-
-
Save ahmetb/8475be9a0c17f0dc19555a7aaed3a0e7 to your computer and use it in GitHub Desktop.
Cloud Run multi-region deployment script https://ahmet.im/blog/cloud-run-multi-region/
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
#!/usr/bin/env bash | |
set -euo pipefail | |
PROJECT_ID="${PROJECT_ID:-ahmetb-samples-playground}" | |
IMAGE="${IMAGE:-gcr.io/ahmetb-public/zoneprinter}" | |
APP_NAME="${APP_NAME:-zoneprinter}" | |
DOMAIN="${DOMAIN:-zoneprinter.ahmet.im}" | |
log () { | |
echo >&2 "$(tput setaf 2)$*$(tput sgr0)" | |
} | |
gcloud() { | |
set -x | |
command gcloud -q --project "${PROJECT_ID}" "$@" | |
} | |
run_regions() { | |
local token | |
token="$(gcloud auth print-access-token)" | |
curl -sSLfH "Authorization: Bearer $token" \ | |
"https://run.googleapis.com/v1/projects/${PROJECT_ID}/locations?alt=json" |\ | |
jq -r '.locations[].locationId' | |
} | |
log "Deploying Cloud Run service in all regions." | |
for r in $(run_regions); do | |
gcloud run deploy "${APP_NAME}" --image="${IMAGE}" --platform=managed \ | |
--allow-unauthenticated --region="$r" | |
true | |
done | |
log "Creating regional serverless NEGs." | |
for r in $(run_regions); do | |
( | |
gcloud alpha compute network-endpoint-groups create \ | |
"${APP_NAME}-${r}" \ | |
--region="$r" --network-endpoint-type=SERVERLESS \ | |
--cloud-run-service="${APP_NAME}" | |
) | |
done | |
log "Done" | |
backend="${APP_NAME}-backend" | |
log "Creating a backend-service." | |
( | |
gcloud compute backend-services create "${backend}" --global | |
) | |
log "Done." | |
log "Adding regional NEGs to the backend-service." | |
for r in $(run_regions); do | |
( | |
gcloud alpha compute backend-services add-backend "${backend}" --global \ | |
--network-endpoint-group="${APP_NAME}-${r}" \ | |
--network-endpoint-group-region="$r" | |
) | |
done | |
log "Done" | |
log "Creating a url-map." | |
urlmap="${APP_NAME}-urlmap" | |
( | |
gcloud compute url-maps create "${urlmap}" --default-service="${backend}" | |
) | |
log "Done." | |
log "Creating a managed ssl-certificate." | |
cert="${APP_NAME}-cert" | |
( | |
gcloud beta compute ssl-certificates create "${cert}" --domains="${DOMAIN}" | |
) | |
log "Done." | |
log "Creating a target-https-proxy." | |
target_https="${APP_NAME}-https" | |
( | |
gcloud compute target-https-proxies create "${target_https}" \ | |
--ssl-certificates="${cert}" \ | |
--url-map="${urlmap}" | |
) | |
log "Done." | |
log "Creating a static IPv4 address." | |
ip="${APP_NAME}-ip" | |
( | |
gcloud compute addresses create --global "${ip}" | |
) | |
log "Done." | |
log "Creating a global forwarding-rule for HTTPS." | |
fwdrule_https="${APP_NAME}-lb" | |
( | |
gcloud compute forwarding-rules create --global "${fwdrule_https}" \ | |
--target-https-proxy="${target_https}" \ | |
--address="${ip}" \ | |
--ports=443 | |
) | |
log "Done." | |
log "Creating url-map for http-to-https redirect." | |
urlmap_redir="${APP_NAME}-httpredirect" | |
( | |
gcloud compute url-maps import "${urlmap_redir}" \ | |
--global \ | |
--source /dev/stdin <<EOF | |
name: "${urlmap_redir}" | |
defaultUrlRedirect: | |
redirectResponseCode: MOVED_PERMANENTLY_DEFAULT | |
httpsRedirect: True | |
EOF | |
) | |
log "Done." | |
log "Creating target-http-proxy for http-to-https redirect." | |
target_http="${APP_NAME}-http" | |
( | |
gcloud compute target-http-proxies create "${target_http}" \ | |
--url-map="${urlmap_redir}" | |
) | |
log "Done." | |
log "Creating global forwarding-rule for http-to-https redirect." | |
fwdrule_http="${APP_NAME}-httplb" | |
( | |
gcloud compute forwarding-rules create --global "${fwdrule_http}" \ | |
--target-http-proxy="${target_http}" \ | |
--address="${ip}" \ | |
--ports=80 | |
) | |
log "Done." | |
ipv4addr=$(gcloud compute forwarding-rules describe --global "${fwdrule_https}" \ | |
--format='value(IPAddress)') | |
log "Now, update DNS A records to point ${DOMAIN} to ${ipv4addr}." | |
log "Then wait for domain name to start working," | |
log "Or simply wait for certificate provisioning status using:" | |
log " gcloud beta compute ssl-certificates describe ${cert}" | |
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment