GCP automation using Terraform
Hello connections! Welcome this article,we are going to create a Infrastrcture as code.
Task Description:-
1. Create multiple projects namely developer and production
2. Create a VPC network for both the projects
3. Create a link between both the VPC networks using VPC Peering
4. Create a Kubernetes Cluster in developer project and launch any web application with the Load balancer
5. Create a SQL server in the production project and create a database
6. Connect the SQL database to the web application launched in the Kubernetes cluster
Lets's understand some basics:-
What is Project:-
A project is a way to manage the things and Isolating from different team members.like we can create a project and allocate this project to different team members and we can also set the quotas in the project.
What is VPC?:- VPC stands for Virtual Private Cloud. Using VPC we can create our own network infrastructure where we can define in which IP ranges should provide to the instance and also control the access from the public world.
What is Subnet?:- After creating our building(VPC) we create labs inside it. In the cloud world, these labs are called subnets and we have to provide the Network Range in the Subnet.
What is Terraform:- Terraform is created by Hashicorp and it is used HCL language. It is mainly used to create Infrastructure. Sometimes also known as Infrastructure as code. Terraform behind the scene uses plugins. We can create our infrastructure of cloud in a single click and also destroy it in one single click.
First of all, we need Terraform in our PC and cloud CLI installed.
https://www.terraform.io/downloads.html
now we will log in to our GCP account by running the following command:-
gcloud auth login
this will open the browser and ask to choose your google account for gcp.After Successfully login we can see this screen:-
Lets first create the Project:-
Creating two projects:-
i)Production project for the production team
ii)Developer project for the developer team
resource "google_project" "my_project1" {
name = "Developer project"
project_id = "dev-project-287706"
}
resource "google_project" "my_project2" {
name = "Production project"
project_id = "driven-strength-287313"
}
Now we will run these commands
terraform init terraform apply --auto-approve
We can see our Projects By visiting GCP console at https://console.cloud.google.com/
Now we can create two variables as we need these projects name in various places.
variable developer_project {
default = "dev-project-287706"
}
variable production_project {
default = "driven-strength-287313"
}
Creating VPC & Subnets:-
resource "google_compute_network" "network1"{
name="my-vpc-1"
project = var.production_project
routing_mode="GLOBAL"
auto_create_subnetworks="false"
}
resource "google_compute_network" "network2"{
name="my-vpc-2"
project = var.developer_project
routing_mode="GLOBAL"
auto_create_subnetworks="false"
}
resource "google_compute_subnetwork" "subnetwork2"{
ip_cidr_range="10.10.12.0/24"
name="my-subnet-2"
network =google_compute_network.network2.name
project=var.developer_project
region="us-west1"
}
resource "google_compute_subnetwork" "subnetwork1"{
ip_cidr_range="10.10.11.0/24"
name="my-subnet-1"
network = google_compute_network.network1.name
project= var.production_project
region="us-west1"
}
Here we are creating two different VPC in different Projects.
Creating Firewall:- firewall is a way to restrict the access of other users. Here we are creating two firewalls one is for production VPC and second one is for developer vpc. We are allowing port no 80 for web server and 22 for doing SSH.
resource "google_compute_firewall" "default" {
name = "test-firewall"
network = google_compute_network.network1.name
project= var.production_project
allow {
protocol = "icmp"
}
allow {
protocol = "tcp"
ports = ["80", "8080", "1000-2000","22"]
}
source_tags = ["web"]
source_ranges=["0.0.0.0/0"]
}
resource "google_compute_firewall" "default1" {
name = "test-firewall"
network = google_compute_network.network2.name
project = var.developer_project
allow {
protocol = "icmp"
}
allow {
protocol = "tcp"
ports = ["80", "8080", "1000-2000","22"]
}
source_tags = ["web"]
source_ranges=["0.0.0.0/0"]
}
Creating VPC Peering:-
Now We have two VPC in two projects individually. Now if we want to connect two VPC of two different projects we can do it by VPC peering.
resource "google_compute_network_peering" "peering1" {
name = "peering1"
network = google_compute_network.network1.id
peer_network = google_compute_network.network2.id
}
resource "google_compute_network_peering" "peering2" {
name = "peering1"
network = google_compute_network.network2.id
peer_network = google_compute_network.network1.id
}
Creating Instances:- Now lets launch two instances and we can check the connectivity of two different VPC.
i) creating an instance in Production Project:- Here we will attach the Production VPC to this instance.
resource "google_compute_instance" "default22" {
name = "test"
machine_type = "n1-standard-1"
zone = "us-west1-c"
project=var.production_project
tags = ["foo", "bar"]
boot_disk {
initialize_params {
image = "debian-cloud/debian-9"
}
}
network_interface {
network = google_compute_network.network1.name
subnetwork=google_compute_subnetwork.subnetwork1.name
subnetwork_project="driven-strength-287313"
access_config{
}
}
}
ii)Creating Instance in Developer Project:-
resource "google_compute_instance" "default2" {
name = "test"
machine_type = "n1-standard-1"
zone = "us-west1-c"
project="dev-project-287706"
tags = ["foo", "bar"]
boot_disk {
initialize_params {
image = "debian-cloud/debian-9"
}
}
network_interface {
network = google_compute_network.network2.name
subnetwork=google_compute_subnetwork.subnetwork2.name
subnetwork_project="dev-project-287706"
access_config{
}
}
}
Now we can test Our Connectivity:-
Note:- We can also create the VPC in a different zone and can connect them.
Creating K8s Cluster using GKE:-
what is GKE:- GKE Stands for Google Kubernetes Engine that is a manages service from Google. By using this service we can create the Kubernetes cluster where the Master node will be totally managed by Google cloud.
Kubernetes is a Management Orchestration Engine which is used to manage the docker container. Kubernetes cluster is based on master-slave architecture where the master node manages slave nodes.
IN k8s container is known as a pod.
Creating a Kubernetes Cluster:- Here we are creating a Kubernetes cluster in the Developer Project.
After creating the cluster we can also update the Kubectl configuration file and we can make it dependent on the cluster creation as the cluster will create we will update the configuration file.
we need kubectl to be installed in our system.
installing kubectl:-https://kubernetes.io/docs/tasks/tools/install-kubectl/
resource "google_container_cluster" "primary" {
name = "marcellus-wallace"
location = "us-central1-a"
initial_node_count = 3
project=var.developer_project
master_auth {
username = ""
password = ""
client_certificate_config {
issue_client_certificate = false
}
}
node_config {
oauth_scopes = [
"https://www.googleapis.com/auth/logging.write",
"https://www.googleapis.com/auth/monitoring",
]
metadata = {
disable-legacy-endpoints = "true"
}
labels = {
app = "wordpress"
}
tags = ["website", "wordpress"]
}
timeouts {
create = "30m"
update = "40m"
}
}
resource "null_resource" "nullremote1" {
depends_on=[google_container_cluster.primary]
provisioner "local-exec" {
command = "gcloud container clusters get-credentials ${google_container_cluster.primary.name} --zone ${google_container_cluster.primary.location} --project ${google_container_cluster.primary.project}"
}
}
Now After the Kubernetes cluster will be created we can create a WordPress pod and also expose it via the load balancer.
resource "kubernetes_service" "example" {
depends_on=[null_resource.nullremote1]
metadata {
name = "terraform-example"
}
spec {
selector = {
app = "${kubernetes_pod.example.metadata.0.labels.app}"
}
session_affinity = "ClientIP"
port {
port = 80
target_port = 80
}
type = "LoadBalancer"
}
}
resource "kubernetes_pod" "example" {
depends_on=[null_resource.nullremote1]
metadata {
name = "mywordp"
labels = {
app = "MyApp"
}
}
spec {
container {
image = "wordpress"
name = "example"
}
}
}
output "wordpressip" {
value = kubernetes_service.example.load_balancer_ingress
}
Now we will create the SQL Database by using SQL service of GCP.
Creating a SQL database:-
SQL is also a managed service offered by Google Cloud. We can use this service to create a database server.
Here we are creating the SQL database in the Production Project.First we'll create the db instance than we create the database and then we will allow the Access of the Database to the public world.
For creating an MYSQL database we have to follow this code:-
resource "google_sql_database" "database" {
name = "my-database1"
instance = google_sql_database_instance.master.name
project=var.production_project
}
resource "google_sql_database_instance" "master" {
name = "instance15"
database_version = "MYSQL_5_7"
region = "us-central1"
project=var.production_project
settings {
tier = "db-f1-micro"
ip_configuration{
ipv4_enabled ="true"
authorized_networks{
name="public network"
value="0.0.0.0/0"
}
}
}
}
resource "google_sql_user" "users" {
name = "myuser"
instance = google_sql_database_instance.master.name
project=var.production_project
password = "redhat"
}
Note:- SQL instance may take a longer time to create the instance.
Database also created
Connecting WordPress to MYSQL:-
Accessing the site via IP address:-
Fill the database details and we can see our site is connected to database instance.
Code link:-
https://github.com/yogi456/gcp_task.git
Thank you for visiting my article!!
DevOps Engineer | Graduate Student at Pace University
4 年Excellent work ??
--
4 年????????
Java Developer @Rakuten || Ex-Nagarrian || Java || 1x Google Cloud Certified || Content Developer at CareerVyas
4 年Keep it up sir ?