Your system needs the gcloud cli, as well as terraform:
brew install Caskroom/cask/google-cloud-sdk
go get -u github.com/hashicorp/terraformYou will also want to setup a "project-wide" SSH key to allow SSH access to the VMs in your deployment. You can follow the directions here to set up a key.
This repository requires at least v0.7.7 of terraform
You will also need a key file for your service account to allow terraform to deploy resources. If you don't have one, you can create a service account and a key for it:
gcloud iam service-accounts create some-account-name
gcloud iam service-accounts keys create "terraform.key.json" --iam-account "[email protected]"
gcloud projects add-iam-policy-binding PROJECT_ID --member 'serviceAccount:some-account-name@PROJECT_ID.iam.gserviceaccount.com' --role 'roles/editor'You will need to enable the [Google Cloud Resource Manager API] (https://console.developers.google.com/apis/api/cloudresourcemanager.googleapis.com/) on your GCP account. The Google Cloud Resource Manager API provides methods for creating, reading, and updating project metadata.
You will also need to enable the [Google Cloud DNS API] (https://console.developers.google.com/apis/api/dns/overview) on your GCP account. The Google Cloud DNS API provides methods for creating, reading, and updating project DNS entries.
Copy the stub content below into a file called terraform.tfvars and put it in the root of this project. These vars will be used when you run terraform apply. You should fill in the stub values witht he correct content.
env_name = "some-envrionment-name"
region = "us-central1"
zones = ["us-central1-a", "us-central1-b", "us-central1-c"] //The count must be 3
project = "your-gcp-project"
dns_suffix = "gcp.some-project.cf-app.com"
ssl_cert = "-----BEGIN CERTIFICATE-----some cert-----END CERTIFICATE-----\n"
ssl_cert_private_key = "-----BEGIN RSA PRIVATE KEY-----some cert private key-----END RSA PRIVATE KEY-----\n"
service_account_key = <<SERVICE_ACCOUNT_KEY
{
"type": "service_account",
"project_id": "your-gcp-project",
"private_key_id": "another-gcp-private-key",
"private_key": "-----BEGIN PRIVATE KEY-----another gcp private key-----END PRIVATE KEY-----\n",
"client_email": "[email protected]",
"client_id": "11111111111111",
"auth_uri": "https://accounts.google.com/o/oauth2/auth",
"token_uri": "https://accounts.google.com/o/oauth2/token",
"auth_provider_x509_cert_url": "https://www.googleapis.com/oauth2/v1/certs",
"client_x509_cert_url": "https://www.googleapis.com/robot/v1/metadata/x509/"
} SERVICE_ACCOUNT_KEY- project: (required) ID for your GCP project
- env_name: (required) An arbitrary unique name for namespacing resources
- region: (required) Region in which to create resources (e.g. us-central1)
- zones: (required) Zones in which to create resources. Must be within the given region. (e.g. [us-central1-a, us-central1-b, us-central1-c])
- service_account_key: (required) Contents of your service account key file generated using the
gcloud iam service-accounts keys createcommand. - dns_suffix: (required) Domain to add environment subdomain to (e.g. foo.example.com)
- ssl_cert: (required) SSL certificate for HTTP load balancer configuration. Can be either trusted or self-signed.
- ssl_cert_private_key: (required) Private key for above SSL certificate.
- sql_db_tier: (optional) DB tier
- cf_sql_db_host: (optional) The host the user can connect from. Can be an IP address. Changing this forces a new resource to be created
- cf_sql_db_username: (optional) Username for database
- cf_sql_db_password: (optional) Password for database
- cf_sql_instance_count: (optional) Number of instances, defaults to 0.
Note: please make sure you have created the terraform.tfvars file above as mentioned.
terraform applyterraform destroy