01-enable-services.sh
Note: Enabling services is asynchronous and can take up to 5 minutes.
-
Change into the
terraform
directory. This is where you will execute Terraform.$ cd terraform
-
Inspect the
main.tf
file and see how easy it is to provision a GKE cluster with Terraform.resource "google_container_cluster" "my-cluster" { # ... }
Terraform reads this file and creates the cluster, if it does not already exist.
-
Run
terraform init
to initialize Terraform. Terraform will download the necessary configurations to be able to communicate with Google Cloud.$ terraform init
-
Run
terraform apply
to show the changes and prompt for approval.$ terraform apply
Plan: 1 to add, 0 to change, 0 to destroy. Do you want to perform these actions? Terraform will perform the actions described above. Only 'yes' will be accepted to approve. Enter a value: []
If you get an error like the following, it means the services have not yet been enabled. Wait a few minutes and try again.
Google Compute Engine: Access Not Configured. Compute Engine API has not been used in project before or it is disabled. Enable it by visiting...
-
Approve these changes. Terraform will now make the necessary API calls to Google Cloud Platform to provision the GKE cluster with the given parameters.
When prompted, answer:
yes
Note: This is creating a GKE cluster, which can take up to 5 minutes. Please be patient and do not cancel the operation.
In this section, you will use Terraform create a Google Cloud Source Repository. You will then commit and push these Terraform configurations into that repository. It is possible to create a Google Cloud Source Repository without using Terraform, but what fun would that be?
Source control is an important piece of Infrastructure as Code, as it enables a history of changes and collaboration. This workshop uses Google Cloud Source Repositories, but you could easily use another source control tool like GitHub, GitLab, etc.
Please make sure you are in the terraform
directory before continuing.
-
Open the
repo.tf
file and uncomment thegoogle_source_repository
resource.resource "google_sourcerepo_repository" "my-infrastructure" { name = "my-infrastructure" }
This snippet instructs Terraform to create a Google Cloud Source Repository named "my-infrastructure" in the current project.
-
Run
terraform apply
to plan these changes.$ terraform apply
When prompted, answer "yes" to apply the changes.
Terraform will perform the following actions: + google_sourcerepo_repository.my-infrastructure id: <computed> name: "my-infrastructure" project: <computed> size: <computed> url: <computed> Plan: 1 to add, 0 to change, 0 to destroy. Do you want to perform these actions? Terraform will perform the actions described above. Only 'yes' will be accepted to approve. Enter a value: yes
-
Configure git to push changes to this new source repository.
$ ../scripts/02-setup-git.sh
If you have not used Git on this project before, you will also be prompted to enter your name and email address. This is for authoring commits.
-
Push your changes to Cloud Source Repositories using the standard Git commands.
git push -u origin master
-
View the source repository in the Google Cloud Console by navigating to "Source Repositories" in the sidebar and choosing "Source code" from the menu.
In this section, you will enable and configure Google Cloud Build.
-
Configure Cloud Build with permissions to run Terraform on our behalf.
$ ../scripts/03-configure-cloud-build.sh
This script will grant the Cloud Build service account the ability to execute Terraform on our behalf and access the data stored by Terraform in the Google Cloud Storage bucket.
-
Push our code to Cloud Build. This uses the
cloudbuild.yaml
file to configure Google Cloud Build and executes Terraform on our behalf.$ ../scripts/04-submit-build.sh
-
Inspect the log stream output and see the familiar output as when you were running Terraform locally. This is running Terraform as part of a CI/CD process now:
# ... Step #0: Terraform has been successfully initialized! Step #0: Step #0: You may now begin working with Terraform. Try running "terraform plan" to see Step #0: any changes that are required for your infrastructure. All Terraform commands Step #0: should now work. Step #0: Step #0: If you ever set or change modules or backend configuration for Terraform, Step #0: rerun this command to reinitialize your working directory. If you forget, other Step #0: commands will detect it and remind you to do so if necessary. Finished Step #0 Starting Step #1 Step #1: Already have image (with digest): hashicorp/terraform:0.11.8 Step #1: google_sourcerepo_repository.my-infrastructure: Refreshing state... (ID: repos/my-infrastructure) Step #1: google_container_cluster.my-cluster: Refreshing state... (ID: my-cluster-2) Step #1: Step #1: Apply complete! Resources: 0 added, 0 changed, 0 destroyed. Finished Step #1 PUSH DONE
In this section, you will connect these Terraform configurations to Google Cloud Build so that changes committed in git automatically execute Terraform.
The goal is to have CI/CD for your Terraform configurations. When you commit new changes to your source repository, Terraform will automatically run via Cloud Build.
-
Create a build trigger so that changes in the Cloud Source Repository via git trigger a new build in Google Cloud Build.
$ ../scripts/05-create-trigger.sh
-
Verify the setup is correct by committing all your changes. When you push these changes, it will trigger a Google Cloud Build.
git commit --allow-empty -m "Add cloud build trigger" git push
-
Verify the build was successful (no changes) by visiting Google Cloud Build in the Google Cloud Console.
In this section, you will make changes to the source which will trigger real infrastructure changes.
We will be allocating a public IP address using Infrastructure as Code.
-
Open the
main.tf
file and add the following block of code. This code instructs Terraform to create a public IP address.resource "google_compute_address" "default" { name = "my-address" }
-
Commit the changes to source and push the changes to the repository. This will trigger Cloud Build to run Terraform and apply the changes.
$ git add .
$ git commit -m "Create address"
$ git push
-
Verify the build completes successfully in the Google Cloud Console building visiting the Cloud Build page.
-
See that the public IP address was created successfully by clicking on VPC Networks -> External Addresses in the sidebar.
or run the gcloud command to list addresses:
$ gcloud compute addresses list NAME REGION ADDRESS STATUS my-address asia-northeast1 1.2.3.4 RESERVED
In this section, you will destroy all the infrastructure you created. This is optional.
-
Execute Terraform:
$ terraform destroy
When prompted, answer
yes
Copyright 2018 Seth Vargo
Copyright 2018 Google, Inc.
Licensed under the Apache License, Version 2.0 (the "License");
you may not use this file except in compliance with the License.
You may obtain a copy of the License at
http://www.apache.org/licenses/LICENSE-2.0
Unless required by applicable law or agreed to in writing, software
distributed under the License is distributed on an "AS IS" BASIS,
WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
See the License for the specific language governing permissions and
limitations under the License.