Getting Started with Infrastructure as Code
Securing IaC Deployments on GCP
Deploying Infrastructure as Code on GCP
The course is part of this learning path
Learn how to simplify all of your application infrastructure into just a few configuration files then deploy your code on Google Cloud Platform with this course. We will start by learning the core concepts behind Infrastructure as Code, discussing security best practices when working with IaC, and comparing some popular orchestration and configuration management tools.
After that, we’ll implement version control for our IaC configurations, and learn how we can automate deployment updates using Cloud Build Triggers. Next, we’ll learn how to integrate Google Secret Manager to protect any sensitive data in our source code. Then to tie it all together, we’ll walk through Google Identity and Access Management and learn how to monitor our users and resources on GCP.
After learning the basics, we’ll build our own immutable server images with Google Cloud Build using both Docker and Packer. We’ll then explore a practical usage scenario and build a WordPress deployment with Google Deployment Manager. We’ll also deploy a similar WordPress configuration using Terraform to compare the two methods.
I will be working in Visual Studio Code during the demos for this course, but you are also free to use any other IDE you are comfortable with instead. A demo repository is provided along with this course, and while we will be working with some Python and PHP in our examples, you should still be able to follow along with the demos without any background in either of these languages.
- Build server images from a configuration file using Docker and Packer.
- Learn to use Google Cloud Build with third-party build steps.
- Deploy application infrastructure from code using Google Deployment Manager and Terraform.
- Understand templating systems for Infrastructure as Code.
- Implement version control for Infrastructure as Code.
- Learn to protect secret data in IaC configurations using Google IAM role management and Google Secret Manager.
This course is intended for programmers interested in expanding their knowledge about modern cloud-based DevOps workflows. Learning to manage Infrastructure as Code is beneficial to solo developers who need to focus as much of their time as possible on their application code and not on managing infrastructure. Development teams will also benefit from this course, because implementing IaC provides consistent performance across deployments in multiple environments, which greatly simplifies project collaboration. This course will also help prepare the viewer for the Google Professional Cloud DevOps Engineer certification.
- You should already have a Google Cloud Platform account.
- You should have Google Cloud SDK already installed and initialized.
- You should already have Git installed, and be familiar with its use.
- Demos will be shown in Visual Studio Code, but you're free to use any IDE they are familiar with.
- Demos will utilize some Python and PHP, but you're not required to be fluent in either of these languages to follow along with the examples.
Building server images with Docker using Google Cloud Build. Infrastructure as code is a blanket term that covers many different technologies and methods for writing configuration files, and then deploying them as servers on different platforms. While we can use a traditional virtual server in an IaC deployment, we might be tempted to lean on old habits of treating it like a "pet" server and not as "livestock." We are better off using a container-based solution that will force us to treat the server as an immutable entity.
Containers are like lightweight virtual machines, but they are stateless with no persistent storage and are rebuilt from a configuration file every time changes are made. So you can see containers are basically synonymous with infrastructure as code. Docker is one of the most widely used tools for building containers. We can build a Docker image that will run our custom server by defining just a single configuration file. This file is called rather unimaginatively a Docker file.
Let's take a look at an example Docker file, make some changes to it and see how we can use Google Cloud Build to create our customized server image and store it on GCP for us. For this course, we are going to create infrastructure as code for a WordPress deployment.
So we'll start with the official base WordPress Docker image and build our Docker image on top of that. We can see in the WordPress Docker file, all the commands it already runs to prepare the WordPress server for us and in the very first line we can see how this image itself is built from the official PHP Docker image.
We can take a look at the PHP Docker file then, and see that this version includes the Apache web server for us and that this image is built from a base Debian operating system container image. Knowing that our server image combines all of these Dockerfiles, we are able to add or change any configuration settings for the Debian, PHP or WordPress containers in our own Docker file to customize our server image.
Very often, we may need to add a PHP extension required by a particular WordPress plugin or change a PHP configuration setting to improve performance with WordPress. We can include our custom php.ini configuration with our Docker file and write this command in our Docker file to copy our configuration into our build.
The PHP Docker repository comes with some helper scripts for adding and removing PHP extensions. But to make this even easier, we are adding the Docker PHP extension installer repository. This way we can enable xdebug and a couple other extensions in PHP with just a single command and it will handle any dependencies for us.
Remember that containers are immutable with no persistent storage but we are running a WordPress server and we'll definitely want to be able to add content and save changes to our website. We can do this by creating a SQL database and a persistent storage disc outside of our container and then mapping them to our server image. We'll learn how to tie all of these elements together later with Google Deployment Manager.
Now that we've created our custom WordPress Docker file, we can build our new WordPress server image and store it in Google Artifact Registry with a simple Docker command. We could instead use the cloudbuild.yml file from our repository that we used with our Cloud Build Trigger earlier like this.
Any command-line arguments that we would pass to the G Cloud Build command can be instead stored in a cloudbuild.yml config file like this which allows us to add variables that make our configurations more easily reusable like we are doing here with the project ID. It's important to remember number that there are costs incurred when building images with Google Cloud Build like we demonstrated here.
You could instead install Docker on your development machine, use the Docker build command locally then upload the same resulting image to the artifact registry in order to avoid the expense of cloud build. Depending on your situation and workflow, there may be good reasons to use cloud build though. If you are unable to install Docker locally, if your development machine is an underpowered code typewriter and can't handle building images, or if you have a lousy internet connection and don't want to wait an hour for your images to upload between updates, Cloud Build could very well be worth the cost.
Arthur spent seven years managing the IT infrastructure for a large entertainment complex in Arizona where he oversaw all network and server equipment and updated many on-premise systems to cloud-based solutions with Google Cloud Platform. Arthur is also a PHP and Python developer who specializes in database and API integrations. He has written several WordPress plugins, created an SDK for the Infusionsoft API, and built a custom digital signage management system powered by Raspberry Pis. Most recently, Arthur has been building Discord bots and attempting to teach a Python AI program how to compose music.