From bf83e89205afe3c126f8971f14e3c870906b6aa9 Mon Sep 17 00:00:00 2001 From: Fernando Rubbo Date: Wed, 11 Sep 2019 08:53:52 -0300 Subject: [PATCH 01/22] Update README.md --- README.md | 8 ++++++-- 1 file changed, 6 insertions(+), 2 deletions(-) diff --git a/README.md b/README.md index 9f4d6e4a64..d44cdb1cc6 100644 --- a/README.md +++ b/README.md @@ -1,4 +1,8 @@ -# Configuring your **dev** environment +# Managing infrastructure as code with Terraform, Cloud Build, and GitOps + +This is the repo for the [Managing infrastructure as code with Terraform, Cloud Build, and GitOps](https://cloud.google.com/solutions/managing-infrastructure-as-code) tutorial. This tutorial explains how to manage infrastructure as code with Terraform and Cloud Build using the popular GitOps methodology. + +## Configuring your **dev** environment Just for demostration, this step will: 1. Configure an apache2 http server on network '**dev**' and subnet '**dev**-subnet-01' @@ -12,7 +16,7 @@ terraform apply terraform destroy ``` -# Promoting your environment to **production** +## Promoting your environment to **production** Once you have tested your app (in this example an apache2 http server), you can promote your configuration to prodution. This step will: 1. Configure an apache2 http server on network '**prod**' and subnet '**prod**-subnet-01' From e6bcec81715f52a9a9c7f547926fe4a05c102268 Mon Sep 17 00:00:00 2001 From: fernandorubbo Date: Thu, 10 Jun 2021 14:25:56 +0000 Subject: [PATCH 02/22] Moving to terraform 1.0.0 --- cloudbuild.yaml | 6 +++--- environments/dev/main.tf | 2 +- environments/dev/versions.tf | 2 +- environments/prod/main.tf | 2 +- environments/prod/versions.tf | 2 +- modules/firewall/versions.tf | 2 +- modules/http_server/versions.tf | 2 +- modules/vpc/main.tf | 2 +- modules/vpc/versions.tf | 2 +- 9 files changed, 11 insertions(+), 11 deletions(-) diff --git a/cloudbuild.yaml b/cloudbuild.yaml index 84f5365cec..a2e241289d 100644 --- a/cloudbuild.yaml +++ b/cloudbuild.yaml @@ -25,7 +25,7 @@ steps: echo "***********************" - id: 'tf init' - name: 'hashicorp/terraform:0.11.14' + name: 'hashicorp/terraform:1.0.0' entrypoint: 'sh' args: - '-c' @@ -50,7 +50,7 @@ steps: # [START tf-plan] - id: 'tf plan' - name: 'hashicorp/terraform:0.11.14' + name: 'hashicorp/terraform:1.0.0' entrypoint: 'sh' args: - '-c' @@ -76,7 +76,7 @@ steps: # [START tf-apply] - id: 'tf apply' - name: 'hashicorp/terraform:0.11.14' + name: 'hashicorp/terraform:1.0.0' entrypoint: 'sh' args: - '-c' diff --git a/environments/dev/main.tf b/environments/dev/main.tf index a77cb88e91..a28b76be75 100644 --- a/environments/dev/main.tf +++ b/environments/dev/main.tf @@ -14,7 +14,7 @@ locals { - "env" = "dev" + env = "dev" } provider "google" { diff --git a/environments/dev/versions.tf b/environments/dev/versions.tf index aecd2473e3..4cc81b29fa 100644 --- a/environments/dev/versions.tf +++ b/environments/dev/versions.tf @@ -14,5 +14,5 @@ terraform { - required_version = "~> 0.11.0" + required_version = "~> 1.0.0" } diff --git a/environments/prod/main.tf b/environments/prod/main.tf index 642fe67ba2..0c7726235e 100644 --- a/environments/prod/main.tf +++ b/environments/prod/main.tf @@ -14,7 +14,7 @@ locals { - "env" = "prod" + env = "prod" } provider "google" { diff --git a/environments/prod/versions.tf b/environments/prod/versions.tf index aecd2473e3..4cc81b29fa 100644 --- a/environments/prod/versions.tf +++ b/environments/prod/versions.tf @@ -14,5 +14,5 @@ terraform { - required_version = "~> 0.11.0" + required_version = "~> 1.0.0" } diff --git a/modules/firewall/versions.tf b/modules/firewall/versions.tf index aecd2473e3..4cc81b29fa 100644 --- a/modules/firewall/versions.tf +++ b/modules/firewall/versions.tf @@ -14,5 +14,5 @@ terraform { - required_version = "~> 0.11.0" + required_version = "~> 1.0.0" } diff --git a/modules/http_server/versions.tf b/modules/http_server/versions.tf index aecd2473e3..4cc81b29fa 100644 --- a/modules/http_server/versions.tf +++ b/modules/http_server/versions.tf @@ -14,5 +14,5 @@ terraform { - required_version = "~> 0.11.0" + required_version = "~> 1.0.0" } diff --git a/modules/vpc/main.tf b/modules/vpc/main.tf index 36b08f5b43..8fce4ab20d 100644 --- a/modules/vpc/main.tf +++ b/modules/vpc/main.tf @@ -15,7 +15,7 @@ module "vpc" { source = "terraform-google-modules/network/google" - version = "0.6.0" + version = "3.3.0" project_id = "${var.project}" network_name = "${var.env}" diff --git a/modules/vpc/versions.tf b/modules/vpc/versions.tf index aecd2473e3..4cc81b29fa 100644 --- a/modules/vpc/versions.tf +++ b/modules/vpc/versions.tf @@ -14,5 +14,5 @@ terraform { - required_version = "~> 0.11.0" + required_version = "~> 1.0.0" } From d8fc5e5d71ab526a46a7ae31ca642175c488fe3f Mon Sep 17 00:00:00 2001 From: nardo-google Date: Tue, 27 Sep 2022 14:59:31 +0200 Subject: [PATCH 03/22] Update main.tf debian-9 not available anymore. not sure if there's an option in terraform to say "take latest image". So I picket 11. --- modules/http_server/main.tf | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/modules/http_server/main.tf b/modules/http_server/main.tf index 6f05187f34..e790ce329e 100644 --- a/modules/http_server/main.tf +++ b/modules/http_server/main.tf @@ -27,7 +27,7 @@ resource "google_compute_instance" "http_server" { boot_disk { initialize_params { - image = "debian-cloud/debian-9" + image = "debian-cloud/debian-11" } } From 552f3b97c06a3600913880c5599b7bac345ae4a6 Mon Sep 17 00:00:00 2001 From: nardo-google Date: Tue, 27 Sep 2022 23:13:16 +0200 Subject: [PATCH 04/22] Update cloudbuild.yaml fixed typo: oficial -> official --- cloudbuild.yaml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/cloudbuild.yaml b/cloudbuild.yaml index a2e241289d..ca83a0086e 100644 --- a/cloudbuild.yaml +++ b/cloudbuild.yaml @@ -86,7 +86,7 @@ steps: terraform apply -auto-approve else echo "***************************** SKIPPING APPLYING *******************************" - echo "Branch '$BRANCH_NAME' does not represent an oficial environment." + echo "Branch '$BRANCH_NAME' does not represent an official environment." echo "*******************************************************************************" fi # [END tf-apply] From 31923ef0e60f5d5bebcde22bced9acc65ea5d09c