Getting Started with Infrastructure as Code
Securing IaC Deployments on GCP
Deploying Infrastructure as Code on GCP
The course is part of these learning paths
Learn how to simplify all of your application infrastructure into just a few configuration files then deploy your code on Google Cloud Platform with this course. We will start by learning the core concepts behind Infrastructure as Code, discussing security best practices when working with IaC, and comparing some popular orchestration and configuration management tools.
After that, we’ll implement version control for our IaC configurations, and learn how we can automate deployment updates using Cloud Build Triggers. Next, we’ll learn how to integrate Google Secret Manager to protect any sensitive data in our source code. Then to tie it all together, we’ll walk through Google Identity and Access Management and learn how to monitor our users and resources on GCP.
After learning the basics, we’ll build our own immutable server images with Google Cloud Build using both Docker and Packer. We’ll then explore a practical usage scenario and build a WordPress deployment with Google Deployment Manager. We’ll also deploy a similar WordPress configuration using Terraform to compare the two methods.
I will be working in Visual Studio Code during the demos for this course, but you are also free to use any other IDE you are comfortable with instead. A demo repository is provided along with this course, and while we will be working with some Python and PHP in our examples, you should still be able to follow along with the demos without any background in either of these languages.
- Build server images from a configuration file using Docker and Packer.
- Learn to use Google Cloud Build with third-party build steps.
- Deploy application infrastructure from code using Google Deployment Manager and Terraform.
- Understand templating systems for Infrastructure as Code.
- Implement version control for Infrastructure as Code.
- Learn to protect secret data in IaC configurations using Google IAM role management and Google Secret Manager.
This course is intended for programmers interested in expanding their knowledge about modern cloud-based DevOps workflows. Learning to manage Infrastructure as Code is beneficial to solo developers who need to focus as much of their time as possible on their application code and not on managing infrastructure. Development teams will also benefit from this course, because implementing IaC provides consistent performance across deployments in multiple environments, which greatly simplifies project collaboration. This course will also help prepare the viewer for the Google Professional Cloud DevOps Engineer certification.
- You should already have a Google Cloud Platform account.
- You should have Google Cloud SDK already installed and initialized.
- You should already have Git installed, and be familiar with its use.
- Demos will be shown in Visual Studio Code, but you're free to use any IDE they are familiar with.
- Demos will utilize some Python and PHP, but you're not required to be fluent in either of these languages to follow along with the examples.
Implementing version control for infrastructure as code is just as simple as including our new infrastructure configuration files along with our application source code. When we create a new repository for our project, our infrastructure definitions are now included using the same versioning as the rest of our products files. It's really as easy as that. We can then roll back to previous server configurations in exactly the same way we would roll back any other changes to our application code.
Depending on the size of your project and development team, you can choose to implement either a single monolithic repository for the entire code base, or you might decide to break it into multiple repositories instead. A single repository is obviously easier to work with, especially for small projects and teams, and is what we'll be working with for our demos in this course.
By implementing multiple repositories for our code base though, we can apply different access permissions to our application source code separately from our IaC configuration files. This way, you could for example, give only your senior developers permission to make changes to your IaC configurations. The rest of the development team can still be given access to pull and use these configurations in their development environments without any risk of them accidentally pushing any bad IaC configuration changes to the repository.
Let's get started by pulling the repository for this course with a git clone command. You should already have git installed locally for this course. I will be working with Visual Studio Code for my demo. So for those following along there, all we have to do is open our new repository folder, click on source control, then click on initialize repository. We can now commit changes to our project files and track versions or rollback mistakes locally on our development machine. We can further reduce human error and speed up our development workflow by pushing our changes to Google Cloud source repositories and using a Google Cloud Build trigger to automate deployment of updated server images whenever there is a version change.
Let's take a quick look at how we can do this using the files already in our project. We'll go into greater detail about building and deploying IaC configurations using Google Cloud Build commands in the next lecture group. You should already have a project created on your Google Cloud account, and the gcloud SDK should already be installed, initialized, and connected to your new project.
Now let's make sure we enable all the APIs that we'll be needing. We can do this by navigating through the Google Cloud Console website and clicking on each of the services, or we could use these quick gcloud commands.
After that, we can very easily authenticate git with our Google account using this simple credential helper command. We are now ready to create a repository on Google and push our project code with these commands. Be sure to replace the project ID with your own project's ID here. You can also change the name of the repository here if you like.
Next, we need to create a Google artifact registry to match our source repository name. This is where Cloud Build will store our new container image for us. You may need to change the region to match your project here. From the Google Cloud Console website, we can now see our project code in our Google Cloud source repository and our empty artifact registry. While we're here, let's create a Google Cloud Build Trigger that will run the Cloud Build.YAML file from our project every time our cloud source repository is updated. This will automatically build a new container image and store it in the artifact registry whenever we push any code changes.
Now let's take a quick look at this Cloud Build.YAML file in our project. Make sure the region and repository names match from your earlier steps. We don't need to change the project ID here, because this is a variable in our configuration file that will be filled in for us at runtime.
Now save and push the changes to our Google Cloud source repository. We should then see our Cloud Build trigger running. And once it's completed, we can now find our WordPress Docker image ready for deployment in the artifact registry. We now have version control and build automation working for our project.
Arthur spent seven years managing the IT infrastructure for a large entertainment complex in Arizona where he oversaw all network and server equipment and updated many on-premise systems to cloud-based solutions with Google Cloud Platform. Arthur is also a PHP and Python developer who specializes in database and API integrations. He has written several WordPress plugins, created an SDK for the Infusionsoft API, and built a custom digital signage management system powered by Raspberry Pis. Most recently, Arthur has been building Discord bots and attempting to teach a Python AI program how to compose music.