Launching the WordPress on Google Cloud Platform using the Concept of Kubernetes with Terraform Automation

Hi Learner!

Before jumping the practical part of this article, we have to understand the concept of what are terminologies and techniques we will use to perform the practical part of the article. So here I tried to clear the concepts which I will use to perform the practical part. I hope you will enjoy this article. so let's jump into the theoretical part.

Google Cloud Platform:

Google Cloud Platform (GCP), offered by Google, is a suite of cloud computing services that run on the same infrastructure that Google uses internally for its end-user products, such as Google Search, Gmail, file storage, and YouTube. Alongside a set of management tools, it provides a series of modular cloud services including computing, data storage, data analytics, and machine learning. Registration requires a credit card or bank account details.

Project in GCP:

A project organizes all your Google Cloud resources. A project consists of a set of users; a set of APIs; and billing, authentication, and monitoring settings for those APIs. So, for example, all of your Cloud Storage buckets and objects, along with user permissions for accessing them, reside in a project. You can have one project, or you can create multiple projects and use them to organize your Google Cloud resources, including your Cloud Storage data, into logical groups.

Virtual Private Cloud:

A Virtual Private Cloud (VPC) network is a virtual version of a physical network, implemented inside of Google's production network, using Andromeda. A VPC network provides the instances, GKE App Engine. HTTP for internal, Load Balancing, VPC, etc. Projects can contain multiple VPC networks. Unless you create an organizational policy that prohibits it, new projects start with a default network (an auto mode VPC network) that has one subnetwork (subnet) in each region.

VPC Network Peering:

Google Cloud VPC Network Peering allows internal IP address connectivity across two Virtual Private Cloud (VPC) networks regardless of whether they belong to the same project or the same organization.

VPC Network Peering enables you to connect VPC networks so that workloads in different VPC networks can communicate internally. Traffic stays within Google's network and doesn't traverse the public internet.

Kubernetes:

Kubernetes is a portable, extensible, open-source platform for managing containerized workloads and services, that facilitates both declarative configuration and automation. It has a large, rapidly growing ecosystem. Kubernetes services, support, and tools are widely available.

The name Kubernetes originates from Greek, meaning helmsman or pilot. Google open-sourced the Kubernetes project in 2014. Kubernetes combines over 15 years of Google's experience running production workloads at scale with best-of-breed ideas and practices from the community.

Google Kubernetes Engine (GKE):

 Google Kubernetes Engine (GKE) provides a managed environment for deploying, managing, and scaling your containerized applications using Google infrastructure. The GKE environment consists of multiple machines (specifically, Compute Engine instances) grouped to form a Cluster.

Load Balancer:

A load balancer distributes user traffic across multiple instances of your applications. By spreading the load, load balancing reduces the risk that your applications experience performance issues.

Google App Engine:

App Engine is a fully managed, serverless platform for developing and hosting web applications at scale. You can choose from several popular languages, libraries, and frameworks to develop your apps, then let App Engine take care of provisioning servers and scaling your app instances based on demand.

Identity and Access Management:

Google Cloud Platform (GCP) offers Identity and Access Management (IAM), which lets you grant granular access to specific GCP resources and prevents unwanted access to other resources. IAM lets you adopt the security principle of least privilege, so you grant only the necessary access to your resources.

Subnet:

 After creating our building(VPC) we create labs inside it. In the cloud world, these labs are called subnets and we have to provide the Network Range in the Subnet.

Terraform: 

Terraform is created by Hashicorp and it is used HCL language. It is mainly used to create Infrastructure. Sometimes also known as Infrastructure as code. Terraform behind the scene uses plugins. We can create our infrastructure of cloud in a single click and also destroy it in one single click.

Note: When you will enter the practical part of this article then you will go through pod, cluster, Container, WordPress, SQL database, etc terminologies, and techniques. So I will recommend it to you. first, you go through this article then jump on the practical part so that you can understand the right meaning of these terminologies.

Objectives :

1. Create multiple projects namely developer and production

2. Create a VPC network for both the projects

3. Create a link between both the VPC networks using VPC Peering

4. Create a Kubernetes Cluster in developer project and launch any web application with the Load balancer

5. Create a SQL server in the production project and create a database

6. Connect the SQL database to the web application launched in the Kubernetes cluster

?? Prerequisites:

1. Terraform must be installed.
2. kubectl(client program for Kubernetes cluster) must be install
3. gcloud must be installed in your system

Download the terraform form below code

Let's Begin the task...

