Skip to content

Instantly share code, notes, and snippets.

@atnartur
Last active September 2, 2022 15:53
Show Gist options
  • Save atnartur/1dfce86d4999796d8d6b9949c60e8d12 to your computer and use it in GitHub Desktop.
Save atnartur/1dfce86d4999796d8d6b9949c60e8d12 to your computer and use it in GitHub Desktop.
Deploy Django+Celery app to Yandex Cloud with Terraform https://atnartur.ru/posts/2022/celery-in-yandex-cloud/
variable "yc_token" {
type = string
nullable = false
}
variable "service_account_id" {
type = string
nullable = false
}
variable "yandex_registry" {
type = string
nullable = false
}
variable "cloud_id" {
type = string
nullable = false
}
variable "folder_id" {
type = string
nullable = false
}
variable "access_key" {
type = string
nullable = false
}
variable "secret_key" {
type = string
nullable = false
}
variable "region" {
type = string
default = "ru-central1"
}
variable "zone" {
type = string
default = "ru-central1-a"
}
variable "project_name" {
type = string
default = "code-analysis"
}
variable "sentry_dsn" {
type = string
}
variable "image_tag" {
type = string
default = "latest"
}
variable "container_path_for_trigger" {
type = string
default = "/api/serverless_celery_worker/"
}
terraform {
required_providers {
yandex = {
source = "yandex-cloud/yandex"
}
}
required_version = ">= 0.13"
}
provider "yandex" {
token = var.yc_token
cloud_id = var.cloud_id
folder_id = var.folder_id
zone = var.zone
}
resource "yandex_message_queue" "queue" {
name = var.project_name
visibility_timeout_seconds = 600
receive_wait_time_seconds = 20
message_retention_seconds = 1209600
region_id = var.region
access_key = var.access_key
secret_key = var.secret_key
}
resource "yandex_ydb_database_serverless" "db" {
name = var.project_name
folder_id = var.folder_id
}
resource "yandex_serverless_container" "container" {
name = var.project_name
description = "code analysis"
memory = 128
execution_timeout = "15s"
cores = 1
core_fraction = 5
service_account_id = var.service_account_id
concurrency = 1
image {
url = "${var.yandex_registry}/${var.project_name}"
digest = var.image_tag
environment = {
CELERY_BROKER_URL = "sqs://${var.access_key}:${var.secret_key}@message-queue.api.cloud.yandex.net"
SQS_QUEUE = yandex_message_queue.queue.id
SQS_ACCESS_KEY_ID = yandex_message_queue.queue.access_key
SQS_SECRET_ACCESS_KEY = yandex_message_queue.queue.secret_key
SQS_REGION = yandex_message_queue.queue.region_id
CELERY_DYNAMODB_ENDPOINT_URL = yandex_ydb_database_serverless.db.document_api_endpoint
SENTRY_DSN = var.sentry_dsn
}
}
}
resource "null_resource" "setup_trigger" {
# yandex provider does not support creating triggers with serverless container target
# CANNOT UPDATE AUTOMATICALLY! NEED REMOVE BLOCK FROM .TFSTATE FILE
provisioner "local-exec" {
interpreter = ["/bin/bash", "-c"]
command = <<EOF
yc serverless trigger delete --name=code-analysis || echo && \
yc serverless trigger create message-queue \
--name=code-analysis \
--queue ${yandex_message_queue.queue.arn} \
--queue-service-account-id ${var.service_account_id} \
--invoke-container-service-account-id ${var.service_account_id} \
--invoke-container-id ${yandex_serverless_container.container.id} \
--invoke-container-path ${var.container_path_for_trigger}
EOF
}
depends_on = [
yandex_message_queue.queue,
yandex_serverless_container.container
]
}
resource "yandex_api_gateway" "api-gateway" {
name = var.project_name
description = "code analysis"
spec = <<-EOT
openapi: "3.0.0"
info:
version: 1.0.0
title: Code analysis
paths:
/{url+}:
x-yc-apigateway-any-method:
summary: Execute container
operationId: container
parameters:
- explode: false
in: path
name: url
required: false
style: simple
x-yc-apigateway-integration:
type: serverless_containers
container_id: ${yandex_serverless_container.container.id}
service_account_id: ${var.service_account_id}
EOT
}
output "domain" {
value = "${yandex_api_gateway.api-gateway.domain}"
}
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment