Understanding the Google Provider for Terraform (feat. K8s)

Transcript

1. Copyright © 2020 HashiCorp Understanding the Google Provider for Terraform,

   feat. K8s

2. @ksatirli on GitHub and Twitter Developer Advocate at HashiCorp

3. @onlydole on GitHub and Twitter Developer Advocate at HashiCorp

4. Agenda Introducing Terraform and the Google Provider Managing GKE with

   Terraform provisioning Clusters, Node Pools, and more Kubernetes Provider for Terraform deploying applications to Kubernetes Clusters

5. Introducing Terraform

6. Terraform 125+ Official Providers GCP, AWS, Kubernetes, etc. 175+ Community

   Providers Auth0, Sentry, Unifi, etc.

7. HashiCorp Configuration Language CODE EDITOR service "http" "web_proxy" { listen_addr

   = "127.0.0.1:8080" process "server" { command = ["proxy-app", "server"] } } variable "port" { description = "Port for web_proxy" default = 8080 }

8. HashiCorp Configuration Language CODE EDITOR service "http" "web_proxy" { listen_addr

   = "127.0.0.1:${var.port}" process "server" { command = ["proxy-app", "server"] } } variable "port" { description = "Port for web_proxy" default = 8080 }

9. Provider set-up CODE EDITOR provider "google" { project = var.project_id

   region = var.project_region } provider "google-beta" { project = var.project_id region = var.project_region }

10. Provider set-up CODE EDITOR provider "google" { project = var.project_id

    region = var.project_region credentials = file("google_cloud_credentials.json") } provider "google-beta" { project = var.project_id region = var.project_region credentials = file("google_cloud_credentials.json") }

11. Provider set-up CODE EDITOR terraform { required_providers { google =

    "~> 3.16.0" google-beta = "~> 3.16.0" http = "~> 1.2.0" kubernetes = "~> 1.11.3" null = "~> 2.1.2" } required_version = "~> 0.12.28" }

12. Provider set-up CODE EDITOR terraform { required_providers { google =

    "~> 3.16.0" google-beta = "~> 3.16.0" http = "~> 1.2.0" kubernetes = "~> 1.11.3" null = "~> 2.1.2" } required_version = "~> 0.12.28" }

13. Managing GKE with Terraform

14. Creating a Network hashi.co/tf-gcp-network-module

15. Creating a Network CODE EDITOR module "gke_network" { source =

    "terraform-google-modules/network/google" version = "2.4.0" project_id = var.project_id network_name = var.project_prefix }

16. Creating a Network CODE EDITOR module "gke_network" { ... subnets

    = { { subnet_name = local.subnet_name subnet_ip = "10.0.0.0/24" subnet_region = var.project_region }, ] }

17. Creating a Network CODE EDITOR module "gke_network" { ... secondary_ranges

    = { "${local.subnet_name}" = [ { range_name = "ips-pods" ip_cidr_range = "10.1.0.0/16" } ] } }

18. Command: terraform init TERMINAL > terraform init Initializing modules... Downloading

    terraform-google-modules/network/google 2.4.0 for gke_network... - gke_network in .terraform/modules/gke_network/terraform-google-network-2.4.0 Initializing provider plugins... - Checking for available provider plugins... - Downloading plugin for provider "http" (hashicorp/http) 1.2.0... - Downloading plugin for provider "kubernetes" (hashicorp/kubernetes) 1.11.3... - Downloading plugin for provider "google" (hashicorp/google) 3.16.0... - Downloading plugin for provider "google-beta" (hashicorp/google-beta) 3.29.0... - Downloading plugin for provider "null" (hashicorp/null) 2.1.2... Terraform has been successfully initialized!

19. Command: terraform plan TERMINAL > terraform plan -out="gke.tfplan" An execution

    plan has been generated and is shown below. Resource actions are indicated with the following symbols: + create Terraform will perform the following actions: # module.network.module.subnets.google_compute_subnetwork.subnet will be created + resource "google_compute_subnetwork" "subnet" { + creation_timestamp = (known after apply) + enable_flow_logs = (known after apply) + fingerprint = (known after apply) + gateway_address = (known after apply) ...

