How to use Terraform modules to deploy GCP infrastructure seamlessly
Introduction
In all enterprise companies, they are using IAC tool like Terraform to deploy the infrastructure. But to deploy a secure and robust infrastructure on GCP, we need a structured and reliable terraform code which we can re-use for multiple environments. Here, I am going to show you how you can use google provided terraform modules examples to deploy your Infrastructure on GCP with choosing right solution as per your requirement. I will guide this in step-by-step approach.
What is Terraform and how it works?
- Terraform is an IAC tool that lets you create resources in human readable configuration files that you can re-use and share.
- Terraform creates and manage resources on cloud platform like GCP using APIs.
- Terraform has three major lifecycle which is terraform init, terraform plan and terraform apply.
- Where in “init” step it initializes the configuration and check all dependencies, In “Plan” state it will check and tell you what infrastructure it will going to add, change and destroy if any? And in “apply” state it will deploy the infrastructure on Cloud platform on specified GCP project id you mentioned in the script.
- Also, there is important concept in terraform is state file which is called terraform state file or .tf state file. State file is used to store the state files of the resources you deployed and save you if there is any accidental deletion.
How to design the modularized Terraform Structure for Google cloud
To design the modularized infrastructure here we can follow the below simple format to analyze our deployment strategy easily.
- global — in this global folder we will going to define our global resources of GCP which we will going to provision. Please keep in mind that this global folder will act as a child module where we perform our terraform apply lifecycle. Examples for global modules are like VPC, service accounts, load balancer etc.
- regional — in this regional folder we will going to define our regional resources of GCP which we will going to provision. Please keep in mind that this regional folder will act as a child module where we perform our terraform apply lifecycle. Examples for regional modules are like GKE cluster, Compute engine, buckets etc.
- modules — This modules folder is a root folder for all child modules. Here we will just keep our original module structure which has taken a reference from google cloud terraform modules. It will not change, or we will not modify anything here.
You can see the below screenshot for reference like how this modular structure look like
After designing the above modular structure, there are some important things we need to do before writing the terraform scripts:
- Backend bucket: It is very important to create a backend bucket first before you start provisioning any resources. Once you create this bucket you can use this in the backend.tf file to reference for your resource state files. The content of backend.tf will look like below:
terraform {
backend "gcs" {
bucket = "my-tf-backend-bucket"
prefix = "terraform/state/vpc"
}
}- In the above example, you can see bucket will be common for all your resources. You just need to change the prefix in the end like if there is a resource called subnets you just need to modify like “terraform/state/subnets”.
Now, I will show you how to deploy Customized VPC on google cloud using google terraform module reference.
Please use this link to take a references for VPC or subnets creation.
Step 1 : Understand your customized VPC requirement and start creating a child module
- First you create a folder called global in your local machine or VS code if you are using
- Inside global create a folder called vpc and create files like main.tf, backend.tf, terraform.tfvars, variables.tf and version.tf like below, output.tf is optional.
- - Now in backend.tf add the code which I shown you above so that it will you to store the state files for your vpc resource.
Step 2: Creation of modules
- Now refer the above GitHub link and click on main.tf where you will find module reference for vpc and subnets. You can combine both in single main.tf or keep it separate for ease of use.
- Here we are choosing the basic custom mode and copy the content of main.tf , variables.tf, version.tf to your local files. Now here I am taking only those variables which are really required for me as below :
/******************************************
VPC configuration
*****************************************/
module "vpc" {
source = "../../modules/vpc"
network_name = var.network_name
auto_create_subnetworks = var.auto_create_subnetworks
routing_mode = var.routing_mode
project_id = var.project_id
description = var.description
shared_vpc_host = var.shared_vpc_host
delete_default_internet_gateway_routes = var.delete_default_internet_gateway_routes
mtu = var.mtu
}Now you have to add only those values in variables.tf which you can take reference and copy from gihub link
- Create a terraform.tfvars file as below and add all those values which you had reference like var.network_name, var.project_id as below ;
project_id = "your-project-id"
network_name = "custom-vpc-name"
auto_create_subnetworks = false
routing_mode = "GLOBAL"
description = "Custom vpc network"
shared_vpc_host = false
delete_default_internet_gateway_routes = false
mtu = 1460Step 3: Add root module in modules directory
- If you see the main.tf which we added in the first step where source is referring to “./modules/vpc” means child module is taking the reference from two directory back from “modules” folder.
- Now you have to add complete vpc module from github link and add that in your local modules folder. In this step we are now complete with all pre-requisites.
Step 4: Apply your configuration
- Important step is you have to authenticate first with your user to particular project id, so that you can perform the below steps using gcloud cli.
- gcloud config set project <your-project-id>
- gcloud auth loginonce you done the above you will able to apply the below terraform lifecycle.
Note : There are multiple ways to authenticate yourself. If you are working on production environment, always try to use service account authentication method like impersonation or service account key method to deploy your resources in secure way.
Once you added all your required details and modules, do “ cd global/vpc” and run the below :
- terraform init
- - terraform plan
- - terraform applyCheck you if you can perform all these steps and observe the output till plan. If you are getting any error like variables not defined, please check your missing inputs , save it and run again.
Note :
- In this blog, I have created a Custom VPC for google cloud. Moreover you can create multiple modules for subnets, pub-sub , cloud nat , GKE etc. Sometimes you might have to check the “examples” folder in the github terraform code to check which module you have to create and pick as per requirement.
- For example if I have to create a private GKE cluster then I will pick the module from this link. Here you see I have taken the reference from “examples” folder which is simple_regional_private cluster. From this folder you will write a script for child module.
Summary :
We have learned how to provision the GCP resources using terraform as an IAC tool. Here we have taken the reference from google github link where we can refer and create any resources as per our requirement. Kindly note all these modules and resources in GitHub are google and Hashicorp proprietary.
References Links :
- https://github.com/terraform-google-modules
- https://registry.terraform.io/providers/hashicorp/google/latest/docs
- Blog for Service account Impersonation method: https://cloud.google.com/blog/topics/developers-practitioners/using-google-cloud-service-account-impersonation-your-terraform-code
Questions?
I hope you like this article, please feel free to comment below if you have any query. You can also reach out to me over my social network profile LinkedIn.
Have a Happy Learning ! Thank you for your time.
