shikanime/main.tf

## main.tf
terraform {
  required_version = ">= 1.0.7"

  required_providers {
    google = {
      source  = "hashicorp/google"
      version = "3.84.0"
    }
    google-beta = {
      version = "3.84.0"
    }
    template = {
      version = "2.2.0"
    }
  }
}

variable "project" {
  description = "GCP project in which to create the resources."
  type        = string
}

variable "region" {
  description = "GCP region in which to create the resources."
  type        = string
  default     = "europe-west1"
}
variable "tf_sa_access_token" {
  description = "Temporary OAuth 2.0 access token to be used by the Google providers."
  type        = string
  default     = ""
}

variable "dbt_doc_docker_image" {
  description = "The Docker image to use for the service."
  type        = string
  default     = "gcr.io/cloudrun/placeholder"
}

variable "dbt_doc_service_account" {
  description = "Service account to use for the Cloud Run service hosting the dbt documentation."
  type        = string
}

variable "dbt_doc_load_balancer_url" {
  description = "URL to use for the load balancer serving the dbt documentation."
  type        = string
}

provider "google" {
  project      = var.project
  region       = var.region
  access_token = length(var.tf_sa_access_token) > 0 ? var.tf_sa_access_token : null
}

provider "google-beta" {
  project      = var.project
  region       = var.region
  access_token = length(var.tf_sa_access_token) > 0 ? var.tf_sa_access_token : null
}
# Cloud Run service configuration.
#

resource "google_cloud_run_service" "dbt_doc" {
  name                       = "data-processing-doc"
  location                   = var.region
  autogenerate_revision_name = true

  metadata {
    annotations = {
      # Only accepts internal requests and requests coming through HTTP(S) Load Balancing.
      "run.googleapis.com/ingress" = "internal-and-cloud-load-balancing"
    }
  }

  template {
    spec {
      containers {
        image = var.dbt_doc_docker_image
      }
      service_account_name = var.dbt_doc_service_account
    }

    metadata {
      annotations = {
        # Maximum instances.
        "autoscaling.knative.dev/maxScale" = "3"
      }
    }
  }

  lifecycle {
    ignore_changes = [
      # Ignore some annotations that are updated during the deployment by the CI/CD pipeline.
      metadata[0].annotations["client.knative.dev/user-image"],
      metadata[0].annotations["run.googleapis.com/client-name"],
      metadata[0].annotations["run.googleapis.com/client-version"],
      metadata[0].annotations["run.googleapis.com/sandbox"],

      template[0].metadata[0].annotations["client.knative.dev/user-image"],
      template[0].metadata[0].annotations["run.googleapis.com/client-name"],
      template[0].metadata[0].annotations["run.googleapis.com/client-version"],
      template[0].metadata[0].annotations["run.googleapis.com/sandbox"],
      template[0].spec[0].containers[0].image
    ]
  }

  timeouts {
    update = "5m" # The default timeout is way too long for updating Cloud Run instance, don't wait 20min for an image update to fail.
  }
}

#
# Load balancer configuration.
#
# For an explanation of the required parts, see https://cloud.google.com/load-balancing/docs/https/setting-up-https-serverless#creating_the_load_balancer
#

resource "google_compute_region_network_endpoint_group" "dbt_doc" {
  region      = var.region
  name        = "data-processing-doc"
  description = "NEG for the data-processing-doc service."

  network_endpoint_type = "SERVERLESS"
  cloud_run {
    service = google_cloud_run_service.dbt_doc.name
  }

  # Region NEG cannot be destroyed when in use by Backend Service
  # When changing this backend, the new backend must be created and backend service updated
  # Also, a new name must be given to NEG otherwise there would be name collision
  lifecycle {
    create_before_destroy = true
  }
}

resource "google_compute_backend_service" "dbt_doc" {
  name = "data-processing-doc"

  load_balancing_scheme = "EXTERNAL"
  protocol              = "HTTPS"
  enable_cdn            = false

  backend {
    group = google_compute_region_network_endpoint_group.dbt_doc.self_link
  }

  lifecycle {
    ignore_changes = [
      iap
    ]
  }
}

resource "google_compute_url_map" "dbt_doc" {
  name            = "data-processing-doc"
  default_service = google_compute_backend_service.dbt_doc.id

  host_rule {
    hosts        = ["*"]
    path_matcher = "default"
  }

  path_matcher {
    name            = "default"
    default_service = google_compute_backend_service.dbt_doc.id
  }
}

resource "google_compute_managed_ssl_certificate" "origin" {
  name        = "data-processing-doc"
  description = "SSL certificate for the data-processing-doc service."

