Overview

Hey Geeks, welcome to another blog where we are utilizing Terrateam (Terrateam is Terraform automation for GitHub) to deploy GKE (Google Kubernetes Engine) on the Google Cloud Platform.

We have also detailed how to spin up the Mkdocs Application on AKS (Azure Kubernetes Services) for Azure learn more, and on EKS(Elastic Kubernetes Services) for AWS learn more.

Infrastructure & Application Deployment

1. We will be deploying GKE(Google Kubernetes Engine) on Google Cloud infrastructure.

2. We will be deploying the MKdocs application on GKE.

3. Terrateam will work on each PR(Pull Requests) and will deploy the infrastructure with a single comment on the PR raised

Steps we are following:

GitHub Repository Setup

• Create a new GitHub repository and clone it to your local machine Installing Terrateam on your GitHub account.

Installing Google Cloud CLI

OIDC and GCP Authentication and Authorization for Terrateam

• Create an OIDC connection for Terrateam on the Google Cloud Platform.

Terraform Configuration for GKE

• Write a Terraform configuration file for provisioning Google Kubernetes Engine (GKE).

Code Commit and Push

• Commit and push your Terraform configuration code to the main branch of the GitHub repository.

Branch for Configuration Changes

• Create a new branch named terrateam-setups to make configuration changes.

• Push this branch to the GitHub repository to initiate a pull request (PR).

Pull Request Review

• Review the pull request (PR).

• Upon a successful Terrateam plan, comment terrateam apply to apply the changes to the Google Cloud Platform.

Deployment Configuration (Local)

• Manually create deployment.yml, mkdocs-ns.yml, and service.yml files to run the MKDocs application on Google Kubernetes Engine(GKE).

• Perform this part on your local system.

Application Verification

• Access the MKDocs application running on an External IP address via a web browser.

Cleanup

• Destroy all infrastructure to avoid extra bills.

For whom this guide is for

• This blog is meant for developers who use Terraform and GitHub a lot, especially in their work with DevOps and infrastructure management. We're introducing a Terrateam tool designed to make their lives easier. It provides clear information for each change they make (Pull Request or PR) in their GitHub repositories. In this blog post, we'll show you how to use Terrateam to set up various things on Google Cloud Platform. Specifically, we'll guide you through deploying Google Kubernetes Engine (GKE).

Pre-requisites

• Terraform: Install Terraform on your local.

• Google Cloud Account: You need a GCP account set up for the blog.

• Gcloud CLI: You need Google Cloud CLI to run Kubectl commands on the Google Cloud Platform.

• Kubectl: You need Kubectl installed to run the Kubectl commands required to run deployment files for the MKDocs application.

• GitHub account: Create or use a GitHub account for the blog.

• Terrateam is installed on your GitHub account, click here to install it.

Let’s get started step-by-step.

1. GitHub Repository Setup (skip to step 2 if you already have a repo with Terrateam installed)

   • Create a new repository

• Give an appropriate name and click on create.

• Copy the URL and clone it to your local system

• To clone it to your local system you need Git-bash CLI installed on your local system, after installing click on your mouse pad and click to Open Git Bash here.

• Write the following command to clone the repo.

git clone <URL>

• The local system setup is done!

1. Installing Terrateam on your GitHub account.

   • Please follow this to install Terrateam on the GitHub account.

2. Installing Google Cloud CLI

   • Visit the official website and download Google Cloud CLI for your native Operative System.

   • Here is an example of a Windows OS setup.

   • Visit the website and click on the Google Cloud CLI installer

• Download and install it on your local, that’s just like a game setup.

OIDC and GCP Authentication and Authorization for Terrateam

• We are following the official Terrateam OIDC connection setup documentation which is available here.

