The purpose of this step is to set up dev, nonprod, and prod environments within the GCP organization.
- 0-bootstrap executed successfully.
- 1-org executed successfully.
- Cloud Identity / G Suite group for monitoring admins.
- Membership in the monitoring admins group for user running terraform
- Clone repo
gcloud source repos clone gcp-environments --project=YOUR_CLOUD_BUILD_PROJECT_ID
- Change freshly cloned repo and change to non master branch
git checkout -b plan
- Copy contents of foundation to new repo
cp -RT ../terraform-example-foundation/2-environments/ .
(modify accordingly based on your current directory) - Copy cloud build configuration files for terraform
cp ../terraform-example-foundation/build/cloudbuild-tf-* .
(modify accordingly based on your current directory). - Copy terraform wrapper script
cp ../terraform-example-foundation/build/tf-wrapper.sh .
1. Copy terraform wrapper scriptcp ../terraform-example-foundation/build/tf-wrapper.sh .
to the root of your new repository (modify accordingly based on your current directory). to the root of your new repository (modify accordingly based on your current directory). - Ensure wrapper script can be executed
chmod 755 ./tf-wrapper.sh
. - Rename
terraform.example.tfvars
toterraform.tfvars
and update the file with values from your environment and bootstrap (you can re-runterraform output
in the 0-bootstrap directory to find these values). - Commit changes with
git add .
andgit commit -m 'Your message'
- Push your plan branch to trigger a plan for all environments
git push --set-upstream origin plan
(the branchplan
is not a special one. Any branch which name is different fromdev
,nonprod
orprod
will trigger a terraform plan).- Review the plan output in your cloud build project https://console.cloud.google.com/cloud-build/builds?project=YOUR_CLOUD_BUILD_PROJECT_ID
- Merge changes to dev with
git checkout -b dev
andgit push origin dev
- Review the apply output in your cloud build project https://console.cloud.google.com/cloud-build/builds?project=YOUR_CLOUD_BUILD_PROJECT_ID
- Merge changes to nonprod with
git checkout -b nonprod
andgit push origin nonprod
- Review the apply output in your cloud build project https://console.cloud.google.com/cloud-build/builds?project=YOUR_CLOUD_BUILD_PROJECT_ID
- Merge changes to prod branch with
git checkout -b prod
andgit push origin prod
- Review the apply output in your cloud build project https://console.cloud.google.com/cloud-build/builds?project=YOUR_CLOUD_BUILD_PROJECT_ID
-
Clone the repo you created manually in bootstrap:
git clone <YOUR_NEW_REPO-2-environments>
-
Navigate into the repo
cd YOUR_NEW_REPO_CLONE-2-environments
and change to a non prod branchgit checkout -b plan
(the branchplan
is not a special one. Any branch which name is different fromdev
,nonprod
orprod
will trigger a terraform plan). -
Copy contents of foundation to new repo
cp -RT ../terraform-example-foundation/2-environments/ .
(modify accordingly based on your current directory). -
Copy the Jenkinsfile script
cp ../terraform-example-foundation/build/Jenkinsfile .
to the root of your new repository (modify accordingly based on your current directory). -
Update the variables located in the
environment {}
section of theJenkinsfile
with values from your environment:_POLICY_REPO (optional) _TF_SA_EMAIL _STATE_BUCKET_NAME
-
Copy terraform wrapper script
cp ../terraform-example-foundation/build/tf-wrapper.sh .
1. Copy terraform wrapper scriptcp ../terraform-example-foundation/build/tf-wrapper.sh .
to the root of your new repository (modify accordingly based on your current directory). to the root of your new repository (modify accordingly based on your current directory). -
Ensure wrapper script can be executed
chmod 755 ./tf-wrapper.sh
. -
Rename
terraform.example.tfvars
toterraform.tfvars
and update the file with values from your environment and bootstrap (you can re-runterraform output
in the 0-bootstrap directory to find these values). -
Commit changes with
git add .
andgit commit -m 'Your message'
-
Push your plan branch
git push --set-upstream origin plan
. The branchplan
is not a special one. Any branch which name is different fromdev
,nonprod
orprod
will trigger a terraform plan.- Assuming you configured an automatic trigger in your Jenkins Master (see Jenkins sub-module README), this will trigger a plan. You can also trigger a Jenkins job manually. Given the many options to do this in Jenkins, it is out of the scope of this document see Jenkins website for more details.
- Review the plan output in your Master's web UI.
-
Merge changes to dev with
git checkout -b dev
andgit push origin dev
- Review the apply output in your Master's web UI (You might want to use the option to "Scan Multibranch Pipeline Now" in your Jenkins Master UI).
-
Merge changes to nonprod with
git checkout -b nonprod
andgit push origin nonprod
- Review the apply output in your Master's web UI (You might want to use the option to "Scan Multibranch Pipeline Now" in your Jenkins Master UI).
-
Merge changes to prod branch with
git checkout -b prod
andgit push origin prod
- Review the apply output in your Master's web UI (You might want to use the option to "Scan Multibranch Pipeline Now" in your Jenkins Master UI).
-
You can now move to the instructions in the step 3-networks.
- Change into 2-environments folder.
- Run
cp ../build/tf-wrapper.sh .
- Run
chmod 755 ./tf-wrapper.sh
- Rename terraform.example.tfvars to terraform.tfvars and update the file with values from your environment and bootstrap.
- Update backend.tf with your bucket from bootstrap. You can run
for i in `find -name 'backend.tf'`; do sed -i 's/UPDATE_ME/<YOUR-BUCKET-NAME>/' $i; done
. You can runterraform output gcs_bucket_tfstate
in the 0-bootstap folder to obtain the bucket name.
We will now deploy each of our environments(dev/prod/nonprod) using this script. When using Cloud Build or Jenkins as your CI/CD tool each environment corresponds to a branch is the repository for 2-environments step and only the corresponding environment is applied.
- Run
./tf-wrapper.sh init dev
- Run
./tf-wrapper.sh plan dev
and review output. - Run
./tf-wrapper.sh apply dev
- Run
./tf-wrapper.sh init nonprod
- Run
./tf-wrapper.sh plan nonprod
and review output. - Run
./tf-wrapper.sh apply nonprod
- Run
./tf-wrapper.sh init prod
- Run
./tf-wrapper.sh plan prod
and review output. - Run
./tf-wrapper.sh apply prod
If you received any errors or made any changes to the Terraform config or terraform.tfvars
you must re-run ./tf-wrapper.sh plan <env>
before run ./tf-wrapper.sh apply <env>