From 010acc6d858e18ed6c91f06bcb960367defe6aba Mon Sep 17 00:00:00 2001 From: Preston Baxter Date: Thu, 26 Oct 2023 11:35:53 -0500 Subject: [PATCH] move to vpc --- infra/main.tf | 63 +++++++++++++++++++++++++++++------------------- service/Makefile | 2 +- ui/Makefile | 2 +- 3 files changed, 40 insertions(+), 27 deletions(-) diff --git a/infra/main.tf b/infra/main.tf index fa0dcdb..464575c 100644 --- a/infra/main.tf +++ b/infra/main.tf @@ -32,6 +32,22 @@ resource "google_project_service" "artifact_api" { disable_on_destroy = true } +resource "google_project_service" "serverless_vpc_api" { + service = "vpcaccess.googleapis.com" + + disable_on_destroy = true +} + +resource "google_vpc_access_connector" "vpc_connector" { + name = "capstone-connector" + subnet { + name = "cloud-run-capstone" + } + region = var.project_region + machine_type = "f1-micro" + min_instances = 2 + max_instances = 3 +} resource "google_artifact_registry_repository" "capstone_repo" { location = var.project_region @@ -46,55 +62,52 @@ resource "google_artifact_registry_repository" "capstone_repo" { depends_on = [ google_project_service.artifact_api ] } -resource "google_cloud_run_service" "webhook_service_cr" { +resource "google_cloud_run_v2_service" "webhook_service_cr" { name = "webhook-service-cr" location = var.project_region template { - spec { containers { image = "${var.project_region}-docker.pkg.dev/${var.project_id}/${google_artifact_registry_repository.capstone_repo.name}/webhook-service:latest" } - } + vpc_access { + connector = google_vpc_access_connector.vpc_connector.id + egress = "ALL_TRAFFIC" + } } - - traffic { - percent = 100 - latest_revision = true - } - - depends_on = [ google_project_service.run_api, google_artifact_registry_repository.capstone_repo ] + depends_on = [ google_project_service.run_api, google_artifact_registry_repository.capstone_repo, google_vpc_access_connector.vpc_connector ] } -resource "google_cloud_run_service_iam_member" "webhook_service_run_all_users" { - service = google_cloud_run_service.webhook_service_cr.name + +resource "google_cloud_run_v2_service_iam_member" "webhook_service_run_all_users" { + project = var.project_id + name = google_cloud_run_v2_service.webhook_service_cr.name location = var.project_region role = "roles/run.invoker" member = "allUsers" } -resource "google_cloud_run_service" "frontend_service_cr" { +resource "google_cloud_run_v2_service" "frontend_service_cr" { name = "frontend-service-cr" location = var.project_region template { - spec { - containers { - image = "${var.project_region}-docker.pkg.dev/${var.project_id}/${google_artifact_registry_repository.capstone_repo.name}/frontend-service:latest" - } + containers { + image = "${var.project_region}-docker.pkg.dev/${var.project_id}/${google_artifact_registry_repository.capstone_repo.name}/frontend-service:latest" + } + vpc_access { + connector = google_vpc_access_connector.vpc_connector.id + egress = "ALL_TRAFFIC" } } - traffic { - percent = 100 - latest_revision = true - } - - depends_on = [ google_project_service.run_api, google_artifact_registry_repository.capstone_repo ] + depends_on = [ google_project_service.run_api, google_artifact_registry_repository.capstone_repo, google_vpc_access_connector.vpc_connector ] } -resource "google_cloud_run_service_iam_member" "frontend_service_run_all_users" { - service = google_cloud_run_service.frontend_service_cr.name + +resource "google_cloud_run_v2_service_iam_member" "frontend_service_run_all_users" { + project = var.project_id + name = google_cloud_run_v2_service.frontend_service_cr.name location = var.project_region role = "roles/run.invoker" member = "allUsers" diff --git a/service/Makefile b/service/Makefile index 90c7889..e748eac 100644 --- a/service/Makefile +++ b/service/Makefile @@ -1,4 +1,4 @@ -BASE_URL="us-south1-docker.pkg.dev/pbaxter-infra/capstone-repo" +BASE_URL="us-central1-docker.pkg.dev/pbaxter-infra/capstone-repo" build: diff --git a/ui/Makefile b/ui/Makefile index 6c2e62b..6386045 100644 --- a/ui/Makefile +++ b/ui/Makefile @@ -1,4 +1,4 @@ -BASE_URL="us-south1-docker.pkg.dev/pbaxter-infra/capstone-repo" +BASE_URL="us-central1-docker.pkg.dev/pbaxter-infra/capstone-repo" build: