Infrastructure as Code Workshop

This interactive, step-by-step workshop teaches you how to use HashiCorp Terraform, Google Cloud Source Repositories, and Google Cloud Build to manage Infrastructure as Code on Google Cloud Platform.

Goals

• No local system modification or installation - runs entirely in Google Cloud Shell
• Push-to-git to provision Infrastructure as Code
• Share and collaborate on code

Requirements

• A modern browser, such as Chrome, Firefox, or Safari
• An active Google Cloud account (one may be provided for Google-sponsored sessions)

Lab Setup

In this section, you will connect to Google Cloud Shell using your browser, download the lab materials, and install prerequisite software.

1. Connect to the Google Cloud Console by visiting https://console.cloud.google.com in your browser.

   If you were provided credentials as part of a Google-sponsored session, please use an incognito window or log out of your existing Google account, and then authenticate with the provided credentials.

2. Choose your project from the project picker

   

   

3. Launch Google Cloud Shell by clicking on the terminal icon in the blue header on the top-right portion of the screen as shown below:

   

   If this is your first time opening Cloud Shell, it may take a minute to provision. You can learn more about Cloud Shell in the Cloud Shell documentation.

4. Download and extract the lab materials inside your Cloud Shell. The materials include initial configurations, some helpful shell scripts, and this README:

   $ curl -sSfLo master.zip https://github.com/sethvargo/infra-as-code-workshop/archive/master.zip
   

   $ unzip master.zip
   

   $ cd infra-as-code-workshop-master
   

   These are the lab materials we will use today.

5. Install and configure Terraform. Terraform is the tool this workshop uses for managing Infrastructure as Code.

   $ ./scripts/00-install-terraform.sh
   

   This script performs the following operations:

   • Downloads and installs Terraform using sethvargo/hashicorp-installer, which verifies the download can be trusted by validating the GPG signatures

   • Installs Terraform auto-completions (tab completions)

   • Creates a Google Cloud Storage bucket for Terraform to persist its state; we use a storage bucket so that Terraform's state is available to Google Cloud Build later

   • Configures Terraform to talk to the bucket

6. Verify that Terraform is installed and available:

   $ terraform -v
   Terraform v0.11.8 (or similar output)
   

GKE Cluster

In this section, you will provision a Google Kubernetes Engine (GKE) with Terraform.

1. Enable the necessary APIs in your project. By default, projects do not have any services enabled. This script uses gcloud to enable the necessary APIs and services on your project. This only needs to be done once per project, but enabling a service is idempotent (it is safe to run multiple times).

   $ ./scripts/01-enable-services.sh
   

   Note: Enabling services is asynchronous and can take up to 5 minutes.

2. Change into the terraform directory. This is where you will execute Terraform.

   $ cd terraform
   

3. Inspect the main.tf file and see how easy it is to provision a GKE cluster with Terraform.

   resource "google_container_cluster" "my-cluster" {
     # ...
   }
   

   Terraform reads this file and creates the cluster, if it does not already exist.

4. Run terraform init to initialize Terraform. Terraform will download the necessary configurations to be able to communicate with Google Cloud.

   $ terraform init
   

5. Run terraform apply to show the changes and prompt for approval.

   $ terraform apply
   

   Plan: 1 to add, 0 to change, 0 to destroy.
   Do you want to perform these actions?
     Terraform will perform the actions described above.
     Only 'yes' will be accepted to approve.
   
     Enter a value: []
   

   If you get an error like the following, it means the services have not yet been enabled. Wait a few minutes and try again.

   Google Compute Engine: Access Not Configured. Compute Engine API has not been used in project before or it is disabled. Enable it by visiting...
   

6. Approve these changes. Terraform will now make the necessary API calls to Google Cloud Platform to provision the GKE cluster with the given parameters.

   When prompted, answer:

   yes
   

   Note: This is creating a GKE cluster, which can take up to 5 minutes. Please be patient and do not cancel the operation.

Cloud Source Repository

In this section, you will use Terraform create a Google Cloud Source Repository. You will then commit and push these Terraform configurations into that repository. It is possible to create a Google Cloud Source Repository without using Terraform, but what fun would that be?

Source control is an important piece of Infrastructure as Code, as it enables a history of changes and collaboration. This workshop uses Google Cloud Source Repositories, but you could easily use another source control tool like GitHub, GitLab, etc.

Please make sure you are in the terraform directory before continuing.

1. Open the repo.tf file and uncomment the google_source_repository resource.

   resource "google_sourcerepo_repository" "my-infrastructure" {
     name = "my-infrastructure"
   }
   

   This snippet instructs Terraform to create a Google Cloud Source Repository named "my-infrastructure" in the current project.

2. Run terraform apply to plan these changes.

   $ terraform apply
   

   When prompted, answer "yes" to apply the changes.

   Terraform will perform the following actions:
     + google_sourcerepo_repository.my-infrastructure
         id:      <computed>
         name:    "my-infrastructure"
         project: <computed>
         size:    <computed>
         url:     <computed>
   Plan: 1 to add, 0 to change, 0 to destroy.
   Do you want to perform these actions?
     Terraform will perform the actions described above.
     Only 'yes' will be accepted to approve.
   
     Enter a value: yes
   

3. Configure git to push changes to this new source repository.

   $ ../scripts/02-setup-git.sh
   

   If you have not used Git on this project before, you will also be prompted to enter your name and email address. This is for authoring commits.

4. Push your changes to Cloud Source Repositories using the standard Git commands.

   git push -u origin master
   

5. View the source repository in the Google Cloud Console by navigating to "Source Repositories" in the sidebar and choosing "Source code" from the menu.

   

   

Cloud Build

In this section, you will enable and configure Google Cloud Build.

1. Configure Cloud Build with permissions to run Terraform on our behalf.

   $ ../scripts/03-configure-cloud-build.sh
   

   This script will grant the Cloud Build service account the ability to execute Terraform on our behalf and access the data stored by Terraform in the Google Cloud Storage bucket.

2. Push our code to Cloud Build. This uses the cloudbuild.yaml file to configure Google Cloud Build and executes Terraform on our behalf.

   $ ../scripts/04-submit-build.sh
   

3. Inspect the log stream output and see the familiar output as when you were running Terraform locally. This is running Terraform as part of a CI/CD process now:

   # ...
   
   Step #0: Terraform has been successfully initialized!
   Step #0:
   Step #0: You may now begin working with Terraform. Try running "terraform plan" to see
   Step #0: any changes that are required for your infrastructure. All Terraform commands
   Step #0: should now work.
   Step #0:
   Step #0: If you ever set or change modules or backend configuration for Terraform,
   Step #0: rerun this command to reinitialize your working directory. If you forget, other
   Step #0: commands will detect it and remind you to do so if necessary.
   Finished Step #0
   Starting Step #1
   Step #1: Already have image (with digest): hashicorp/terraform:0.11.8
   Step #1: google_sourcerepo_repository.my-infrastructure: Refreshing state... (ID: repos/my-infrastructure)
   Step #1: google_container_cluster.my-cluster: Refreshing state... (ID: my-cluster-2)
   Step #1:
   Step #1: Apply complete! Resources: 0 added, 0 changed, 0 destroyed.
   Finished Step #1
   PUSH
   DONE
   

Cloud Build Trigger

In this section, you will connect these Terraform configurations to Google Cloud Build so that changes committed in git automatically execute Terraform.

The goal is to have CI/CD for your Terraform configurations. When you commit new changes to your source repository, Terraform will automatically run via Cloud Build.

1. Create a build trigger so that changes in the Cloud Source Repository via git trigger a new build in Google Cloud Build.

   $ ../scripts/05-create-trigger.sh
   

2. Verify the setup is correct by committing all your changes. When you push these changes, it will trigger a Google Cloud Build.

   git commit --allow-empty -m "Add cloud build trigger"
   git push
   

3. Verify the build was successful (no changes) by visiting Google Cloud Build in the Google Cloud Console.

   

Make Changes

In this section, you will make changes to the source which will trigger real infrastructure changes.

We will be allocating a public IP address using Infrastructure as Code.

1. Open the main.tf file and add the following block of code. This code instructs Terraform to create a public IP address.

   resource "google_compute_address" "default" {
     name   = "my-address"
     region = var.region
   }
   

2. Commit the changes to source and push the changes to the repository. This will trigger Cloud Build to run Terraform and apply the changes.

   $ git add .
   

   $ git commit -m "Create address"
   

   $ git push
   

3. Verify the build completes successfully in the Google Cloud Console building visiting the Cloud Build page.

   

4. See that the public IP address was created successfully by clicking on VPC Networks -> External Addresses in the sidebar.

   

   or run the gcloud command to list addresses:

   $ gcloud compute addresses list
   NAME        REGION           ADDRESS         STATUS
   my-address  asia-northeast1  1.2.3.4         RESERVED
   

Destroy (Optional)

In this section, you will destroy all the infrastructure you created. This is optional.

1. Execute Terraform:

   $ terraform destroy
   

   When prompted, answer

   yes
   

License

Copyright 2018-2020 Seth Vargo
Copyright 2018-2020 Google, Inc.

Licensed under the Apache License, Version 2.0 (the "License");
you may not use this file except in compliance with the License.
You may obtain a copy of the License at

    http://www.apache.org/licenses/LICENSE-2.0

Unless required by applicable law or agreed to in writing, software
distributed under the License is distributed on an "AS IS" BASIS,
WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
See the License for the specific language governing permissions and
limitations under the License.