Mon Sep 17 00:00:00 2001 From: Mark Chandler <141208723+mc-k1@users.noreply.github.com> Date: Fri, 2 Feb 2024 15:47:14 +1100 Subject: [PATCH 05/22] Fix typo in cloudbuild.yaml TERRAFORM was spelt incorrectly. --- cloudbuild.yaml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/cloudbuild.yaml b/cloudbuild.yaml index ca83a0086e..2bca928879 100644 --- a/cloudbuild.yaml +++ b/cloudbuild.yaml @@ -65,7 +65,7 @@ steps: env=${dir%*/} env=${env#*/} echo "" - echo "*************** TERRAFOM PLAN ******************" + echo "*************** TERRAFORM PLAN ******************" echo "******* At environment: ${env} ********" echo "*************************************************" terraform plan || exit 1 From 3d5eb8c7b4039e1c6a5cf6c501992ea85e431830 Mon Sep 17 00:00:00 2001 From: Crow-0818 Date: Tue, 7 Jan 2025 09:26:59 +0000 Subject: [PATCH 06/22] Update project IDs and buckets --- backend.tf | 21 +++++++++++++++++++++ environments/dev/backend.tf | 2 +- environments/dev/terraform.tfvars | 2 +- environments/prod/backend.tf | 2 +- environments/prod/terraform.tfvars | 2 +- 5 files changed, 25 insertions(+), 4 deletions(-) create mode 100644 backend.tf diff --git a/backend.tf b/backend.tf new file mode 100644 index 0000000000..455a1b29a5 --- /dev/null +++ b/backend.tf @@ -0,0 +1,21 @@ +# Copyright 2019 Google LLC +# +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# https://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. + + +terraform { + backend "gcs" { + bucket = "ian-lab-tfstate" + prefix = "env/dev" + } +} diff --git a/environments/dev/backend.tf b/environments/dev/backend.tf index 33a807a336..455a1b29a5 100644 --- a/environments/dev/backend.tf +++ b/environments/dev/backend.tf @@ -15,7 +15,7 @@ terraform { backend "gcs" { - bucket = "PROJECT_ID-tfstate" + bucket = "ian-lab-tfstate" prefix = "env/dev" } } diff --git a/environments/dev/terraform.tfvars b/environments/dev/terraform.tfvars index cb8a5a1bbc..9e4dd85bbb 100644 --- a/environments/dev/terraform.tfvars +++ b/environments/dev/terraform.tfvars @@ -1 +1 @@ -project="PROJECT_ID" \ No newline at end of file +project="ian-lab" \ No newline at end of file diff --git a/environments/prod/backend.tf b/environments/prod/backend.tf index 7ed343b1a2..6e7ab33ed1 100644 --- a/environments/prod/backend.tf +++ b/environments/prod/backend.tf @@ -15,7 +15,7 @@ terraform { backend "gcs" { - bucket = "PROJECT_ID-tfstate" + bucket = "ian-lab-tfstate" prefix = "env/prod" } } diff --git a/environments/prod/terraform.tfvars b/environments/prod/terraform.tfvars index cb8a5a1bbc..9e4dd85bbb 100644 --- a/environments/prod/terraform.tfvars +++ b/environments/prod/terraform.tfvars @@ -1 +1 @@ -project="PROJECT_ID" \ No newline at end of file +project="ian-lab" \ No newline at end of file From b3133b4e1cfab4e2e38fb918167bdad2548dd01c Mon Sep 17 00:00:00 2001 From: Crow-0818 Date: Tue, 7 Jan 2025 18:00:11 +0800 Subject: [PATCH 07/22] Update main.tf --- modules/firewall/main.tf | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/modules/firewall/main.tf b/modules/firewall/main.tf index 5e40f7089f..1d2e549134 100644 --- a/modules/firewall/main.tf +++ b/modules/firewall/main.tf @@ -27,6 +27,6 @@ resource "google_compute_firewall" "allow-http" { ports = ["80"] } - target_tags = ["http-server2"] + target_tags = ["http-server"] source_ranges = ["0.0.0.0/0"] } From fec463378136e37d58c9ff33090e4a47515a2138 Mon Sep 17 00:00:00 2001 From: Crow-0818 Date: Tue, 7 Jan 2025 18:19:12 +0800 Subject: [PATCH 08/22] Update cloudbuild.yaml --- cloudbuild.yaml | 4 ++++ 1 file changed, 4 insertions(+) diff --git a/cloudbuild.yaml b/cloudbuild.yaml index 2bca928879..133de2de50 100644 --- a/cloudbuild.yaml +++ b/cloudbuild.yaml @@ -13,6 +13,10 @@ # limitations under the License. +serviceAccount: "590750687373-compute@developer.gserviceaccount.com" # 新增服务账户 +options: + logging: CLOUD_LOGGING_ONLY + steps: - id: 'branch name' name: 'alpine' From 5722f18977a41494ef760fd32d1ef5116eaeb6d1 Mon Sep 17 00:00:00 2001 From: Crow-0818 Date: Tue, 7 Jan 2025 18:21:49 +0800 Subject: [PATCH 09/22] Update cloudbuild.yaml --- cloudbuild.yaml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/cloudbuild.yaml b/cloudbuild.yaml index 133de2de50..1e4d64520d 100644 --- a/cloudbuild.yaml +++ b/cloudbuild.yaml @@ -15,7 +15,7 @@ serviceAccount: "590750687373-compute@developer.gserviceaccount.com" # 新增服务账户 options: - logging: CLOUD_LOGGING_ONLY + logging: NONE steps: - id: 'branch name' From 7a7cd3f9efdd89f5df34a59feab90be9b69f0162 Mon Sep 17 00:00:00 2001 From: Crow-0818 Date: Tue, 7 Jan 2025 18:22:08 +0800 Subject: [PATCH 10/22] Update main.tf --- modules/firewall/main.tf | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/modules/firewall/main.tf b/modules/firewall/main.tf index 1d2e549134..5e40f7089f 100644 --- a/modules/firewall/main.tf +++ b/modules/firewall/main.tf @@ -27,6 +27,6 @@ resource "google_compute_firewall" "allow-http" { ports = ["80"] } - target_tags = ["http-server"] + target_tags = ["http-server2"] source_ranges = ["0.0.0.0/0"] } From a5e74ec9233d182216397749a735c5c74b7619e8 Mon Sep 17 00:00:00 2001 From: Crow-0818 Date: Tue, 7 Jan 2025 18:35:46 +0800 Subject: [PATCH 11/22] Update main.tf --- modules/firewall/main.tf | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/modules/firewall/main.tf b/modules/firewall/main.tf index 5e40f7089f..1d2e549134 100644 --- a/modules/firewall/main.tf +++ b/modules/firewall/main.tf @@ -27,6 +27,6 @@ resource "google_compute_firewall" "allow-http" { ports = ["80"] } - target_tags = ["http-server2"] + target_tags = ["http-server"] source_ranges = ["0.0.0.0/0"] } From 55241f6d0006a9abfdf65966977d62e14d181426 Mon Sep 17 00:00:00 2001 From: Crow-0818 Date: Wed, 8 Jan 2025 10:41:31 +0800 Subject: [PATCH 12/22] Update main.tf --- modules/firewall/main.tf | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/modules/firewall/main.tf b/modules/firewall/main.tf index 1d2e549134..5e40f7089f 100644 --- a/modules/firewall/main.tf +++ b/modules/firewall/main.tf @@ -27,6 +27,6 @@ resource "google_compute_firewall" "allow-http" { ports = ["80"] } - target_tags = ["http-server"] + target_tags = ["http-server2"] source_ranges = ["0.0.0.0/0"] } From 6c4fc10c72ac19aea53fc1ecbbced7798484889d