Creating Terraform Configurations for GCP Service Catalog

When it comes to managing infrastructure and resources efficiently in Google Cloud Platform (GCP), Terraform is a go-to solution. In combination with GCP Service Catalog, you can streamline the provisioning of resources and make it more accessible to your organization’s users. This blog will guide you through the process of creating Terraform configurations for GCP Service Catalog.

Understanding Google Cloud Platform Service Catalog

Google Cloud Platform Service Catalog is a service that enables organizations to create and manage catalogs of services and products they offer to their users. These services can be anything from virtual machine configurations to Kubernetes clusters, databases, and more. Service Catalog acts as a central repository for these services, making it easy to discover, request, and manage resources.

Key benefits of GCP Service Catalog include:

Standardization: Service Catalog enforces standardized configurations and best practices, ensuring that resources are created consistently across the organization.

Self-service: Users can easily discover and request resources through the Service Catalog’s user-friendly interface, reducing the burden on IT teams.

Governance: Service Catalog allows organizations to enforce policies and access controls to ensure compliance with security and budgetary requirements.

Automation: Service Catalog can be integrated with automation tools like Terraform to automate resource provisioning and management.

Before you begin, ensure that you have the necessary IAM roles:

• Catalog Admin (roles/cloudprivatecatalogproducer.admin) OR Catalog Manager (roles/cloudprivatecatalogproducer.manager) for the Google Cloud organization associated with the GCP project with Service Catalog enabled. Reach out to your Organization Administrator for these roles if needed.
• Storage Admin (roles/storage.admin) for the project where Service Catalog is enabled.
• Cloud Build Editor (roles/cloudbuild.builds.editor) for the project where you intend to create the solution.

Setting Up Cloud Build

1. Enable the Cloud Build API: Go to the GCP Console, enable the Cloud Build API. This step will automatically create a Cloud Build service account that you’ll use later.
2. Go to the Cloud Build Page: In the GCP Console, navigate to the Cloud Build page.
3. Service Account: Use the service account email provided under the “Service account email” section.
4. Grant IAM Roles: Grant the following IAM roles to the service account:

For instructions on granting roles, refer to Google Cloud’s guide on configuring access for Cloud Build Service Account.

Managing Terraform Resources with Cloud Storage

Cloud Storage is an excellent tool for managing Terraform configuration files for Service Catalog. Follow these steps to set up and use Cloud Storage effectively:

Creating a Cloud Storage Bucket

1. In the GCP Console, navigate to the Cloud Storage Buckets page.
2. Enter your bucket information as per your requirements, ensuring that the bucket name meets the naming requirements.
3. Select the location type, location, storage class, and access control options.

Enabling Object Versioning

To protect your Terraform configurations from being deleted or overwritten, enable Object Versioning for your bucket. For instructions on enabling Object Versioning, refer to Google Cloud Storage’s documentation on Using Object Versioning.

Granting Access to Your Bucket

If users in your organization deploy the configuration in a different GCP project, you must grant access to your Cloud Storage bucket. You can do this in two ways:

1. Grant the Storage Object Viewer Role: Grant the Storage Object Viewer (roles/storage.objectViewer) role to your users’ Cloud Build service accounts or to the Google Cloud resource where your users deploy Terraform configurations (e.g., a project, folder, or organization).
2. Use an Access Control List (ACL): Manage access to the bucket using an Access Control List.

Refer to Google Cloud Storage’s Overview of access control for detailed information on managing access to buckets.

Creating and Uploading a Terraform Module

Once your Cloud Storage bucket is set up, create and upload a Terraform module, which serves as a container for your configuration files. This module is essential for automatically generating a JSON schema file that defines the variables of your configuration.

Here’s an example of a Terraform configuration file (main.tf):

variable "machine_type" {
  type    = string
  default = "n1-standard-1"
}

variable "zone" {
  type    = string
  default = "us-central1-a"
}

variable "deployment_identifier" {
  description = "The unique name for your instance"
  type        = string
}

resource "google_compute_instance" "default" {
  name         = "vm-${var.deployment_identifier}"
  machine_type = var.machine_type
  zone         = var.zone

  boot_disk {
    device_name = "boot"
    auto_delete = true
    initialize_params {
      image = "debian-cloud/debian-11"
    }
  }

  network_interface {
    network = "default"
    access_config {
      // Ephemeral IP
    }
  }
}

After creating your module, compress the file(s) into a zip file. Ensure the module is stored at the root of the zip file. To zip your Terraform files properly, run the following command:

Next, upload the zip file to your Cloud Storage bucket by following the steps outlined in Google Cloud Storage’s documentation on Uploading objects.

Creating the Configuration in Service Catalog

After setting up your Cloud Storage bucket with the Terraform module, it’s time to create a Service Catalog solution that includes the bucket.

To create the Terraform configuration as a Service Catalog solution:

1. Go to the Service Catalog Admin Solutions page in the GCP Console.
2. Choose the Google Cloud project by clicking “ Select.”
3. Click “ CREATE SOLUTION,” and from the drop-down list, select “Create Terraform config.”
4. Provide a name, description, and tagline for your Terraform configuration. The tagline serves as a short description for users browsing Service Catalog.
5. In the “Link to Terraform config” field, provide the link to the Cloud Storage bucket containing your zip file for the Terraform module, e.g., gs://my-terraform-bucket/my-zip-file.zip.
6. Optionally, you can upload an icon for the solution. Recommended dimensions for the icon are 80 by 80 pixels.
7. Optionally, enter a support link and contact information for the creator.
8. Optionally, add a link to the documentation for the solution.
9. Select the Terraform version you want to use for deploying the solution.

Your Terraform configuration is now a part of the Service Catalog, accessible to users in your organization.

By following these steps, you can effectively create Terraform configurations, manage them in Cloud Storage, and make them accessible through GCP Service Catalog. This approach empowers users to provision resources easily while maintaining control and governance over your infrastructure.

Reference:

• https://cloud.google.com/service-catalog/docs

Originally published at https://www.infinitonubo.com on October 6, 2023.