Overview

Date: 2026-05-11

Time: 15:18

Overview

This page covers how to use FTL2 to provision and configure Google Cloud Platform (GCP) infrastructure. It explains setup (installing the google.cloud Ansible collection and Python dependencies), authentication methods (service account key or application default credentials), and the available GCP modules for managing compute, storage, SQL, and DNS resources — all accessed through FTL2's async automation pattern.

Key Concepts

• FTL2 uses the google.cloud Ansible collection for GCP automation — the same module ecosystem as Ansible, accessed via FTL2's async API
• Two authentication methods are supported: service account key file (GCPAUTHKIND=serviceaccount) and application default credentials (GCPAUTHKIND=application)
• The collection provides 60+ modules spanning compute, networking, storage, Cloud SQL, and Cloud DNS
• All GCP modules follow the same FTL2 async pattern using async with automation() and await ftl.google.cloud.<module>()
• Secret bindings can be applied with a wildcard pattern ("google.cloud.*") to cover all GCP modules at once
• Collection is installed into the venv's site-packages via ANSIBLECOLLECTIONSPATH

Commands and Syntax

Setup:

# Install collection into venv
ANSIBLE_COLLECTIONS_PATH=.venv/lib/python3.14/site-packages \
  .venv/bin/ansible-galaxy collection install google.cloud

# Install Python auth/API dependencies
uv pip install google-auth google-cloud-compute google-api-python-client

Authentication (env vars):

# Service account
export GCP_AUTH_KIND=serviceaccount
export GCP_SERVICE_ACCOUNT_FILE=/path/to/service-account.json

# Application default credentials
export GCP_AUTH_KIND=application
gcloud auth application-default login

FTL2 usage pattern:

async with automation(secret_bindings={"google.cloud.*": {...}}) as ftl:
    await ftl.google.cloud.gcp_compute_instance(name="vm", ...)

Example scripts: examplegcpprovision.py (creates VPC, subnet, firewall, GCE instance, nginx), examplegcpteardown.py (deletes all provisioned resources).

Relationships

• Ansible collections: FTL2 reuses the google.cloud Ansible collection — same FQCN module naming pattern as other cloud providers (e.g., AWS, Azure)
• Secret bindings / Vault integration: GCP credentials can be managed through FTL2's secret binding mechanism with wildcard patterns
• Async pattern: GCP modules use the same async with automation() pattern as all other FTL2 modules
• Provisioning & teardown: Mirrors the create/destroy lifecycle pattern common across FTL2 cloud examples
• Module installation: Uses the same ansible-galaxy collection install + ANSIBLECOLLECTIONSPATH approach as other Ansible-sourced collections in FTL2

Exam-Relevant Points

• The two GCPAUTHKIND values are serviceaccount and application — know both and their corresponding setup steps
• Python dependencies required: google-auth, google-cloud-compute, google-api-python-client
• Collection install requires setting ANSIBLECOLLECTIONSPATH to the venv's site-packages directory
• GCP modules are called via FQCN: ftl.google.cloud.gcpcomputeinstance(...) — not shorthand
• Secret bindings use wildcard "google.cloud.*" to bind credentials to all GCP modules simultaneously
• The provision/teardown example pair demonstrates idempotent resource lifecycle management
• All GCP modules are async (await) — consistent with FTL2's concurrency model