{"id":226,"date":"2019-09-03T20:05:07","date_gmt":"2019-09-03T13:05:07","guid":{"rendered":"http:\/\/geeksops.com\/?p=226"},"modified":"2021-02-20T19:51:12","modified_gmt":"2021-02-20T12:51:12","slug":"build-infrastructure-gcp-using-teraform-in-gitlab-ci","status":"publish","type":"post","link":"https:\/\/rotreein.com\/?p=226","title":{"rendered":"Build infrastructure in GCP with Terraform and Gitlab-CI"},"content":{"rendered":"\n

I will share a little bit about how to integration terraform with gitlab CI. I think many automation tool for deployment infrastructure starting from building, changing, and versioning infrastructure safely and efficiently. Straight to point in this case we will give an example of how to deploy compute instances in environment GCP with terraform & Gitlab-CI<\/p>\n\n\n\n


Create service account<\/p>\n\n\n\n

\"\"<\/figure>\n\n\n\n

<\/p>\n\n\n\n

Choose action -> Create key then export to JSON file<\/p>\n\n\n\n

\"\"<\/figure>\n\n\n\n
\"\"<\/figure>\n\n\n\n


Create Google cloud storage, choose options storage -> browser -> create a bucket. please continue until finished<\/p>\n\n\n\n

\"\"<\/figure>\n\n\n\n



In this scenario, we use gitlab internal to integrate our environment. example we created simple-gcp the project a repository. <\/p>\n\n\n\n

\"\"<\/figure>\n\n\n\n

in the repository please to make sure have file .gitlab-ci.yml<\/strong> as pipeline configuration & every commit to repo will trigger to run the pipeline.
<\/p>\n\n\n\n

Below there’s several file as mandatory that will be commit & push to the repo that you created. Exclude the file .gitignore & creds<\/strong> the folder have you created. Please remember once you created the service account with name terraform_lab<\/strong> on the previous step, please copy-paste the service account containt into creds\/serviceaccount.json<\/strong> file, because the gitlab runner need to authenticate Google API.<\/p>\n\n\n\n

backend.tf
creds\/serviceaccount.json
.gitignore
.gitlab-ci.yml
main.tf
provider.tf<\/p>\n\n\n\n

backend.tf<\/p>\n\n\n\n

terraform {\n    required_version = \"~> 0.11.11\"\n    backend \"gcs\" {\n         credentials = \".\/creds\/serviceaccount.json\"\n         bucket      = \"geeksops_bucket\"\n    }\n}<\/pre>\n\n\n\n
provider.tf<\/p>\n\n\n\n
provider \"google\" {\n   version = \"1.20.0\"\n   credentials = \"${file(\".\/creds\/serviceaccount.json\")}\"\n   project     = \"project-devops-xxxx\" # REPLACE WITH YOUR PROJECT ID\n   region      = \"asia-east1\"\n }\n <\/pre>\n\n\n\n

