A talk I gave at the Google Cloud Platform LA Meetup event at Google Playa Vista on Nov 6, 2019. This is a 1+ hour-long, tutorial-oriented talk on Infrastructure as Code (IaC), Terraform (as a toolset for IaC and modern devops), and leverage the practice and tools in defining, deploying, and managing your infrastructure in GCP.

2. Evolution of Software Deployment
● Big, expensive mainframes with few owners
● Server rooms for many and data centers for few
● Data center colocation - first generation rent a server, still expensive
● Virtual machine, shared nodes
● Cloud providers eg. AWS and GCP
● Instead of managing hardware, tools become more software-based
● Now sysadmins are writing more software code ← Devops

3. Typical Cloud Setup
● Set up network
○ Virtual private cloud
○ Set up subnets and other networking tasks
○ Set up firewall rules
● Set up users and access
○ Users - real users and service accounts
○ Policies and access control
● Set up resources
○ Computation
○ Storage
○ Database
● Integrate
● Test

4. It’s time consuming and error prone

5. Infrastructure as Code (IaC)
● Scripts - IaC is nothing new, scripts provide some semi-automation. Scripts
actually work well in ad hoc contexts
● Server templating tools - Docker and Packer are good tools that enable us to
define unit deployments for applications
● Cluster orchestration tools - Today we deploy multiple apps and services
running on multiple resources. Kubernetes is a good way to orchestrate such
deployment, make efficient use of resources, and scale
● Resource provisioning tools - These tools like Terraform is great for creating
the actual resources for hosting the apps and services
Reference: Terraform: Up and Running, 2nd Ed. by Yevgeniy Brikman

7. Heterogeneous Solutions
● Tools are designed for specifically for one of abstract layers
● They complement each other
● The diagram shows Docker, Kubernetes, and Terraform as IaC tools as a
fullstack for devops. But you can mix and match any other tools
● Use the right combination that serves your needs
● Use Terraform to manage multiple Cloud networks eg. AWS and GCP
● Use Terraform and Docker or Packer
○ Terraform a GKE cluster to deploy Docker containers
○ Terraform GCE instances to deploy Packer images

8. Today we focus on Terraform - a IaC tool for
provisioning Cloud resources

9. What is Terraform?
Reference: Terraform: Some Introduction

10. Benefits of Terraform
● Documentation - Codify the infrastructure as code. As least it’s much easier to
understand human-readable code
● Version control - Because the infrastructure is now code, you do versioning
allow you to quickly revert back to a specific version
● Automation - You can easily deploy the code using CI/CD or other tools
○ Faster - this is no longer a manual process
○ Safer - validations against your code: compile the code, check against
existing infrastructure state, code review, tests
● Reusability - Certain configurations, resources and repeatable provisioning
processes can be reused through your or external modules and plug-ins

11. GCP Connection
● Primary ways you interface with GCP
○ Admin console
○ gcloud CLI tool ← programmatic interface
○ GCP SDK ← programmatic interface
○ Terraform ← programmatic interface
● All programmatic interface requires gcloud setup
○ gcloud init - set up the project and other key configurations
○ gcloud auth - identify who you are and consequently your access

12. Terraform Code
● Terraform code is declarative - declare the state you desire in the
infrastructure and Terraform will figure it out how to get there
● Hence Terraform needs to know the current state. State management is a big
part of Terraform
● The Terraform constructs, here are the key ones:
○ Providers
○ Resources
○ Variables (local, input, output)
○ Expressions
○ Functions
○ Others - check out Terraform 0.12 language

14. // main.tf - a simple Terraform code
provider "google" {
region = var.region
project = var.project_id
}
resource "google_compute_instance" "web" {
name = "web"
machine_type = "n1-standard-1"
zone = "us-west1-a"
disk {
image = "ubuntu-os-cloud/ubuntu-1404-trusty-v20160602"
}
network_interface {
network = "default"
}
}

15. // variables.tf - inputs to the Terraform template
variable "region" {
description = "The region where the instance will be deployed."
type = string
default = "us-west1"
}
variable "region_zone" {
description = "The zone where the instance will be deployed."
type = string
default = "us-west1-a"
}
variable "project_id" {
description = "The ID of the GCP project."
type = string
}

16. // outputs.tf - outputs (state) after the resource has been deployed
// You can have a terraform.tfvars that contains all the input
// values
output "instance_id" {
description = "The unique identifier of the deployed instance."
type = string
value = google_compute_instance.web.instance_id
}

17. Terraform Commands
$ terraform init
$ terraform plan
$ terraform apply # Actual deployment to the Cloud
$ terraform destroy
You will see the following the following created:
- .terraform - downloaded dependencies eg. modules, providers
- *.tfstate - the current state of the infrastructure, basically a tree of the
resources

18. Demo

19. Let’s run the Terraform code
(might take a while)
See Github repository:
https://github.com/cybersamx/terraform-gke

20. Connect to your GCP and Start Terraforming
● Launch your shell
$ export PROJECT_ID='<YOUR_PROJECT_ID>'
$ gcloud auth revoke # Log out
$ gcloud init # Initialize with a project ID
$ gcloud auth login
$ # If the previous command doesn’t work try the following
$ gcloud auth application-default login
● Now you are now connected to GCP, you can run terraform with the right
access and authorization
● Go to the terraform project and the /dev folder and run the following
$ terraform init
$ terraform plan
$ terraform apply

21. GitOps
● Because Terraform is code, you can use existing workflows and tools for development
and release
● Leverage existing workflow and tools with slight variation
● Collaborate as much as possible yet isolate as possible
● Break the Terraform configuration into multiple sets of files
● Versioning - Use git to store your Terraform code
● Isolate your environments through directories
○ Folder: dev, staging, prod
○ Branch: dev, staging, master
○ Environment: dev, staging, prod
● Start off with dev, build, test, and if it passes the current env promote to the next env
● Each environment folder has its own sets of configurations
Reference: GitOps and Terraform: Up and Running, 2nd Ed. by Yevgeniy Brikman

22. Terraform Project Layout
● dev
○ network
○ services
■ frontend-app
■ backend-app
● variables.tf
● outputs.tf
● Main.tf
○ data-storage
● staging
● prod
● global
● modules
Reference: Terraform: Up and Running, 2nd Ed. by Yevgeniy Brikman

23. Let’s check the Terraform run and deploy
containers to the new k8s cluster

24. Deploying Containers to Cluster
● Now that we have set up a cluster and resources, let’s deploy an application
● We will be using a Hello World app example on Kubernetes home page
● First we need to set up kubectl for you to connect to the cluster
$ gcloud container clusters get-credentials dev-cluster --region us-west1
$ kubectl config current-context
$ gke_<PROJECT_ID>_us-west1_dev-cluster
$ # You should see the above output
$ # Query the cluster
$ kubectl get node
NAME READY UP-TO-DATE AVAILABLE AGE

25. Troubleshooting Tips
● Start off a project interactively, get the gcloud equivalent, and then Terraform
● Set TF_LOG=TRACE
● Remove .terraform directory (back it up first) and rerun terraform init
● Run terraform console to play around with expressions