Cloud Partner

Google Cloud

HashiCorp and Google have been working together to improve infrastructure automation since 2013. Through the efforts of a dedicated engineering team, Google has built a number of integrations aimed at making it easy for organizations to incorporate Google Cloud offerings using HashiCorp tools. Terraform helps create and manage Google Cloud infrastructure, Vault makes it easy to protect enterprise secrets, and Consul and Nomad monitor the health of data centers and automate job scheduling. Google and HashiCorp continue to work closely together to ensure that operators have the right tools to provision, secure, run, and connect any infrastructure for any application.



How Google Cloud works with HashiCorp Product Suite

Provision Infrastructure

Operators moving into the cloud face three unique challenges: addressing infrastructure heterogeneity, managing scale, and enabling self service consumption across organizations. To address these challenges for users adopting Google Cloud, HashiCorp offers a dedicated Terraform provider for the purpose of provisioning and managing Google cloud-based services. Users can write configurations using infrastructure as code, check them into version control, version them, and run a few commands to test and apply changes to their Google Cloud infrastructure. Google Cloud maintains and supports the GCP Terraform Provider through a dedicated engineering team. This team collaborates directly with HashiCorp to ensure the majority of Google Cloud resources are available for provisioning with Terraform.

Terraform Integrations for Google Cloud:
Terraform Provider
GCP Modules

Additional Resources:
Managing GCP Projects with Terraform
Modular Load Balancing with Terraform
Automated Network Deployment, Building a Multi-Cloud VPN with Terraform
Kickstart Terraform on GCP with Google Cloud Shell

Get Started with TerraformRead Documentation

Secure Secrets

Vault secures, stores, and tightly controls access to tokens, passwords, certificates, encryption keys for secrets and other sensitive data using a UI, CLI, and HTTP API. For Google Cloud users, Vault offers a number of specific integrations like using your Google Cloud credentials and identity, as well as Auto Unseal with Google Cloud KMS and a dedicated Secrets Engine for generating, managing, and encrypting data within GCP. Using Vault with Google Cloud makes it easy to ensure policy is being enforced across your entire organization while transitioning to a dynamic infrastructure.

Vault Integrations for Google Cloud:
GCP Auth Method
Auto Unseal with Google Cloud KMS
GCP Secrets Engine

Additional Resources:
Using Vault for Secrets Management
How to dynamically generate GCP IAM credentials with a new HashiCorp Vault secrets engine
HashiCorp Vault on GKE
Secure Kubernetes with Vault
Introducing the Cloud KMS plugin for HashiCorp Vault

Get Started with VaultRead Documentation

Run Applications

Nomad is a flexible, enterprise-grade cluster scheduler that can run a diverse workload of micro-service, batch, containerized and non-containerized applications. Nomad's lightweight architecture and zero external dependencies minimize operational overhead in any on-prem or public cloud environment. Nomad Enterprise adds collaboration and governance capabilities, allowing organizations to run Nomad in a multi-team setting and meet governance and policy requirements. Nomad clients running on Google Cloud Platform are able to automatically detect GCE instances. This enables application owners to define constraints that directly reference instance properties including the instance type and image ID. This in turn allows operators to deploy Nomad across a heterogenous mix of instance types with resource profiles appropriate for a range of workloads.

Get Started with NomadRead Documentation

Connect Applications

Consul is a service mesh offering for discovering, securing, and configuring services across your infrastructure. Consul clusters allow agents to talk across data centers to provide health monitoring, K/V storage, and a variety of other services. To create these clusters, Consul relies on the creation of agents that assume either a server or client role and join an existing cluster upon startup. To help prevent failures in cluster formation, Consul users utilizes the command "retry-join" provisioned for GCE. This instructs agents to join the first private IP of a server with a given tag value and authorized via a GCE service account.

Consul Integrations for Google Cloud:
GCE Auto Retry

Get Started with ConsulRead Documentation