Sign upLogin

snorklerjoe/CubeServer

View on GitHub
Star
setup.txt

Summary

Maintainability
Test Coverage
# DOCS
---

https://cloud.google.com/build/docs/deploying-builds/deploy-cloud-run?authuser=2
https://cloud.google.com/sql/docs/postgres/connect-instance-cloud-run#python_1
https://cloud.google.com/blog/topics/developers-practitioners/running-database-migrations-cloud-run-jobs
https://cloud.google.com/run/docs/mapping-custom-domains#map
https://cloud.google.com/build/docs/build-push-docker-image#create_a_docker_repository_in

---

gcloud projects list
# REPLACE IF PROJECT ID IS DIFFERENT
export PROJECT_ID=global-approach-388801
gcloud config set project $PROJECT_ID

---

export REGION=us-central1
export APP_SERVICE=app-service
export API_SERVICE=api-service
export MONGODB_HOST=cluster0.dkt0odd.mongodb.net
export MONGODB_USER=flask
export MONGODB_NAME=flaskdb
export MONGODB_DRIVER=mongodb+srv
export MONGODB_OPTIONS="retryWrites=true&w=majority"

export PROJECT_NAME=`gcloud projects describe $PROJECT_ID --format="value(name)"`
export PROJECT_NUMBER=`gcloud projects describe $PROJECT_ID --format="value(projectNumber)"`

export COMPUTE_SERVICE_ACCOUNT=$PROJECT_NUMBER-compute@developer.gserviceaccount.com
export CLOUD_BUILD_SERVICE_ACCOUNT=$PROJECT_NUMBER@cloudbuild.gserviceaccount.com

---

# Setup a service account instead of using the default compute service account (best practice)

export CLOUD_RUN_SA_NAME=the-project-sa
export CLOUD_RUN_SERVICE_ACCOUNT=$CLOUD_RUN_SA_NAME@$PROJECT_ID.iam.gserviceaccount.com
gcloud iam service-accounts create $CLOUD_RUN_SA_NAME --description="The Project SA for cloudrun" --display-name="The Project SA"


gcloud services enable \
    artifactregistry.googleapis.com \
    cloudbuild.googleapis.com \
    cloudresourcemanager.googleapis.com \
    compute.googleapis.com \
    containerregistry.googleapis.com \
    iam.googleapis.com \
    run.googleapis.com \
    secretmanager.googleapis.com \
    servicenetworking.googleapis.com

gcloud projects add-iam-policy-binding $PROJECT_ID \
    --member="serviceAccount:$CLOUD_BUILD_SERVICE_ACCOUNT" \
    --role="roles/run.admin"

gcloud projects add-iam-policy-binding $PROJECT_ID \
    --member="serviceAccount:$CLOUD_BUILD_SERVICE_ACCOUNT" \
    --role="roles/logging.admin"

gcloud projects add-iam-policy-binding $PROJECT_ID \
    --member="serviceAccount:$COMPUTE_SERVICE_ACCOUNT" \
    --role="roles/iam.serviceAccountUser"

gcloud projects add-iam-policy-binding $PROJECT_ID \
    --member="serviceAccount:$COMPUTE_SERVICE_ACCOUNT" \
    --role="roles/secretmanager.secretAccessor"

gcloud projects add-iam-policy-binding $PROJECT_ID \
    --member="serviceAccount:$COMPUTE_SERVICE_ACCOUNT" \
    --role="roles/iam.serviceAccountTokenCreator"

# Provide neccessary roles/permissions to CLOUD_RUN_SERVICE_ACCOUNT

gcloud projects add-iam-policy-binding $PROJECT_ID \
    --member="serviceAccount:$CLOUD_RUN_SERVICE_ACCOUNT" \
    --role="roles/run.admin"
    
gcloud projects add-iam-policy-binding $PROJECT_ID \
    --member="serviceAccount:$CLOUD_RUN_SERVICE_ACCOUNT" \
    --role="roles/iam.serviceAccountUser"
    
gcloud projects add-iam-policy-binding $PROJECT_ID \
    --member="serviceAccount:$CLOUD_RUN_SERVICE_ACCOUNT" \
    --role="roles/cloudsql.client"

gcloud projects add-iam-policy-binding $PROJECT_ID \
    --member="serviceAccount:$CLOUD_RUN_SERVICE_ACCOUNT" \
    --role="roles/secretmanager.secretAccessor"

gcloud projects add-iam-policy-binding $PROJECT_ID \
    --member="serviceAccount:$CLOUD_RUN_SERVICE_ACCOUNT" \
    --role="roles/logging.logWriter"
    

# SETUP ARTIFACT REPO
gcloud artifacts repositories create docker-repo --repository-format=docker \
    --location=us-central1 --description="Docker repository"

# SETUP APP SERVICE
gcloud run deploy $APP_SERVICE \
  --image us-docker.pkg.dev/cloudrun/container/hello:latest \
  --region=$REGION \
  --allow-unauthenticated \
  --set-env-vars=MONGODB_HOSTNAME="$MONGODB_HOST",MONGODB_USERNAME="$MONGODB_USER",MONGODB_DATABASE="$MONGODB_NAME",LOGLEVEL=debug,MONGODB_DRIVER="$MONGODB_DRIVER",MONGODB_OPTIONS="$MONGODB_OPTIONS" \
  --set-secrets=MONGODB_PASSWORD=MONGODB_PASSWORD:latest,/secret/secret_key.txt=SECRET_KEY:latest

# SETUP API SERVICE
gcloud run deploy $API_SERVICE \
  --image us-docker.pkg.dev/cloudrun/container/hello:latest \
  --region=$REGION \
  --allow-unauthenticated \
  --set-env-vars=MONGODB_HOSTNAME="$MONGODB_HOST",MONGODB_USERNAME="$MONGODB_USER",MONGODB_DATABASE="$MONGODB_NAME",LOGLEVEL=debug,MONGODB_DRIVER="$MONGODB_DRIVER",MONGODB_OPTIONS="$MONGODB_OPTIONS" \
  --set-secrets=MONGODB_PASSWORD=MONGODB_PASSWORD:latest,/secret/secret_key.txt=SECRET_KEY:latest

# SETUP CLOUD BUILD TRIGGER
echo "Create Trigger for Continuous Builds"
echo "NOTE: Make sure to select $COMPUTE_SERVICE_ACCOUNT as the service account to use on the trigger"
echo "https://console.cloud.google.com/cloud-build/triggers?project=$PROJECT_ID"

----