From c20929b06fc9c85e84e5b5b1a18768bc9f26ba7d Mon Sep 17 00:00:00 2001 From: Preston Baxter Date: Thu, 26 Oct 2023 12:47:24 -0500 Subject: [PATCH] direct vpc access and domain mappings --- infra/main.tf | 86 +++++++++++++++++++++++++++++++++++++++++---------- 1 file changed, 69 insertions(+), 17 deletions(-) diff --git a/infra/main.tf b/infra/main.tf index 464575c..43f388e 100644 --- a/infra/main.tf +++ b/infra/main.tf @@ -38,17 +38,6 @@ resource "google_project_service" "serverless_vpc_api" { disable_on_destroy = true } -resource "google_vpc_access_connector" "vpc_connector" { - name = "capstone-connector" - subnet { - name = "cloud-run-capstone" - } - region = var.project_region - machine_type = "f1-micro" - min_instances = 2 - max_instances = 3 -} - resource "google_artifact_registry_repository" "capstone_repo" { location = var.project_region repository_id = "capstone-repo" @@ -65,17 +54,21 @@ resource "google_artifact_registry_repository" "capstone_repo" { resource "google_cloud_run_v2_service" "webhook_service_cr" { name = "webhook-service-cr" location = var.project_region + launch_stage = "BETA" template { containers { image = "${var.project_region}-docker.pkg.dev/${var.project_id}/${google_artifact_registry_repository.capstone_repo.name}/webhook-service:latest" } - vpc_access { - connector = google_vpc_access_connector.vpc_connector.id + vpc_access{ + network_interfaces { + network = "main" + subnetwork = "application" + } egress = "ALL_TRAFFIC" } } - depends_on = [ google_project_service.run_api, google_artifact_registry_repository.capstone_repo, google_vpc_access_connector.vpc_connector ] + depends_on = [ google_project_service.run_api, google_artifact_registry_repository.capstone_repo ] } @@ -90,18 +83,22 @@ resource "google_cloud_run_v2_service_iam_member" "webhook_service_run_all_users resource "google_cloud_run_v2_service" "frontend_service_cr" { name = "frontend-service-cr" location = var.project_region + launch_stage = "BETA" template { containers { image = "${var.project_region}-docker.pkg.dev/${var.project_id}/${google_artifact_registry_repository.capstone_repo.name}/frontend-service:latest" } - vpc_access { - connector = google_vpc_access_connector.vpc_connector.id + vpc_access{ + network_interfaces { + network = "main" + subnetwork = "application" + } egress = "ALL_TRAFFIC" } } - depends_on = [ google_project_service.run_api, google_artifact_registry_repository.capstone_repo, google_vpc_access_connector.vpc_connector ] + depends_on = [ google_project_service.run_api, google_artifact_registry_repository.capstone_repo ] } @@ -112,3 +109,58 @@ resource "google_cloud_run_v2_service_iam_member" "frontend_service_run_all_user role = "roles/run.invoker" member = "allUsers" } + +data "google_dns_managed_zone" "preston_baxter_zone" { + name = "pbaxter-main-zone" +} + +resource "google_dns_record_set" "webhook_cname" { + name = "webhook.${data.google_dns_managed_zone.preston_baxter_zone.dns_name}" + managed_zone = data.google_dns_managed_zone.preston_baxter_zone.name + type = "CNAME" + ttl = 300 + rrdatas = [ + "ghs.googlehosted.com." + ] + + depends_on = [ google_cloud_run_v2_service.webhook_service_cr ] +} + +resource "google_dns_record_set" "frontend_cname" { + name = "frontend.${data.google_dns_managed_zone.preston_baxter_zone.dns_name}" + managed_zone = data.google_dns_managed_zone.preston_baxter_zone.name + type = "CNAME" + ttl = 300 + rrdatas = [ + "ghs.googlehosted.com." + ] + + depends_on = [ google_cloud_run_v2_service.frontend_service_cr ] +} + +resource "google_cloud_run_domain_mapping" "frontend_cname_mapping" { + location = "us-central1" + name = trimsuffix("frontend.${data.google_dns_managed_zone.preston_baxter_zone.dns_name}", ".") + + metadata { + namespace = var.project_id + } + + spec { + route_name = google_cloud_run_v2_service.frontend_service_cr.name + } +} + +resource "google_cloud_run_domain_mapping" "webhook_cname_mapping" { + location = "us-central1" + name = trimsuffix("webhook.${data.google_dns_managed_zone.preston_baxter_zone.dns_name}", ".") + + metadata { + namespace = var.project_id + } + + + spec { + route_name = google_cloud_run_v2_service.webhook_service_cr.name + } +}