95 lines
2.7 KiB
Markdown
95 lines
2.7 KiB
Markdown
# Terraform Configuration for Sereact
|
|
|
|
This directory contains Terraform configurations to provision the required Google Cloud resources for Sereact:
|
|
|
|
- Google Cloud Run service
|
|
- Google Container Registry (GCR)
|
|
- Firestore database
|
|
- Cloud Storage bucket
|
|
|
|
## Prerequisites
|
|
|
|
1. Install [Terraform](https://www.terraform.io/downloads) (v1.0.0+)
|
|
2. Install [Google Cloud SDK](https://cloud.google.com/sdk/docs/install)
|
|
3. Authenticate with Google Cloud:
|
|
```bash
|
|
gcloud auth login
|
|
gcloud auth application-default login
|
|
```
|
|
4. Create or select a Google Cloud project:
|
|
```bash
|
|
gcloud projects create PROJECT_ID --name="Sereact Project" # optional
|
|
gcloud config set project PROJECT_ID
|
|
```
|
|
|
|
## Setup and Usage
|
|
|
|
1. Copy the example variables file and edit it with your values:
|
|
```bash
|
|
cp terraform.tfvars.example terraform.tfvars
|
|
# Edit terraform.tfvars with your project-specific values
|
|
```
|
|
|
|
2. Initialize Terraform:
|
|
```bash
|
|
terraform init
|
|
```
|
|
|
|
3. Preview the changes:
|
|
```bash
|
|
terraform plan
|
|
```
|
|
|
|
4. Apply the configuration:
|
|
```bash
|
|
terraform apply
|
|
```
|
|
|
|
5. After provisioning, you'll see outputs including:
|
|
- Cloud Run service URL
|
|
- Storage bucket name
|
|
- Firestore database ID
|
|
- Container Registry URL
|
|
|
|
## Managing Secrets
|
|
|
|
Secrets for environment variables (DATABASE_URI, API_KEY_SECRET, etc.) should be managed separately using Google Secret Manager:
|
|
|
|
```bash
|
|
# Create secrets
|
|
gcloud secrets create sereact-db-uri --replication-policy="automatic"
|
|
gcloud secrets create sereact-api-key-secret --replication-policy="automatic"
|
|
gcloud secrets create sereact-vector-db-key --replication-policy="automatic"
|
|
|
|
# Add secret versions
|
|
echo -n "your-secret-value" | gcloud secrets versions add sereact-db-uri --data-file=-
|
|
echo -n "your-secret-value" | gcloud secrets versions add sereact-api-key-secret --data-file=-
|
|
echo -n "your-secret-value" | gcloud secrets versions add sereact-vector-db-key --data-file=-
|
|
|
|
# Update Cloud Run service to use secrets
|
|
gcloud run services update sereact \
|
|
--update-secrets=DATABASE_URI=sereact-db-uri:latest,API_KEY_SECRET=sereact-api-key-secret:latest,VECTOR_DB_API_KEY=sereact-vector-db-key:latest
|
|
```
|
|
|
|
## CI/CD Integration
|
|
|
|
To integrate this with CI/CD, store the `terraform.tfvars` securely in your CI/CD system and run Terraform as part of your deployment pipeline:
|
|
|
|
```yaml
|
|
# Example GitHub Actions step
|
|
- name: Terraform Apply
|
|
run: |
|
|
cd deployment/terraform
|
|
terraform init
|
|
terraform apply -auto-approve
|
|
env:
|
|
GOOGLE_APPLICATION_CREDENTIALS: ${{ secrets.GCP_SA_KEY }}
|
|
```
|
|
|
|
## Destroying Resources
|
|
|
|
To destroy all provisioned resources:
|
|
|
|
```bash
|
|
terraform destroy
|
|
``` |