Hands-on Intro to Infrastructure as Code using Terraform
Terraform is a way of uniquely declaring how to build your infrastructure in a centralised manner using a single declarative language in order to avoid the pain of having to manually configure them in different places.
Funnily enough, Terraform not only configures your infrastructure but also boots up your environment.
You can literally keep your whole infrastructure declared in a couple of files.
Other configuration management tools like Ansible are imperative in nature, i.e. they focus on how the tool should configure something.
Terraform is declarative, i.e. it focus on what you want to do and Terraform is supposed to work out how to do it.
In terms of commands, the bulk of what you will be doing with Terraform is executing mainly 3 commands: terraform init, terraform plan and terraform apply.
In this article, I will walk you through how to spin up a Kubernetes Cluster on Google Cloud using Terraform just to get you started.
We also have an article with an example on how to configure basic BIG-IP settings using Terraform: Automate Application Delivery with F5 and HashiCorp Terraform and Consul
How to Install it?
Download terraform from https://www.terraform.io/downloads.html
After that, you should unpack the executable and on Linux and Mac place its full path into $PATH environment variable to make it searchable.
Here's what I did after I downloaded it to my Mac:
It should be similar on Linux.
How to get started?
The best thing to do to get started with Terraform is to boot up a simple instance of an object from one of providers you're already comfortable with.
For example, if you know how to set up a Kubernetes cluster on GCP then try to spin it up using Terraform.
I'll show you how to create a Kubernetes Cluster on GCP with Terraform here.
Creating a Kubernetes Cluster on GCP with Terraform
Adding Provider Information
First thing to do is to tell Terraform what kind of provider it is going to configure, i.e. GCP? AWS? BIG-IP?
Terraform reads *.tf files from your terraform directory.
Let's create a file named providers.tf with Google Cloud provider information:
Note that we used the keyword "provider" to add our provider's authentication information (GCP in this case).
To access your GCP account via a third-party source, different app or Terraform as is the case here, you'd normally create a Service Account.
I created one specifically for Terraform and that's what most people do.
The rest is self-explanatory but credentials is where you add the full path to your auth file that you download once you create your service account.
Essentially, this will make Terraform authenticate to your GCP cloud account.
I added the following permissions to my sample Terraform Service Account:
Adding Resource Configuration
Likewise, if we want to create resources we simply add "resource" keyword.
In this case, google_container_cluster means we're spinning up a Kubernetes cluster on GCP.
I'm going to create a separate file to keep our resources separate from provider's information just to keep it more tidy.
There is no problem doing that at all as Terraform reads through all *.tf files.
Here's our file for our Kubernetes cluster:
For Kubernetes clusters we use google_container_cluster followed by the name of the cluster (I named it rod-cluster in this case).
Follow the breakdown of the information I added to above file:
- name: this is the name of the cluster
- location: this should be the GCP location where your Kubernetes project resides
- initial_node_count: this is the number of worker nodes in your cluster
- nodeconfig/oauth_scopes: these are the required components we need permission to run a Kubernetes cluster on GCP.
Now we're ready to initialise Terraform to spin up our GCP Kubernetes cluster.
However, before we jump into it, let's quickly answer one simple question.
How do we know what keyword exactly to declare in a Terraform file?
You can find the command's syntax in Terraform's documentation.
Just pick the provider: https://www.terraform.io/docs/providers/index.html
Now, back to business.
The way we initialise Terraform is by executing terraform init command in the same directory where your *.tf files reside:
In the background, Terraform downloaded GCP's plugin and placed it into .terraform folder:
Spinning up Execution Plan
The next step is to execute terraform plan command so that Terraform can automatically check for errors in your *.tf file, connect to your provider using your credentials, and lastly confirm what you've requested is something doable:
Our plan seems to be ok so let's move to our last step.
Applying Terraform changes
This is usually reliable but we never know until we apply it, right?
The way we do it is by using terraform apply command:
You will see the above prompt asking for your confirmation. Just answer yes and Terraform will connect to your provider and apply the changes automatically.
Here's what follows the 'yes' answer:
If we check my GCP account, we can confirm Terraform created the cluster for us:
How to apply changes or destroy?
You can use terraform apply again if you've modified something.
To destroy everything you've done you can use terraform destroy command:
There's much more to Terraform than what we've been through here.
We can use variables and there are plenty of other commands.
For example, we can create workspaces, ask Terraform to format your code for you and plenty of other things like listing resources Terraform is currently managing, graphs, etc.
This is just to give that initial taste of how powerful Terraform is.