.. _terraform deployment:

=====================
Terraform Deployment
=====================

This project automates the deployment of infrastructure on Google Cloud Platform (GCP) using Terraform. It sets up a network, a Cloud SQL PostgreSQL database, a Kubernetes cluster with a node pool, and deploys Helm charts for Ingress Nginx and Cert Manager.

.. _prerequisites:

Prerequisites
==============
Before running the Terraform script locally, ensure you have installed, created and enabled the following prerequisites

#. Terraform installed.

    .. seealso::
        * `Install Terraform <https://developer.hashicorp.com/terraform/tutorials/aws-get-started/install-cli>`_

#. Google Cloud Platform (GCP) account and access to ksa region.

    .. seealso::
        * `Customers KSA Region <https://cloud.google.com/docs/dammam-region-access#ksa-based_customers>`_

#. Google Cloud service account with appropriate permissions (e.g., roles/owner)

    .. seealso::
        * `Create Service Account <https://cloud.google.com/iam/docs/service-accounts-create>`_

#. Install gcloud.

    .. seealso::
        * `Install gcloud <https://cloud.google.com/sdk/docs/install>`_
    
#. Logged In GCP Project.

    .. seealso::
        * `gcloud auth login <https://cloud.google.com/sdk/gcloud/reference/auth/login>`_
    
#. Cloud Storage bucket to store Terraform state 

    .. seealso::
        * `Create Cloud Storage <https://cloud.google.com/storage/docs/creating-buckets>`_

#. Google Cloud Platform (GCP) account with the following APIs enabled:

    * Cloud SQL Admin API
    * Compute Engine API
    * Artifact Registry API
    * Kubernetes Engine API
    * Cloud Resource Manager API 
    * Service Networking API
    * Cloud Filestore API

.. _create infrastructure:

Create Infrastructure
=====================

This section outlines the deployment of various infrastructure components using Terraform modules.

.. note::
    Before running any module, make sure to set the required variables in the corresponding configuration files. Failure to do so may result in errors during deployment.


Network
--------

Creates a Google Compute Engine (GCE) network and subnetwork. Additionally, it provisions a global static IP address to enable private access to the Cloud SQL PostgreSQL instance.


Storage
-------

Deploys a Cloud SQL PostgreSQL instance along with a database and user. Additionally, it provides a Kubernetes secret for storing Azure Container Registry (ACR) credentials and provisioning a Redis database for caching purposes.


Cluster
-------

Provisions a Kubernetes cluster with a node pool for running applications.

Helm
-----

Deploys Helm charts for Ingress Nginx and Cert Manager to manage ingress and SSL certificates. Additionally, it includes an Ingress for the MEG portal web application and a ConfigMap with environment variables required by the application.


Variables
----------
The following variables can be configured to customize the deployment:

.. list-table:: Variable Explanations
   :header-rows: 1

   - * Variable
     * Explanation
   - * project
     * GCP project ID
   - * region
     * Terraform project region
   - * zone
     * Terraform project zone
   - * network
     * Compute network name
   - * subnet_gke
     * Subnet network for PostgreSQL
   - * registry
     * Specifies the name of the Azure Container Registry (ACR) where Docker images are stored.
   - * cluster_name
     * GKE cluster name
   - * nodepool_name
     * GKE nodepool name
   - * min_node_count
     * Minimum number of nodes per zone in the node pool
   - * max_node_count
     * Maximum number of nodes per zone in the node pool
   - * machine_type
     * GKE node pool machine type
   - * postgres_name
     * PostgreSQL instance name
   - * database_version
     * PostgreSQL version
   - * tier
     * PostgreSQL tier
   - * disk_size
     * PostgreSQL disk size
   - * database_name
     * PostgreSQL database name
   - * username
     * PostgreSQL database username
   - * password
     * PostgreSQL database password
   - * replicas
     * Ingress Nginx replicas


.. note::
    You can set the necessary variables from the command line, or create a .tfvars file specifying the value of each of these variables, in order to run the plan with that set of variables with the parameter -var-file, depending on the environment.


.. _deploy infrastructure:

Deploy Infrastructure with Terraform
=====================================

To deploy the infrastructure using Terraform, follow these steps:

.. note::
    All these commands need to be executed from the directory where the main.tf file is located.

Initialize Terraform
---------------------

This command initializes Terraform in the current directory, downloading any required plugins and modules. This command only needs to be executed the first time the infrastructure is deployed or destroyed.

.. code-block:: shell

    terraform init

Validate Terraform Configuration 
--------------------------------

Use the following command to validate the Terraform configuration syntax and check for any errors:

.. code-block:: shell

    terraform validate

Plan Infrastructure Changes
---------------------------

Generate an execution plan for Terraform to preview the changes it will make to your infrastructure, execute only one of these commands, depending on your needs:

.. code-block:: shell
    
    terraform plan -out plan.json
    terraform plan -var-file ./gcp-ksa.tfvars -out plan.json

.. note::
    The first command allows executing the plan by setting the variables from the command line (also using the default value specified for each variable), while the second one uses a .tfvars file where those variables are already defined.

Apply Infrastructure Changes
-----------------------------

Apply the planned changes to deploy the infrastructure, execute only one of these commands, depending on your needs:

.. code-block:: shell

    terraform apply plan.json
    terraform apply -var-file ./gcp-ksa.tfvars

.. note::
    The first command allows applying changes automatically according to the plan generated in the previous command, while the second one, on the other hand, allows approving deployment from the command line.


.. _destroy infrastructure:

Destroy Deployment with Terraform
==================================

To destroy the deployment using Terraform, follow these steps:

.. note::
    Make sure you have executed the 'terraform init' command previously to download all dependencies.

Plan Destroy
-----------------

Generate an execution plan for Terraform to preview the destruction of the infrastructure, execute only one of these commands, depending on your needs:

.. code-block:: shell

    terraform plan -destroy  -out plan.json
    terraform plan -destroy -var-file ./gcp-ksa.tfvars -out plan.json

.. note::
    The first command allows executing the plan by setting the variables from the command line (also using the default value specified for each variable), while the second one uses a .tfvars file where those variables are already defined.

Destroy Infrastructure
-----------------------

Apply the planned destruction to remove the infrastructure, execute only one of these commands, depending on your needs:

.. code-block:: shell

    terraform apply plan.json
    terraform destroy -var-file ./gcp-ksa.tfvars

.. note::
    The first command allows applying changes automatically according to the plan generated in the previous command, while the second one, on the other hand, allows approving from the command line.

.. _ gitlab CICD Job:

GitLab CI/CD Job
==================
A job have been created in GitLab CI/CD to run the Terraform scripts and deploy the solution. Specifically, this job has been created in the .gitlab-ci.deploy.yml file.


k8s:ksa:deploy:production
--------------------------

This job is responsible for deploying all MEG pods and jobs to run the application in the production environment. It deploys pods with the Docker image that was pushed by the pipeline in the `docker:build:dev` job.