Step 1: Login into GCP via CLI

now we will log in to our GCP account by running the following command:-

gcloud auth login

this will open the browser and ask to choose your google account for GCP. After Successfully login we can see this screen:-

Step 2: Creating Projects

Lets first create the Project:-

Creating two projects:-

i)Production project for the production team

ii)Developer project for the developer team

resource "google_project" "my_dev_project1" {
  name       = "Developer project"
  project_id = "dev-project-9219"
  }

resource "google_project" "my_prod_project2" {
  name       = "Production project"
  project_id = "prd-priject-9219"
  
}

Now we will run these commands

terraform init

terraform apply --auto-approve

We can see our Projects By visiting the GCP console at 

Output:

Step 3: Creating variables for using project via terraform

Now we can create two variables as we need these projects name in various places.

variable my_dev_project1 {


  default = "dev-project-9219"
  }


variable my_prod_project2 {

  default = "prd-priject-9219"
  
}

Step 4: Creating VPC & Subnets

“A Virtual Private Cloud (VPC) is a global private isolated virtual network partition that provides managed networking functionality for your Google Cloud Platform (GCP) resources.”

For Dev Environment:

Terraform Code:

resource "google_compute_network" "vpc_networkdev" {

  name = "vpc-network-2"
  project = var.my_dev_project1
  routing_mode = "GLOBAL"
  auto_create_subnetworks = false

}
resource "google_compute_subnetwork" "subnetwork_dev" {

  name          = "mysubnet-2"
  ip_cidr_range = "10.10.12.0/24"
  region        = "us-west1"
  network       = "${google_compute_network.vpc_networkdev.name}"
  project    = var.my_dev_project1
}

Output:

For Production Environment:

Terraform Code

resource "google_compute_network" "vpc_networkprod" {

  name = "vpc-network-1"
  project = var.my_prod_project2
  routing_mode = "GLOBAL"
 auto_create_subnetworks = false
  

}

resource "google_compute_subnetwork" "subnetwork_prod" {

  name          = "mysubnet-2"
  ip_cidr_range = "10.10.11.0/24"
  region        = "us-west1"
  network       = "${google_compute_network.vpc_networkprod.name}"
  project      = var.my_prod_project2
}

Output:

Here we are creating two different VPC in different Projects.

Step 5: Creating Firewalls:

a firewall is a way to restrict the access of other users. Here we are creating two firewalls one is for production VPC and the second one is for developer vpc. We are allowing port no 80 for web server and 22 for doing SSH.

For Dev Environment:

Terraform Code:

resource "google_compute_firewall" "dev_firewall" {
  name    = "dev-firewall"
  network = "${google_compute_network.vpc_networkdev.name}"
  project = var.my_dev_project1


  allow {
    protocol = "icmp"
  }


  allow {
    protocol = "tcp"
    ports    = ["80", "8080", "1000-2000","22"]
  }


  source_tags = ["web"]
  source_ranges = ["0.0.0.0/0"]
}

Output:

For Production Environment:

Terraform Code:

resource "google_compute_firewall" "prod_firewall" {
  name    = "prod-firewall"
  network = "${google_compute_network.vpc_networkprod.name}"
  project = var.my_prod_project2


  allow {
    protocol = "icmp"
  }


  allow {
    protocol = "tcp"
    ports    = ["80", "8080", "1000-2000","22"]
  }


  source_tags = ["web"]
  source_ranges = ["0.0.0.0/0"]
}

Output:

Step 6: Creating VPC Peering:-

Now We have two VPC in two projects individually. Now if we want to connect two VPC of two different projects we can do it by VPC peering.

resource "google_compute_network_peering" "peering1" {

  name         = "peering1"
  network      = "${google_compute_network.vpc_networkprod.id}"
  peer_network = "${google_compute_network.vpc_networkdev.id}"

}
resource "google_compute_network_peering" "peering2" {

  name         = "peering1"
  network      = "${google_compute_network.vpc_networkdev.id}"
  peer_network = "${google_compute_network.vpc_networkprod.id}"
}

Output:

Step 7: Creating Instances:

 Now lets launch two instances and we can check the connectivity of two different VPC.

i) creating an instance in Production Project:- 

Here we will attach the Production VPC to this instance.

resource "google_compute_instance" "prod" {

  name         = "test"
  machine_type = "n1-standard-1"
  zone         = "us-west1-c"
  project = var.my_prod_project2


  tags = ["foo", "bar"]


  boot_disk {

    initialize_params {
      image = "debian-cloud/debian-9"
    }
  }
  network_interface {

    network = "${google_compute_network.vpc_networkprod.name}"
    subnetwork = "${google_compute_subnetwork.subnetwork_prod.name}"
    subnetwork_project = "prd-priject-9219"
    access_config {
      
    }
  }
}

Output:

ii)Creating Instance in Developer Project:-

resource "google_compute_instance" "dev" {

  name         = "test1"
  machine_type = "n1-standard-1"
  zone         = "us-west1-c"
  project = var.my_dev_project1


  tags = ["foo", "bar"]


  boot_disk {
    initialize_params {

      image = "debian-cloud/debian-9"
    }
  }
  network_interface {

    network = "${google_compute_network.vpc_networkdev.name}"
    subnetwork = "${google_compute_subnetwork.subnetwork_dev.name}"
    subnetwork_project = "dev-project-9219"
    access_config {
      
    }
  }
}

Output:

Now we can test Our Connectivity as shown above picture

Note:- We can also create the VPC in a different zone and can connect them.

