# docs: https://docs.gitlab.com/ee/user/infrastructure/iac/terraform_state.html#get-started-using-gitlab-ci
image: busybox:latest
variables:
TF_ROOT_ELASTIC: ${CI_PROJECT_DIR}/manifests/elastic
TF_ROOT_GKE: ${CI_PROJECT_DIR}/manifests/gke
GCLOUD_ROOT_PSC: ${CI_PROJECT_DIR}/manifests/psc
cache:
- key: elastic
paths:
- ${TF_ROOT_ELASTIC}/.terraform
- key: gke
paths:
- ${TF_ROOT_GKE}/.terraform
check-gke:
stage: test
tags:
- docker
image:
name: registry.gitlab.com/gitlab-org/terraform-images/stable:latest
entrypoint: [""]
variables:
TF_ADDRESS: ${CI_API_V4_URL}/projects/${CI_PROJECT_ID}/terraform/state/gke
TF_VAR_ec_apikey: $EC_API_KEY
TF_VAR_project_id: $GCP_PROJECT_ID
TF_VAR_region: $GCP_REGION
TF_VAR_vpc_network_name: $GCP_NETWORK_NAME
TF_VAR_vpc_subnetwork_name: $GCP_SUBNETWORK_NAME
GCP_SA_GITLAB: $GCP_SA_GITLAB
script: |-
cd $TF_ROOT_GKE
echo $GCP_SA_GITLAB > gcp-sa.json
gitlab-terraform init
gitlab-terraform validate
gitlab-terraform fmt -check
gitlab-terraform plan
gitlab-terraform plan-json
artifacts:
name: plan
paths:
- ${TF_ROOT_GKE}/plan.cache
reports:
terraform: ${TF_ROOT_GKE}/plan.json
apply-gke:
stage: deploy
needs:
- check-gke
tags:
- docker
image:
name: registry.gitlab.com/gitlab-org/terraform-images/stable:latest
entrypoint: [""]
variables:
TF_ADDRESS: ${CI_API_V4_URL}/projects/${CI_PROJECT_ID}/terraform/state/gke
TF_VAR_ec_apikey: $EC_API_KEY
TF_VAR_project_id: $GCP_PROJECT_ID
TF_VAR_region: $GCP_REGION
TF_VAR_vpc_network_name: $GCP_NETWORK_NAME
TF_VAR_vpc_subnetwork_name: $GCP_SUBNETWORK_NAME
GCP_SA_GITLAB: $GCP_SA_GITLAB
script: |-
cd $TF_ROOT_GKE
echo $GCP_SA_GITLAB > gcp-sa.json
gitlab-terraform init
gitlab-terraform apply -auto-approve
gcloud-psc:
stage: deploy
needs:
- apply-gke
tags:
- docker
image:
name: google/cloud-sdk:slim
entrypoint: [""]
variables:
GCP_PROJECT_ID: $GCP_PROJECT_ID
GCP_SA_GITLAB: $GCP_SA_GITLAB
GCP_REGION: $GCP_REGION
GCP_NETWORK_NAME: $GCP_NETWORK_NAME
GCP_SUBNETWORK_NAME: $GCP_SUBNETWORK_NAME
GCP_INTERNAL_IP_NAME: $GCP_INTERNAL_IP_NAME
GCP_PSC_NAME: $GCP_PSC_NAME
GCP_DNS_ZONE_GKE_ELASTIC: $GCP_DNS_ZONE_GKE_ELASTIC
ELASTIC_SERVICE_ATTACHMENT_URI: $ELASTIC_SERVICE_ATTACHMENT_URI
ELASTIC_DNS_ZONE: $ELASTIC_DNS_ZONE
script: |-
echo $GCP_SA_GITLAB > gcp-sa.json
gcloud auth activate-service-account --key-file gcp-sa.json
echo "Activate Service Account: OK"
gcloud config set project $GCP_PROJECT_ID
echo "Set Project: OK"
cd $GCLOUD_ROOT_PSC
chmod +x ./setting-psc.sh
./setting-psc.sh
artifacts:
paths:
- ${CI_PROJECT_DIR}/pscConnectionId.env
check-elastic:
stage: deploy
tags:
- docker
needs:
- gcloud-psc
image:
name: registry.gitlab.com/gitlab-org/terraform-images/stable:latest
entrypoint: [""]
variables:
TF_ADDRESS: ${CI_API_V4_URL}/projects/${CI_PROJECT_ID}/terraform/state/elastic
TF_VAR_ec_apikey: $EC_API_KEY
script: |-
export TF_VAR_psc_connection_id=$(cat ${CI_PROJECT_DIR}/pscConnectionId.env | grep GCP_PSC_CONNECTION_ID | cut -d = -f2)
cd $TF_ROOT_ELASTIC
gitlab-terraform init
gitlab-terraform validate
gitlab-terraform fmt -check
gitlab-terraform plan
gitlab-terraform plan-json
artifacts:
name: plan
paths:
- ${TF_ROOT_ELASTIC}/plan.cache
reports:
terraform: ${TF_ROOT_ELASTIC}/plan.json
apply-elastic:
stage: deploy
needs:
- check-elastic
tags:
- docker
image:
name: registry.gitlab.com/gitlab-org/terraform-images/stable:latest
entrypoint: [""]
variables:
TF_ADDRESS: ${CI_API_V4_URL}/projects/${CI_PROJECT_ID}/terraform/state/elastic
TF_VAR_ec_apikey: $EC_API_KEY
script: |-
export TF_VAR_psc_connection_id=$(cat ${CI_PROJECT_DIR}/pscConnectionId.env | grep GCP_PSC_CONNECTION_ID | cut -d = -f2)
cd $TF_ROOT_ELASTIC
gitlab-terraform init
gitlab-terraform apply -auto-approve