Deploy a simple website with Terraform and Chef on GCP
So you work for a tech startup and your SaaS app needs to be deployed in the Cloud like tomorrow and the CTO asked you to quickly workup some magic to get it deployed in the cloud ASAP. Now as you go through the internet looking for the ultimate IaC best practices, this amazingly indexed blog post shows up right on top in your search and it will show you how you can use some really good pre-built Cloud Foundation Toolkit¹ Terraform modules to quickly create resources in Google Cloud Platform (GCP) with just minimal code development efforts.
Before we jump into creating stuff…
All you need to be able to follow this example:
- A GCP account and a billing account (credit card). Did you know about GCP free tier?
- Basic knowledge of:
- Terraform (must be installed already)
- Terraform GCP Provider
- Chef
- Git (must be installed already)
- Cloud SDK (must be installed already)
Deployment Architecture
GCP Resources Created
The below resources are created using Terraform in this example:
- Project
- VPC Network (subnets, routes, firewall rules)
- Service Account
- Managed Instance Group (MIG)
- Global HTTPS LB
- GCS Bucket
Prepare for Deployments
It is recommended to create a seed GCP project² along with a IAM service account and a GCS bucket that can be used by Terraform to authenticate with GCP and store the state remotely in the bucket. Then all additional projects and resources can be created by Terraform.
Create the Seed Project
- Clone this Github repository, we will use it to create everything in this example.
- Follow the steps here to create the seed project. You will just run a shell script that will do some listed tasks to create a seed project and some required components that will be needed later.
- After your seed project is created, everything else going forward will be created and managed using Terraform and as a result all your infrastructure will be defined as code and its state will be maintained in a secured and highly available GCS bucket.
Deployment Steps
The step by step deployment is documented on the repository here. Following those steps will make you run Terraform to do the below tasks:
1. Create the project and custom VPC network
- This example uses Terraform Project Factory module to create a project and Network module to create a custom network.
- After you follow the steps to create your own terraform.tfvars (input parameters) file and run
terraform apply
you will see that creates a project and a custom VPC network with subnets for each environment (prod, dev, test) and shared services. - Once successfully applied you will see the output like below:
2. Prepare for GCE Instance bootstrapping
Follow the steps from Prepare for Website Deployment section for this.
For fast autoscaling of the website, it is really important that the VM instances are bootstrapped quickly. We will do the below things to make it happen:
- Install all common packages inside a custom VM image.
- Put your configuration and application code on a central code repository so that it can be pulled to the VMs during bootstrapping.
- Provide your VMs with a startup script that will pull the configuration and code from the central repository and trigger Chef Client to configure the VM.
- All the access to GCS bucket and CSR code repository are controlled using the service account created in this step and attached to the VMs during deployment.
3. Deploy the website
This example uses Terraform VM module to create the GCE MIG without public IPs and LB module to create the Global LB.
Follow the steps from Deploy MIG infrastructure and website to deploy the website. This will do the below tasks:
- Create a MIG cluster that will host the website. The website will be deployed on the VMs using Chef and the startup script.
- Create a HTTPS GLB that will interface and balance all the user traffic.
Once successfully applied you will see the output like below:
And the Instance groups page on Cloud Console will also show the newly created instance group.
4. Post-deployment verification
Follow the steps from Verify that the website is live to do some post deployment checks.
Copy the value of home_page_url
from Terraform outputs and paste it on a new browser tab.
Click on “Proceed to <ip-address> (unsafe)” as it is just because of our self-signed certificate. You will now be able to see the website page which would look something like below. (Not so fancy but you get the idea…)
Additionally, you can also check the Load Balancing page on Cloud Console which should show you both instances in “Healthy” state.
And your website is live!
We just deployed a website; from infrastructure all the way to the application using automation. There were some manual steps involved but even those can be automated using CI/CD tools and processes:
- Use a tool like Packer to automate image build process. It is easy to setup and use. More information on using it on GCP is here.
- Use a tool like Jenkins to automate code deployment via CI/CD pipelines. If you want to get away from the management overhead then use a managed service like Cloud Build.
Glossary
¹What is Cloud Foundation Toolkit?
Cloud Foundation Toolkit is a set of templates written for Google Deployment Manager and HashiCorp Terraform with Google best practices built into it to provide enterprise grade Infrastructure as Code for your deployments on Google Cloud Platform.
²What is a Seed Project?
A seed project is just a GCP project that will hold the IAM Service Account and necessary permissions to enable IaC deployments via Terraform. We will also use this seed project to store our Terraform State in a Google Cloud Storage (GCS) bucket.
Essentially, only a few admins must have access to this seed project and the resources inside it (like Terraform state in GCS bucket) as it won’t be used to do anything other than authorize service accounts to carry out deployments in the rest of the GCP Organization.