Understanding the Google Provider for Terraform (feat. K8s)

Slide 1

Slide 1 text

Slide 2

Slide 2 text

@ksatirli on GitHub and Twitter Developer Advocate at HashiCorp

Slide 3

Slide 3 text

@onlydole on GitHub and Twitter Developer Advocate at HashiCorp

Slide 4

Slide 4 text

Agenda Introducing Terraform and the Google Provider Managing GKE with Terraform provisioning Clusters, Node Pools, and more Kubernetes Provider for Terraform deploying applications to Kubernetes Clusters

Slide 5

Slide 5 text

Introducing Terraform

Slide 6

Slide 6 text

Terraform 125+ Official Providers GCP, AWS, Kubernetes, etc. 175+ Community Providers Auth0, Sentry, Unifi, etc.

Slide 7

Slide 7 text

HashiCorp Configuration Language CODE EDITOR service "http" "web_proxy" { listen_addr = "127.0.0.1:8080" process "server" { command = ["proxy-app", "server"] } } variable "port" { description = "Port for web_proxy" default = 8080 }

Slide 8

Slide 8 text

HashiCorp Configuration Language CODE EDITOR service "http" "web_proxy" { listen_addr = "127.0.0.1:${var.port}" process "server" { command = ["proxy-app", "server"] } } variable "port" { description = "Port for web_proxy" default = 8080 }

Slide 9

Slide 9 text

Provider set-up CODE EDITOR provider "google" { project = var.project_id region = var.project_region } provider "google-beta" { project = var.project_id region = var.project_region }

Slide 10

Slide 10 text

Provider set-up CODE EDITOR provider "google" { project = var.project_id region = var.project_region credentials = file("google_cloud_credentials.json") } provider "google-beta" { project = var.project_id region = var.project_region credentials = file("google_cloud_credentials.json") }

Slide 11

Slide 11 text

Provider set-up CODE EDITOR terraform { required_providers { google = "~> 3.16.0" google-beta = "~> 3.16.0" http = "~> 1.2.0" kubernetes = "~> 1.11.3" null = "~> 2.1.2" } required_version = "~> 0.12.28" }

Slide 12

Slide 12 text

Slide 13

Slide 13 text

Managing GKE with Terraform

Slide 14

Slide 14 text

Creating a Network hashi.co/tf-gcp-network-module

Slide 15

Slide 15 text

Creating a Network CODE EDITOR module "gke_network" { source = "terraform-google-modules/network/google" version = "2.4.0" project_id = var.project_id network_name = var.project_prefix }

Slide 16

Slide 16 text

Creating a Network CODE EDITOR module "gke_network" { ... subnets = { { subnet_name = local.subnet_name subnet_ip = "10.0.0.0/24" subnet_region = var.project_region }, ] }

Slide 17

Slide 17 text

Creating a Network CODE EDITOR module "gke_network" { ... secondary_ranges = { "${local.subnet_name}" = [ { range_name = "ips-pods" ip_cidr_range = "10.1.0.0/16" } ] } }

Slide 18

Slide 18 text

Command: terraform init TERMINAL > terraform init Initializing modules... Downloading terraform-google-modules/network/google 2.4.0 for gke_network... - gke_network in .terraform/modules/gke_network/terraform-google-network-2.4.0 Initializing provider plugins... - Checking for available provider plugins... - Downloading plugin for provider "http" (hashicorp/http) 1.2.0... - Downloading plugin for provider "kubernetes" (hashicorp/kubernetes) 1.11.3... - Downloading plugin for provider "google" (hashicorp/google) 3.16.0... - Downloading plugin for provider "google-beta" (hashicorp/google-beta) 3.29.0... - Downloading plugin for provider "null" (hashicorp/null) 2.1.2... Terraform has been successfully initialized!

Slide 19

Slide 19 text

Command: terraform plan TERMINAL > terraform plan -out="gke.tfplan" An execution plan has been generated and is shown below. Resource actions are indicated with the following symbols: + create Terraform will perform the following actions: # module.network.module.subnets.google_compute_subnetwork.subnet will be created + resource "google_compute_subnetwork" "subnet" { + creation_timestamp = (known after apply) + enable_flow_logs = (known after apply) + fingerprint = (known after apply) + gateway_address = (known after apply) ...

