To deploy this system in production, there are only a few manual steps:
- Setup a GCP Project
- Create Terraform Google Cloud Storage bucket
- Perform initial Terraform run
Create a new GCP project and take note of the name and project ID.
This Google Cloud Bucket is used as a backing store for Terraform, so must be manually setup. Note the name you use
as you'll need to edit infra/terraform/main.tf
to point to it.
Once those two things are setup, everything else can be configured with Infrastructure-as-code in Terraform. However,
you must run terraform apply
once manually to setup the correct permissions for the Cloud Build service account to
run Terraform in the future.
-
Create a new GCP project.
-
Create a new Terraform file for the region by copying infra/terraform/main.tf into a new subdirectory.
-
Update the new Terraform file with the following changes:
- Modify the project ID in the new Terraform file to match the new project.
- Modify the Cloud Storage bucket names to match the new region:
- Terraform bucket
- Frontend bucket
- Connect bucket
-
Run
terraform init
in the new subdirectory. -
Enable all the GCP APIs needed:
- Cloud Build
- Cloud Engine
- Cloud Run
- Cloud SQL
- IAM
- KMS
- DNS
- Secret Manager
- Serverless VPC Access
- Service Networking
- Artifact Registry
-
Create a new DB password in the new projects Secret Manager with the name
coaster-db-password
. -
Create a new Terraform bucket in Cloud Storage and add it to the Terraform file.
-
Connect the Github repository to the new GCP project.
-
Copy OAuth secrets to the new project's Secret Manager and ensure the code references them correctly.
-
Enable Cloud Build to deploy to Cloud Run:
gcloud iam service-accounts add-iam-policy-binding \ coaster-backend@coaster-prod.iam.gserviceaccount.com \ --member="serviceAccount:coaster-prod@cloudbuild.gserviceaccount.com" \ --role="roles/iam.serviceAccountUser"
-
Run
terraform apply
To point the domain name at this new GCP setup, find the IP address of the external load balancer created in GCP (under Network Services > Load balancing). You'll need to create A records in your DNS provider that point to that DNS value for every subdomain you plan to host.
Google Cloud Build is used for a various automatic actions triggered by pushes to the main Github branch:
- Run Terraform to build any new infrastructure
- Build Docker image for backend code and push to Artifact Registry
- Deploy new backend image to Cloud Run
- Build frontend bundles and deploy to Cloud Storage buckets
- Run database migrations