|
1 |
| -# Cloud Infrastructure |
| 1 | +# Terraform Cloud Project |
2 | 2 |
|
3 |
| -The Google Cloud Platform (GCP) and Cloudflare infrastructure resources required |
4 |
| -by the app and that can be bootstrapped via [Terraform](https://www.terraform.io/). |
| 3 | +This folder contains the Terraform configurations for our project's infrastructure, managed through Terraform Cloud. The infrastructure is divided into multiple workspaces to handle different environments and shared resources. |
5 | 4 |
|
6 |
| -## Requirements |
| 5 | +## Directory Structure |
7 | 6 |
|
8 |
| -- [Node.js](https://nodejs.org/en/) v18+ with [Yarn](https://yarnpkg.com/) package manager |
9 |
| -- [Google Cloud SDK](https://cloud.google.com/sdk/docs/install) and [Terraform CLI](https://learn.hashicorp.com/tutorials/terraform/install-cli) |
10 |
| -- Access to [Google Cloud Projects](https://cloud.google.com/resource-manager/docs/creating-managing-projects) and [Terraform Cloud](https://cloud.hashicorp.com/products/terraform) workspaces |
| 7 | +The repository is organized into the following directories, each corresponding to a specific Terraform Cloud workspace: |
11 | 8 |
|
12 |
| -<details> |
13 |
| - <summary>How to install Terraform CLI on macOS?</summary><br> |
| 9 | +- **[`/core`](./core/)** - This directory contains the Terraform configurations for the global/shared resources used across all environments. These may include VPCs, shared databases, IAM roles, etc. |
14 | 10 |
|
15 |
| -```bash |
16 |
| -$ brew tap hashicorp/tap |
17 |
| -$ brew install hashicorp/tap/terraform |
18 |
| -$ brew update |
19 |
| -$ brew upgrade hashicorp/tap/terraform |
20 |
| -$ yarn tf -version |
21 |
| -``` |
| 11 | +- **[`/server-prod`](./server-prod/)** - Contains the Terraform configurations for the production web server. This workspace should be configured with production-grade settings, ensuring high availability and security. |
22 | 12 |
|
23 |
| -</details> |
| 13 | +- **[`/server-test`](./server-test/)** - Holds the configurations for the testing/QA web server. This environment mirrors production closely and is used for final testing before deploying to production. |
24 | 14 |
|
25 |
| -<details> |
26 |
| - <summary>How to create Google Cloud Platform projects?</summary><br> |
| 15 | +- **[`/server-preview`](./server-preview/)** - This directory is for the preview web server, typically used for staging and pre-release reviews. It might contain configurations that are under testing or not yet approved for the testing environment. |
27 | 16 |
|
28 |
| -Simply navigate to [Google Cloud Resource Manager](https://console.cloud.google.com/cloud-resource-manager) |
29 |
| -and create two GCP projects for both `test` (QA) and `prod` (production) |
30 |
| -environments, e.g. "example" and "example-test". |
| 17 | +## Usage |
31 | 18 |
|
32 |
| -Fore more information visit https://cloud.google.com/resource-manager/docs/creating-managing-projects<br> |
| 19 | +### Prerequisites |
33 | 20 |
|
34 |
| -</details> |
| 21 | +- Terraform |
| 22 | +- Access to the Terraform Cloud workspace |
35 | 23 |
|
36 |
| -<details> |
37 |
| - <summary>How to configure Terraform Cloud workspaces?</summary><br> |
| 24 | +### Setting Up Workspaces in Terraform Cloud |
38 | 25 |
|
39 |
| -1. Sign in to [Terraform Cloud](https://cloud.hashicorp.com/products/terraform) dashboard. |
40 |
| -2. Create or join an organization. |
41 |
| -3. Create two workspaces — `app-test` and `app-prod` for test/QA and production environments. |
42 |