Slide 20

Slide 20 text

Command: terraform plan TERMINAL ... + name = "hug-ist-demo" + project = "hc-da-test" + routing_mode = "GLOBAL" + self_link = (known after apply) } Plan: 2 to add, 0 to change, 0 to destroy. ------------------------------------------------------------------------ This plan was saved to: gke.tfplan To perform exactly these actions, run the following command to apply: terraform apply "gke.tfplan"

Slide 21

Slide 21 text

Command: terraform apply TERMINAL > terraform apply "gke.tfplan"

Slide 22

Slide 22 text

Command: terraform apply TERMINAL > terraform apply "gke.tfplan" module.network.module.vpc.google_compute_network.network: Creating... module.network.module.vpc.google_compute_network.network: Creation complete module.network.module.subnets.google_compute_subnetwork.subnet: Creating... module.network.module.subnets.google_compute_subnetwork.subnet: Creation complete Apply complete! Resources: 2 added, 0 changed, 0 destroyed. The state of your infrastructure has been saved to the path below. This state is required to modify and destroy your infrastructure, so keep it safe. To inspect the complete state use the `terraform show` command. State path: terraform.tfstate

Slide 23

Slide 23 text

Creating a Cluster hashi.co/tf-gcp-gke-module

Slide 24

Slide 24 text

Creating a Cluster CODE EDITOR module "gke_cluster" { source = "terraform-google-modules/kubernetes-engine/google" version = "10.0.0" add_cluster_firewall_rules = true create_service_account = true description = "GKE Demo for HUG Istanbul" disable_legacy_metadata_endpoints = true ... }

Slide 25

Slide 25 text

Command: terraform get TERMINAL > terraform get Downloading kubernetes-engine/google 10.0.0 for gke_cluster... - gke_cluster in .terraform/modules/gke_cluster/kubernetes-engine-10.0.0

Slide 26

Slide 26 text

Command: terraform apply TERMINAL > terraform apply "gke-cluster.tfplan" Apply complete! Resources: 16 added, 0 changed, 0 destroyed.

Slide 27

Slide 27 text

Kubernetes Provider

Slide 28

Slide 28 text

Kubernetes is a platform for ▪ automating deployments ▪ scaling applications ▪ management of containerized workloads

Slide 29

Slide 29 text

Kubernetes Namespaces everything has a home Services exposes Deployments Deployments declarative updates Nodes Machines

Slide 30

Slide 30 text

No content

Slide 31

Slide 31 text

No content

Slide 32

Slide 32 text

No content

Slide 33

Slide 33 text

No content

Slide 34

Slide 34 text

Provider set-up CODE EDITOR provider "kubernetes" { load_config_file = false host = "https://${module.gke_cluster.endpoint}" token = data.google_client_config.default.access_token cluster_ca_certificate = module.gke_cluster.ca_certificate }

Slide 35

Slide 35 text

Creating a Namespace CODE EDITOR resource "kubernetes_namespace" "beacon" { name = "beacon" metadata { name = "beacon" } }

Slide 36

Slide 36 text

Creating a Deployment CODE EDITOR resource "kubernetes_deployment" "beacon" { metadata { name = "beacon" namespace = kubernetes_namespace.beacon.id spec { container { image = "onlydole/beacon:1.19.1" name = "beacon" } } }

Slide 37

Slide 37 text

Creating a Service CODE EDITOR resource "kubernetes_service" "beacon" { metadata { name = "beacon" namespace = kubernetes_namespace.beacon.id spec { selector { app = kubernetes_deployment.beacon.metadata.0.labels.app } } ...

Slide 38

Slide 38 text

Creating a Service CODE EDITOR ... port { port = 8080 target_port = 80 } type = "LoadBalancer" }

Slide 39

Slide 39 text

Command: terraform apply TERMINAL > terraform apply "kubernetes.tfplan" Apply complete! Resources: 3 added, 0 changed, 0 destroyed.

Slide 40

Slide 40 text

Beacon your.app.url:8080

Slide 41

Slide 41 text

Review ▪ Terraform and Google Provider ▪ GKE Cluster and Networking ▪ Kubernetes resources

Slide 42

Slide 42 text

Materials ▪ slides: hashi.co/tf-gke-k8s ▪ code: hashi.co/tf-gke-k8s-code ▪ guides: hashi.co/tf-learn-k8s ▪ forums: hashi.co/tf-k8s-forum

Slide 43

Slide 43 text

Thank You [email protected] and [email protected]