Difficulty: Advanced
Estimated Time: 45

This is the workspace for the Terraform Deploy Consul and Vault on Kubernetes with Run Triggers Learn guide and contains the latest version of Terraform CLI and kubectl.

The learn guide comprises of six main steps, estimated to take a total of 45 minutes. The first 4 steps will be done using Terraform Cloud and GitHub.

  1. Setup Kubernetes workspace
  2. Setup Consul workspace
  3. Setup Vault workspace
  4. Deploy Kubernetes, Consul and Vault
  5. Verify deployments
  6. Clean up resources

By the end of this scenario, you will accomplish three things using Terraform Cloud run triggers.

  • Deploy a Kubernetes cluster on Google Cloud.
  • Deploy Consul on the Kubernetes cluster using a Helm chart
  • Deploy Vault (configured to use a Consul backend) on the Kubernetes cluster using a Helm chart.

The Terraform configuration for each resource (Kubernetes, Consul, and Vault) are modularized and committed to their respective version control system repositories. First, you will create and configure TFC workspaces for each resource, then link them together using run triggers.

Infrastructure Pipelines

Step 1 of 5

Setup Kubernetes workspace

Setup Terraform Cloud workspaces

In this step, you will locate your pre-configured workspaces (Kubernetes, Consul, Vault) in Terraform Cloud. Then, you will connect them to a version control system (VCS), verify the variables are set up properly, then set up run triggers connecting the workspaces.

Create the following 3 workspaces in your Terraform Cloud organization.

  • learn-terraform-pipelines-k8s
  • learn-terraform-pipelines-consul
  • learn-terraform-pipelines-vault

These will be your workspaces for the duration of this guide.

Configure Kubernetes workspace

Fork the Learn Terraform Pipelines K8s repository. Update the organization and workspaces values in main.tf to point to your organization and your workspace name.

terraform {
  backend "remote" {
    organization = "hashicorp-learn"

    workspaces {
      name = "learn-terraform-pipelines-k8s"
    }
  }
}

Connect workspace to forked repository

Click on your Kubernetes workspace (learn-terraform-pipelines-k8s). Click on "Settings" then "Version Control" to access workspace's version control.

Click on "Settings" then "Version Control" to access workspace version control

Then, click on "Connect to version control". Select "Github" — it will ask you to authorize GitHub if this is your first time using Terraform Cloud. Select your forked Kubernetes repo: learn-terraform-pipelines-k8s. Finally, click "Update VCS settings". This will connect this workspace to your forked Kubernetes repo.

Verify variables

Next, click on "Variables". Set the variables declared in variables.tf in Terraform Variables.

Terraform Variables

  • region — GCP region to deploy clusters
    Set this to a valid GCP region like us-central1. For a full list of GCP regions, refer to Google’s Region and Zones documentation.
  • cluster_name — Name of Kubernetes cluster
    Set this to tfc-pipelines.
  • google_project — Google Project to deploy cluster
    This must already exist. Find it in your Google Cloud Platform console.
  • username — Username for Kubernetes cluster
    This can be anything; Terraform will set your username to this value when it creates the Kubernetes cluster.
  • password — Password for Kubernetes cluster
    Mark as sensitive. This can be anything over 16 characters. Terraform will set this when it creates your Kubernetes cluster and will distribute it as necessary when creating your Consul and Vault clusters. You do not need to manually input this value again.
  • enable_consul_and_vault — Enable Consul and Vault for the secrets cluster
    This should be set to false. This variable dictates whether Consul and Vault should be deployed on your Kubernetes cluster.

Then, set your GOOGLE_CREDENTIALS as a sensitive environment variable.

Environment Variables

  • GOOGLE_CREDENTIALS — Flattened JSON of your GCP credentials.
    Mark as sensitive. This key must have access to both Compute Admin and GKE Admin.

You must flatten the JSON (remove newlines) before pasting it into Terraform Cloud. The command below flattens the JSON using jq.

cat <key file>.json | jq -c

Deploy Kubernetes cluster

Queue a plan by clicking on "Queue Plan". If the plan is successful, Terraform Cloud will ask you to confirm and apply.

Click "Confirm & Apply" to apply this configuration. This process should take about 10 minutes to complete.

While your Kubernetes cluster deploying, continue onto the next step and configure your Consul workspace.

Next steps

You have successfully configured your Kubernetes workspace. Terraform Cloud will use these values to deploy your Kubernetes cluster. The pipeline will output the Kubernetes credentials for the Helm charts to consume in the Consul and Vault workspaces. These values are specified in output.tf.

In the next step, you will configure your Consul workspace.

This tab will not be visible to users and provides only information to help authors when creating content.

Creating Katacoda Scenarios

Thanks for creating Katacoda scenarios. This tab is designed to help you as an author have quick access the information you need when creating scenarios.

Here are some useful links to get you started.

Running Katacoda Workshops

If you are planning to use Katacoda for workshops, please contact [email protected] to arrange capacity.

Debugging Scenarios

Below is the response from any background scripts run or files uploaded. This stream can aid debugging scenarios.

If you still need assistance, please contact [email protected]