| -4. In each of these workspaces create an environment variable called `GOOGLE_CREDENTIALS` with the value containing JSON key of a GCP [service account](https://cloud.google.com/iam/docs/service-accounts). Note, this GCP service account needs to have `Owner` or `Editor` + `Service Usage Admin` roles. |
| 26 | +1. Log in to Terraform Cloud. |
| 27 | +2. Create a workspace for each directory/environment. |
| 28 | +3. Link each workspace to the corresponding directory in this repository. |
| 29 | +4. Save Terraform API token to the `../.terraformrc` file. |
43 | 30 |
|
44 |
| -For more information visit https://registry.terraform.io/providers/hashicorp/google/latest/docs/guides/provider_reference<br> |
| 31 | +### Working with Terraform |
45 | 32 |
|
46 |
| -</details> |
| 33 | +To work with Terraform configurations: |
47 | 34 |
|
48 |
| -<details> |
49 |
| - <summary>How to authenticate Terraform CLI in Terraform Cloud?</summary><br> |
| 35 | +1. Navigate to the appropriate directory (e.g., `cd server-prod`). |
| 36 | +2. Initialize Terraform: `terraform init`. |
| 37 | +3. Apply configurations: `terraform apply`. |
50 | 38 |
|
51 |
| -1. Create a personal or team [API Token](https://learn.hashicorp.com/tutorials/terraform/cloud-login) via [Terraform Cloud](https://app.terraform.io/app/) dashboard → [Settings](https://app.terraform.io/app/settings/tokens). |
52 |
| -2. Save API token to the `.terraformrc` file in root of the project: |
| 39 | +Ensure that you are working in the correct workspace to avoid misconfigurations. |
53 | 40 |
|
54 |
| -``` |
55 |
| -credentials "app.terraform.io" { |
56 |
| - token = "xxxxxx.atlasv1.zzzzzzzzzzzzz" |
57 |
| -} |
58 |
| -``` |
| 41 | +### Contributions |
59 | 42 |
|
60 |
| -**NOTE**: This would allow to using different Terraform credentials per software project if you want to.<br> |
| 43 | +Please follow our contribution guidelines for making changes or adding new configurations. Ensure you test configurations in the test and preview environments before applying them to production. |
61 | 44 |
|
62 |
| -</details> |
| 45 | +## Support |
63 | 46 |
|
64 |
| -## Getting Started |
| 47 | +For any issues or questions related to this Terraform setup, please contact [@koistya](https://github.com/koistya) on our [Discord server](https://discord.com/invite/bSsv7XM). |
65 | 48 |
|
66 |
| -- `yarn tf init -upgrade` — Initializes a Terraform workspace |
67 |
| -- `yarn tf plan` — creates an execution plan |
68 |
| -- `yarn tf apply` — executes the actions proposed by the `yarn tf plan` command |
| 49 | +### References |
69 | 50 |
|
70 |
| -**NOTE**: By default the `app-test` Terraform workspace is used. In order to use |
71 |
| -the production workspace, set `TF_WORKSPACE` environment variable to `prod`. For |
72 |
| -example: |
73 |
| - |
74 |
| -```bash |
75 |
| -$ TF_WORKSPACE=prod tf plan |
76 |
| -$ TF_WORKSPACE=prod tf apply |
77 |
| -``` |
78 |
| - |
79 |
| -**NOTE**: You need to run Terraform commands via `yarn tf <command> [...args]`. |
80 |
| - |
81 |
| -<p align="center"> |
82 |
| - <a href="https://www.youtube.com/watch?v=tomUWcQ0P3k"><img src="https://user-images.githubusercontent.com/197134/151321818-d47fe54f-c19e-4d4c-9834-c33e589a33e1.png" alt="" width="640" height="360" /></a> |
83 |
| -</p> |
84 |
| - |
85 |
| -Fore more information visit https://learn.hashicorp.com/terraform |
| 51 | +- https://learn.hashicorp.com/terraform |
| 52 | +- https://cloud.google.com/docs/terraform/best-practices-for-terraform |
| 53 | +- https://cloud.google.com/iam/docs/workload-identity-federation-with-deployment-pipelines |
| 54 | +- https://registry.terraform.io/providers/hashicorp/google/latest/docs/guides/provider_reference.html |
0 commit comments