This interactive tutorial takes you through deploying infrastructure on Google Cloud Platform using Terraform.
Time to complete: About 10 minutes
Click the Start button to move to the next step.
We will start by creating a Google Cloud Project to host our resources.
For the following steps, click the icon >_ to copy the command in cloudshell then press Enter to execute.
- Switch to the
budget_gcp_projectdirectory
cd ~/cloudshell_open/terraform-budget-gcp/budget_gcp_projectWe will be using terraform to create our resources.
Create a terraform.tfvars file by running the command below.
Change myproject to a name of your choice.
Try to make the name unique because using an existing project name will fail.
./create-tfvars.sh myprojectYou should see output like the following;
## This section has been auto-generated by ./create-tfvars.sh ##
email = "user@gmail.com"
billing_account = "02E280-9E2C47-1DF365"
name = "myproject"
## This section has been auto-generated by ./create-tfvars.sh ##
Run the following commands in order;
- Get the plugins
terraform init- View proposed resource changes
terraform plan- Create resource(s)
terraform apply --auto-approveNote: If you experience an error, re-execute the above command.
You should see the following output;
Apply complete! Resources: 56 added, 0 changed, 0 destroyed.
Outputs:
billing_account = 02E280-9E2C47-1DF365
org_id =
project_bucket_url = [
"gs://myproject-state",
]
project_id = myproject
project_name = myproject
project_number = 1039118523779
service_account_email = project-service-account@myproject.iam.gserviceaccount.com
service_account_id = project-service-account
service_account_name = projects/myproject/serviceAccounts/project-service-account@myproject.iam.gserviceaccount.com
Before we proceed to creating our terraform.tfvars file, we need to complete the following;
- Switch to the root directory
cd ~/cloudshell_open/terraform-budget-gcp- Create a file
terraform.tfvarsby running the following command;
cp tfvars.example terraform.tfvarsOpen the terraform.tfvars file for editing
Replace the values inside <> with the ones created from the previous steps.
Example :
email = "<your email>" becomes email = "user@gmail.com"
project_id = "<project_name>"
region = "us-central1"
zones = ["us-central1-a"]
cluster_name = "kluster"
domain = "<your domain>"
domain_filter = "<your domain>"
run_post_install = false
email = "<your email>"
dns_auth = [
{
name = "provider"
value = "google"
}
]
# OIDC Configuration
oidc_config = [
{
name = "authenticate.idp.provider"
value = "google"
},
{
name = "authenticate.idp.clientID"
value = "<oauth2_clientid>"
},
{
name = "authenticate.idp.clientSecret"
value = "<oauth2_secret>"
},
{
name = "authenticate.idp.url"
value = "https://accounts.google.com"
}
]
Now that we have created the project, we are now ready to create our resources;
- Authenticate by running the following command.
This ensures you use the correct service account to create your resources.
Replace project_id with the name of myproject you created in the previous step.
. ./auth.sh project_idThen run the following commands in order;
- Get the plugins
terraform init- View proposed resource changes
terraform plan- Create resource(s)
terraform apply --auto-approveNote: If you experience an error, re-execute the above command.
We now need to create resources that depend on resources created in the previous step.
- First run
./post-install.sh- Then create resource(s)
terraform apply --auto-approveNote: If you experience an error, re-execute the above command.
🎉 You did it!! 🎉
Some of the services automatically deployed can be found in the following urls (substituting your.domain of course);
- Vault https://vault.your.domain
- Pomerium https://authenticate.your.domain/.pomerium/
- Traefik https://dash.your.domain
- Ghost https://blog.your.domain