Multi-tier architecture using Kubernetes on Google Cloud using Terraform.
In this project, I am going to create an infrastructure having Wordpress on top of Google kubernetes Engine and SQL database for its backend management over Google cloud platform.
WHY GOOGLE CLOUD PLATFORM ??
Google Cloud Platform, offered by Google, is a suite of cloud computing services that runs on the same infrastructure that Google uses internally for its end-user products, such as Google Search, Gmail, file storage, and YouTube.
In this article, following objective has been satisfied:
1. Create multiple projects namely developer and production
2. Create VPC network for both the projects
3. Create a link between both the VPC networks using VPC Peering
4. Create a Kubernetes Cluster in developer project and launch any web application with the Load balancer
5. Create a SQL server in the production project and create a database
6. Connect the SQL database to the web application launched in the Kubernetes cluster.
Let us start implementing step by step.
To start working over the Google cloud, you need to create a project. The project will act as a top level container and would hold all the Google cloud resources.
In this architecture i am going to create two projects, in the first one i would be launching the Wordpress and in the second the database would be launched.
Now, we need to create service accounts in each project.
Click on Navigation menu> IAM & Admin > Service Accounts
Create a New Service Account.
Click on create a key and download the key file which will be used later when there is requirement to log in using the service account.
You need to do the same process for the other project as well ie. first create the service account and then download the key.
Now, you need to specify the roles for each service account.
Select the service account > edit the permission
For the management purpose, there is one main folder which contains two subfolders:
· First one, App_server which will contain all the files related to the configuration of the Wordpress on GKE
· Second one, DB_server which will contain all the files related to configuration of the SQL database server.
The keys of the respective service accounts have been saved in the respective subfolders.
Let us move to the main.tf file
Instead of using the files directly, I have created modules. Creating modules is recommended for the management purpose of your code.
While creating a moule, you need to specify where this folder, or here you can say module, is actually located. Also, if you would like to use the variable value from some other module you need to specify the variable in the following format: “module.module_name_value”
Next is the file where we specify the required providers.
Here we need to set the provider as “google” and specify the credentials(here we need to specify the location of the key that we downloaded at the time of creating the service accounts), project and the region.
Creating VPC for each project and VPC Peering.
At the starting of the code, i have declared certain variables. The variables that we want to use in some other modules are to be declared in such ways.
google_compute_network is the resource that is used for creating a VPC. Also, here we specify the auto creation of the subnet to be false because we would like to create our own subnet.
google_compute_subnetwork is the resource which allows us to create our own subnet.
Next step is VPC Peering, which is basically connecting two VPCs internally for the data transfer. For this we use google_compute_networking_peering resource.
Configuring GKE(Google Kubernetes Engine)
google_container_cluster resource is used for the Google Kubernetes Engine. Here the parametres like name, location, initial node count, network i.e. VPC and subnetwork i.e. subnet have to be specified.
I have specified the remove_default_node_pool parametre as true because I have created my own node pool.
google_container_node_pool is the resource that needs to be used where we need to specify the name, location, cluster, node_count etc.
node_config is created to specify the type of machine, and various specifications about the harddisk etc.
This resource is to run a command on our local systems for configuring our local system as a kubernetes client.
Configuring the SQL Database
google_sql_database_instance is the resource that is used to create the SQL database. The name, region & the database_version are specified. ipv4_enabled is the option by which you can specify that whether the instance should be assigned a public ipv4 or not. I have set this to true which makes sure that my instance is assigned a public ip.
Right now I am setting the authorized networks as 0.0.0.0/0 which means everyone will be able to connect to the SQL Database.
I am still researching on how to change this to a more secure setup.
Using the google_sql_database resource, SQL database instance has been created. Then, using the google_sql_user the username and the password has been set.
These are the variables that are going to be used by other modules for specifying the username, password, public IP and database to wordpress.
Configuring Wordpress in the Kubernetes cluster
These are the variables that are going to be used while creating the deployment.
Next step is specifying the provider.
A static IP is used from GCP, so that it could be assigned to the Wordpress site and later the database for a secure connection.
kubernetes_deployment is the resource that is used to create the deployment. We need to specify the image that we would like to use to create the pods, labels which are just like tags as we give to our instance, no. of replicas that we desire, the container port, all the environment variables like the database name, the database host, username ,password etc. etc.
using the kubernetes_service resource a Load balancer has been created so that our Wordpress site is accessible to the outside world.
Now, finally when we use the command “terraform apply” :