  • Open your IDE terminal and run the following commands:

  • Login to your Google Cloud account

gcloud auth login

• Get your Project ID

gcloud projects list

• Export your Project ID

export PROJECT_ID="<project-id>"

• Create a terrateam service account

gcloud iam service-accounts create terrateam \ --description="Terrateam" \

--display-name="Terrateam" \

--project="$PROJECT_ID"

• Enable the IAM Credentials API

gcloud services enable iamcredentials.googleapis.com \ --project "${PROJECT_ID}"

• Create the workload identity pool

gcloud iam workload-identity-pools create "terrateam-pool" \ --project="${PROJECT_ID}" \

--location="global" \

--display-name="Terrateam pool"

• Export the workload identity pool id as an environment variable

export WORKLOAD_IDENTITY_POOL_ID=$(gcloud iam workload-identity-pools describe "terrateam-pool" \

--project="${PROJECT_ID}" \

--location="global" \

--format="value(name)")

• An OIDC workload identity pool provider for GitHub is necessary to authenticate from GitHub.

gcloud iam workload-identity-pools providers create-oidc "terrateam-provider" \

--project="${PROJECT_ID}" \

--location="global" \

--workload-identity-pool="terrateam-pool" \

--display-name="Terrateam provider" \

--attribute-mapping="google.subject=assertion.sub,attribute.actor=assertion.actor,attribute.repository=assertion.repository,attribute.repository_owner=assertion.repository_owner" \

--issuer-uri="https://token.actions.githubusercontent.com"

• Export your GitHub organization as an environment variable

export GITHUB_ORG="organization"

• Authorize your GitHub organization

gcloud iam service-accounts add-iam-policy-binding "terrateam@${PROJECT_ID}.iam.gserviceaccount.com" \

--project="${PROJECT_ID}" \

--role="roles/iam.workloadIdentityUser" \

--member="principalSet://iam.googleapis.com/${WORKLOAD_IDENTITY_POOL_ID}/attribute.repository_owner/${GITHUB_ORG}"

• Add the roles/editor IAM policy binding

gcloud projects add-iam-policy-binding ${PROJECT_ID} \

--member="serviceAccount:terrateam@${PROJECT_ID}.iam.gserviceaccount.com" \

--role='roles/editor'

• Create a .terrateam/config.yml configuration file at the root of your Terraform repository:

• Replace PROJECT_ID with your GCP project id. This can be found using the following command:

echo $PROJECT_ID

• Replace WORKLOAD_IDENTITY_PROVIDER with your GCP workload identity provider. This can be found using the following command:

gcloud iam workload-identity-pools providers describe "terrateam-provider" \

--project="${PROJECT_ID}" \

--location="global" \

--workload-identity-pool="terrateam-pool" \

--format="value(name)"

• Your OIDC setup is done!

• Terraform Configuration for GKE

  • Beginning with the provider.tf file that holds the Google Cloud Platform (GCP) provider settings.

For complete code visit here.

• The second is the vpc.tf file that contains VPC(Virtual Private Cloud) configurations. Here, we are required to enable two APIs which are Google Compute API and Google Container API.

For complete code visit here.

• Moving on to the third file, subnets.tf, which is responsible for defining the subnet range for your VPC. It also sets up two secondary IP ranges: one for pods housing deployment containers and the other for running services.

For complete code visit here.

• Next up is the fourth file, router.tf, where you'll find the configurations for Google Compute Router settings.

For complete code visit here.

• Now, let's talk about the fifth file, cloudnet.tf, which houses the IP configurations for cloud networking.

For complete code visit here.

• Continuing with the sixth file, firewall.tf, this file holds the firewall rules that determine which network traffic to allow. In this blog post, we've configured it to allow only SSH traffic, which operates on port 22 and uses the TCP protocol. It's accessible from all IP addresses (publicly accessible).

For complete code visit here.

• Now, let's discuss the seventh file, kubernetes.tf. Inside this file, you'll find the configurations for your Google Kubernetes Engine (GKE) cluster. In this setup, we're creating nodes for three different locations: us-central1-a (default), us-central1-b, and us-central1-c.

