Created
February 15, 2022 10:51
-
-
Save shikanime/88abd39a349242c8188184e9b75bea59 to your computer and use it in GitHub Desktop.
DBT documentation Terraform manifest using Cloud Run
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
terraform { | |
required_version = ">= 1.0.7" | |
required_providers { | |
google = { | |
source = "hashicorp/google" | |
version = "3.84.0" | |
} | |
google-beta = { | |
version = "3.84.0" | |
} | |
template = { | |
version = "2.2.0" | |
} | |
} | |
} | |
variable "project" { | |
description = "GCP project in which to create the resources." | |
type = string | |
} | |
variable "region" { | |
description = "GCP region in which to create the resources." | |
type = string | |
default = "europe-west1" | |
} | |
variable "tf_sa_access_token" { | |
description = "Temporary OAuth 2.0 access token to be used by the Google providers." | |
type = string | |
default = "" | |
} | |
variable "dbt_doc_docker_image" { | |
description = "The Docker image to use for the service." | |
type = string | |
default = "gcr.io/cloudrun/placeholder" | |
} | |
variable "dbt_doc_service_account" { | |
description = "Service account to use for the Cloud Run service hosting the dbt documentation." | |
type = string | |
} | |
variable "dbt_doc_load_balancer_url" { | |
description = "URL to use for the load balancer serving the dbt documentation." | |
type = string | |
} | |
provider "google" { | |
project = var.project | |
region = var.region | |
access_token = length(var.tf_sa_access_token) > 0 ? var.tf_sa_access_token : null | |
} | |
provider "google-beta" { | |
project = var.project | |
region = var.region | |
access_token = length(var.tf_sa_access_token) > 0 ? var.tf_sa_access_token : null | |
} | |
# Cloud Run service configuration. | |
# | |
resource "google_cloud_run_service" "dbt_doc" { | |
name = "data-processing-doc" | |
location = var.region | |
autogenerate_revision_name = true | |
metadata { | |
annotations = { | |
# Only accepts internal requests and requests coming through HTTP(S) Load Balancing. | |
"run.googleapis.com/ingress" = "internal-and-cloud-load-balancing" | |
} | |
} | |
template { | |
spec { | |
containers { | |
image = var.dbt_doc_docker_image | |
} | |
service_account_name = var.dbt_doc_service_account | |
} | |
metadata { | |
annotations = { | |
# Maximum instances. | |
"autoscaling.knative.dev/maxScale" = "3" | |
} | |
} | |
} | |
lifecycle { | |
ignore_changes = [ | |
# Ignore some annotations that are updated during the deployment by the CI/CD pipeline. | |
metadata[0].annotations["client.knative.dev/user-image"], | |
metadata[0].annotations["run.googleapis.com/client-name"], | |
metadata[0].annotations["run.googleapis.com/client-version"], | |
metadata[0].annotations["run.googleapis.com/sandbox"], | |
template[0].metadata[0].annotations["client.knative.dev/user-image"], | |
template[0].metadata[0].annotations["run.googleapis.com/client-name"], | |
template[0].metadata[0].annotations["run.googleapis.com/client-version"], | |
template[0].metadata[0].annotations["run.googleapis.com/sandbox"], | |
template[0].spec[0].containers[0].image | |
] | |
} | |
timeouts { | |
update = "5m" # The default timeout is way too long for updating Cloud Run instance, don't wait 20min for an image update to fail. | |
} | |
} | |
# | |
# Load balancer configuration. | |
# | |
# For an explanation of the required parts, see https://cloud.google.com/load-balancing/docs/https/setting-up-https-serverless#creating_the_load_balancer | |
# | |
resource "google_compute_region_network_endpoint_group" "dbt_doc" { | |
region = var.region | |
name = "data-processing-doc" | |
description = "NEG for the data-processing-doc service." | |
network_endpoint_type = "SERVERLESS" | |
cloud_run { | |
service = google_cloud_run_service.dbt_doc.name | |
} | |
# Region NEG cannot be destroyed when in use by Backend Service | |
# When changing this backend, the new backend must be created and backend service updated | |
# Also, a new name must be given to NEG otherwise there would be name collision | |
lifecycle { | |
create_before_destroy = true | |
} | |
} | |
resource "google_compute_backend_service" "dbt_doc" { | |
name = "data-processing-doc" | |
load_balancing_scheme = "EXTERNAL" | |
protocol = "HTTPS" | |
enable_cdn = false | |
backend { | |
group = google_compute_region_network_endpoint_group.dbt_doc.self_link | |
} | |
lifecycle { | |
ignore_changes = [ | |
iap | |
] | |
} | |
} | |
resource "google_compute_url_map" "dbt_doc" { | |
name = "data-processing-doc" | |
default_service = google_compute_backend_service.dbt_doc.id | |
host_rule { | |
hosts = ["*"] | |
path_matcher = "default" | |
} | |
path_matcher { | |
name = "default" | |
default_service = google_compute_backend_service.dbt_doc.id | |
} | |
} | |
resource "google_compute_managed_ssl_certificate" "origin" { | |
name = "data-processing-doc" | |
description = "SSL certificate for the data-processing-doc service." | |
managed { | |
domains = [var.dbt_doc_load_balancer_url] | |
} | |
} | |
resource "google_compute_target_https_proxy" "dbt_doc" { | |
name = "data-processing-doc-lb-rule-front-https" | |
url_map = google_compute_url_map.dbt_doc.id | |
ssl_certificates = [google_compute_managed_ssl_certificate.origin.id] | |
} | |
resource "google_compute_global_address" "dbt_doc" { | |
name = "data-processing-doc-lb-ip" | |
description = "Static external IP used by the load balancer for the data-processing-doc service." | |
} | |
resource "google_compute_global_forwarding_rule" "dbt_doc" { | |
name = "data-processing-doc-lb-rule-https" | |
ip_address = google_compute_global_address.dbt_doc.address | |
port_range = "443" | |
target = google_compute_target_https_proxy.dbt_doc.id | |
} |
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment