on
Setup Terraform with Google Provider
Setup Terraform with Google Provider
This is article focused on routine steps how to start working with terraform and google cloud provider. For new clients/projects, we do the same steps again and again. I will try to cover the whole process from scratch and record in this article all my steps.
-
Create a google/gmail account.
-
Register organisation or personal account in https://cloud.google.com. It requires credit card information. Don’t worry, you will have $300 as credit for 12 months.
-
Google cloud console authorization
-
Set default application login solution
-
Init a terraform project
-
Create a google cloud project
Google cloud console authorization
Steps to authorize google account are based on official documentation https://cloud.google.com/storage/docs/gsutil_install#creds-sdk. Install Google Cloud SDK and authorize:
$ brew install caskroom/cask/google-cloud-sdk
$ gcloud init # Will open browser and authorize your account
After this procedure, you should see the page https://cloud.google.com/sdk/auth_success with “You are now authenticated with the Google Cloud SDK!”.
In the terminal you should pick the first default project on prompt:
You are logged in as: [user@example.com].
Pick cloud project to use:
[1] super-man-198503
[2] Create a new project
Please enter numeric choice or text value (must exactly match list
item): 1
To use terraform we can generate a separate service account or create a default application login
Default application login solution
Reference: https://cloud.google.com/sdk/gcloud/reference/auth/application-default/login
$ gcloud auth application-default login
Credentials saved to file: [/Users/dev/.config/gcloud/application_default_credentials.json]
...
This method would not require you to specify the credentials json path file in the terraform. All permissions would rely on a user who will use the terraform.
Another solution is to generate a separate service account: https://cloud.google.com/docs/authentication/getting-started.
Init terraform project
First, we need to test authorization to the Google API and configure Google provider for terraform: https://www.terraform.io/docs/providers/google/index.html. In my case, I used an organization account.
Create a file gcp.tf
:
// gcp.tf
data "google_organization" "goldminer" {
domain = "example.com"
}
output "org_id" {
value = "${data.google_organization.goldminer.id}"
}
Then we initialise terraform project and check that it works:
$ terraform init
Initializing provider plugins...
- Checking for available provider plugins on https://releases.hashicorp.com...
- Downloading plugin for provider "google" (1.6.0)...
...
* provider.google: version = "~> 1.6"
Terraform has been successfully initialized!
...
$ terraform apply -auto-approve
data.google_organization.goldminer: Refreshing state...
Apply complete! Resources: 0 added, 0 changed, 0 destroyed.
Outputs:
org_id = 123456789012
If you have a problem, try to generate a service account first your self with https://cloud.google.com/docs/authentication/getting-started, download the credentials json file and specify a google provider https://www.terraform.io/docs/providers/google/index.html eg:
provider "google" {
credentials = "${file("${path.module}/account.json")}"
project = "super-man-198503"
region = "us-central1-a"
}
Create a Google cloud project
We register our account to use Google cloud resources. By default, you will have a generated project “My First Project” with some random id, for example super-man-198503
. There are no problems with default one, but I recommend to create projects with meaningful names.
Check the terraform google_project
resource documentation https://www.terraform.io/docs/providers/google/r/google_project.html. Base on it, let’s create a project resource:
// kubernetes_project.tf
resource "google_project" "kubernetes" {
name = "kubernetes"
project_id = "kubernetes-${data.google_organization.goldminer.directory_customer_id}"
org_id = "${data.google_organization.goldminer.id}"
}
output "project_id" {
value = "${google_project.kubernetes.id}"
}
Check that we are going to create a correct resource with plan and confirm it after:
$ terraform apply
...
Terraform will perform the following actions:
+ google_project.kubernetes
id: <computed>
folder_id: <computed>
name: "kubernetes"
number: <computed>
org_id: "123456789012"
policy_data: <computed>
policy_etag: <computed>
project_id: "kubernetes-a01bvf123"
skip_delete: <computed>
Plan: 1 to add, 0 to change, 0 to destroy.
Do you want to perform these actions?
Terraform will perform the actions described above.
Only 'yes' will be accepted to approve.
Enter a value: yes
...
Outputs:
org_id = 123456789012
project_id = kubernetes-a01bvf123
For me, in web console of Google Cloud, this project did not appear at the same moment, so I tested with a command: gcloud projects list
.
Michael Nikitochkin is a Lead Software Engineer. Follow him on LinkedIn or GitHub.
If you enjoyed this story, we recommend reading our latest tech stories and trending tech stories.