20. Command: terraform plan TERMINAL ... + name = "hug-ist-demo" +

    project = "hc-da-test" + routing_mode = "GLOBAL" + self_link = (known after apply) } Plan: 2 to add, 0 to change, 0 to destroy. ------------------------------------------------------------------------ This plan was saved to: gke.tfplan To perform exactly these actions, run the following command to apply: terraform apply "gke.tfplan"

21. Command: terraform apply TERMINAL > terraform apply "gke.tfplan"

22. Command: terraform apply TERMINAL > terraform apply "gke.tfplan" module.network.module.vpc.google_compute_network.network: Creating...

    module.network.module.vpc.google_compute_network.network: Creation complete module.network.module.subnets.google_compute_subnetwork.subnet: Creating... module.network.module.subnets.google_compute_subnetwork.subnet: Creation complete Apply complete! Resources: 2 added, 0 changed, 0 destroyed. The state of your infrastructure has been saved to the path below. This state is required to modify and destroy your infrastructure, so keep it safe. To inspect the complete state use the `terraform show` command. State path: terraform.tfstate

23. Creating a Cluster hashi.co/tf-gcp-gke-module

24. Creating a Cluster CODE EDITOR module "gke_cluster" { source =

    "terraform-google-modules/kubernetes-engine/google" version = "10.0.0" add_cluster_firewall_rules = true create_service_account = true description = "GKE Demo for HUG Istanbul" disable_legacy_metadata_endpoints = true ... }

25. Command: terraform get TERMINAL > terraform get Downloading kubernetes-engine/google 10.0.0

    for gke_cluster... - gke_cluster in .terraform/modules/gke_cluster/kubernetes-engine-10.0.0

26. Command: terraform apply TERMINAL > terraform apply "gke-cluster.tfplan" Apply complete!

    Resources: 16 added, 0 changed, 0 destroyed.

27. Kubernetes Provider

28. Kubernetes is a platform for ▪ automating deployments ▪ scaling

    applications ▪ management of containerized workloads

29. Kubernetes Namespaces everything has a home Services exposes Deployments Deployments

    declarative updates Nodes Machines
30. None
31. None
32. None
33. None

34. Provider set-up CODE EDITOR provider "kubernetes" { load_config_file = false

    host = "https://${module.gke_cluster.endpoint}" token = data.google_client_config.default.access_token cluster_ca_certificate = module.gke_cluster.ca_certificate }

35. Creating a Namespace CODE EDITOR resource "kubernetes_namespace" "beacon" { name

    = "beacon" metadata { name = "beacon" } }

36. Creating a Deployment CODE EDITOR resource "kubernetes_deployment" "beacon" { metadata

    { name = "beacon" namespace = kubernetes_namespace.beacon.id spec { container { image = "onlydole/beacon:1.19.1" name = "beacon" } } }

37. Creating a Service CODE EDITOR resource "kubernetes_service" "beacon" { metadata

    { name = "beacon" namespace = kubernetes_namespace.beacon.id spec { selector { app = kubernetes_deployment.beacon.metadata.0.labels.app } } ...

38. Creating a Service CODE EDITOR ... port { port =

    8080 target_port = 80 } type = "LoadBalancer" }

39. Command: terraform apply TERMINAL > terraform apply "kubernetes.tfplan" Apply complete!

    Resources: 3 added, 0 changed, 0 destroyed.

40. Beacon your.app.url:8080

41. Review ▪ Terraform and Google Provider ▪ GKE Cluster and

    Networking ▪ Kubernetes resources

42. Materials ▪ slides: hashi.co/tf-gke-k8s ▪ code: hashi.co/tf-gke-k8s-code ▪ guides: hashi.co/tf-learn-k8s

    ▪ forums: hashi.co/tf-k8s-forum

43. Thank You [email protected] and [email protected]