For complete code visit here.

• Now, we come to the eighth file, node-pool.tf. This file defines two node pools, each serving a different purpose. One is for general on-demand usage, while the other is for spot instances. You have the flexibility to choose either of them based on your cost-saving preferences.

For complete code visit here.

• Congratulations, the setup for all your Terraform configuration files is now complete!

6. Code Commit and Push

• Before pushing all the codes to the repository Terratem will require a .github/workflows to run CI/CD.

• Follow the following steps to add the required files.

• Create a .github/workflows directory

  • mkdir -p .github/workflows

• Store the Terrateam GitHub Actions workflow file in the .github/workflows directory

  • curl -L -o .github/workflows/terrateam.yml \ https://terrateam.io/.github/workflows/terrateam.yml

• Now push all the files to the main branch of your repository

  • git add .

  • git commit -m “all files”

  • git push origin main

7. Branch for Configuration Changes

• Now create a new branch from the main branch, we are naming our new branch as terrateam

  • git checkout -b terrateam

• Make some configuration changes

• Push it back to GitHub repository

  • git add .

  • git commit -m “terrateam-runner”

  • git push origin terrateam

8. Pull Request Review

• Now to create a pull request on your branch

  • Either do it from GitHub UI or,

  • Use the following command after installing GitHub CLI into your local

    • gh pr create --fill

• Go to your GitHub account and click on Pull Request from the top bar.

• You will find a PR check running on your branch with the Terrateam plan running on it as well.

• Click on it and scroll down to see the Terrateam CI/CD plan running.

• Wait for a few minutes till the plan .default is green

• Comment on terrateam apply on the PR to apply changes in the configuration.

• And wait for all checks to go green.

• Once all the checks are green we can move forward with connecting the cluster.

9. Deployment Configuration (Local)

• Connect to your cluster using the below command:

  • gcloud container clusters get-credentials <cluster_name>--zone <zone> --project <project_name>

  • example,

  • gcloud container clusters get-credentials primary --zone us-central1-a --project terrateam-demo

• Next is to add three manifest configuration files mkdocs-ns.yml, deployment.yml, and service.yml.

Visit here for configuration.

Visit here for configuration.

Visit here for configuration.

• Now apply these manifests on your cluster.

• Run the following command in the same order as written.

  • kubectl apply -f mkdocs-ns.yml

  • kubectl apply -f deployment.yml

  • kubectl apply service.yml

10. Application Verification

• Wait for a few moments and run the below command to get an External IP address where your MKdocs application is running.

  • kubectl get svc -n mkdocs

• Now enter this IP address in your browser.

• Congratulations! You have successfully made it to the end of the tutorial and gained the knowledge to deploy the MKdocs application on the GKE cluster.

11. Cleanup

• To avoid the rise in billing amount cleanup is mandatory.

• Run the below command in your IDE to destroy all the infrastructure we built in the tutorial.

  • terraform init

  • terraform destroy

• And wait till all the resources to destroyed.

• Since, we are using Google Cloud Storage to store our state files, that makes it possible to destroy all the resources from anywhere/remotely.

• Wait for everything to be destroyed.

• Cleanup done!

Conclusion

1. We've installed Terraform, Kubectl, and Google Cloud CLI on our local system and Terrateam on our GitHub account.

2. We've created all the Terraform configuration files to set up Google Kubernetes Engine (GKE).

3. We've configured Terrateam for Google Cloud using OIDC authentication and authorization.

4. Our Terraform code is pushed on GitHub.

5. We made a new branch called terrateam-setups made some changes, and pushed those changes to GitHub.

6. We connected to our Google Kubernetes Engine (GKE) cluster using Google Cloud CLI from our local system.

7. We successfully deployed our MKDocs application.

For the complete code visit here.

To learn more about Terrateam visit here.

Also, check out our Deploy AWS EKS cluster via Terrateam and Deploying AKS With Terrateam blogs available on Hashnode.