This repo implements GitOps approach with GCP Cloud Build and Terraform/Terragrunt
To start using SA, please, do the following:
- Create GCP SA, grenerate the key, rename to account.json and place this in the root of the project in ./auth dir
- Bind your credentials:
GOOGLE_APPLICATION_CREDENTIALS=$(pwd)/auth/account.json export GOOGLE_APPLICATION_CREDENTIALS=$(pwd)/auth/account.json
- Activate service account with JSON creds file
gcloud auth activate-service-account --key-file=${GOOGLE_APPLICATION_CREDENTIALS} - Check authorized account (to check the correct account has been choosed)
gcloud auth list
- Determine the project you'd like to work with
gcloud config set project PROJECT_ID - Prepare a bucket for TF states with a versioning enabled
PROJECT_ID=$(gcloud config get-value project) gsutil mb gs://${PROJECT_ID}-tfstate gsutil versioning set on gs://${PROJECT_ID}-tfstate
- Use manage.sh file for local testing
Read the Cloud Build output log. If you job fails on the Plan step, please, check Cloud Build accout permissions. Cloud Build executes your builds using a service account, a special Google account that executes builds on your behalf. The email for the Cloud Build service account is [PROJECT_NUMBER]@cloudbuild.gserviceaccount.com
- compute.networks.create
- compute.networks.get
- compute.networks.delete
- compute.subnetworks.create
- compute.networks.updatePolicy
- compute.subnetworks.get
- compute.subnetworks.delete
- compute.firewalls.create
- compute.zones.get
- compute.disks.create
- compute.firewalls.get
- compute.instances.create
- compute.subnetworks.use
- compute.subnetworks.useExternalIp
- compute.instances.setMetadata
- compute.instances.setTags