infra: update terraform

6dbde64d · Taha Cherfia · 87447f2b · 6dbde64d · 6dbde64d · 6dbde64d
Commit 6dbde64d authored 8 months ago by Taha Cherfia
--- a/terraform/common/service_account.tf
+++ b/terraform/common/service_account.tf
 resource "google_service_account" "translation_api" {
  project      = data.terraform_remote_state.holi_infra_state.outputs.shared_project_id
-  account_id   = "cloudrun-service-translation-api"
-  display_name = "translation API service account for Cloud Run"
-}
-
-resource "google_project_iam_member" "translation_api" {
-  project = data.terraform_remote_state.holi_infra_state.outputs.shared_project_id
-  member  = "serviceAccount:${google_service_account.translation_api.email}"
-  role    = "roles/secretmanager.secretAccessor"
+  account_id   = "holi-translation-api"
+  display_name = "Translation API service account for Cloud Run"
 }

 output "cloud_run_service_account_email" {

--- a/terraform/environments/deployment.tf
+++ b/terraform/environments/deployment.tf
@@ -5,7 +5,6 @@ resource "random_id" "main" {

 resource "google_project_service" "service" {
  for_each = toset([
-    "endpoints.googleapis.com",
    "run.googleapis.com",
    "servicecontrol.googleapis.com",
    "servicemanagement.googleapis.com",
@@ -23,7 +22,7 @@ variable "image_tag" {
  nullable = false
 }

-resource "google_cloud_run_v2_service" "translation_api" {
+resource "google_cloud_run_v2_service" "translation_api_service" {
  project  = data.terraform_remote_state.holi_infra_state.outputs.shared_project_id
  name     = random_id.main.hex
  location = local.default_region
@@ -35,29 +34,27 @@ resource "google_cloud_run_v2_service" "translation_api" {
      image = "${data.terraform_remote_state.holi_infra_state.outputs.artifact_registry_location}/holi-translation-api:${var.image_tag}"

      ports {
-        container_port = 8089
+        container_port = 5000
      }

      env {
        name  = "ENVIRONMENT"
        value = local.environment
      }
-      env {
-        name  = "HOLI_LIBRETRANSLATE_BASE_URL"
-        value = local.environment == "production" ? "https://staging.libretranslate.apis.holi.social" : "https://production.libretranslate.apis.holi.social"
-      }
+
+      args = ["--host", "0.0.0.0"]

      resources {
        limits = {
          cpu    = "1"
-          memory = local.environment == "production" ? "512Mi" : "256Mi"
+          memory = "512Mi"
        }
      }
    }

    scaling {
      min_instance_count = local.environment == "production" ? "1" : "0"
-      max_instance_count = local.environment == "production" ? "10" : "1"
+      max_instance_count = local.environment == "production" ? "10" : "3"
    }

    vpc_access {
@@ -75,16 +72,16 @@ resource "google_cloud_run_v2_service" "translation_api" {
 }

 resource "google_cloud_run_domain_mapping" "holi_social_translation_api" {
-  project  = google_cloud_run_service.translation_api.project
-  location = google_cloud_run_service.translation_api.location
+  project  = google_cloud_run_v2_service.translation_api_service.project
+  location = google_cloud_run_v2_service.translation_api_service.location
  name     = local.dns_name

  metadata {
-    namespace = google_cloud_run_service.translation_api.project
+    namespace = google_cloud_run_v2_service.translation_api_service.project
  }

  spec {
-    route_name = google_cloud_run_service.translation_api.name
+    route_name = google_cloud_run_v2_service.translation_api_service.name
  }
 }

@@ -97,10 +94,9 @@ data "google_iam_policy" "translation_api" {
  }
 }

-resource "google_cloud_run_service_iam_policy" "translation_api" {
-  location = google_cloud_run_service.translation_api.location
-  project  = google_cloud_run_service.translation_api.project
-  service  = google_cloud_run_service.translation_api.name
-
+resource "google_cloud_run_v2_service_iam_policy" "translation_api" {
+  name        = google_cloud_run_v2_service.translation_api_service.name
+  location    = google_cloud_run_v2_service.translation_api_service.location
+  project     = google_cloud_run_v2_service.translation_api_service.project
  policy_data = data.google_iam_policy.translation_api.policy_data
 }
--- a/terraform/environments/init.tf
+++ b/terraform/environments/init.tf
@@ -21,6 +21,7 @@ data "terraform_remote_state" "holi_translation_api_common_state" {
  }
 }

+# provider google including beta features
 provider "google" {
  region = local.default_region
 }

--- a/terraform/environments/scripts/create-or-update-env.sh
+++ b/terraform/environments/scripts/create-or-update-env.sh
@@ -15,4 +15,5 @@ TF_LOG_PATH=terraform-init.log terraform init
 TF_LOG_PATH=terraform-version.log terraform version
 TF_LOG_PATH=terraform-workspace.log terraform workspace new "$WORKSPACE" || terraform workspace select "$WORKSPACE"
 TF_LOG_PATH=terraform-plan.log terraform plan -var="image_tag=$TAG" -out plan -no-color | tee tfplan.plain
+TF_LOG_PATH=terraform-apply.log terraform apply -auto-approve -parallelism=50 planTF_LOG_PATH=terraform-plan.log terraform plan -var="image_tag=$TAG" -out plan -no-color | tee tfplan.plain
 TF_LOG_PATH=terraform-apply.log terraform apply -auto-approve -parallelism=50 plan
\ No newline at end of file
--- a/terraform/environments/scripts/destroy-env.sh
+++ b/terraform/environments/scripts/destroy-env.sh
@@ -3,14 +3,16 @@
 # exit when any command fails
 set -ex

-# enable debug output in terraform
-export TF_LOG=DEBUG
+# enable full debug output in terraform, which is only written to logfiles
+export TF_LOG=TRACE

 cd terraform/environments

-TF_LOG_PATH=terraform-init.log       terraform init
-TF_LOG_PATH=terraform-version.log    terraform version
-TF_LOG_PATH=terraform-workspace.log  terraform workspace new "$1" || terraform workspace select "$1"
-TF_LOG_PATH=terraform-destroy.log    terraform destroy -auto-approve -var="image_tag=dummy"
-TF_LOG_PATH=terraform-ws-default.log terraform workspace select default
-TF_LOG_PATH=terraform-ws-delete.log  terraform workspace delete "$1"
+WORKSPACE=$1
+TAG=$2
+
+TF_LOG_PATH=terraform-init.log terraform init
+TF_LOG_PATH=terraform-version.log terraform version
+TF_LOG_PATH=terraform-workspace.log terraform workspace new "$WORKSPACE" || terraform workspace select "$WORKSPACE"
+TF_LOG_PATH=terraform-plan.log terraform plan -var="image_tag=$TAG" -out plan -no-color | tee tfplan.plain
+TF_LOG_PATH=terraform-apply.log terraform apply -auto-approve -parallelism=50 plan
\ No newline at end of file
--- a/terraform/environments/vars.tf
+++ b/terraform/environments/vars.tf
 locals {
  environment      = terraform.workspace
-  environment_name = trim(substr(local.environment, 0, 22), ".-")
+  environment_name = trim(substr(local.environment, 0, 22), ".-") # limits the length of the name that it fits constraints google imposes for some resources, e.g. project ids
  dns_name         = "${trimsuffix(substr(local.environment, 0, 34), ".-")}.${data.terraform_remote_state.holi_translation_api_common_state.outputs.dns_translation_api_domain}"
  default_region   = data.terraform_remote_state.holi_infra_state.outputs.default_region
 }