HashiCorp and Google have been working together to improve infrastructure automation since 2013. Through the efforts of a dedicated engineering team, Google has built a number of integrations aimed at making it easy for organizations to incorporate Google Cloud offerings using HashiCorp tools. Terraform helps create and manage Google Cloud infrastructure, Vault makes it easy to protect enterprise secrets, and Consul and Nomad monitor the health of data centers and automate job scheduling. Google and HashiCorp continue to work closely together to ensure that operators have the right tools to provision, secure, run, and connect any infrastructure for any application.
How Google Cloud works with HashiCorp Product Suite
» Provision Infrastructure
Operators moving into the cloud face three unique challenges: addressing infrastructure heterogeneity, managing scale, and enabling self service consumption across organizations. To address these challenges for users adopting Google Cloud, HashiCorp offers a dedicated Terraform provider for the purpose of provisioning and managing Google cloud-based services. Users can write configurations using infrastructure as code, check them into version control, version them, and run a few commands to test and apply changes to their Google Cloud infrastructure. Google Cloud maintains and supports the GCP Terraform Provider through a dedicated engineering team. This team collaborates directly with HashiCorp to ensure the majority of Google Cloud resources are available for provisioning with Terraform.
Managing GCP Projects with Terraform
Modular Load Balancing with Terraform
Automated Network Deployment, Building a Multi-Cloud VPN with Terraform
Kickstart Terraform on GCP with Google Cloud Shell
» Secure Secrets
Vault provides organizations with a central place to store and access all infrastructure and application secrets, while leveraging any trusted source of identity to enforce system and application access, all while keeping your secrets and application data secure with one centralized workflow to encrypt your data in flight and at rest. For Google Cloud users, Vault offers a number of specific integrations like using your Google Cloud credentials and identity, as well as Auto Unseal with Google Cloud KMS and a dedicated Secrets Engine for generating, managing, and encrypting data within GCP. Using Vault with Google Cloud makes it easy to ensure policy is being enforced across your entire organization while transitioning to a dynamic infrastructure.
Using Vault for Secrets Management
How to dynamically generate GCP IAM credentials with a new HashiCorp Vault secrets engine
HashiCorp Vault on GKE
Secure Kubernetes with Vault
Introducing the Cloud KMS plugin for HashiCorp Vault
» Run Applications
Nomad is a flexible, enterprise-grade cluster scheduler that can run a diverse workload of micro-service, batch, containerized and non-containerized applications. Nomad's lightweight architecture and zero external dependencies minimize operational overhead in any on-prem or public cloud environment. Nomad Enterprise adds collaboration and governance capabilities, allowing organizations to run Nomad in a multi-team setting and meet governance and policy requirements. Nomad clients running on Google Cloud Platform are able to automatically detect GCE instances. This enables application owners to define constraints that directly reference instance properties including the instance type and image ID. This in turn allows operators to deploy Nomad across a heterogenous mix of instance types with resource profiles appropriate for a range of workloads.Get Started with Nomad Read Documentation
» Connect Applications
Consul is a tool for discovering and configuring services within your infrastructure. Consul clusters allow agents to talk across data centers to provide health monitoring, K/V storage, and a variety of other services. To create these clusters, Consul relies on the creation of agents that assume either a server or client role and join an existing cluster upon startup. To help prevent failures in cluster formation, Consul users utilizes the command "retry-join" provisioned for GCE. This instructs agents to join the first private IP of a server with a given tag value and authorized via a GCE service account.
Consul Integrations for Google Cloud:
GCE Auto Retry
HashiConf 2018 Closing Keynote: New GCP Features for Terraform and Vault
Microservice security with Vault
- Case Study
How Fleetsmith deploys Vault on Google Cloud Platform
Using HashiCorp Vault to Secure Kubernetes
Everything as Code: The future of ops tools
HashiCorp Vault + Google Cloud: Creating and Managing Dynamic Secrets
How to Dynamically Generate GCP IAM Credentials with Vault
Using HashiCorp Vault to manage Google IAM service accounts
Announcing Google Cloud Spanner as a Vault storage backend