johnpccd/image_management_api
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity
image_management_api/deployment/terraform
History
johnpccd f1c41a074d cp
2025-05-23 22:54:02 +02:00
..
.terraform.lock.hcl
cp
2025-05-23 22:54:02 +02:00
main.tf
cp
2025-05-23 22:54:02 +02:00
outputs.tf
cp
2025-05-23 22:54:02 +02:00
README.md
cp
2025-05-23 22:54:02 +02:00
terraform.tfstate
cp
2025-05-23 22:54:02 +02:00
terraform.tfstate.backup
cp
2025-05-23 22:54:02 +02:00
terraform.tfvars.example
cp
2025-05-23 22:54:02 +02:00
variables.tf
cp
2025-05-23 22:54:02 +02:00

README.md

Terraform Configuration for Sereact

This directory contains Terraform configurations to provision the required Google Cloud resources for Sereact:

  • Google Cloud Run service
  • Google Container Registry (GCR)
  • Firestore database
  • Cloud Storage bucket

Prerequisites

  1. Install Terraform (v1.0.0+)
  2. Install Google Cloud SDK
  3. Authenticate with Google Cloud: 
    gcloud auth login
gcloud auth application-default login
  4. Create or select a Google Cloud project: 
    gcloud projects create PROJECT_ID --name="Sereact Project" # optional
gcloud config set project PROJECT_ID

Setup and Usage

  1. Copy the example variables file and edit it with your values:

    cp terraform.tfvars.example terraform.tfvars
# Edit terraform.tfvars with your project-specific values

  2. Initialize Terraform:

    terraform init

  3. Preview the changes:

    terraform plan

  4. Apply the configuration:

    terraform apply

  5. After provisioning, you'll see outputs including:

    • Cloud Run service URL
    • Storage bucket name
    • Firestore database ID
    • Container Registry URL

Managing Secrets

Secrets for environment variables (DATABASE_URI, API_KEY_SECRET, etc.) should be managed separately using Google Secret Manager:

# Create secrets
gcloud secrets create sereact-db-uri --replication-policy="automatic"
gcloud secrets create sereact-api-key-secret --replication-policy="automatic"
gcloud secrets create sereact-vector-db-key --replication-policy="automatic"

# Add secret versions
echo -n "your-secret-value" | gcloud secrets versions add sereact-db-uri --data-file=-
echo -n "your-secret-value" | gcloud secrets versions add sereact-api-key-secret --data-file=-
echo -n "your-secret-value" | gcloud secrets versions add sereact-vector-db-key --data-file=-

# Update Cloud Run service to use secrets
gcloud run services update sereact \
  --update-secrets=DATABASE_URI=sereact-db-uri:latest,API_KEY_SECRET=sereact-api-key-secret:latest,VECTOR_DB_API_KEY=sereact-vector-db-key:latest

CI/CD Integration

To integrate this with CI/CD, store the terraform.tfvars securely in your CI/CD system and run Terraform as part of your deployment pipeline:

# Example GitHub Actions step
- name: Terraform Apply
  run: |
    cd deployment/terraform
    terraform init
    terraform apply -auto-approve
  env:
    GOOGLE_APPLICATION_CREDENTIALS: ${{ secrets.GCP_SA_KEY }}

Destroying Resources

To destroy all provisioned resources:

terraform destroy