On the way to a deployment

serverpod · Feb 22, 2023 · 4fde110 · 4fde110
1 parent 6f4e2a3
commit 4fde110
Show file tree

Hide file tree

Showing 16 changed files with 385 additions and 9 deletions.
diff --git a/.gitignore b/.gitignore
@@ -5,3 +5,6 @@ gcp_flutter/macos
 gcp_flutter/windows
 terraform-provider-google_v4.51.0_x5
 credentials.json
+modules.json
+terraform-provider-google-beta_v4.53.1_x5
+terraform-provider-random_v3.4.3_x5
diff --git a/gcp_server/config/production.yaml b/gcp_server/config/production.yaml
@@ -27,7 +27,7 @@ webServer:
 
 # This is the database setup for your servers.
 database:
-  host: database.examplepod.com
+  host: database-production-private.examplepod.com
   port: 5432
   name: serverpod
   user: postgres

diff --git a/gcp_server/gcp/terraform/artifact_registry.tf b/gcp_server/gcp/terraform/artifact_registry.tf
@@ -0,0 +1,5 @@
+resource "google_artifact_registry_repository" "containers" {
+  location      = var.region
+  repository_id = "serverpod-containers"
+  format        = "DOCKER"
+}
diff --git a/gcp_server/gcp/terraform/config.auto.tfvars b/gcp_server/gcp/terraform/config.auto.tfvars
@@ -2,4 +2,11 @@ project = "terraform-test-377910"
 
 region = "us-central1"
 
-zone = "us-central1-c"
+zone = "us-central1-c"
+
+autoscaling_min_size = 1
+autoscaling_max_size = 2
+
+service_account_email = "terraform-test-account@terraform-test-377910.iam.gserviceaccount.com"
+
+enable_staging = false
diff --git a/gcp_server/gcp/terraform/database.tf b/gcp_server/gcp/terraform/database.tf
diff --git a/gcp_server/gcp/terraform/main.tf b/gcp_server/gcp/terraform/main.tf
@@ -15,12 +15,39 @@ provider "google" {
   zone    = var.zone
 }
 
-resource "google_compute_network" "default" {
-  name = "serverpod-network"
+module "serverpod_production" {
+  source = "./modules/serverpod"
+
+  runmode = "production"
+
+  region = var.region
+  zone = var.zone
+
+  top_domain = "examplepod.com"
+
+  autoscaling_min_size = var.autoscaling_min_size
+  autoscaling_max_size = var.autoscaling_max_size
+
+  service_account_email = var.service_account_email
+
+  database_password = var.DATABASE_PASSWORD_PRODUCTION
 }
 
