This guide will walk you through how to use the provided terraform scripts to have the project and required settings created and set for you.
You will need:
- The Project Creator GCP role and a suitable Billing Account.
- A valid Looker License Key - please work with your GCP account team if you do not have one.
- The gcloud command line tool installed.
- Terraform installed. Ensure version is >= 1.3.0
- A web domain suitable for development - Google Domains is an excellent choice for registering such a domain if you don't already have one.
Navigate to the terraform/project_creation folder
A minimal example might look something like this:
project_id = "gcp-project-id"
parent = "organizations/parent_org_id"
location = "europe-west3"
sa_name = "your-service-account-name"
email_address = "you@example.com"
dns_domain = "your-dns-domain."
billing_account = "your-billing-account-id"
Variable definitions are as follows:
| Name | Description | Default |
|---|---|---|
| project_id | Your GCP Project ID | |
| parent | Your projects parent | |
| location | Your projects region | |
| repository_id | Artifact registry repository name where looker images are stored | looker |
| sa_name | Service accounts name that will be created with all the required permissions | |
| email_address | Username that will impersonate the created service account see step highlighted here | |
| dns_domain | Your DNS domain | |
| billing_account | The billing account the project will be tied to |
- You will need to initialize Terraform before applying - you will only need to do this once. Execute the following command:
$ terraform init
- Next, run the plan to make sure your configuration is valid. Execute the following command:
$ terraform plan
- If your plan comes back successfully it is time to deploy! Execute the following command:
$ terraform apply
The deployment will take around 5-10 minutes. Please take note of the outputs as they contain important information.
While deploying the project, we created three secrets which will be used in the coming steps. These secrets need to have appropriate values created for them. Either Navigate to the secret manager in the Google Cloud console or use gcloud to give each secret their value:
- A strong password - Used as a password for Looker's MySQL account. This password should include only alphanumeric characters - no special characters!
- Your Looker License Key
- A GCM Encryption Key - This can be generated by running the command
openssl rand -base64 32. See Looker's encryption documentation for more details.
It was opted to not add the values while deploying as code. This would be possible, but requires the secret values to be stored in your vars file and Terraform state which is not recommended.
Note: If you use
gcloudit is a best practice to take steps to avoid logging the commands in your bash history. Typically the easiest way to accomplish this is to add a space at the beginning of your shell command.
You will need to configure your development domain to use Cloud DNS's name servers. The exact procedure will depend on which domain registrar you use - see Cloud DNS documentation for more details. The correct nameserver values to use are included in the module's outputs.
Let's get the rest of the software stack installed in your development environment. See below for links to installation instructions for each tool.
If you want to make use of VM-based Looker instances (Not Recommended) then you will need to also install the following tools:
- The provided script really is the minimal way to configure this using pre-existing modules from the cloud foundation fabric
- To move more towards production, the tfstate should be stored remotely