IT organizations use scripts to automate routine operations -- a time-tested technique to improve IT efficiency...
and minimize administrative overhead. Cloud users have native and vendor-agnostic options to adopt this approach.
The most rigorous iteration of scripting -- often called infrastructure as code, sometimes also IaC -- exploits the software abstraction layer between applications and the underlying physical infrastructure. Tools such as Ansible and HashiCorp's Terraform are adaptable to any type of infrastructure deployment, but they can be overkill for users fixed on a particular cloud platform. These third-party tools also require customization and integration and might not utilize all the available features of an environment, such as Google Cloud Platform (GCP).
Instead, GCP users that prefer platform-specific automation templates can use Google Cloud Deployment Manager to express infrastructure and configurations as readable code. Let's review the Deployment Manager features and uses, along with tips on how to get started with the service.
Key concepts and features
Like other IaC tools, Google Cloud Deployment Manager uses a declarative language that supports templates, external references, metadata and environment variables. It uses up to three file types to describe a GCP deployment:
- A required configuration file that uses human-friendly YAML syntax to describe the necessary resources.
- An optional template file written in Python or Jinja. This file describes a set of resources and can be imported into a configuration file and expanded by binding resource names to the generic labels set in the template.
- An optional schema file that describes the specifications and rules for a template and enforces limits on template usage and properties.
The simplest Deployment Manager jobs consist of a single configuration file, but the other file types can enable automation of more complicated setups or situations where the cloud user will apply a similar configuration for multiple setups.
The configuration file is the source code for an infrastructure compiler -- in this case, Deployment Manager -- that parses the contents and expands configurations containing templates and environment variables. Deployment Manager operates within a controlled environment that includes security limitations to prevent abuse, such as attempts to make system or network calls or mistakes like endless loops.
Configuration files for Google Cloud infrastructure as code have two sections:
- Imports is a list of files, if any, used by the configuration. The service recursively expands those template files as part of the final configuration.
- Resources is the heart of a configuration. It lists the GCP services to be deployed, such as Compute Engine VMs, a Cloud SQL database or a Google Kubernetes Engine container cluster. The resources definition can also call a composite type of service that includes multiple components defined by a template. For example, you might create a composite type that deploys a Google Cloud load balancer and a managed instance group of Compute Engine VMs.
Configuration files can also include an outputs section that defines how data from the configuration is exposed to other templates, along with a metadata section that defines resource dependencies in the configuration -- for example, a Compute Engine instance that requires a persistent disk volume to be available for deployment.
In their simplest form, IaC templates are configuration files that have been divided into reusable parts. They often require little modification from the configuration file that inspires them, since the Jinja syntax is similar to YAML. More sophisticated templates can use Python to programmatically generate components. These templates can include advanced features, such as Python libraries for programmable configuration generation, composite resource types and modules, which are helper files similar to macros.
Google Cloud Deployment Manager doesn't currently support all GCP services, though it does support the core ones, including Compute Engine, Cloud Storage and BigQuery. Although the IaC tool is free, users still incur the standard charges for the services it deploys. Google also enforces limitations, including restrictions on configuration sizes and API requests per day and per second.
How to deploy Google Cloud infrastructure as code
Cloud administrators can access Deployment Manager through Google Cloud Console. The UI shows a hierarchical view of an entire deployment, but configurations are typically triggered via the gcloud command-line tool. Configuration, template and schema files are textual, so users can create them with any text editor.
To learn how to use Deployment Manager, try some examples from Google's quickstart documentation. Google Developers Codelabs, a library of coding tutorials, also provides an online course that walks users through a slightly more complicated example.
Deployment Manager has a preview mode that shows prospective changes without actually deploying or updating any services. Google also has a list of best practices that can save some headaches.
Deployment Manager vs. CloudFormation and ARM
Google Cloud Deployment Manager will look familiar to IT teams that have worked with AWS CloudFormation or Ansible, where IaC templates are also written in the YAML format. Terraform uses a proprietary configuration language and syntax.
AWS CloudFormation templates can include metadata, outputs and conditions, which are similar to Deployment Manager schemas.
Cloud professionals familiar with Microsoft Azure Resource Manager (ARM) templates will also see similarities in Google's native offering. ARM uses JSON as its template syntax, but since YAML is essentially a JSON superset, the file syntax and structure are similar. All three cloud-native IaC tools provide similar capabilities, although CloudFormation supports the greatest share of native services.