Main.tf<\/p>\n\n\n\n
resource \"google_compute_instance\" \"compute-apps1\" {\n   name          = \"compute-apps1\"\n   machine_type  = \"n1-standard-1\"\n   project    = \"project-devops-XXXX\"\n   zone          = \"asia-east1-a\" \n   boot_disk {\n     initialize_params {\n       image = \"ubuntu-1604-lts\"\n     }\n   }\nnetwork_interface {\n     network = \"default\"\n     access_config {\n     }\n   } \n   tags = [\"apps1\"]\n }\nresource \"google_compute_instance\" \"compute-apps2\" {\n   name          = \"compute-apps2\"\n   machine_type  = \"n1-standard-1\"\n   project       = \"project-devops-XXXX\"\n   zone          = \"asia-east1-a\"\n   boot_disk {\n     initialize_params {\n       image = \"ubuntu-1604-lts\"\n     }\n   }\nnetwork_interface {\n     network = \"default\"\n     access_config {\n     }\n   }\n   tags = [\"apps2\"]\n }\n\nnetwork_interface {\n     network = \"default\"\n     access_config {\n     }\n   }\n   tags = [\"apps2\"]\n }<\/pre>\n\n\n\n
The following a feature from gitlab to provide credentials to our Runner when the pipeline executes. In Gitlab navigate SETTING -> CI\/CD<\/em><\/strong> and expand variable. there are 2 columns , left column create a SERVICEACCOUNT and right column put your variable which has been encode below<\/p>\n\n\n\n
cat creds\/serviceaccount.json | base64 -w0<\/p>\n\n\n\n
put the result of this command into the value of the variable and click Save Variable<\/strong>. GitLab has a concept of protected variables to limit their use to specific git branches, but that\u2019s beyond the scope of this post.<\/p>\n\n\n\n
<\/p>\n\n\n\n
Below configuration .gitlab-ci.yml. this file there are several parameter will be execute terraform file using extension .tf,<\/p>\n\n\n\n
image:\n   name: hashicorp\/terraform:light\n   entrypoint:\n     - '\/usr\/bin\/env'\n     - 'PATH=\/usr\/local\/sbin:\/usr\/local\/bin:\/usr\/sbin:\/usr\/bin:\/sbin:\/bin'\n\nbefore_script\n     -  rm -rf .terraform\n     -  terraform --version\n     -  mkdir -p .\/creds\n     -  echo $SERVICEACCOUNT | base64 -d > .\/creds\/serviceaccount.json\n     -  terraform init\n\nstages:\n      - validate\n      - plan\n      - apply\n\nvalidate:\n   stage: validate\n   script:\n     - terraform validate\n\nplan:\n   stage: plan\n   script:\n     - terraform plan -out \"planfile\"\n   dependencies:\n     - validate\n   artifacts:\n     paths:\n       - planfile\n\napply:\n   stage: apply\n   script:\n     - terraform apply -input=false \"planfile\"\n   dependencies:\n     - plan\n   when: manual<\/pre>\n\n\n\n

After all files already prepared, please commit and then push to the repository<\/p>\n\n\n\n
$ git checkout -b dev-fitur-baru
$ git add .
$ git commit -m “initial commit”
$ git push origin dev-fitur-baru<\/p>\n\n\n\n
<\/p>\n\n\n\n
\"\"<\/figure>\n\n\n\n

The following 3 Jobs have defined in file .gitlab-ci.yml<\/strong><\/em> such as validate, plan & deploy<\/em><\/strong>, the result will appear like this after your file push & merge to the repository<\/p>\n\n\n\n
\"\"<\/figure>\n\n\n\n

<\/p>\n\n\n\n
\"\"<\/figure>\n\n\n\n
<\/p>\n\n\n\n
\"\"<\/figure>\n\n\n\n
<\/p>\n\n\n\n
\"\"<\/figure>\n\n\n\n
<\/p>\n","protected":false},"excerpt":{"rendered":"
I will share a little bit about how to integration terraform with gitlab CI. I think many automation tool for deployment infrastructure starting from building, changing, and versioning infrastructure safely and efficiently. Straight to point in this case we will give an example of how to deploy compute instances in environment GCP with terraform &…<\/p>\n","protected":false},"author":1,"featured_media":0,"comment_status":"open","ping_status":"open","sticky":false,"template":"","format":"standard","meta":{"footnotes":""},"categories":[8,2],"tags":[],"_links":{"self":[{"href":"https:\/\/rotreein.com\/index.php?rest_route=\/wp\/v2\/posts\/226"}],"collection":[{"href":"https:\/\/rotreein.com\/index.php?rest_route=\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/rotreein.com\/index.php?rest_route=\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/rotreein.com\/index.php?rest_route=\/wp\/v2\/users\/1"}],"replies":[{"embeddable":true,"href":"https:\/\/rotreein.com\/index.php?rest_route=%2Fwp%2Fv2%2Fcomments&post=226"}],"version-history":[{"count":79,"href":"https:\/\/rotreein.com\/index.php?rest_route=\/wp\/v2\/posts\/226\/revisions"}],"predecessor-version":[{"id":655,"href":"https:\/\/rotreein.com\/index.php?rest_route=\/wp\/v2\/posts\/226\/revisions\/655"}],"wp:attachment":[{"href":"https:\/\/rotreein.com\/index.php?rest_route=%2Fwp%2Fv2%2Fmedia&parent=226"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/rotreein.com\/index.php?rest_route=%2Fwp%2Fv2%2Fcategories&post=226"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/rotreein.com\/index.php?rest_route=%2Fwp%2Fv2%2Ftags&post=226"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}