Eugeny Shtoltc - IT Cloud

archived: "false"

auto_init: "true"

default_branch:

description: "my terraform repo"

etag:

full_name:

git_clone_url:

html _url:

http_clone_url:

name: "terraform-repo"

ssh_clone_url:

svn_url:

Plan: 1 to add, 0 to change, 0 to destroy.

Do you want to perform these actions?

Terraform will perform the actions described above.

Only 'yes' will be accepted to approve.

Enter a value: yes

github_repository.terraform_repo: Creating …

allow_merge_commit: "" => "true"

allow_rebase_merge: "" => "true"

allow_squash_merge: "" => "true"

archived: "" => "false"

auto_init: "" => "true"

default_branch: "" => ""

description: "" => "my terraform repo"

etag: "" => ""

full_name: "" => ""

git_clone_url: "" => ""

html_url: "" => ""

http_clone_url: "" => ""

name: "" => "terraform-repo"

ssh_clone_url: "" => ""

svn_url: "" => ""

github_repository.terraform_repo: Creation complete after 4s (ID: terraform-repo)

Apply complete! Resources: 1 added, 0 changed, 0 destroyed

Now you can see an empty terraform-repo repository in the WEB interface. Reapplying will not create a repository because Terraform only applies the changes that weren't:

(agile-aleph-203917) $ ./terraform apply

provider.github.organization

The GITHub organization name to manage.

Enter a value: essch2

github_repository.terraform_repo: Refreshing state … (ID: terraform-repo)

Apply complete! Resources: 0 added, 0 changed, 0 destroyed.

But if I change the name, then Terraform will try to apply the changes to the name by deleting and creating a new one with the current name. It is important to note that any data that we would push into this repository after the name change would be deleted. To check how updates will be performed, you can first ask for a list of actions to be performed with the command ./Terraform plane . And so, let's get started:

(agile-aleph-203917) $ cat main.tf

provider "github" {

token = "$ {var.github_token}"

}

resource "github_repository" "terraform_repo" {

name = "terraform-repo2"

description = "my terraform repo"

auto_init = true

}

(agile-aleph-203917) $ ./terraform plan

provider.github.organization

The GITHub organization name to manage.

Enter a value: essch

Refreshing Terraform state in-memory prior to plan …

The refreshed state will be used to calculate this plan, but will not be

persisted to local or remote state storage.

github_repository.terraform_repo: Refreshing state … (ID: terraform-repo)

–– –

An execution plan has been generated and is shown below.

Resource actions are indicated with the following symbols:

+ create

Terraform will perform the following actions:

+ github_repository.terraform_repo

id:

allow_merge_commit: "true"

allow_rebase_merge: "true"

allow_squash_merge: "true"

archived: "false"

auto_init: "true"

default_branch:

description: "my terraform repo"

etag:

full_name:

git_clone_url:

html_url:

http_clone_url:

name: "terraform-repo2"

ssh_clone_url:

svn_url:

"terraform apply" is subsequently run.

esschtolts @ cloudshell: ~ / terraform (agile-aleph-203917) $ ./terraform apply

provider.github.organization

The GITHub organization name to manage.

Enter a value: essch2

github_repository.terraform_repo: Refreshing state … (ID: terraform-repo)

An execution plan has been generated and is shown below.

Resource actions are indicated with the following symbols:

– / + destroy and then create replacement

Terraform will perform the following actions:

– / + github_repository.terraform_repo (new resource required)

id: "terraform-repo" => (forces new resource)

allow_merge_commit: "true" => "true"

allow_rebase_merge: "true" => "true"

allow_squash_merge: "true" => "true"

archived: "false" => "false"

auto_init: "true" => "true"

default_branch: "master" =>

description: "my terraform repo" => "my terraform repo"

etag: "W / \" a92e0b300d8c8d2c869e5f271da6c2ab \ "" =>

full_name: "essch2 / terraform-repo" =>

git_clone_url: "git: //github.com/essch2/terraform-repo.git" =>

html_url: "https://github.com/essch2/terraform-repo" =>

http_clone_url: "https://github.com/essch2/terraform-repo.git" =>

name: "terraform-repo" => "terraform-repo2" (forces new resource)

ssh_clone_url: "git@github.com: essch2 / terraform-repo.git" =>

svn_url: "https://github.com/essch2/terraform-repo" =>

Plan: 1 to add, 0 to change, 1 to destroy.

Do you want to perform these actions?

Terraform will perform the actions described above.

Only 'yes' will be accepted to approve.

Enter a value: yes

github_repository.terraform_repo: Destroying … (ID: terraform-repo)

github_repository.terraform_repo: Destruction complete after 0s

github_repository.terraform_repo: Creating …

allow_merge_commit: "" => "true"

allow_rebase_merge: "" => "true"

allow_squash_merge: "" => "true"

archived: "" => "false"

auto_init: "" => "true"

default_branch: "" => ""

description: "" => "my terraform repo"

etag: "" => ""

full_name: "" => ""

git_clone_url: "" => ""

html_url: "" => ""

http_clone_url: "" => ""

name: "" => "terraform-repo2"

ssh_clone_url: "" => ""

svn_url: "" => ""

github_repository.terraform_repo: Creation complete after 5s (ID: terraform-repo2)

Apply complete! Resources: 1 added, 0 changed, 1 destroyed.

For reasons of clarity, I created a big security hole – I put the token in the configuration file, and therefore in the repository, and now anyone who can access it can delete all repositories. Terraform provides several ways to set variables besides the one used. I'll just recreate the token and override it with the one passed on the command line:

(agile-aleph-203917) $ rm variables.tf

(agile-aleph-203917) $ sed -i 's / terraform-repo2 / terraform-repo3 /' main.tf

./terraform apply -var = "github_token = f7602b82e02efcbae7fc915c16eeee518280cf2a"

Building infrastructure in GCP with Terraform

Each cloud has its own set of services, its own APIs for them. To simplify the transition from one cloud for both employees in terms of learning and rewriting, there are universal libraries that implement the Facade pattern. A facade is understood as a universal API that disrupts the features of the systems behind it.

One representative of the cloud API facades is KOPS. KOPS is a tool for deploying Kubernetes to GCP, AWS and Azure. KOPS is similar to Kubectl – it is a binary, it can create both commands and the YML config, has a similar syntax, but unlike Kubectl, it creates not a POD, but a cluster node. Another example is Terraform, which specializes in deployment by configuration to adhere to the IasC concept.

To create the infrastructure, we need a token, it is created in GCP for the service account to which access is issued. To do this, I went along the path: IAM and administration -> Service accounts -> Create a service account and upon creation I dropped the Owner role (full access for test purposes), created a key with the Create key button in JSON format and renamed the downloaded key to Key. JSON. To describe the infrastructure, I used the documentation www.terraform.io/docs/providers/google/index.html :

(agil7e-aleph-20391) $ cat main.tf

provider "google" {