Introduction

GCP or Google Cloud Platform is quickly emerging as a major force in the public cloud space. It is at no.3 right now by marketshare(7%) behind AWS(32%) and Azure (19%)1. As per the 2020 Magic Quadrant report, it is very close to bridging the gap with the other 2 leaders2.

In this series, We will setup a free tier GCP account and explore some of the services by creating some basic projects.

The first step is to enroll yourself for the free GCP account (with $300 credit - 90 days). You do need a credit card to sign-up but Google assures, it won’t be charged until you enable the automatic billing in the console (a safety net of sorts?). You can use the free tier services without this turned on, however, there are some services which will ask you to enable this billing thing before proceeding.

GCP Basics

This https://cloud.google.com/docs/overview is a good starting point to undrstanding more about the layout of a typical GCP account and its different sections. If you are familier with any of the other clouds (AWS or Azure), these pages https://cloud.google.com/docs/compare/aws, https://cloud.google.com/docs/compare/azure can help you understand the corresponding GCP service offerings.

First Exercise

We will keep this fairly simple. It will involve

  • Setting up a free account
  • Configuring and understanding gcloud cli
  • Enabling some googleapis to work with - like compute, iam etc.
  • Setting up a new project
  • Setting up permissions and service-accounts
  • Creating a storage bucket with versioning
  • Creating a new instance in the default network topology
  • Cleanup - deleting all resources.

gcloud is the cli to work with GCP. It can be run either directly on the browser or locally after installing Cloud SDK.

GCP has an extra concept of “enabling/disabling” APIs. This is a prerequisite before you can use any service.

Steps

Now we will go through the steps to complete the aforementioned tasks. I am not including the tasks for creating a account, and adding your billing information here.

1. Create a new project

In GCP, resources are logically separated under projects. Think of it as a namespace. Resources in one project don’t have access to resources in other projects by default. There are ways to allow this, but that’s for a later post.

Remember to assign a unique project-id

1$ gcloud projects create tools-202011

2. Associate the new project to an active billing account

1$ gcloud alpha billing projects link  tools-202011 --billing-account 01132C-383548-8543A6

3. Create a new service account

This will be used by Terraform to provision resources. A separate service account ensures that it’s permissions can be tightly controlled.

Note the service account email full string, will be needed in the later steps.

1$ gcloud iam service-accounts create tools-service-account
2$ gcloud iam service-accounts list
3DISPLAY NAME EMAIL                                          DISABLED
4tools-service-account@tools-202011.iam.gserviceaccount.com  False

4. Create a key for the service account

1$ gcloud iam service-accounts keys create --iam-account tools-service-account@tools-202011.iam.gserviceaccount.com tools-service-account.json

5. Attach permissions to the service account

Allow access on compute and storage googleapis by attaching existing roles.

1$ gcloud projects add-iam-policy-binding tools-202011 --member serviceAccount:tools-service-account@tools-202011.iam.gserviceaccount.com --role roles/storage.admin
2
3$ gcloud projects add-iam-policy-binding tools-202011 --member serviceAccount:tools-service-account@tools-202011.iam.gserviceaccount.com --role roles/compute.admin

6. Enable necessary APIs

This will need to be enabled before we can use these services and it’s APIs.

1$ gcloud services enable cloudresourcemanager.googleapis.com
2$ gcloud services enable cloudbilling.googleapis.com
3$ gcloud services enable iam.googleapis.com
4$ gcloud services enable compute.googleapis.com
5$ gcloud services enable serviceusage.googleapis.com

7. Create Storage Bucket

This will be used for terraform remote state, so enable versioning as well. For working with the storage buckets the cli to use is gsutil

1$ gsutil mb -p tools-202011 gs://tools-202011
2$ gsutil versioning set on gs://tools-202011

8. Run terraform

With all the prerequisites completed, we can now setup terraform to work with GCP.

Download the latest terraform installer from here, the basic terraform template from here

Next, we need to provide credentials to terraform. Export the environment variable GOOGLE_APPLICATION_CREDENTIALS=tools-service-account.json. The json provided here is created in the step-4 above with the service account.

Now we can run the terraform commands to launch our instance.

1$ terraform init
2$ terraform apply

Type Yes when prompted. The instance will be ready in a few mins. Next, validate the resources that are created so far.

9. Validate

We can validate what resources have been creating either from the console or gcloud cli. Use these command to verify the resources are created as expected -

Instance and disk created

1$ gcloud compute instances list --filter="zone:us-central1-a"
2NAME          ZONE           MACHINE_TYPE  PREEMPTIBLE  INTERNAL_IP  EXTERNAL_IP     STATUS
3tf-compute-1  us-central1-a  f1-micro                   10.128.0.21   104.154.265.8  RUNNING
4
5$ gcloud compute disks list --filter="zone:us-central1-a"
6NAME          LOCATION       LOCATION_SCOPE  SIZE_GB  TYPE         STATUS
7tf-compute-1  us-central1-a  zone            10       pd-standard  READY

Storage bucket and terraform state file created

1$ gsutil ls -r gs://tools-202011/*
2gs://tools-202011/terraform/:
3
4gs://tools-202011/terraform/day0-state/:
5gs://tools-202011/terraform/day0-state/default.tfstate

Finally, let’s SSH to this new instance using gcloud console

1$ gcloud compute ssh tf-compute-1 --zone us-central1-a

Note: If gcloud can’t find a ssh-keypair in your home directory it will prompt you to create one first, and then connect to the instance using it.

GCP handles the SSH keypairs a bit differently in the sense that, they are tied to a project. The keys are picked up from the instance metadata. You can inspect the available keys by requesting this from within an instance

1$ curl http://metadata.google.internal/computeMetadata/v1/project/attributes/ssh-keys -H"Metadata-Flavor: Google"
2abiydv:ssh-rsa AAAAB3Nza.........
3...........abiydv@tf-compute-1:~$

10. Cleanup

Remove all the resources created so far.

1$ terraform destroy --auto-approve

Conclusion

This was a simple exercise suitable to develop a basic understanding of GCP - creating a free tier account, understanding the layout, some key services like iam, storage, compute etc, using/configuring the cli - gcloud and finally, using terraform with GCP.

In the next few posts, we will build on this and also explore other services, use-cases etc. 👍

Note:  Code mentioned above is here 

References (4)

  1. Gcp Free Tier 
  2. Gcloud 
  3. Managing Gcp Projects With Terraform 
  4. Connecting to Instance 

  1. https://www.canalys.com/newsroom/worldwide-cloud-market-q320 ↩︎

  2. https://cloud.google.com/gartner-cloud-infrastructure-as-a-service ↩︎