Google Cloud infrastructure Manager - Managed Terraform Service

Video Statistics and Information

Video

Captions Word Cloud

Reddit Comments

Captions

what up folks this is GK so Google Cloud never had a proper infrastructure as a code solution like for example there is cloud formation for AWS a very good service robust service and a lot of companies still use cloud formation as a proper a for infrastructure Management on AWS so Google Cloud thought of creating a similar service and they created deployment manager and if you're aware of Google cloud or if you have been following it for quite some time it was not that prop ER IC tool I mean I have used it I never liked it now fortunately Google cloud has come up with one more service which is called infrastructure manager it is nothing but it's a terraform manage terraform service so if you are aware of terraform you can use infrastructure manager and provision resources on Google cloud and it will obviously maintain the state and everything is taken care by Google Cloud itself I personally think this is a right move from Google Cloud because terraform is a proper IAC solution ution that companies have been using it for quite some time and I'm sure that it is going to grow much more in 2024 and coming years so Google Cloud adopting it and then making it as a manage service will only help people to easily manage and maintain infrastructure on Google Cloud so as students of cloud let's try to explore the tool what it offers how to provision the resources using this tool and I'm going to show you all those things in the demo and you can also try this out at home uh because you never know if it becomes famous then it will also be part of the Google Cloud certification so let's dive right into the demo all right folks so I'm going to paste this documentation Link in the description so always start first with the documentation page and here it clearly says that enable the infrastructure manager service so go to your Cloud console and search for infrastructure manager so you see the infrastructure manager API if you have it already enabled you see it as an API enabled if you do not have it enabled then you'll have an option to enable the API here so click on enable and once that is enabled the next step is ensure that you have I IM permissions needed to create deployment okay so we're going to run couple of g-cloud commands and I am running the GCL commands as the admin of the project so I have all the permissions but in any case if you're using a service account then make sure that your service account has all the necessary permissions like for instance there are two things that you have to make sure as far as permissions are concerned one is go to your IM admin am page where you'll see all the service accounts and roles and everything and if you're using a service account from your terminal then you have to give necessary permissions to to that or if you're using directly editor of this project then you don't have to worry about it but there is another service account that we going to talk about it now so for for for instance ensure you have a service account with needed permissions that service account is the one that is going to create the deployment So to avoid the confusion I'm going to show you in the console but for now choose any service account that you already have in past or create a new service account and make sure it has two necessary permissions one is service account user okay and the other one is cloud infrastructure manager admin and I'm making it simpler for myself for the sake of the demo and I gave full permissions to this service account but in any case if you are implementing this for your company then make sure that you're always following the principle of lease privilege meaning you'll only give permissions that are needed for you to create the deployment and all the details with respect to that is very very well defined in the permissions page somewhere in this documentation but if you have any questions please let me know in the comment section I'll help you out choosing the right permissions okay so I have done these three steps this was not needed because I'm running as an admin already and this I have already have given it here for this uh demo TF service account I gave all the necessary permissions and the next step is to run your terraform configuration to deploy you know your resources or provision the services now there are three ways of doing that if you have your terraform configuration stored in the storage bucket okay you can use uh the commands that are given here or if you are deploying your terraform configuration from a public git repository then you have to use this command unfortunately I don't think it is supporting the private GitHub repository which is the common scenario that happens in the company okay okay so let's avoid this step as well now the third one most likely you will use is running the terraform from your local machine meaning you have all the terraform files in your local machine and uh you're going to run or execute this command from your local so we're going to use this now I would highly recommend building your command and everything from here itself like for example I'm going to create a storage bucket and deploy a sample website so I'm going to call it as a storage uh site deploy or something like that and then uh I'm going to select the service account project so my Pro my service account is already in the same project so um select the same project ID that uh you already must have given here you can choose the same thing and paste it here if your service account is there itself then the next one is to select the actual service account name okay copy and paste it here so the local directory is dot just give dot because I'm going to select the main.tf from the same local and I don't need any other details but if you want to pass the project ID or anything like that then you can use this input values here which is which is uh the right way to do it but I have hardcoded that project ID inside inside my terraform main.tf so if you're not aware of terraform then my recommendation is you have to spend very good amount of time learning it because I'm telling you in 2024 and 25 terraform is going to be is going to make it even bigger and in any case and if you need help then I'm launching a master class in 2024 Jan 20 please watch my previous video or search in the description to join the master class so we have formed the command from here am I missing something okay there's nothing I'm missing so copy this and before we run the command we need a terraform files and if you already have a terraform file to create a storage bucket or anything like that even better if you do not have then terraform and