Skip to content
/ project-preconfiguration-iac-recipe Public

This recipe is an Infrastructure as Code (IaC) recipe for preconfiguring a cloud project in Google Cloud Platform (GCP).

License

Unlicense license
0 stars 1 fork Branches Tags Activity
Star
Notifications You must be signed in to change notification settings

SLIB53/project-preconfiguration-iac-recipe

BranchesTags

Folders and files

NameName
Last commit message
Last commit date

Latest commit

 

History

6 Commits
.github/workflows
.github/workflows
 
 
infra
infra
 
 
.gitignore
.gitignore
 
 
LICENSE
LICENSE
 
 
README.md
README.md
 
 

Repository files navigation

Project Preconfiguration IaC Recipe

This recipe is an Infrastructure as Code (IaC) recipe for preconfiguring a cloud project in Google Cloud Platform (GCP).

The infrastructure managed here consists of:

  • API enablements
  • Terraform backend resources
  • Release Operator

Additionally, the repository is configured with GitHub Actions for linting. Since the preconfiguration contains IAM resources, this repository does not have automated releases, and it only should be run by an operator sufficiently authorized in IAM.

Setup

This guide will begin from a local backend for Terraform, and then migrate to a remote backend (GCS).

For each environment, follow through to the end of remote backend migration in order to:

  • avoid conflating environments
  • ensure that setup is possible in lower environments before attempting setup in higher environments

Run through setup from the infra folder:

cd infra

Initial Deployment

Firstly, you will need to run init:

terraform init

Now you may run plan or apply:

terraform apply

Hint: Only an authorized machine can modify GCP resources. Try running gcloud auth application-default login.

Migrating to Remote Backend

The recipe initially uses a local backend. While you can run this locally at first, you should eventually migrate to a remote backend, such as gcs backend.

Before you begin, take note of the preconfiguration backend bucket:

terraform output preconfiguration_backend_bucket

Now add the GCS backend to main.tf:

terraform {
  backend "gcs" {}
}

Lastly, rerun init and pass the preconfiguration backend bucket in a partial backend configuration:

terraform init # interactive partial backend configuration

Hint: If you are receiving intialization errors, ensure you are in the infra folder.

End of Setup

Setup is complete, but please take note of the variables and outputs (especially the preconfiguration_backend_bucket, which you can use to recover the variables and outputs).

You will need to run through this setup independently for each environment. Consider using a branching strategy such as GitHub Flow to manage releases across environments.

Usage

The resources created in this preconfiguration will help to bootstrap the main IaC repository quickly. You will need:

  • the project backend bucket
  • private key of the Release Operator (for setting up CI/CD)

To see the project backend bucket, use output:

terraform output project_backend_bucket

To get a key for the Release Operator, create one using gcloud:

gcloud iam service-accounts keys create ~/release_operator_key.json \
  --iam-account `terraform output -raw project_release_operator_sa`

About

This recipe is an Infrastructure as Code (IaC) recipe for preconfiguring a cloud project in Google Cloud Platform (GCP).

Topics

terraform recipe google-cloud-platform

Resources

Readme

License

Unlicense license
Activity

Stars

0 stars

Watchers

1 watching

Forks

1 fork
Report repository

Languages