Road to DevOps ...: Terraform

Over 10 year ago, in 2014, HashiCorp company, lauched Terraform as open-source project. In 2023 (Hashcorp) change licence to BLS(Business Source License). Despite this change Terraform has 33% market share(December 2025). Infrastructure as code (IaC) is managing and provisioning IT resources. IaC code can be store in Git. Usage of Terraform, it has major advantages.

Main advantages are repeatability and it saving time. During building new infrastructure, all actions can be automated. It remove all flaws of manual creation of Infrastructure ( UI delay, UI changes, human fatigue). Automation can be incorporated by CI/CD pipelines.

In my homelab project, I developing back up with Velero. After research for cloud secret manager for my homelab, I select Google Cloud. Moreover I use Google Cloud calculator to find Google Cloud Storage has good price. It turn out that it has good price.

Fun fact, Europe destination region is 0.02$ more expensive this Noth America.

In GCP Service Account, I created .json file to create cloud resources. It possible to create many .json files, where each file has limited access defined by IAM roles.

I created Linux variable "GOOGLE_APPLICATION_CREDENTIALS" to create resource by Terraform.

Good practice is to add this variable to ~/.bashrc file, to have this variable avaiable after reboot of server.

export GOOGLE_APPLICATION_CREDENTIALS="./kkk.json"

kkk.json has all data to connect my GCP project. To keep this file save from commit, I updated .gitignore file

Preview of my .json file.

Here is my Terraform code to create Google Cloud Storage. Like in calculation above, I define to store my data in Warsaw, Poland Data center.

terraform {
required_providers {
google = {
source = "hashicorp/google"
version = "~> 5.0"
}
}
}
provider "google" {
project = var.project_id
region = var.region
}

variable "region" {
type = string
default = "europe-central2"
}
variable "bucket_name" {
type = string
default = "homelab-k8s-storage-bucket-sidor"
}
resource "google_storage_bucket" "bucket" {
name = var.bucket_name
location = var.region
uniform_bucket_level_access = true
}
variable "project_id" {
type = string
default = "mysecret-XXXXX" ** FOR SAFETY REPLACED*XXXXX**
}

I will use most known Terraform commands():

- Terraform init - Initialize (2) the working directory, install required provider plugins and modules, and set up the backend. I can be executed by CI tools.

Command:

- Terraform plan:

Ensures(3) the state is up to date by reading the current state of any already-existing remote infrastructure.
Determines the deltas between the current configuration and the prior state data.
Proposes a series of changes that will make the remote infrastructure match the current configuration.

My terraform plan has symbol "+ create" - it is when resources do not exist.

Command:

- Terraform apply - command executes (4) the actions proposed in a terraform plan. It is used to deploy your infrastructure. Typically apply should be run after terraform init and terraform plan.

In GCP, Google Cloud Storage "homelab-k8s-storage-bucket-sidor" was created.

After resource Google Cloud Storage was created, after execution second terraform -init, -plan, -apply - No changes - Infrastructure stay not modified.