Mon Sep 17 00:00:00 2001 From: Crow-0818 Date: Wed, 8 Jan 2025 10:52:32 +0800 Subject: [PATCH 13/22] Update main.tf --- modules/firewall/main.tf | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/modules/firewall/main.tf b/modules/firewall/main.tf index 5e40f7089f..1d2e549134 100644 --- a/modules/firewall/main.tf +++ b/modules/firewall/main.tf @@ -27,6 +27,6 @@ resource "google_compute_firewall" "allow-http" { ports = ["80"] } - target_tags = ["http-server2"] + target_tags = ["http-server"] source_ranges = ["0.0.0.0/0"] } From 6bf5aa6ccf9858b14eb0db9bb4f0600b72e7c25f Mon Sep 17 00:00:00 2001 From: Crow-0818 Date: Wed, 8 Jan 2025 11:53:50 +0800 Subject: [PATCH 14/22] Update cloudbuild.yaml --- cloudbuild.yaml | 1 - 1 file changed, 1 deletion(-) diff --git a/cloudbuild.yaml b/cloudbuild.yaml index 1e4d64520d..9927a0b3b0 100644 --- a/cloudbuild.yaml +++ b/cloudbuild.yaml @@ -13,7 +13,6 @@ # limitations under the License. -serviceAccount: "590750687373-compute@developer.gserviceaccount.com" # 新增服务账户 options: logging: NONE From 326ad1b51d62e190fd22a4de35f30e87621678d3 Mon Sep 17 00:00:00 2001 From: Crow-0818 Date: Wed, 8 Jan 2025 12:22:49 +0800 Subject: [PATCH 15/22] Update main.tf --- modules/firewall/main.tf | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/modules/firewall/main.tf b/modules/firewall/main.tf index 1d2e549134..5e40f7089f 100644 --- a/modules/firewall/main.tf +++ b/modules/firewall/main.tf @@ -27,6 +27,6 @@ resource "google_compute_firewall" "allow-http" { ports = ["80"] } - target_tags = ["http-server"] + target_tags = ["http-server2"] source_ranges = ["0.0.0.0/0"] } From 5a25b5847c94eafc77b91fc8e2b4077df922aa0e Mon Sep 17 00:00:00 2001 From: Crow-0818 Date: Wed, 8 Jan 2025 12:30:48 +0800 Subject: [PATCH 16/22] Update main.tf --- modules/firewall/main.tf | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/modules/firewall/main.tf b/modules/firewall/main.tf index 5e40f7089f..1d2e549134 100644 --- a/modules/firewall/main.tf +++ b/modules/firewall/main.tf @@ -27,6 +27,6 @@ resource "google_compute_firewall" "allow-http" { ports = ["80"] } - target_tags = ["http-server2"] + target_tags = ["http-server"] source_ranges = ["0.0.0.0/0"] } From 8a5ae0c9d99c35c1f5bcb476ea0c9b04cc3a3193 Mon Sep 17 00:00:00 2001 From: Crow-0818 Date: Wed, 8 Jan 2025 13:12:06 +0800 Subject: [PATCH 17/22] Update main.tf --- modules/firewall/main.tf | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/modules/firewall/main.tf b/modules/firewall/main.tf index 1d2e549134..5e40f7089f 100644 --- a/modules/firewall/main.tf +++ b/modules/firewall/main.tf @@ -27,6 +27,6 @@ resource "google_compute_firewall" "allow-http" { ports = ["80"] } - target_tags = ["http-server"] + target_tags = ["http-server2"] source_ranges = ["0.0.0.0/0"] } From 295192682949687d8893432616f6665c32e5502f Mon Sep 17 00:00:00 2001 From: Crow-0818 Date: Wed, 8 Jan 2025 13:14:46 +0800 Subject: [PATCH 18/22] Update main.tf --- modules/firewall/main.tf | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/modules/firewall/main.tf b/modules/firewall/main.tf index 5e40f7089f..1d2e549134 100644 --- a/modules/firewall/main.tf +++ b/modules/firewall/main.tf @@ -27,6 +27,6 @@ resource "google_compute_firewall" "allow-http" { ports = ["80"] } - target_tags = ["http-server2"] + target_tags = ["http-server"] source_ranges = ["0.0.0.0/0"] } From d9812c4a676d1420897ecc4af1ab75e4e1656f17 Mon Sep 17 00:00:00 2001 From: Crow-0818 Date: Wed, 8 Jan 2025 13:43:08 +0800 Subject: [PATCH 19/22] Update main.tf --- modules/http_server/main.tf | 6 ++++++ 1 file changed, 6 insertions(+) diff --git a/modules/http_server/main.tf b/modules/http_server/main.tf index e790ce329e..b2e577dade 100644 --- a/modules/http_server/main.tf +++ b/modules/http_server/main.tf @@ -42,3 +42,9 @@ resource "google_compute_instance" "http_server" { # Apply the firewall rule to allow external IPs to access this instance tags = ["http-server"] } + +# 創建 Google Cloud 監控項目 +resource "google_monitoring_monitored_project" "primary" { + metrics_scope = "ian-lab" # 您當前使用的專案 ID 或名稱 + name = "ian-lab" # 這裡也使用您當前的專案 ID +} From bbaea9019ed38ef536b95bd7a32bec920b6fac68 Mon Sep 17 00:00:00 2001 From: Crow-0818 Date: Wed, 8 Jan 2025 13:46:23 +0800 Subject: [PATCH 20/22] Update main.tf --- modules/http_server/main.tf | 6 +----- 1 file changed, 1 insertion(+), 5 deletions(-) diff --git a/modules/http_server/main.tf b/modules/http_server/main.tf index b2e577dade..4159a908ca 100644 --- a/modules/http_server/main.tf +++ b/modules/http_server/main.tf @@ -43,8 +43,4 @@ resource "google_compute_instance" "http_server" { tags = ["http-server"] } -# 創建 Google Cloud 監控項目 -resource "google_monitoring_monitored_project" "primary" { - metrics_scope = "ian-lab" # 您當前使用的專案 ID 或名稱 - name = "ian-lab" # 這裡也使用您當前的專案 ID -} + From e8f8ad09341ad5d536edfabbd2aa5961c1e18337 Mon Sep 17 00:00:00 2001 From: Crow-0818 Date: Wed, 8 Jan 2025 13:48:03 +0800 Subject: [PATCH 21/22] Update main.tf --- modules/http_server/main.tf | 6 +++++- 1 file changed, 5 insertions(+), 1 deletion(-) diff --git a/modules/http_server/main.tf b/modules/http_server/main.tf index 4159a908ca..b2e577dade 100644 --- a/modules/http_server/main.tf +++ b/modules/http_server/main.tf @@ -43,4 +43,8 @@ resource "google_compute_instance" "http_server" { tags = ["http-server"] } - +# 創建 Google Cloud 監控項目 +resource "google_monitoring_monitored_project" "primary" { + metrics_scope = "ian-lab" # 您當前使用的專案 ID 或名稱 + name = "ian-lab" # 這裡也使用您當前的專案 ID +} From 3a519481c3f4fcba2d75ac52d15368cb79049835 Mon Sep 17 00:00:00 2001 From: Crow-0818 Date: Wed, 8 Jan 2025 13:51:07 +0800 Subject: [PATCH 22/22] Update main.tf --- modules/http_server/main.tf | 6 ------ 1 file changed, 6 deletions(-) diff --git a/modules/http_server/main.tf b/modules/http_server/main.tf index b2e577dade..e790ce329e 100644 --- a/modules/http_server/main.tf +++ b/modules/http_server/main.tf @@ -42,9 +42,3 @@ resource "google_compute_instance" "http_server" { # Apply the firewall rule to allow external IPs to access this instance tags = ["http-server"] } - -# 創建 Google Cloud 監控項目 -resource "google_monitoring_monitored_project" "primary" { - metrics_scope = "ian-lab" # 您當前使用的專案 ID 或名稱 - name = "ian-lab" # 這裡也使用您當前的專案 ID -}