Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Complete instructions to deploy Tessera GCP #86

Merged
merged 8 commits into from
Jul 25, 2024
Merged

Complete instructions to deploy Tessera GCP #86

Show file tree
Hide file tree
Changes from all commits
Commits
Show all changes
8 commits
Select commit Hold shift + click to select a range
a982dee
read environment variables
phbnf Jul 24, 2024
b7da2d5
add instructions
phbnf Jul 24, 2024
9c7b31b
s/trillian-tessera/tessera because otherwise names are too long
phbnf Jul 24, 2024
739081d
better names and move documentation around
phbnf Jul 24, 2024
aed8e5e
s/us-east1/us-central1
phbnf Jul 25, 2024
463ba59
leave defaults set to current values
phbnf Jul 25, 2024
57bfc12
tidy things up
phbnf Jul 25, 2024
34fb0d2
EnglishIsHard
phbnf Jul 25, 2024
File filter

Filter by extension

Filter by extension
Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
10 changes: 1 addition & 9 deletions deployment/README.md
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -14,13 +14,5 @@ Deploying these examples requires installation of:

## Deploying

First authenticate via `gcloud` as a principle with sufficient ACLs for
the project:
```bash
gcloud auth application-default login
```

Terraforming the project can be done by:
1. `cd` to the relevant `live` directory for the environment to deploy/change
2. Run `terragrunt apply`
See individual `live` subdirectories.

24 changes: 24 additions & 0 deletions deployment/live/example-gcp/README.md
View file
Open in desktop
Original file line number Diff line number Diff line change
@@ -0,0 +1,24 @@
## Deployment

First authenticate via `gcloud` as a principle with sufficient ACLs for
the project:
```bash
gcloud auth application-default login
```

Set your GCP project ID with:
```bash
export GOOGLE_PROJECT={VALUE}
Copy link
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

What's the advantage of doing this with environment variables? It moves away from the the deployment files being fully declarative, which means that two people can check out the same repo and then create different deployments because of inconsistencies in the env naming. It's also more work each time you set up a shell to get back to the same state. The obvious workaround is to create a shell script that sets these values, but then you've just put them in a file, which this change moves away from.

Copy link
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Huh, I just saw Al's comments which only appear at the overview screen and not on the "files changed" view. Looks like these comments are somewhat redundant!

Copy link
Contributor Author

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Moving the conversation here since I looked at this with Al yesterday, and the goal was specifically to get your opinion on it given that you've spent a lot of time looking at Terraform already.

which means that two people can check out the same repo and then create different deployments because of inconsistencies in the env naming.: I think this is a feature, I have my own dev GCP project and I'd like to deploy tessera there. Alternatively, I might want to play around with a deployment in the trillian-tessera project with a CT log, without impacting other folks working on the current existing deployment.

The current setup is already affected by environment variables, the deployment files as they are do not work without setting GOOGLE_PROJECT:

╷
│ Error: Failed to retrieve project, pid: , err: project: required field is not set
│
│   with google_spanner_instance.log_spanner,
│   on main.tf line 52, in resource "google_spanner_instance" "log_spanner":
│   52: resource "google_spanner_instance" "log_spanner" {

This PR doesn't change this behavior, but it's a improvement because now you only have to set your project ID once, and not both in GOOGLE_PROJECT and in terragrunt.hcl. I think it's the smallest change we can make to allow to:

  • fix the current deployment setup
  • have customizations in a single place
  • allow easy customizations for folks no using the default values in this file

I tried two alternatives before sending this PR:

  • not using environment variables, in which case modules/gcs/main.tf needs to be edited to specify the provider and project (which can be passed from terragrunt.hcl). That would allow to have all the config declarative, but folks would have to make sure not to add this file edits to their commits. Al wasn't supper keen on modifying modules/gcs/main.tf nor on making folks edit a config file for running quick examples.
  • using non "reserved" environment variable instead of GOOGLE_PROJECT and GOOGLE_REGION. I thought I'd stick to the defaults ones before customizing things.

I think that another alternative is to use terragrunt to generate the provider config, either with or without making use of environment variables.

What do you recommend?

```

Optionally, customize the GCP region (defaults to "us-central1"),
and bucket name prefix (defaults to "example-gcp"):
```bash
export GOOGLE_REGION={VALUE}
export TESSERA_BASE_NAME={VALUE}
```

Terraforming the project can be done by:
1. `cd` to the relevant `live` directory for the environment to deploy/change
2. Run `terragrunt apply`

6 changes: 3 additions & 3 deletions deployment/live/example-gcp/terragrunt.hcl
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -3,9 +3,9 @@ terraform {
}

locals {
project_id = "trillian-tessera"
location = "us-central1"
base_name = "example-gcp"
project_id = get_env("GOOGLE_PROJECT", "trillian-tessera")
location = get_env("GOOGLE_REGION", "us-central1")
base_name = get_env("TESSERA_BASE_NAME", "example-gcp")
}

inputs = merge(
Expand Down
Loading