Build infrastructure in GCP with Terraform and Gitlab-CI

I will share a little bit about how to integration terraform with gitlab CI. I think many automation tool for deployment infrastructure starting from building, changing, and versioning infrastructure safely and efficiently. Straight to point in this case we will give an example of how to deploy compute instances in environment GCP with terraform & Gitlab-CI


Create service account

Choose action -> Create key then export to JSON file


Create Google cloud storage, choose options storage -> browser -> create a bucket. please continue until finished



In this scenario, we use gitlab internal to integrate our environment. example we created simple-gcp the project a repository.

in the repository please to make sure have file .gitlab-ci.yml as pipeline configuration & every commit to repo will trigger to run the pipeline.

Below there’s several file as mandatory that will be commit & push to the repo that you created. Exclude the file .gitignore & creds the folder have you created. Please remember once you created the service account with name terraform_lab on the previous step, please copy-paste the service account containt into creds/serviceaccount.json file, because the gitlab runner need to authenticate Google API.

backend.tf
creds/serviceaccount.json
.gitignore
.gitlab-ci.yml
main.tf
provider.tf

backend.tf

terraform {
    required_version = "~> 0.11.11"
    backend "gcs" {
         credentials = "./creds/serviceaccount.json"
         bucket      = "geeksops_bucket"
    }
}

provider.tf

provider "google" {
   version = "1.20.0"
   credentials = "${file("./creds/serviceaccount.json")}"
   project     = "project-devops-xxxx" # REPLACE WITH YOUR PROJECT ID
   region      = "asia-east1"
 }
 


Main.tf

resource "google_compute_instance" "compute-apps1" {
   name          = "compute-apps1"
   machine_type  = "n1-standard-1"
   project    = "project-devops-XXXX"
   zone          = "asia-east1-a" 
   boot_disk {
     initialize_params {
       image = "ubuntu-1604-lts"
     }
   }
network_interface {
     network = "default"
     access_config {
     }
   } 
   tags = ["apps1"]
 }
resource "google_compute_instance" "compute-apps2" {
   name          = "compute-apps2"
   machine_type  = "n1-standard-1"
   project       = "project-devops-XXXX"
   zone          = "asia-east1-a"
   boot_disk {
     initialize_params {
       image = "ubuntu-1604-lts"
     }
   }
network_interface {
     network = "default"
     access_config {
     }
   }
   tags = ["apps2"]
 }

network_interface {
     network = "default"
     access_config {
     }
   }
   tags = ["apps2"]
 }

The following a feature from gitlab to provide credentials to our Runner when the pipeline executes. In Gitlab navigate SETTING -> CI/CD and expand variable. there are 2 columns , left column create a SERVICEACCOUNT and right column put your variable which has been encode below

cat creds/serviceaccount.json | base64 -w0

put the result of this command into the value of the variable and click Save Variable. GitLab has a concept of protected variables to limit their use to specific git branches, but that’s beyond the scope of this post.

Below configuration .gitlab-ci.yml. this file there are several parameter will be execute terraform file using extension .tf,

image:
   name: hashicorp/terraform:light
   entrypoint:
     - '/usr/bin/env'
     - 'PATH=/usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/sbin:/bin'

before_script
     -  rm -rf .terraform
     -  terraform --version
     -  mkdir -p ./creds
     -  echo $SERVICEACCOUNT | base64 -d > ./creds/serviceaccount.json
     -  terraform init

stages:
      - validate
      - plan
      - apply

validate:
   stage: validate
   script:
     - terraform validate

plan:
   stage: plan
   script:
     - terraform plan -out "planfile"
   dependencies:
     - validate
   artifacts:
     paths:
       - planfile

apply:
   stage: apply
   script:
     - terraform apply -input=false "planfile"
   dependencies:
     - plan
   when: manual


After all files already prepared, please commit and then push to the repository

$ git checkout -b dev-fitur-baru
$ git add .
$ git commit -m “initial commit”
$ git push origin dev-fitur-baru


The following 3 Jobs have defined in file .gitlab-ci.yml such as validate, plan & deploy, the result will appear like this after your file push & merge to the repository


Leave a Reply

Your email address will not be published. Required fields are marked *