Terraform Deployments with Google Cloud Build
At DataSparQ, all infrastructure is written as code — if not for repeatability, it acts as a fantastic auditing tool. Enabling our engineers to switch projects and immediately get a feel for what and how Cloud products are being used. We chose Terraform.
As the size of the project and the number of changes increase, so does the time taken for execution. If you are running this locally, this causes problems, deployments can take over an hour and network interruptions can cause Terraform to enter a miss-aligned state.
DataSparQ needed a remote machine to deploy our Terraform changes. We wanted that machine to only be running when we needed it.
Google Cloud Build seamlessly integrates with GitHub via triggers and only charges whilst executing. Perfect.
Cloud Build allows the user to stipulate which docker containers are used for each stage — we can use this to select the Terraform image which matches the development version:
steps: # 0. Initialise Terraform environment
— name: hashicorp/terraform:0.12.xx
id: terraform-init
args: [‘init’]
dir: ‘path/to/terraform/folder’
The name will pull & cache the official Terraform image (make sure to replace xx with the version), use the args to stipulate the Terraform operation (plan, apply, workspace etc).
Here’s the best part, the Terraform Google Cloud Provider will automatically use the Cloud Build service account for operations — you can either give this account the permissions it needs or create a new service account and provide keys. We use the standard Cloud Build service account for simplicity.
As Cloud Build caches the workspace between operations, make sure your first step is to initialise — then you are free to plan and apply when required:
steps:# 0. Initialise Terraform environment
— name: hashicorp/terraform:0.12.xx
id: terraform-init
args: [‘init’]
dir: ‘path/to/terraform/folder’# 1. Select Target Workspace
— name: hashicorp/terraform:0.12.xx
id: terraform-workspace
args: [‘workspace’, ‘select’, ‘${_ENV}’]
dir: ‘path/to/terraform/folder’# 2. Apply Terraform
— name: hashicorp/terraform:0.12.xx
id: terraform-apply
args: [‘apply’, ‘-auto-approve’]
dir: ‘path/to/terraform/folder’
Applications / platforms typically have more than one environment — we use workspaces to toggle between these. You can also specify different variable files / environment variables via Cloud Build substitutions & args: https://cloud.google.com/cloud-build/docs/build-config
In summary, Cloud Build is a simple, yet extremely effectively tool for deploying cloud applications & data platforms. Start your build with immutable infrastructure changes and large applications suddenly become easier to manage.
