Google Compute Engine Web App Environment

What is this?

This repository is a provisioning example of the Google Cloud Platform to serve a traditional Web Application.

The example provision the system as composed below resources by Terraform.

Cloud DNS
Cloud Load Balancing
Cloud Armor
Compute Engine
Cloud SQL for MySQL
Memorystore for Redis

Prepare

1. Create Google Cloud service account and generate the key

You need a Google Cloud service account that has roles as below.

Owner
Storage Admin

If you don't have any service account, you should create a new one.
If your service account has not the above roles, you should add the roles.

Place GCP service account key as a JSON formatted file at config/credentials/google-cloud-keyfile.json.

If you use 1Password, you can get the file like below command.

op get document YOUR-DOCUMENT-NAME > config/credentials/google-cloud-keyfile.json

To get more information about Google Cloud service account and service account key, see:

2. Create .env file

Create a text file as named .env like below.

# UID=1000 # only needs on Linux/UNIX
# GID=100 # only needs on Linux/UNIX
CLOUDSDK_CORE_PROJECT=YOUR-GCP-PROJECT-NAME
TF_VAR_gcp_project_id=YOUR-GCP-PROJECT-NAME
PROJECT_UNIQUE_ID=YOUR-UNIQUE-STRING
TF_VAR_project_unique_id=YOUR-UNIQUE-STRING
TF_VAR_basename=YOUR-STRING-FOR-PREFIX
TF_VAR_basedomain=your-delegatable-domain.example.com
TF_VAR_ip_cidr_range=10.0.0.0/24
TF_VAR_cidr_blocks_allow_http=["0.0.0.0/0"]
TF_VAR_cidr_blocks_allow_http_restricted=["0.0.0.0/0"]
TF_VAR_cidr_blocks_allow_ssh=["0.0.0.0/0"]
TF_VAR_cloud_sql_root_password=A-PASSWORD-YOU-DECIDED
TF_VAR_cloud_sql_reader_password=A-PASSWORD-YOU-DECIDED
TF_VAR_cloud_sql_writer_password=A-PASSWORD-YOU-DECIDED
TF_VAR_github_accounts_for_ssh=["your-github-account-name"]

3. Place user SSH public keys

Download user SSH public keys from GitHub like below commands.
The public keys are used for SSH login to the step servers.

mkdir -p tmp/users-keys/mazgi
curl -L github.com/mazgi.keys > tmp/users-keys/mazgi/pubkeys.txt

Provisioning

docker-compose up provisioning

docker-compose run provisioning terraform apply

You get outputs like below if your terraform apply command succeeded.
You should delegate the sub-domain with name_servers values you get.

Test

See How to check the provisioned environment.

Name		Name	Last commit message	Last commit date
Latest commit History 4 Commits
Dockerfile.d/provisioning		Dockerfile.d/provisioning
config/credentials		config/credentials
docs/images		docs/images
.gitignore		.gitignore
LICENSE		LICENSE
README.md		README.md
app.certificate.tf		app.certificate.tf
app.firewall.tf		app.firewall.tf
app.instance-group.tf		app.instance-group.tf
app.instance.tf		app.instance.tf
app.load-balancer.tf		app.load-balancer.tf
cloud-armor.tf		cloud-armor.tf
cloud_sql.tf		cloud_sql.tf
dns.tf		dns.tf
docker-compose.yml		docker-compose.yml
how-to-check-the-provisioned-environment.md		how-to-check-the-provisioned-environment.md
locals.tf		locals.tf
nat_gateway.instance.tf		nat_gateway.instance.tf
nat_gateway.routes.tf		nat_gateway.routes.tf
outputs.tf		outputs.tf
redis.tf		redis.tf
step.instance.tf		step.instance.tf
step.metadata_startup_script.template.sh		step.metadata_startup_script.template.sh
step.service-account.tf		step.service-account.tf
step.ssh_private_keys.tf		step.ssh_private_keys.tf
terraform.tf		terraform.tf
user.ssh-pubkeys.tf		user.ssh-pubkeys.tf
variable.tf		variable.tf
vpc.tf		vpc.tf

License

mazgi-showcase/202005.gce-webapp-environment

Folders and files

Latest commit

History

Repository files navigation

Google Compute Engine Web App Environment

What is this?

Prepare

Provisioning

Test

Links

About

Topics

Resources

License

Stars

Watchers

Forks

Languages