Mohammed Sameed Uddin mynameisameed

## Getting Started: Create and Manage Cloud Resources: Challenge Lab Toggle Lab Panel favorite_border Add to favorites
Task 1: Create a project jumphost instance

Navigation menu > Compute engine > VM Instance


Task 2: Create a Kubernetes service cluster

gcloud config set compute/zone us-east1-b

gcloud container clusters create nucleus-webserver1

## provider.tf
provider "google" {

  credentials = file("./Credentials.json")
  project = "project-id"
  region  = "us-central1"
  zone    = "us-central1-c"
}


## remote-backend.tf
terraform {
  backend "gcs" {
    bucket      = "bucket-name"
    prefix      = "terraform/state1"
    credentials = "Credentials.json"  #mention here the name and add service account key inside same folder
  }
}

## instances.tf

resource "google_compute_instance" "web" {
  name         = "webserver"
  machine_type = "f1-micro"

  tags = ["http-server"]

  boot_disk {
    initialize_params {
      image = "debian-cloud/debian-9"

## startup.sh
#!/bin/bash

sudo apt-get update && sudo apt -y install apache2


echo '<!doctype html><html><body><h1>Hello You Successfully was able to run a webserver on GCP with Terraform!</h1></body></html>' | sudo tee /var/www/html/index.html

## terraform plan
\GCP on Terraform> terraform plan

Terraform used the selected providers to generate the following execution plan. Resource actions are indicated with the following symbols:
  + create

Terraform will perform the following actions:

  # google_compute_instance.test will be created
  + resource "google_compute_instance" "test" {
      + can_ip_forward          = false

## roles-gke.sh
gcloud projects add-iam-policy-binding <project-name> --member serviceAccount:<service account name>@<project-name>.iam.gserviceaccount.com --role roles/compute.admin
gcloud projects add-iam-policy-binding <project-name> --member serviceAccount:<service account name>@<project-name>.iam.gserviceaccount.com --role roles/iam.serviceAccountUser
gcloud projects add-iam-policy-binding <project-name> --member serviceAccount:<service account name>@<project-name>.iam.gserviceaccount.com --role roles/resourcemanager.projectIamAdmin
gcloud projects add-iam-policy-binding <project-name> --member serviceAccount:<service account name>@<project-name>.iam.gserviceaccount.com --role roles/container.clusterAdmin
gcloud projects add-iam-policy-binding <project-name> --member serviceAccount:<service account name>@<project-name>.iam.gserviceaccount.com --role roles/compute.viewer
gcloud projects add-iam-policy-binding <project-name> --member se

## gke-apis.sh
gcloud services enable compute.googleapis.com
gcloud services enable container.googleapis.com

## gcp-terraform-backend.tf
terraform {
  backend "gcs" {
    bucket      = "<bucket-name>"
    prefix      = "terraform/state"
    credentials = "./terraform-gke-keyfile.json"
  }
}

## provider.tf
provider "google" {
  project     = var.project_id
  region      = var.region
  credentials = "${file(var.credentials)}"
}
	Task 1: Create a project jumphost instance

	Navigation menu > Compute engine > VM Instance


	Task 2: Create a Kubernetes service cluster

	gcloud config set compute/zone us-east1-b

	gcloud container clusters create nucleus-webserver1
	provider "google" {

	credentials = file("./Credentials.json")
	project = "project-id"
	region = "us-central1"
	zone = "us-central1-c"
	}
	terraform {
	backend "gcs" {
	bucket = "bucket-name"
	prefix = "terraform/state1"
	credentials = "Credentials.json" #mention here the name and add service account key inside same folder
	}
	}

	resource "google_compute_instance" "web" {
	name = "webserver"
	machine_type = "f1-micro"

	tags = ["http-server"]

	boot_disk {
	initialize_params {
	image = "debian-cloud/debian-9"
	#!/bin/bash

	sudo apt-get update && sudo apt -y install apache2


	echo '<!doctype html><html><body><h1>Hello You Successfully was able to run a webserver on GCP with Terraform!</h1></body></html>' \| sudo tee /var/www/html/index.html
	\GCP on Terraform> terraform plan

	Terraform used the selected providers to generate the following execution plan. Resource actions are indicated with the following symbols:
	+ create

	Terraform will perform the following actions:

	# google_compute_instance.test will be created
	+ resource "google_compute_instance" "test" {
	+ can_ip_forward = false
	gcloud projects add-iam-policy-binding <project-name> --member serviceAccount:<service account name>@<project-name>.iam.gserviceaccount.com --role roles/compute.admin
	gcloud projects add-iam-policy-binding <project-name> --member serviceAccount:<service account name>@<project-name>.iam.gserviceaccount.com --role roles/iam.serviceAccountUser
	gcloud projects add-iam-policy-binding <project-name> --member serviceAccount:<service account name>@<project-name>.iam.gserviceaccount.com --role roles/resourcemanager.projectIamAdmin
	gcloud projects add-iam-policy-binding <project-name> --member serviceAccount:<service account name>@<project-name>.iam.gserviceaccount.com --role roles/container.clusterAdmin
	gcloud projects add-iam-policy-binding <project-name> --member serviceAccount:<service account name>@<project-name>.iam.gserviceaccount.com --role roles/compute.viewer
	gcloud projects add-iam-policy-binding <project-name> --member se
	gcloud services enable compute.googleapis.com
	gcloud services enable container.googleapis.com
	terraform {
	backend "gcs" {
	bucket = "<bucket-name>"
	prefix = "terraform/state"
	credentials = "./terraform-gke-keyfile.json"
	}
	}
	provider "google" {
	project = var.project_id
	region = var.region
	credentials = "${file(var.credentials)}"
	}