In the previous article, I explained how to create machine images using Packer and GCP. In this one, I’m going to explain how to deploy them using Terraform Cloud.

Untitled

Google Cloud Configuration

Here we just need a Service Account with Editor Permissions. You can create one as I’ve explained in the previous article “Creating pipelines using Gitlab CI for Terraform and GCP”.

Please also enable the Compute Engine API.

Untitled

As we published the images in the “DevOps” project, if we would like to use them in other projects we need to Grant Permission to the default Google API SA from the target projects in our “DevOps” project as “Image User”. Please follow the official documentation: Using Images from Other Projects.

Terraform Cloud Configuration

First, create two variable sets, one for HCP credentials and another one for GCP credentials.

Variable Sets

Variable Sets

GCP

  • Variable: GOOGLE_CREDENTIALS
  • Value: Service Account Json without line breaks.
  • Type: Sensitive
  • Category: Environment

HCP

  • Variables: HCP_CLIENT_ID and HCP_CLIENT_SECRET
  • Value: Create a Hashicorp Cloud Service Principal in IAM Section and use those values.
  • Type: Sensitive
  • Category: Environment

Now, let’s configure the workspace.

  1. Go to the home page, Create a Project (or use the default one), and then a workspace, for example:

Project Terraform Modules

Project Terraform Modules

  1. I am using my terraform-modules repo as example, and creating a workspace called dev  of type VCS Workflow.

Untitled

In the Advanced Configurations, I described where my dev code is located. In my repo, it is in the infra/dev subfolder, and for dev workspace, I also would like to Auto Apply changes.

Untitled

Workspace Created.

Untitled

  1. Lets add our wokspace variables. For that, click in the namespace, and then, in Configure Variables button.

Configure variables

Configure variables

In my case, just two:

Variables

Variables

Now, we can see in our Pull Requests Terraform Cloud being executed:

PR Check

PR Check

PR Plan

PR Plan

And, after the merge, another run, now, applying the code.

Untitled

We can see our VM created in GCP:

Prometheus VM

Prometheus VM

And then, we can access the public IP and check that our Prometheus Server is running correctly

Untitled

Untitled

Tips/Next Steps

  • Create sub-folders for other environments.
  • Create workspaces for other environments.
  • If PROD please consider using Manual Apply.
  • Refine which code files/directories will be watched to trigger the runs (Workflow configuration)

Support

If you find my posts helpful and would like to support me, please buy me a coffee: Anderson Dario is personal blog and tech blog

That’s all. Thanks.