Step 8: Creating K8s Cluster using GKE:

What is GKE?

GKE Stands for Google Kubernetes Engine that manages service from Google. By using this service we can create the Kubernetes cluster where the Master node will be managed by Google cloud.

Kubernetes is a Management Orchestration Engine which is used to manage the docker container. Kubernetes cluster is based on master-slave architecture where the master node manages slave nodes.

IN k8s container is known as a pod.

Creating a Kubernetes Cluster:

Here we are creating a Kubernetes cluster in the Developer Project.

After creating the cluster we can also update the Kubectl configuration file and we can make it dependent on the cluster creation as the cluster will create we will update the configuration file.

we need kubectl to be installed in our system.

resource "google_container_cluster" "primary" {
  name               = "marcellus-wallace"
  location           = "us-central1-a"
  initial_node_count = 3
  project = "dev-project-9219"


  master_auth {

    username = "username"
    password = "passs"


    client_certificate_config {
      issue_client_certificate = false
    }
  }


  node_config {

    oauth_scopes = [

      "https://www.googleapis.com/auth/logging.write",
      "https://www.googleapis.com/auth/monitoring",
    ]


    metadata = {

      disable-legacy-endpoints = "true"
    }


    labels = {
      app = "wordpress"
    }


    tags = ["website", "wordpress"]
  }


  timeouts {
    create = "30m"
    update = "40m"
  }
}
resource "null_resource" "nullremote1" {

  depends_on = [google_container_cluster.primary]
  provisioner "local-exec" {

    command = "gcloud container clusters get-credentials ${google_container_cluster.primary.name} --zone ${google_container_cluster.primary.location} --project ${google_container_cluster.primary.project}"
    }
}

Output:

Step 9: Creating a WordPress Pod and Expose the service

Now After the Kubernetes cluster will be created we can create a WordPress pod and also expose it via the load balancer.

resource "kubernetes_service" "example" {

  depends_on = [null_resource.nullremote1]
  metadata {
    name = "loadbalancer"
  }
  spec {
    selector = {

      app = "${kubernetes_pod.example.metadata.0.labels.app}"
    }
    session_affinity = "ClientIP"
    port {

      port        = 80
      target_port = 80
    }


    type = "LoadBalancer"
  }
}


resource "kubernetes_pod" "example" {

  metadata {

    name = "terraform-example"
    labels = {

      app = "MyApp"
    }
  }


  spec {
    container {

      image = "wordpress:4.8-apache"
      name  = "mywp"
    }
  }
}


output "wordpressip" {

          value = kubernetes_service.example.load_balancer_ingress
  


}

Output:

Now we will create the SQL Database by using the SQL service of GCP.

Step 10: Creating a SQL database:

SQL is also a managed service offered by Google Cloud. We can use this service to create a database server.

Here we are creating the SQL database in the Production Project. First, we'll create the DB instance than we create the database, and then we will allow the Access of the Database to the public world.

For creating an MYSQL database we have to follow this code:

resource "google_sql_database" "database" {

  name     = "my-database1"
  instance = google_sql_database_instance.instance.name
  project = "prd-priject-9219"
}


resource "google_sql_database_instance" "instance" {

  name   = "my-database-instance42"
  database_version = "MYSQL_5_6"
  region = "us-central1"
  project = "prd-priject-9219"
  settings {

    tier = "db-f1-micro"
    ip_configuration {

      ipv4_enabled = true
      authorized_networks {

        name = "public  network"
        value = "0.0.0.0/0"
      }
    }
  }
}
resource "google_sql_user" "users" {

  name     = "myuser"
  instance = google_sql_database_instance.instance.name
  project =  "prd-priject-9219"
  password = "redhat"
}

Note:- SQL instance may take a longer time to create the instance.

Output:

Database also created

Step 11: Run the terraform code

1. Download the necessary plugins for running the whole infrastructure. via the following command

terraform init

2. Dry run the complete code before applying on the cloud it at always good practice to do dry run .it check all the code in the local system without effecting the cloud resources.

terraform plan

3. Run the code and set up your requirement in the cloud by terraforming apply command.

terraform apply -auto-approve

Step12: Connecting WordPress to MYSQL:

Accessing the site via IP address:-

Fill the database details and we can see our site is connected to the database instance.

!! THAT'S ALL !!

THANK YOU FOR READING ..!!!

NOTE: If you have any query free feel to DM me.

Github Link :

Author profile link: