deploy-to-cloud-run-go

command module

v0.0.0-...-9d556d4 Latest Latest Go to latest Published: Mar 12, 2024 License: MIT Imports: 12 Imported by: 0

Details

Valid go.mod file

The Go module system was introduced in Go 1.11 and is the official dependency management solution for Go.
Redistributable license

Redistributable licenses place minimal restrictions on how software can be used, modified, and redistributed.
Tagged version

Modules with tagged versions give importers more predictable builds.
Stable version

When a project reaches major version v1 it is considered stable.
Learn more about best practices

Repository

github.com/superjose/deploy-to-cloud-run-go

Links

Open Source Insights

README ¶

deploy-to-cloud-run-go

An example project that shows you how to deploy to Google Cloud Run step by step using Pulumi, Go, and Google Cloud CLI.

This project was initialized with GoWebly CLI.

The GoWebly CLI was used too bootstrap a sample project.
It is not required for this example.
The only configuration folder lies inside the ./pulumi'

We modify the Dockerfile: a. We set golang to ver 1.22-alpine (Fixed in recent versions of Gowebly CLI) b. We add the ENV HOME=/root to the Dockerfile (Before the ENTRYPOINT). Otherwise the Docker image wouldn't run. Here's why

Get the CLIs:

Create a Google Cloud Account.
Install Google Cloud CLI
Install Pulumi CLI
Install Docker - We need it to build the Docker container.

Bootstrap the project:

Create a pulumi directory.
Run pulumi new go to initialize a pulumi project with Go (It can be your language of choice).
Navigate to the pulumi directory.
Navigate to cloud.google.com and create a new project.

Take note of the project-id (Usually the project's name).

Generate the necessary permissions using gcloud CLI

Login with the Google Auth CLI:

gcloud auth login

Enable the service usage API

gcloud services enable serviceusage.googleapis.com

Open the link that will show up and finish logging in.

(Optional) Set the project in google cloud CLI (Can be changed anytime). This saves you from passing --project [PROJECT-ID] into every gcloud command.

If your machine has multiple GCP projects, skip this step and pass the --project flag into every gcloud command.

Create a service account (The account that Pulumi will connect to):

gcloud iam service-accounts create pulumi-gcp --description="Pulumi GCP"

Download the credentials for the service accounts and store them locally (Remember to replace [PROJECT-ID] with your GCP Project Id):

gcloud iam service-accounts keys create ~/keys/gcp/pulumi-service-account-key-file.json --iam-account=pulumi-gcp@[PROJECT-ID].iam.gserviceaccount.com

Set Pulumi's gcp credentials config path: (This will connect the service account with Pulumi)

pulumi config set gcp:credentials ~/keys/gcp/pulumi-service-account-key-file.json

Set the GCP Project by doing:

pulumi config set gcp:project [PROJECT-ID]

Create a roles.gcp.yml file (Inside the pulumi dir) and add the required permissions in includedPermissions:

roles.gcp.yml location amazonaws.com/uploads/articles/p4gj181hl6kjy06sy2ec.png)

Create the pulumi_admin_role with the file above: (We assume we're running this code from the pulumi directory)

gcloud iam roles create pulumi_admin_role --project=[PROJECT-ID] --file='./roles.gcp.yml'

gcloud projects add-iam-policy-binding [PROJECT-ID] --role projects/[PROJECT-ID]/roles/pulumi_admin_role   --member serviceAccount:pulumi-gcp@[PROJECT-ID].iam.gserviceaccount.com

In case you need to make edits, change the file and use:

gcloud iam roles update pulumi_admin_role --project=[PROJECT-ID] --file='./roles.gcp.yml'

We're also adding the serviceAccountAdmin role (I haven't found a better way) (Otherwise we'd get 403 errors when refreshing and updating in Pulumi)¹

gcloud projects add-iam-policy-binding [PROJECT-ID] --role roles/iam.serviceAccountAdmin   --member serviceAccount:pulumi-gcp@[PROJECT-ID].iam.gserviceaccount.com

Our main.go in the pulumi directory: (Check the code for comments!)

21.1 We enable the required services (Artifact Registry, and Cloud Run).

21.2 Artifact Registry is used to host the docker container image.

21.3 Cloud Runner will launch the Docker image from Artifact Registry.

21.4 We build the docker image locally (We specify the platform in case you're using an ARM chip like M1, M2, Snapdragon SQ, X Elite, etc.)

21.5 We create a chain of "DependsOn" to notify Pulumi: 21.5.1 Services need to be enabled first 21.5.1 We create the Artifact Repository 21.5.1 We build the docker image and push it to Artifact Registry. 21.5.1 We pull the Docker Image from Artifact Registry and run it. 21.5.1 We add IAM permissions so it can be accessed from anywhere.

Update the ENV in your Dockerfile: There's a known issue, and here in which you need to export your HOME environment variable to /root;

# Set the ENV HOME before your ENTRYPOINT.
ENV HOME=/root

# This is specific to your project.
ENTRYPOINT ["/whatever-is-your-entrypoint"]

Create a .env file in the pulumi directory: Set the *full path to the one you saved on 11)

GOOGLE_CREDENTIALS_FILE_PATH="/Users/myusername/keys/gcp/pulumi-service-account-key-file.json"

Run pulumi up

And you should be up and going!

The go.mod If you include this go.mod Run go tidy, and this will fetch all the packages for you

Footnotes

¹I fought against permissions for 5 days. The serviceAccountAdmin predefined GCP role brought in the additional permissions needed.

Documentation ¶

There is no documentation for this package.

Source Files ¶

View all Source files

Directories ¶

Path	Synopsis
templates templ: version: v0.2.598	templ: version: v0.2.598
pages templ: version: v0.2.598	templ: version: v0.2.598

?	: This menu
/	: Search site
f or F	: Jump to
y or Y	: Canonical URL