From 6dbde64d59208ae2fded36251a8203099703defa Mon Sep 17 00:00:00 2001
From: Taha Cherfia <taha.cherfia@holi.team>
Date: Wed, 17 Jul 2024 11:59:46 +0200
Subject: [PATCH] infra: update terraform
---
terraform/common/service_account.tf | 10 ++----
terraform/environments/deployment.tf | 32 ++++++++-----------
terraform/environments/init.tf | 1 +
.../scripts/create-or-update-env.sh | 1 +
terraform/environments/scripts/destroy-env.sh | 18 ++++++-----
terraform/environments/vars.tf | 2 +-
6 files changed, 29 insertions(+), 35 deletions(-)
diff --git a/terraform/common/service_account.tf b/terraform/common/service_account.tf
index 4859925..80b8be9 100644
--- a/terraform/common/service_account.tf
+++ b/terraform/common/service_account.tf
@@ -1,13 +1,7 @@
resource "google_service_account" "translation_api" {
project = data.terraform_remote_state.holi_infra_state.outputs.shared_project_id
- account_id = "cloudrun-service-translation-api"
- display_name = "translation API service account for Cloud Run"
-}
-
-resource "google_project_iam_member" "translation_api" {
- project = data.terraform_remote_state.holi_infra_state.outputs.shared_project_id
- member = "serviceAccount:${google_service_account.translation_api.email}"
- role = "roles/secretmanager.secretAccessor"
+ account_id = "holi-translation-api"
+ display_name = "Translation API service account for Cloud Run"
}
output "cloud_run_service_account_email" {
diff --git a/terraform/environments/deployment.tf b/terraform/environments/deployment.tf
index 9c2ad5a..68faf1a 100644
--- a/terraform/environments/deployment.tf
+++ b/terraform/environments/deployment.tf
@@ -5,7 +5,6 @@ resource "random_id" "main" {
resource "google_project_service" "service" {
for_each = toset([
- "endpoints.googleapis.com",
"run.googleapis.com",
"servicecontrol.googleapis.com",
"servicemanagement.googleapis.com",
@@ -23,7 +22,7 @@ variable "image_tag" {
nullable = false
}
-resource "google_cloud_run_v2_service" "translation_api" {
+resource "google_cloud_run_v2_service" "translation_api_service" {
project = data.terraform_remote_state.holi_infra_state.outputs.shared_project_id
name = random_id.main.hex
location = local.default_region
@@ -35,29 +34,27 @@ resource "google_cloud_run_v2_service" "translation_api" {
image = "${data.terraform_remote_state.holi_infra_state.outputs.artifact_registry_location}/holi-translation-api:${var.image_tag}"
ports {
- container_port = 8089
+ container_port = 5000
}
env {
name = "ENVIRONMENT"
value = local.environment
}
- env {
- name = "HOLI_LIBRETRANSLATE_BASE_URL"
- value = local.environment == "production" ? "https://staging.libretranslate.apis.holi.social" : "https://production.libretranslate.apis.holi.social"
- }
+
+ args = ["--host", "0.0.0.0"]
resources {
limits = {
cpu = "1"
- memory = local.environment == "production" ? "512Mi" : "256Mi"
+ memory = "512Mi"
}
}
}
scaling {
min_instance_count = local.environment == "production" ? "1" : "0"
- max_instance_count = local.environment == "production" ? "10" : "1"
+ max_instance_count = local.environment == "production" ? "10" : "3"
}
vpc_access {
@@ -75,16 +72,16 @@ resource "google_cloud_run_v2_service" "translation_api" {
}
resource "google_cloud_run_domain_mapping" "holi_social_translation_api" {
- project = google_cloud_run_service.translation_api.project
- location = google_cloud_run_service.translation_api.location
+ project = google_cloud_run_v2_service.translation_api_service.project
+ location = google_cloud_run_v2_service.translation_api_service.location
name = local.dns_name
metadata {
- namespace = google_cloud_run_service.translation_api.project
+ namespace = google_cloud_run_v2_service.translation_api_service.project
}
spec {
- route_name = google_cloud_run_service.translation_api.name
+ route_name = google_cloud_run_v2_service.translation_api_service.name
}
}
@@ -97,10 +94,9 @@ data "google_iam_policy" "translation_api" {
}
}
-resource "google_cloud_run_service_iam_policy" "translation_api" {
- location = google_cloud_run_service.translation_api.location
- project = google_cloud_run_service.translation_api.project
- service = google_cloud_run_service.translation_api.name
-
+resource "google_cloud_run_v2_service_iam_policy" "translation_api" {
+ name = google_cloud_run_v2_service.translation_api_service.name
+ location = google_cloud_run_v2_service.translation_api_service.location
+ project = google_cloud_run_v2_service.translation_api_service.project
policy_data = data.google_iam_policy.translation_api.policy_data
}
diff --git a/terraform/environments/init.tf b/terraform/environments/init.tf
index 72faf5e..112dd65 100644
--- a/terraform/environments/init.tf
+++ b/terraform/environments/init.tf
@@ -21,6 +21,7 @@ data "terraform_remote_state" "holi_translation_api_common_state" {
}
}
+# provider google including beta features
provider "google" {
region = local.default_region
}
diff --git a/terraform/environments/scripts/create-or-update-env.sh b/terraform/environments/scripts/create-or-update-env.sh
index 89d2951..aae2eda 100755
--- a/terraform/environments/scripts/create-or-update-env.sh
+++ b/terraform/environments/scripts/create-or-update-env.sh
@@ -15,4 +15,5 @@ TF_LOG_PATH=terraform-init.log terraform init
TF_LOG_PATH=terraform-version.log terraform version
TF_LOG_PATH=terraform-workspace.log terraform workspace new "$WORKSPACE" || terraform workspace select "$WORKSPACE"
TF_LOG_PATH=terraform-plan.log terraform plan -var="image_tag=$TAG" -out plan -no-color | tee tfplan.plain
+TF_LOG_PATH=terraform-apply.log terraform apply -auto-approve -parallelism=50 planTF_LOG_PATH=terraform-plan.log terraform plan -var="image_tag=$TAG" -out plan -no-color | tee tfplan.plain
TF_LOG_PATH=terraform-apply.log terraform apply -auto-approve -parallelism=50 plan
\ No newline at end of file
diff --git a/terraform/environments/scripts/destroy-env.sh b/terraform/environments/scripts/destroy-env.sh
index 8feb7be..89d2951 100755
--- a/terraform/environments/scripts/destroy-env.sh
+++ b/terraform/environments/scripts/destroy-env.sh
@@ -3,14 +3,16 @@
# exit when any command fails
set -ex
-# enable debug output in terraform
-export TF_LOG=DEBUG
+# enable full debug output in terraform, which is only written to logfiles
+export TF_LOG=TRACE
cd terraform/environments
-TF_LOG_PATH=terraform-init.log terraform init
-TF_LOG_PATH=terraform-version.log terraform version
-TF_LOG_PATH=terraform-workspace.log terraform workspace new "$1" || terraform workspace select "$1"
-TF_LOG_PATH=terraform-destroy.log terraform destroy -auto-approve -var="image_tag=dummy"
-TF_LOG_PATH=terraform-ws-default.log terraform workspace select default
-TF_LOG_PATH=terraform-ws-delete.log terraform workspace delete "$1"
+WORKSPACE=$1
+TAG=$2
+
+TF_LOG_PATH=terraform-init.log terraform init
+TF_LOG_PATH=terraform-version.log terraform version
+TF_LOG_PATH=terraform-workspace.log terraform workspace new "$WORKSPACE" || terraform workspace select "$WORKSPACE"
+TF_LOG_PATH=terraform-plan.log terraform plan -var="image_tag=$TAG" -out plan -no-color | tee tfplan.plain
+TF_LOG_PATH=terraform-apply.log terraform apply -auto-approve -parallelism=50 plan
\ No newline at end of file
diff --git a/terraform/environments/vars.tf b/terraform/environments/vars.tf
index 19b5750..be5613d 100644
--- a/terraform/environments/vars.tf
+++ b/terraform/environments/vars.tf
@@ -1,6 +1,6 @@
locals {
environment = terraform.workspace
- environment_name = trim(substr(local.environment, 0, 22), ".-")
+ environment_name = trim(substr(local.environment, 0, 22), ".-") # limits the length of the name that it fits constraints google imposes for some resources, e.g. project ids
dns_name = "${trimsuffix(substr(local.environment, 0, 34), ".-")}.${data.terraform_remote_state.holi_translation_api_common_state.outputs.dns_translation_api_domain}"
default_region = data.terraform_remote_state.holi_infra_state.outputs.default_region
}
--
GitLab