This Terraform code automates the provisioning of infrastructure for a Spanner Adaptor, including the following components:
-
VPN Creation:
- Sets up a Virtual Private Network (VPN) with private and public subnets.
-
Network Load Balancer Configuration:
- Configures a Network Load Balancer with SSL termination and a backend composed of a Network Endpoint Group.
-
GKE Cluster Creation:
- Creates a Google Kubernetes Engine (GKE) cluster in autopilot mode within the private GKE cluster.
-
Compute Instance Provisioning:
- Deploys a compute instance, utilized for connecting to the private GKE cluster.
-
Artifact Registry for Spanner Adaptor Docker Image:
- Establishes an Artifact Registry to store the Docker image for the Spanner Adaptor.
-
Service Account Creation:
- Sets up a service account designed for pod authentication to Spanner.
Ensure you have the following before getting started:
-
GCP Editor Role Permissions:
- Obtain the GCP Editor role permissions to manage resources on Google Cloud Platform.
-
SSL Certificate:
- Acquire an SSL certificate for lb configuration.
-
Terraform CLI:
- Install Terraform CLI on your machine. Download it from Terraform Downloads.
-
kubectl CLI:
- Install
kubectlCLI for Kubernetes cluster deployment. Follow the Kubernetes Documentation for installation instructions.
- Install
Ensure that the validated SSL certificate is stored in your local system at the specified location below.
private_key_path = "~/Desktop/ssl_certs_lb/privkey.pem"
certificate_path = "~/Desktop/ssl_certs_lb/cert_chain.pem"-
Clone the repository:
git clone [email protected]:cldcvr/cassandra-to-spanner-proxy.git
-
Prepare Google Cloud CLI Config:
export PROJECT_ID=<project_id> export REGION=<region> gcloud auth application-default login --project $PROJECT_ID gcloud config set project $PROJECT_ID
-
Create Bucket to Store Terraform state.
gcloud storage buckets create gs://tf-cassandra-to-spanner-bucket --location=$REGION -
Update the values in the
terraform.tfvarsfile, such as project_id, region, Subnets, and the respective certificate generator locations, as outlined in the example below.cd cassandra-to-spanner-proxy/deployment/infra-tf vi terraform.tfvars # Global variable project_id = "<project_id>" region = "asia-south1" prefix = "spanner-adaptor" environment = "dev" tags = ["spanner-adaptor"] # Network/Subnets pvt_subnet_cidr_ranges = "10.1.0.0/16" pub_subnet_cidr_ranges = "10.2.0.0/16" # LB private_key_path = "~/Desktop/ssl_certs_lb/privkey.pem" certificate_path = "~/Desktop/ssl_certs_lb/cert_chain.pem" app_port = 9042 app_protocol = "TCP" # Kubectl Proxy machine_type = "e2-micro" zone = "asia-south1-a" disk = { source_image = "ubuntu-os-cloud/ubuntu-2004-lts" auto_delete = true, boot = true, disk_type = "pd-balanced", disk_size_gb = 30, mode = "READ_WRITE" } # Service Account sa_roles = ["roles/spanner.databaseAdmin", "roles/spanner.viewer"]
-
Initialize the Terraform configuration:
terraform init -backend-config=bucket="tf-cassandra-to-spanner-bucket" -backend-config=prefix="terraform/tfstate/dev"
-
Plan & Apply the configuration:
terraform plan terraform apply
-
Terraform Output:
artifact-registry = "spanner-adaptor-docker-dev" gke_cluster = "spanner-adaptor-gke-dev" kubectl_proxy_vm = "kubectl-proxy-vm-dev" lb_ip = "xxx.xxx.xxx.xxx" server_account = "spanner-adaptor-proxy-sa-dev@<project_id>.iam.gserviceaccount.com" subnet_name_pub = "spanner-adaptor-pub-subnetwork-dev" subnet_name_pvt = "spanner-adaptor-pvt-subnetwork-dev" vpc_name = "spanner-adaptor-vpc-dev"
This Terraform configuration requires Terraform version 0.13 or later. The required Google provider and its version are specified as follows:
terraform {
required_version = ">= 0.13"
required_providers {
google = {
source = "hashicorp/google"
version = "~> 5.1.0"
}
}
}In order to operate with the Service Account you must activate the following APIs on the project where the Service Account was created:
- Compute Engine API - compute.googleapis.com
- Kubernetes Engine API - container.googleapis.com
- Artifact Registry API - artifactregistry.googleapis.com