-resource "google_artifact_registry_repository" "my-repo" {
-  location      = var.region
-  repository_id = "serverpod-containers"
-  format        = "DOCKER"
+module "serverpod_staging" {
+  source = "./modules/serverpod"
+  count = var.enable_staging ? 1 : 0
+
+  runmode = "staging"
+
+  region = var.region
+  zone = var.zone
+
+  top_domain = "examplepod.com"
+
+  autoscaling_min_size = var.autoscaling_min_size
+  autoscaling_max_size = var.autoscaling_max_size
+
+  service_account_email = var.service_account_email
+
+  database_password = var.DATABASE_PASSWORD_STAGING
 }
diff --git a/gcp_server/gcp/terraform/modules/serverpod/certificates.tf b/gcp_server/gcp/terraform/modules/serverpod/certificates.tf
@@ -0,0 +1,7 @@
+# resource "google_compute_managed_ssl_certificate" "api" {
+#   name = "serverpod-${var.runmode}-api-certificate"
+
+#   managed {
+#     domains = ["api.${var.top_domain}."]
+#   }
+# }
diff --git a/gcp_server/gcp/terraform/modules/serverpod/database.tf b/gcp_server/gcp/terraform/modules/serverpod/database.tf
@@ -0,0 +1,35 @@
+resource "google_sql_database_instance" "serverpod" {
+  name             = "serverpod-${var.runmode}-database"
+  database_version = "POSTGRES_14"
+  region           = var.region
+
+  settings {
+    # Second-generation instance tiers are based on the machine
+    # type. See argument reference below.
+    tier = "db-f1-micro"
+
+    # depends_on = [google_service_networking_connection.private-vpc-connection]
+
+    ip_configuration {
+      ipv4_enabled                                  = true
+      private_network                               = google_compute_network.serverpod.id
+
+    #   enable_private_path_for_google_cloud_services = true
+    }
+  }
+
+  deletion_protection = false
+}
+
+resource "google_sql_database" "serverpod" {
+  name     = "examplepod"
+  instance = google_sql_database_instance.serverpod.name
+}
+
+resource "google_sql_user" "serverpod" {
+  name     = "postgres"
+  password = var.database_password
+  instance = google_sql_database_instance.serverpod.name
+}
+
+
diff --git a/gcp_server/gcp/terraform/modules/serverpod/dns.tf b/gcp_server/gcp/terraform/modules/serverpod/dns.tf
@@ -0,0 +1,23 @@
+resource "google_dns_record_set" "api" {
+  name         = "api.${var.top_domain}."
+  managed_zone = "examplepod"
+  type         = "A"
+  ttl          = 60
+  rrdatas      = [google_compute_global_forwarding_rule.serverpod.ip_address]
+}
+
+resource "google_dns_record_set" "database" {
+  name         = "database.${var.top_domain}."
+  managed_zone = "examplepod"
+  type         = "A"
+  ttl          = 60
+  rrdatas      = [google_sql_database_instance.serverpod.public_ip_address]
+}
+
+resource "google_dns_record_set" "database-private" {
+  name         = "database-${var.runmode}-private.${var.top_domain}."
+  managed_zone = "examplepod"
+  type         = "A"
+  ttl          = 60
+  rrdatas      = [google_sql_database_instance.serverpod.private_ip_address]
+}
diff --git a/gcp_server/gcp/terraform/modules/serverpod/firewall.tf b/gcp_server/gcp/terraform/modules/serverpod/firewall.tf
@@ -0,0 +1,18 @@
+resource "google_compute_firewall" "serverpod-instance" {
+  name = "serverpod-${var.runmode}-instance"
+
+#   network       = "default"
+  network = google_compute_network.serverpod.name
+  source_ranges = ["0.0.0.0/0"]
+
+  allow {
+    protocol = "icmp"
+  }
+
+  allow {
+    protocol = "tcp"
+    ports    = ["8080-8082"]
+  }
+
+  target_tags = ["serverpod-${var.runmode}-instance"]
+}
diff --git a/gcp_server/gcp/terraform/modules/serverpod/instance_group.tf b/gcp_server/gcp/terraform/modules/serverpod/instance_group.tf
@@ -0,0 +1,61 @@
+resource "google_compute_instance_template" "serverpod" {
+  name        = "serverpod-${var.runmode}-template"
+  description = "Instance template for Serverpod's Docker container."
+
+  machine_type = var.machine_type
+
+  disk {
+    source_image = "cos-cloud/cos-stable"
+  }
+
+  # Specify the startup script to run the Docker container
+  metadata_startup_script = <<-EOF
+      #!/bin/bash
+      docker run -d -p 8080:8080 gcr.io/google-samples/hello-app:1.0
+    EOF
+
+  network_interface {
+    # network = "default"
+    network = google_compute_network.serverpod.name
+    access_config {
+      // Ephemeral public IP.
+    }
+  }
+
+  service_account {
+    email  = var.service_account_email
+    scopes = ["cloud-platform"]
+  }
+
+  tags = ["serverpod-${var.runmode}-instance"]
+}
+
+resource "google_compute_instance_group_manager" "serverpod" {
+  name = "serverpod-${var.runmode}-group"
+  version {
+    instance_template = google_compute_instance_template.serverpod.id
+  }
+  base_instance_name = "serverpod-${var.runmode}"
+  zone               = var.zone
+
+  named_port {
+    name = "api"
+    port = 8080
+  }
+}
+
+resource "google_compute_autoscaler" "serverpod" {
