26:00 It's bad practice to give service accounts "basic" roles (Browser, Viewer, Editor, Owner), even something like Viewer is pretty privileged. I would strongly recommend that people create a custom role with the permission "resourcemanager.projects.list". Or even better, create a dedicated role for your Terraform that manages projects (and you should keep this as a separate thing from any other GCP management) that has the roles ("resourcemanager.projects.list" "resourcemanager.folders.list" "resourcemanager.projectCreator" "billing.user").
GCP has a number of unique features that other clouds don't offer, particularly the ability to use Google's private network so traffic between regions doesn't need to traverse the public internet. Also, Google's VPC networks are global, and subnets are regional, so VMs in different zones can reside on the same subnet.
Very informative. I tried to create a GKE Auto Pilot cluster with a shared VPC private network through terraform, assigned necessary GKE service account permissions, and make sure the control plane, node, ranges IP range and the location are aligned correctly as per the GCP GKE documentation. But stuck with this exception again and again, 'Error: Error waiting for creating GKE cluster: All cluster resources were brought up, but: only 0 nodes out of 1 have registered; cluster may be unhealthy.' Pls share if there is any suggestions to troubleshoot this error ??
Ned, do you have an example of using this module "terraform-google-modules/network/google//modules/network-peering" for configuring peering. I keep getting errors in the regex in the module when I apply my Terraform code
Hey Ned - thank you for this video, honestly I have been looking for this for a long time and I also I am still listening to your videos on Pluralsight.
Great tutorial. I could only do ExampleOne though (not ExampleTwo), since my regular GCP account doesn't have any organization, and I could not find a way of create one. I'm new to this, and not really sure if this is absolutely correct, but... it looks like the only way to do that was to create a whole another Google account with Google Cloud Identity with my own domain (which I happen to have), which you use as your organization. Makes sense, but this was far more involved than what I was expecting (I thought I could just create an organization with some click of button in GCP console with my regular Google account.)
I just did the above (created another Google account via Google Cloud Identity with my own domain, and used it as my organization), and went though ExampleTwo. It went fine, and I learned a lot!
Hi Ned. Thank you for your content. QQ: I am using the owner account to create the resources, but I get the error. Error creating address: googleapi erro 403 required compute.addresses.reate permission for project. But doesnt the owner account have the highest permissions to provision the infra within the tenant?
@@NedintheCloud Is it best practice to write own resources (service, url map, forwarding rule, proxy rule) or rather to use the precoded modules from google-modules section ? For example in LB
FYI, the reason it grabs the first organisation is because there can only be one. Each organisation is tied to exactly 1 workspace.
26:00 It's bad practice to give service accounts "basic" roles (Browser, Viewer, Editor, Owner), even something like Viewer is pretty privileged. I would strongly recommend that people create a custom role with the permission "resourcemanager.projects.list". Or even better, create a dedicated role for your Terraform that manages projects (and you should keep this as a separate thing from any other GCP management) that has the roles ("resourcemanager.projects.list" "resourcemanager.folders.list" "resourcemanager.projectCreator" "billing.user").
GCP has a number of unique features that other clouds don't offer, particularly the ability to use Google's private network so traffic between regions doesn't need to traverse the public internet. Also, Google's VPC networks are global, and subnets are regional, so VMs in different zones can reside on the same subnet.
AWS VPC Endpoints allow non-public internet traversal
Very informative. Is there a complete series on GCP and Terraform?
Danggg this is crucial to getting going on GCP, understanding the options. Nice one, thanks Ned.
Very informative. I tried to create a GKE Auto Pilot cluster with a shared VPC private network through terraform, assigned necessary GKE service account permissions, and make sure the control plane, node, ranges IP range and the location are aligned correctly as per the GCP GKE documentation. But stuck with this exception again and again, 'Error: Error waiting for creating GKE cluster: All cluster resources were brought up, but: only 0 nodes out of 1 have registered; cluster may be unhealthy.' Pls share if there is any suggestions to troubleshoot this error ??
Ned, do you have an example of using this module "terraform-google-modules/network/google//modules/network-peering" for configuring peering. I keep getting errors in the regex in the module when I apply my Terraform code
Looking through the module, I don't see anything checking regex. Is this an error from the GCP API? Maybe there's a naming issue with your prefix?
Hey Ned - thank you for this video, honestly I have been looking for this for a long time and I also I am still listening to your videos on Pluralsight.
Great tutorial.
I could only do ExampleOne though (not ExampleTwo), since my regular GCP account doesn't have any organization, and I could not find a way of create one.
I'm new to this, and not really sure if this is absolutely correct, but... it looks like the only way to do that was to create a whole another Google account with Google Cloud Identity with my own domain (which I happen to have), which you use as your organization.
Makes sense, but this was far more involved than what I was expecting (I thought I could just create an organization with some click of button in GCP console with my regular Google account.)
I just did the above (created another Google account via Google Cloud Identity with my own domain, and used it as my organization), and went though ExampleTwo. It went fine, and I learned a lot!
Yeah you need a domain
Thanks for the GCP
Sir please do complete series on gcp with terraform it's not found anywhere till today
yes, vpc, compute, storage, load balancer would be cool
Pretty nice ! Could you create a Firebase Project as well ?
Hi Ned. Thank you for your content. QQ: I am using the owner account to create the resources, but I get the error. Error creating address: googleapi erro 403 required compute.addresses.reate permission for project. But doesnt the owner account have the highest permissions to provision the infra within the tenant?
You need
- service account admin
- service account user
So Nice explanation. Hope to see more videos
this was awesome Ned.
Can u make a video for making alerts in gcp using terraform?
Great tutorial! thanks Ned
Can you add more advance course using gpc. Type of Variable (list, object, dynamic block)
Nice one, thank you!
Excellent Video ..one of the best in
Hi sir is any course available of you on pluralsight for gcp with terraform
Could you please provide github link from where i can get this codebase using terraform, thanks a lot for this wonderful video...love from india
Nice one! I liked the walkthrough from the beginning where you explain the specifics behind GCP and how it compares to other cloud providers.
Perfect pace. Great clarity. My first video. Loved it. Subscribed!
Thank you for the examples
Does terraform support dynamic depends_on?
You mean like having a conditional in the depends_on list? Not sure that would work. Do you have a specific use case?
@@NedintheCloud Is it best practice to write own resources (service, url map, forwarding rule, proxy rule) or rather to use the precoded modules from google-modules section ?
For example in LB
Thanks
Thank you