This repository acts as a personal knowledge for acquiring skills at managing an IaC stack in GCP.
The CI/CD is containerized and should be handled via docker-compose.
To build the CI/CD container:
./ci.sh buildTo deploy the stack:
./ci.sh deployTo destroy the stack:
./ci.sh destroyNote: you can use the flag
AUTOAPPROVE=1to avoid the interactive user confirmation:AUTOAPPROVE=1 ./ci.sh deployThis works for both
deploy&destroy.
Note2: the containerized CI/CD always deletes the
.terraformfolder to avoid cross-architecture issues. You can override this behavior by setting the environment variableNONIT=1NOINIT=1 ./ci.sh deployThis works for both
deploy&destroy.
docker-~> 25
This repository is only compatible with Application Default Credentials (ADC) authent as of now.
You are expected to set environment variable GOOGLE_APPLICATION_CREDENTIALS
with the .json credentials file path (pending better authentication management).
Apart from the terraform variables that are not defined in terraform.tfvars
and must be defined in a dedicated .env (with the TF_VAR_ prefix), you must
set up the following environment variable (ideally in a .env file):
GOOGLE_APPLICATION_CREDENTIALS: the path the to ADC.jsonfile as stated above- `INFRA_BUCKET: the name of the GSC bucket to use to manage the terraform state (the bucket is not part of the IaC stack and must be created separately)
INFRACOST_API_KEY(optional): the infracost API Key to estimated costs before anyterraform apply
The Terraform section deploys & manages:
- a dedicated VPC network (this is only the bootstrap!)
- deploy a public Compute instance (with SSH connectivity over the internet)
- deploy a private Compute instance behind NAT (with Cloud IAP)
- deploy a bucket
- deploy CloudSQL and ensure connectivity with Compute Instance(s)
- deploy a Load Balancer in front of several Compute Instances with HTTPS
- deploy MemoryStore (Redis)
- deploy a serverless fonction
- deploy the Datadog integration
- deploy GKE
The following dependencies are required for development:
tflintterraform-docspre-commit
- Google Cloud Region Picker: This tool helps you pick a Google Cloud region considering approximated carbon footprint, price and latency.
- Google Cloud Platform Pricing: This webapp
helps to find the optimal Google Compute Engine (GCE) machine type or instance
in the many Google Cloud Platform (GCP) regions:
- Google Compute Engine Machine Types: instances specs comparison
- Google Cloud Platform Regions: region comparison
- Google Compute Engine Operating System Images: Compute Engine images comparison
- Instance picker: complete table for instance comparison (with prices per region)
- Google pricing
| Name | Version |
|---|---|
| terraform | 1.7.5 |
| external | ~> 2.3.3 |
| 5.24.0 | |
| http | 3.4.2 |
| random | 3.6.0 |
| Name | Version |
|---|---|
| external | 2.3.3 |
| 5.24.0 | |
| http | 3.4.2 |
| random | 3.6.0 |
| Name | Source | Version |
|---|---|---|
| public_instance | ./public_instance/ | n/a |
| Name | Type |
|---|---|
| google_compute_firewall.ssh_to_instance_ipv4 | resource |
| google_compute_network.vpc | resource |
| google_compute_subnetwork.public | resource |
| random_pet.stack | resource |
| external_external.git | data source |
| google_compute_zones.available | data source |
| http_http.local_ipv4 | data source |
| Name | Description | Type | Default | Required |
|---|---|---|---|---|
| client_name | n/a | string |
n/a | yes |
| environment | n/a | string |
n/a | yes |
| gcp_project_id | Google Cloud Project | string |
n/a | yes |
| gcp_region | Default GCP Region | string |
n/a | yes |
| instances_user | Default user used to connect to the compute instances | string |
n/a | yes |
| project_name | n/a | string |
n/a | yes |
| project_owner | n/a | string |
n/a | yes |
| technical_owner | n/a | string |
n/a | yes |
| Name | Description |
|---|---|
| instance_public_ip | n/a |
| instance_ssh_private_key | n/a |
| instance_user | n/a |