Getting Started with Infrastructure as Code
Securing IaC Deployments on GCP
Deploying Infrastructure as Code on GCP
The course is part of this learning path
Learn how to simplify all of your application infrastructure into just a few configuration files then deploy your code on Google Cloud Platform with this course. We will start by learning the core concepts behind Infrastructure as Code, discussing security best practices when working with IaC, and comparing some popular orchestration and configuration management tools.
After that, we’ll implement version control for our IaC configurations, and learn how we can automate deployment updates using Cloud Build Triggers. Next, we’ll learn how to integrate Google Secret Manager to protect any sensitive data in our source code. Then to tie it all together, we’ll walk through Google Identity and Access Management and learn how to monitor our users and resources on GCP.
After learning the basics, we’ll build our own immutable server images with Google Cloud Build using both Docker and Packer. We’ll then explore a practical usage scenario and build a WordPress deployment with Google Deployment Manager. We’ll also deploy a similar WordPress configuration using Terraform to compare the two methods.
I will be working in Visual Studio Code during the demos for this course, but you are also free to use any other IDE you are comfortable with instead. A demo repository is provided along with this course, and while we will be working with some Python and PHP in our examples, you should still be able to follow along with the demos without any background in either of these languages.
- Build server images from a configuration file using Docker and Packer.
- Learn to use Google Cloud Build with third-party build steps.
- Deploy application infrastructure from code using Google Deployment Manager and Terraform.
- Understand templating systems for Infrastructure as Code.
- Implement version control for Infrastructure as Code.
- Learn to protect secret data in IaC configurations using Google IAM role management and Google Secret Manager.
This course is intended for programmers interested in expanding their knowledge about modern cloud-based DevOps workflows. Learning to manage Infrastructure as Code is beneficial to solo developers who need to focus as much of their time as possible on their application code and not on managing infrastructure. Development teams will also benefit from this course, because implementing IaC provides consistent performance across deployments in multiple environments, which greatly simplifies project collaboration. This course will also help prepare the viewer for the Google Professional Cloud DevOps Engineer certification.
- You should already have a Google Cloud Platform account.
- You should have Google Cloud SDK already installed and initialized.
- You should already have Git installed, and be familiar with its use.
- Demos will be shown in Visual Studio Code, but you're free to use any IDE they are familiar with.
- Demos will utilize some Python and PHP, but you're not required to be fluent in either of these languages to follow along with the examples.
Deploying WordPress on GCP using Terraform Registry. In the previous lecture, we learned how to deploy Infrastructure as Code on Google Cloud Platform using Google Deployment Manager. I mentioned earlier that one of the benefits of Infrastructure as Code is its portability across multiple environments and providers though, and Google Deployment Manager kind of locks our application into the Google Cloud Platform.
Let's see how we can create another WordPress deployment using Terraform instead this time. In our example we'll still use Terraform to deploy to Google Cloud Platform, but Terraform also supports all other major cloud providers so we could easily move or expand our application to other hosting locations with only minimal configuration changes needed.
We'll first need to download Terraform from terraform.io, then extract it to a location on our computer. Then we'll add Terraform to our PATH in our Windows environment variables, so we can call Terraform by name from the command line. We can then confirm it's working by running terraform -version. We're already familiar with Google Deployment Manager templates, so let's explore the same concept again with Terraform.
Terraform has its own registry for templates, or what Terraform prefers to call modules, with support for many different providers. Let's find a WordPress module on the Terraform Registry and see how we can deploy it to our GCP project. This one looks like it fits the bill. If we look at the module source code, we can see there's just one main file with our IaC code, and a variables file to separate our variable definitions from the rest of our configuration.
We could pull this repository and use it directly in our project, or we could instead create a new main.tf file and call this configuration as a module directly through the Terraform Registry. I have included an example of that in the repository for this course. All you have to do is edit the project ID and regions for your project in the main.tf file, and with just these few lines we can build our entire WordPress server with Terraform.
Before we run Terraform though, we need to check that we have all the APIs that our deployment will need already enabled, we can do that quickly with these commands. We also need to run this gcloud command for authentication. Since we have Terraform installed locally we can use Application Default Credentials to authenticate Terraform with our own Google account, without needing to include a key file in our project.
We then need to add secrets for root_pass, database, db_user, and db_user_pass to Google Secret Manager. Our Terraform module will look for this sensitive data from Google Secret Manager, instead of storing it in our repository in plain text. Now we're ready to run terraform init, then terraform apply, and we should see Terraform start to deploy our application. This will take a few minutes to run.
Notice how Terraform adds this state file to your project in the background as it's building. Terraform manages this file on it's own and we don't need to edit it directly, however this file is very important and you'll want to make sure you're tracking it with version control. You won't be able to manage your Terraform deployments once they are deployed without this file.
The Terraform state file is used to map deployed resources to the configurations they came from, and caches metadata about deployments. This also helps improve performance when updating deployments to match detected configuration changes with Terraform. Once our Terraform deployment completes, a browser window will open for us automatically and we're greeted with a fresh WordPress site.
That concludes our last demo for this course. In our final lecture, we'll review what we've learned, and discuss some key takeaways from this course in our last few minutes together.
Arthur spent seven years managing the IT infrastructure for a large entertainment complex in Arizona where he oversaw all network and server equipment and updated many on-premise systems to cloud-based solutions with Google Cloud Platform. Arthur is also a PHP and Python developer who specializes in database and API integrations. He has written several WordPress plugins, created an SDK for the Infusionsoft API, and built a custom digital signage management system powered by Raspberry Pis. Most recently, Arthur has been building Discord bots and attempting to teach a Python AI program how to compose music.