Terraform Usage Guide¶
Complete guide to using Terraform for managing CAMARADES infrastructure.
Prerequisites¶
- Terraform >= 1.6.0 installed
- Google Cloud SDK configured
- Access to
camarades-netGCP project - Permissions:
roles/container.admin,roles/iam.serviceAccountUser
Initial Setup¶
1. Authenticate with GCP¶
# Authenticate
gcloud auth login
gcloud auth application-default login
# Set project
gcloud config set project camarades-net
2. Create State Bucket (One-Time)¶
Terraform state is stored in a GCS bucket for collaboration and safety.
# Create bucket
gsutil mb -p camarades-net -l europe-west2 gs://camarades-terraform-state
# Enable versioning
gsutil versioning set on gs://camarades-terraform-state
# Verify
gsutil ls gs://camarades-terraform-state
3. Initialize Terraform¶
Expected output:
Initializing the backend...
Successfully configured the backend "gcs"!
Terraform has been successfully initialized!
Daily Workflow¶
Making Infrastructure Changes¶
1. Update Terraform Configuration¶
Edit the relevant .tf files:
- main.tf - Cluster and node pool configuration
- variables.tf - Variable definitions
- backend.tf - State backend (rarely changed)
Example: Change node count
2. Review Changes¶
Read the plan carefully! Look for: - ✅ Changes that match your intent - ⚠️ Unexpected changes (investigate before applying) - ❌ Resource destruction (ensure this is intentional)
3. Apply Changes¶
Type yes when prompted after reviewing the plan.
4. Verify Changes¶
# Check cluster
gcloud container clusters describe camaradesuk --zone=europe-west2-a
# Check nodes
kubectl get nodes
Common Operations¶
View Current State¶
View Specific Resource¶
List All Resources¶
Output Values¶
Format Code¶
Validate Configuration¶
Advanced Operations¶
Import Existing Resources¶
If a resource exists in GCP but not in Terraform state:
# Import cluster
terraform import google_container_cluster.camaradesuk europe-west2-a/camaradesuk
# Import node pool
terraform import google_container_node_pool.primary_nodes europe-west2-a/camaradesuk/default-pool
Refresh State¶
Sync Terraform state with actual GCP resources:
Replace a Resource¶
Force recreation of a resource:
Target Specific Resources¶
Apply changes to specific resources only:
⚠️ Warning: Use targets sparingly, as they can lead to inconsistent state.
State Management¶
Viewing State¶
State Locking¶
GCS backend automatically handles state locking. If a lock gets stuck:
State Backups¶
State is automatically backed up in GCS with versioning enabled.
# List versions
gsutil ls -a gs://camarades-terraform-state/gke/camaradesuk/
# Restore previous version if needed
gsutil cp gs://camarades-terraform-state/gke/camaradesuk/default.tfstate#<version> terraform.tfstate
Troubleshooting¶
Error: "Backend Initialization Required"¶
Error: "State Lock Could Not Be Acquired"¶
Someone else is running Terraform, or a previous run crashed.
Error: "Provider Configuration Error"¶
# Re-authenticate
gcloud auth application-default login
# Verify project
gcloud config get-value project
Changes Not Applying¶
Safety Guidelines¶
⚠️ CRITICAL Rules¶
- Always run
planbeforeapply - Never commit
.tfvarsfiles with secrets - Coordinate with team before infrastructure changes
- Test in a non-production environment first (if possible)
- Have a rollback plan before applying destructive changes
Pre-Apply Checklist¶
- Read the plan output carefully
- Understand what will change and why
- Verify no unexpected resource destruction
- Have a backup/rollback plan
- Coordinate with team if during business hours
- Consider maintenance window for disruptive changes
Related Documentation¶
- Cluster Configuration Reference - GKE cluster settings explained
- Resource Optimization Guide - Right-sizing based on GKE analysis
- ADR-003: Cluster Architecture