+  name   = "serverpod-${var.runmode}-autoscaler"
+  zone   = var.zone
+  target = google_compute_instance_group_manager.serverpod.id
+
+  autoscaling_policy {
+    min_replicas    = var.autoscaling_min_size
+    max_replicas    = var.autoscaling_max_size
+    cooldown_period = 60
+
+    cpu_utilization {
+      target = 0.6
+    }
+  }
+}
diff --git a/gcp_server/gcp/terraform/modules/serverpod/load_balancer.tf b/gcp_server/gcp/terraform/modules/serverpod/load_balancer.tf
@@ -0,0 +1,76 @@
+# resource "google_compute_global_forwarding_rule" "serverpod" {
+#   name                  = "serverpod-${var.runmode}-forwarding"
+#   ip_protocol           = "TCP"
+#   load_balancing_scheme = "EXTERNAL"
+#   port_range            = "443"
+#   target                = google_compute_target_https_proxy.serverpod.self_link
+# }
+
+# resource "google_compute_target_https_proxy" "serverpod" {
+#   name    = "serverpod-${var.runmode}-proxy"
+#   url_map = google_compute_url_map.serverpod.id
+#   ssl_certificates = [google_compute_managed_ssl_certificate.api.id]
+# }
+
+resource "google_compute_global_forwarding_rule" "serverpod" {
+  name                  = "serverpod-${var.runmode}-forwarding"
+  ip_protocol           = "TCP"
+  load_balancing_scheme = "EXTERNAL"
+  port_range            = "80"
+  target                = google_compute_target_http_proxy.serverpod.self_link
+
+
+}
+
+resource "google_compute_target_http_proxy" "serverpod" {
+  name    = "serverpod-${var.runmode}-proxy"
+  url_map = google_compute_url_map.serverpod.id
+  # ssl_certificates = [google_compute_managed_ssl_certificate.api.id]
+}
+
+resource "google_compute_url_map" "serverpod" {
+  name            = "serverpod-${var.runmode}-balancer"
+  default_service = google_compute_backend_service.serverpod.id
+
+  # host_rule {
+  #   hosts        = ["mysite.com"]
+  #   path_matcher = "allpaths"
+  # }
+
+  # path_matcher {
+  #   name            = "allpaths"
+  #   default_service = google_compute_region_backend_service.default.id
+
+  #   path_rule {
+  #     paths   = ["/*"]
+  #     service = google_compute_region_backend_service.default.id
+  #   }
+  # }
+}
+
+resource "google_compute_backend_service" "serverpod" {
+  name     = "serverpod-${var.runmode}-backend"
+  protocol = "HTTP"
+
+  backend {
+    group           = google_compute_instance_group_manager.serverpod.instance_group
+    balancing_mode  = "UTILIZATION"
+    max_utilization = 1.0
+    capacity_scaler = 1.0
+  }
+
+  health_checks = [google_compute_health_check.serverpod-balancer.id]
+
+  port_name = "api"
+
+}
+
+resource "google_compute_health_check" "serverpod-balancer" {
+  name               = "serverpod-${var.runmode}-health-check"
+  timeout_sec        = 5
+  check_interval_sec = 5
+
+  tcp_health_check {
+    port = "8080"
+  }
+}
diff --git a/gcp_server/gcp/terraform/modules/serverpod/main.tf b/gcp_server/gcp/terraform/modules/serverpod/main.tf
@@ -0,0 +1,16 @@
+terraform {
+  required_providers {
+    google = {
+      source  = "hashicorp/google"
+      version = "4.51.0"
+    }
+  }
+}
+
+# provider "google" {
+#   credentials = file("../../credentials.json")
+
+#   project = var.project
+#   region  = var.region
+#   zone    = var.zone
+# }
diff --git a/gcp_server/gcp/terraform/modules/serverpod/network.tf b/gcp_server/gcp/terraform/modules/serverpod/network.tf
@@ -0,0 +1,17 @@
+resource "google_compute_network" "serverpod" {
+  name = "serverpod-${var.runmode}-network"
+}
+
+resource "google_compute_global_address" "private-ip" {
+  name          = "serverpod-${var.runmode}-private-ip"
+  purpose       = "VPC_PEERING"
+  address_type  = "INTERNAL"
+  prefix_length = 16
+  network       = google_compute_network.serverpod.id
+}
+
+resource "google_service_networking_connection" "private-vpc-connection" {
+  network                 = google_compute_network.serverpod.id
+  service                 = "servicenetworking.googleapis.com"
+  reserved_peering_ranges = [google_compute_global_address.private-ip.name]
+}
diff --git a/gcp_server/gcp/terraform/modules/serverpod/variables.tf b/gcp_server/gcp/terraform/modules/serverpod/variables.tf
@@ -0,0 +1,45 @@
+variable "runmode" {
+  type    = string
+  default = "production"
+}
+
+variable "region" {
+  type    = string
+  default = "us-central1"
+}
+
+variable "zone" {
+  type    = string
+  default = "us-central1-c"
+}
+
+variable "top_domain" {
+  type = string
+}
+
+variable "autoscaling_min_size" {
+  default = 1
+}
+
+variable "autoscaling_max_size" {
+  default = 2
+}
+
+variable "service_account_email" {
+  type    = string
+  default = ""
+}
+
+variable "autoscaling_cpu_utilization" {
+  type    = number
+  default = 0.6
+}
+
+variable "machine_type" {
+  type    = string
+  default = "e2-micro"
+}
+
+variable "database_password" {
+    type = string
+}