deploy-to-cloud-run-go

command module
v0.0.0-...-9d556d4 Latest Latest
Warning

This package is not in the latest version of its module.

 Go to latest Published: Mar 12, 2024 License: MIT Imports: 12 Imported by: 0

README

deploy-to-cloud-run-go

An example project that shows you how to deploy to Google Cloud Run step by step using Pulumi, Go, and Google Cloud CLI.

  1. This project was initialized with GoWebly CLI.
  • The GoWebly CLI was used too bootstrap a sample project.
  • It is not required for this example.
  • The only configuration folder lies inside the ./pulumi'
  1. We modify the Dockerfile: a. We set golang to ver 1.22-alpine (Fixed in recent versions of Gowebly CLI) b. We add the ENV HOME=/root to the Dockerfile (Before the ENTRYPOINT). Otherwise the Docker image wouldn't run. Here's why

Get the CLIs:

  1. Create a Google Cloud Account.

  2. Install Google Cloud CLI

  3. Install Pulumi CLI

  4. Install Docker - We need it to build the Docker container.

Bootstrap the project:

  1. Create a pulumi directory.

  2. Run pulumi new go to initialize a pulumi project with Go (It can be your language of choice).

  3. Navigate to the pulumi directory.

  4. Navigate to cloud.google.com and create a new project.

Take note of the project-id (Usually the project's name).

Generate the necessary permissions using gcloud CLI

  1. Login with the Google Auth CLI:
gcloud auth login

Enable the service usage API

gcloud services enable serviceusage.googleapis.com

Open the link that will show up and finish logging in.

  1. (Optional) Set the project in google cloud CLI (Can be changed anytime). This saves you from passing --project [PROJECT-ID] into every gcloud command.

If your machine has multiple GCP projects, skip this step and pass the --project flag into every gcloud command.

  1. Create a service account (The account that Pulumi will connect to):
gcloud iam service-accounts create pulumi-gcp --description="Pulumi GCP"
  1. Download the credentials for the service accounts and store them locally (Remember to replace [PROJECT-ID] with your GCP Project Id):
gcloud iam service-accounts keys create ~/keys/gcp/pulumi-service-account-key-file.json --iam-account=pulumi-gcp@[PROJECT-ID].iam.gserviceaccount.com
  1. Set Pulumi's gcp credentials config path: (This will connect the service account with Pulumi)
pulumi config set gcp:credentials ~/keys/gcp/pulumi-service-account-key-file.json
  1. Set the GCP Project by doing:
pulumi config set gcp:project [PROJECT-ID]
  1. Create a roles.gcp.yml file (Inside the pulumi dir) and add the required permissions in includedPermissions:

roles.gcp.yml locationamazonaws.com/uploads/articles/p4gj181hl6kjy06sy2ec.png)

  1. Create the pulumi_admin_role with the file above: (We assume we're running this code from the pulumi directory)
gcloud iam roles create pulumi_admin_role --project=[PROJECT-ID] --file='./roles.gcp.yml'

gcloud projects add-iam-policy-binding [PROJECT-ID] --role projects/[PROJECT-ID]/roles/pulumi_admin_role   --member serviceAccount:pulumi-gcp@[PROJECT-ID].iam.gserviceaccount.com
  1. In case you need to make edits, change the file and use:
gcloud iam roles update pulumi_admin_role --project=[PROJECT-ID] --file='./roles.gcp.yml'
  1. We're also adding the serviceAccountAdmin role (I haven't found a better way) (Otherwise we'd get 403 errors when refreshing and updating in Pulumi)1
gcloud projects add-iam-policy-binding [PROJECT-ID] --role roles/iam.serviceAccountAdmin   --member serviceAccount:pulumi-gcp@[PROJECT-ID].iam.gserviceaccount.com
  1. Our main.go in the pulumi directory: (Check the code for comments!)

21.1 We enable the required services (Artifact Registry, and Cloud Run).

21.2 Artifact Registry is used to host the docker container image.

21.3 Cloud Runner will launch the Docker image from Artifact Registry.

21.4 We build the docker image locally (We specify the platform in case you're using an ARM chip like M1, M2, Snapdragon SQ, X Elite, etc.)

21.5 We create a chain of "DependsOn" to notify Pulumi: 21.5.1 Services need to be enabled first 21.5.1 We create the Artifact Repository 21.5.1 We build the docker image and push it to Artifact Registry. 21.5.1 We pull the Docker Image from Artifact Registry and run it. 21.5.1 We add IAM permissions so it can be accessed from anywhere.

  1. Update the ENV in your Dockerfile: There's a known issue, and here in which you need to export your HOME environment variable to /root;
# Set the ENV HOME before your ENTRYPOINT.
ENV HOME=/root

# This is specific to your project.
ENTRYPOINT ["/whatever-is-your-entrypoint"]
  1. Create a .env file in the pulumi directory: Set the *full path to the one you saved on 11)
GOOGLE_CREDENTIALS_FILE_PATH="/Users/myusername/keys/gcp/pulumi-service-account-key-file.json"
  1. Run pulumi up

And you should be up and going!

  1. The go.mod If you include this go.mod Run go tidy, and this will fetch all the packages for you

Footnotes

1I fought against permissions for 5 days. The serviceAccountAdmin predefined GCP role brought in the additional permissions needed.

Documentation

The Go Gopher

There is no documentation for this package.

Source Files

View all Source files

Directories

Path Synopsis
templ: version: v0.2.598
 templ: version: v0.2.598

Jump to

Keyboard shortcuts

? : This menu
/ : Search site
f or F : Jump to
y or Y : Canonical URL
go.dev uses cookies from Google to deliver and enhance the quality of its services and to analyze traffic. Learn more.