  managed {
    domains = [var.dbt_doc_load_balancer_url]
  }
}

resource "google_compute_target_https_proxy" "dbt_doc" {
  name             = "data-processing-doc-lb-rule-front-https"
  url_map          = google_compute_url_map.dbt_doc.id
  ssl_certificates = [google_compute_managed_ssl_certificate.origin.id]
}

resource "google_compute_global_address" "dbt_doc" {
  name        = "data-processing-doc-lb-ip"
  description = "Static external IP used by the load balancer for the data-processing-doc service."
}

resource "google_compute_global_forwarding_rule" "dbt_doc" {
  name       = "data-processing-doc-lb-rule-https"
  ip_address = google_compute_global_address.dbt_doc.address
  port_range = "443"
  target     = google_compute_target_https_proxy.dbt_doc.id
}
	terraform {
	required_version = ">= 1.0.7"

	required_providers {
	google = {
	source = "hashicorp/google"
	version = "3.84.0"
	}
	google-beta = {
	version = "3.84.0"
	}
	template = {
	version = "2.2.0"
	}
	}
	}

	variable "project" {
	description = "GCP project in which to create the resources."
	type = string
	}

	variable "region" {
	description = "GCP region in which to create the resources."
	type = string
	default = "europe-west1"
	}
	variable "tf_sa_access_token" {
	description = "Temporary OAuth 2.0 access token to be used by the Google providers."
	type = string
	default = ""
	}

	variable "dbt_doc_docker_image" {
	description = "The Docker image to use for the service."
	type = string
	default = "gcr.io/cloudrun/placeholder"
	}

	variable "dbt_doc_service_account" {
	description = "Service account to use for the Cloud Run service hosting the dbt documentation."
	type = string
	}

	variable "dbt_doc_load_balancer_url" {
	description = "URL to use for the load balancer serving the dbt documentation."
	type = string
	}

	provider "google" {
	project = var.project
	region = var.region
	access_token = length(var.tf_sa_access_token) > 0 ? var.tf_sa_access_token : null
	}

	provider "google-beta" {
	project = var.project
	region = var.region
	access_token = length(var.tf_sa_access_token) > 0 ? var.tf_sa_access_token : null
	}
	# Cloud Run service configuration.
	#

	resource "google_cloud_run_service" "dbt_doc" {
	name = "data-processing-doc"
	location = var.region
	autogenerate_revision_name = true

	metadata {
	annotations = {
	# Only accepts internal requests and requests coming through HTTP(S) Load Balancing.
	"run.googleapis.com/ingress" = "internal-and-cloud-load-balancing"
	}
	}

	template {
	spec {
	containers {
	image = var.dbt_doc_docker_image
	}
	service_account_name = var.dbt_doc_service_account
	}

	metadata {
	annotations = {
	# Maximum instances.
	"autoscaling.knative.dev/maxScale" = "3"
	}
	}
	}

	lifecycle {
	ignore_changes = [
	# Ignore some annotations that are updated during the deployment by the CI/CD pipeline.
	metadata[0].annotations["client.knative.dev/user-image"],
	metadata[0].annotations["run.googleapis.com/client-name"],
	metadata[0].annotations["run.googleapis.com/client-version"],
	metadata[0].annotations["run.googleapis.com/sandbox"],

	template[0].metadata[0].annotations["client.knative.dev/user-image"],
	template[0].metadata[0].annotations["run.googleapis.com/client-name"],
	template[0].metadata[0].annotations["run.googleapis.com/client-version"],
	template[0].metadata[0].annotations["run.googleapis.com/sandbox"],
	template[0].spec[0].containers[0].image
	]
	}

	timeouts {
	update = "5m" # The default timeout is way too long for updating Cloud Run instance, don't wait 20min for an image update to fail.
	}
	}

	#
	# Load balancer configuration.
	#
	# For an explanation of the required parts, see https://cloud.google.com/load-balancing/docs/https/setting-up-https-serverless#creating_the_load_balancer
	#

	resource "google_compute_region_network_endpoint_group" "dbt_doc" {
	region = var.region
	name = "data-processing-doc"
	description = "NEG for the data-processing-doc service."

	network_endpoint_type = "SERVERLESS"
	cloud_run {
	service = google_cloud_run_service.dbt_doc.name
	}

	# Region NEG cannot be destroyed when in use by Backend Service
	# When changing this backend, the new backend must be created and backend service updated
	# Also, a new name must be given to NEG otherwise there would be name collision
	lifecycle {
	create_before_destroy = true
	}
	}

	resource "google_compute_backend_service" "dbt_doc" {
	name = "data-processing-doc"

	load_balancing_scheme = "EXTERNAL"
	protocol = "HTTPS"
	enable_cdn = false

	backend {
	group = google_compute_region_network_endpoint_group.dbt_doc.self_link
	}

	lifecycle {
	ignore_changes = [
	iap
	]
	}
	}

	resource "google_compute_url_map" "dbt_doc" {
	name = "data-processing-doc"
	default_service = google_compute_backend_service.dbt_doc.id

	host_rule {
	hosts = ["*"]
	path_matcher = "default"
	}

	path_matcher {
	name = "default"
	default_service = google_compute_backend_service.dbt_doc.id
	}
	}

	resource "google_compute_managed_ssl_certificate" "origin" {
	name = "data-processing-doc"
	description = "SSL certificate for the data-processing-doc service."

	managed {
	domains = [var.dbt_doc_load_balancer_url]
	}
	}

	resource "google_compute_target_https_proxy" "dbt_doc" {
	name = "data-processing-doc-lb-rule-front-https"
	url_map = google_compute_url_map.dbt_doc.id
	ssl_certificates = [google_compute_managed_ssl_certificate.origin.id]
	}

	resource "google_compute_global_address" "dbt_doc" {
	name = "data-processing-doc-lb-ip"
	description = "Static external IP used by the load balancer for the data-processing-doc service."
	}

	resource "google_compute_global_forwarding_rule" "dbt_doc" {
	name = "data-processing-doc-lb-rule-https"
	ip_address = google_compute_global_address.dbt_doc.address
	port_range = "443"
	target = google_compute_target_https_proxy.dbt_doc.id
	}