Google Cloud have a GitHub project which is an amazing GitHub project which has all the important um terraform files that are needed to create gcp services so I'm taking one such file to create a static website which is here I'm going to paste the paste the link in the description now I have already cloned this repo in my teril I'm going to go there first CD static website and I made one change to this file which is have added the project is equal to I mean I have added the provider block and the project like I've said before this is not the right practice it's always better to follow the best practices in the terms of passing the projects as environment variables or as a variable so now go back to the documentation and copy the command that you have constructed there paste it here and for the input values and everything I can just delete them because I'm not passing anything else to this okay and make sure that the deployment ID is proper which is what you have defined here um here storage site deploy the deployment identifier you specify okay now let's run and see what is going to happen so I gave a wrong um location So speaking of location one thing that I forgot to inform you is that so are three locations where you're going to run this infrastructure manager meaning that the infrastructure manager is enabled in three locations Asia East one Europe West one and US Central one now this doesn't mean that you cannot provision your services in any other location this precisely means that that the infrastructure manager manage service is going to run from any one of these location whichever you choose to run from the g-cloud command but you can deploy your services in any given region and there is no problem with that for instance I want to run this service from us Central one and I gave by mistake us Central So This Is Us Central one now go back here and fix it rerun the command so it is creating the deployment so what it is currently doing is it is creating the deployment with the revision zero so the revision starts with zero and it will append 1 2 3 4 5 subsequently as in when you update this deployment okay so the deployment is created and now if you go to the storage bucket you will see a new bucket that gets created which is called uh blueprint config and the most important thing for you to remember here is if there is an issue with the deployment you can go here and search for the logs to know exactly what happened with the deployment for example When I Was preparing for this demo I saw a couple of issues and I couldn't identify what was the cause of the issue from the console from the terminal so go to the storage bucket and if you scroll down you will exactly know what went wrong for instance uh there was an issue with the permission at at start at first and then I had to fix that from uh from the service account and IM am section and then it it it was working fine later so this is very important to understand okay this is part of your debugging and I'm hoping that Google cloud in future will enable all these things as part of the console like for for example if I have to compare this with the AWS cloud formation you see that very well defined in the cloud information console like how the stacks got created or what went wrong with the stacks or any issues that happened during the deployment process but here unfortunately you have to do it manually through logs and then you have to do it through gcloud command if you go back to the buckets us Central it created a new bucket called storage site deploy that is the name of our deployment and then it already has successfully created the static website bucket this is exactly what we had in the terraform main.tf so that got successfully provisioned cool so now you might have this question like okay I'm fine with whatever that's been done but what if I have to see what services or what I mean resources got provisioned in this uh deployment so for that always copy the deployment ID because that is unique for this deployment and then which is a storage site deploy now if you want to know list of resources that got deployed so the command is just copied the command here clear the screen and then paste it here gcloud INF from manager resources list revision is equal to projects okay it starts with the project project ID location C us central deployments inside the deployments you will have the proper deployment ID I forgot the deployment ID again let me go back and and find it from the bucket which is storage side deploy deploy in the revisions is zero you only have one revision so far so we have these resources that got created as part of this terraform apply okay now if I want want to delete the deployment again the command is simple and everything is well documented you don't have to worry about remembering these commands as always never remember the commands search in the documentation or look for the commands in the documentation storage site deploy yes and that would delete the resources and it will move this storage site deploy into the archive deployments because in future let's say if you want to go back and check what happened with the previous deployments or if you want to have the history and everything maintained it always puts that into archive which is a good thing instead of deleting that bucket so that's a wrap and a quick demo about the infrastructure manager which is a managed terraform service to provision Google Cloud resources like I've said before Google cloud is definitely looking into the right direction instead of Reinventing the wheel they are using terraform because everybody these days are well versed with terraform the challenge of maintaining the state everything can be avoided hopefully with Google Cloud manage service and if you want to know more about what happens with the state files within this manage service like locking unlocking and importing and all those Concepts let me know in the comment section I will try to create more tutorials of course if I get more likes to this video and if I get good views for this video try this out and let me know in the comment section if you have any questions and do subscribe to my channel if you haven't subscribed thank you so much for watching this video and I hope you learned something new today good luck with all your learnings take care bye

Info

Channel: Cloud Advocate

Views: 1,588

Rating: undefined out of 5

Keywords: Google Cloud, Cloud Computing, Cloud Technologies, GCP exam, GCP Associate exam, Google Associate exam, Cloud Engineer, DevOps specialist, Cloud Career tips, cloud advocate, infrastructure as code, terraform tutorial for beginners, google cloud infrastructure manager

Id: QM611eyKw7E

Channel Id: undefined

Length: 16min 0sec (960 seconds)

Published: Thu Dec 28 2023