Intro
This will be the first of a 3 part series to get FeatureHub running on GCP Cloud Run using Infrastructure as Code.
Our tool of choice is Pulumi for Infrastructure as code because it is cross team collaborative and epitomises DevOps Culture.
In part 1 of the series, we will be setting up Pulumi with a Cloud Storage infrastructure backend and encryption using GCP KMS. We start with the following steps in https://www.pulumi.com/docs/get-started/gcp/create-project/ but with proper security.
Prerequisites
Make sure you have all of the Pulumi dependencies installed. https://www.pulumi.com/docs/get-started/gcp/begin/
You will also need to setup a KMS keyring and a key using this guide: https://cloud.google.com/kms/docs/creating-keys
You will also need to create a Cloud Storage bucket following this guide https://cloud.google.com/storage/docs/creating-buckets
Steps
1. Run the following command:
gcloud config set project <YOUR_GCP_PROJECT_ID> (replace <YOUR_GCP_PROJECT_ID> with your project ID)
gcloud auth application-default login
this may fail depending on your OS and you will need to run:
gcloud auth login --no-launch-browser
Then paste URL it gives you into a browser and then copy paste code to terminal.
2. Now we will create the new Pulumi project as per https://www.pulumi.com/docs/get-started/gcp/create-project/
mkdir quickstart && cd quickstart
pulumi new gcp-typescript
The caveat here is you need the pass in the URI to your KMS key:
quickstart pulumi new gcp-typescript --secrets-provider="gcpkms://projects/<YOUR_GCP_PROJECT_ID>/locations/global/keyRings/<KEY_RING_NAME>/cryptoKeys/<KEY_NAME>"
This command will walk you through creating a new Pulumi project.
Enter a value or leave blank to accept the (default), and press <ENTER>.
Press ^C at any time to quit.
project name: (quickstart)
project description: (A minimal Google Cloud TypeScript Pulumi program)
Created project 'quickstart'
stack name: (dev)
Created stack 'dev'
gcp:project: The Google Cloud project to deploy into: <YOUR_GCP_PROJECT_ID>
Saved config
3. Then you need to login and point to the Cloud Storage bucket where your backend (state) will go.
pulumi login gs://<YOUR_BUCKET_NAME>
After this you can continue following https://www.pulumi.com/docs/get-started/gcp/review-project/ with the content for your index.ts (to create an example bucket) and then run
pulumi up
If you followed these steps you should see that your Cloud Storage bucket now has the contents of your infrastructure backend.
Comments