I am working on a setup where we want to configure one part of gcp based on Terraform and another part using click ops ( we will configure google cloud projects using console ).
Terraform based foundation is already set up using google provided foundation fabric framework.
Now its time to configure click ops.
Can someone provide best practices to manage both terraform and non terraform set up under same gcp organization?
How I manage networking between these two setups.
1 Like
If it’s just high level and rarely changed stuff like the project (or even some of the networking stuff), I don’t think you need to spend too much time worrying about it, especially if you’re creating a set of 1-10 projects that aren’t anticipated to change / grow much. You will probably want to use data resources to fetch data for some of those things. For that specific example, just configure your project layout and providers as normal.
What you really want to avoid as much as possible is having terraform and things other than terraform (whether it’s a human clicking, or a deployment pipeline or a tool like Argo) trying to manage the same resource.
The latest version of the GCP provider will default to adding a label (defaulting to goog-terraform-provisioned = true) that will also probably help identify resources managed by terraform.
You could also look at tools like driftctl to help make sure there aren’t unexpected things created outside of Terraform, though this will probably take some work to get tuned properly.
1 Like
One interesting thing in our implementation. We have NCC with 3 spokes for 3 environments and 1 spoke for on premise connectivity is set up, all done with the help of terraform.
Now we want to manage separate 3 environments, which will be used for manual operations. All networking set up by terraform will be reused in this case. However, these 3 new spokes will be attached to same NCC created by terraform.
With this, I just need to attach spoke to NCC once, and don’t see much issue in this setup.
Any suggestion, do we foresee any further complications?