You are viewing a plain text version of this content. The canonical link for it is here.
Posted to github@beam.apache.org by "damccorm (via GitHub)" <gi...@apache.org> on 2023/05/18 15:49:36 UTC
[GitHub] [beam] damccorm commented on a diff in pull request #26513: Playground Cloud Build deployment and CI/CD triggers
damccorm commented on code in PR #26513:
URL: https://github.com/apache/beam/pull/26513#discussion_r1197988495
##########
playground/terraform/infrastructure/cloudbuild-manual-setup/02.builders/variables.tf:
##########
@@ -16,93 +16,149 @@
# under the License.
variable "project_id" {
- type = string
description = "The ID of the Google Cloud project within which resources are provisioned"
}
-variable "region" {
- type = string
- description = "The Google Cloud Platform (GCP) region (For example: us-central1) where Cloud Build triggers will be created at"
-}
-
-variable "infra_trigger_name" {
- type = string
+variable "pg_infra_trigger_name" {
description = "The name of the trigger that will deploy Playground infrastructure"
- default = "playground-infrastructure-trigger"
+ default = "Initialize-Playground-environment"
}
-variable "gke_trigger_name" {
- type = string
+variable "pg_gke_trigger_name" {
description = "The name of the trigger that will deploy Playground to GKE"
- default = "playground-to-gke-trigger"
+ default = "Deploy-Update-Playground-environment"
+}
+variable "pg_ci_trigger_name" {
+ description = "The name of the trigger to run CI checks"
+ default = "Playground-CI-stable"
}
-variable "cloudbuild_service_account_id" {
- type = string
- description = "The ID of the cloud build service account responsible for provisioning Google Cloud resources"
- default = "playground-cloudbuild-sa"
+variable "pg_cd_trigger_name" {
+ description = "The name of the trigger to run CD checks"
+ default = "Playground-CD-stable"
}
-variable "github_repository_name" {
- type = string
- description = "The name of the GitHub repository. For example the repository name for https://github.com/example/foo is 'foo'."
+variable "playground_deploy_sa" {
+ description = "The ID of the cloud build service account responsible for deploying the Playground"
}
-variable "github_repository_owner" {
- type = string
- description = "The owner of the GitHub repository. For example the owner for https://github.com/example/foo is 'example'."
+variable "playground_update_sa" {
+ description = "The ID of the cloud build service account responsible for updating the Helm"
}
-variable "github_repository_branch" {
- type = string
- description = "The GitHub repository branch regex to match cloud build trigger"
+variable "playground_ci_sa" {
+ description = "The ID of the cloud build service account responsible for running CI checks and scripts"
}
+variable "playground_cd_sa" {
+ description = "The ID of the cloud build service account responsible for running CD checks and scripts"
+}
+
variable "playground_environment_name" {
- description = <<EOF
-Environment name where to deploy Playground. Located in playground/terraform/environment/{environment_name}. E.g. test, dev, prod.
-More details: https://github.com/akvelon/beam/blob/cloudbuild%2Bmanualsetup%2Bplayground/playground/terraform/README.md#prepare-deployment-configuration"
- EOF
+ description = "An environment name which will have it is own configuration of Playground"
+ default = "env"
}
variable "playground_dns_name" {
- description = <<EOF
-The DNS record name for Playground website.
-More details: https://github.com/apache/beam/blob/master/playground/terraform/README.md#deploy-playground-infrastructure"
- EOF
+ description = "The DNS A-record name for Playground website"
+ default = "fqdn.playground.zone"
}
-variable "playground_network_name" {
- description = "The Google Cloud Platform (GCP) VPC Network Name for Playground deployment"
+variable "state_bucket" {
+ description = "The Google Cloud Platform GCS bucket name for Playground Terraform state file"
+ default = "playground-tfstate-project-env"
}
-variable "playground_gke_name" {
- description = "The Playground GKE Cluster name in Google Cloud Platform (GCP)"
+variable "cloudbuild_bucket_private" {
+ description = "The Google Cloud Platform GCS bucket name for Playground Cloudbuild Private logs"
}
-variable "state_bucket" {
- description = "The Google Cloud Platform (GCP) GCS bucket name for Beam Playground temp files and Terraform state"
+variable "cloudbuild_bucket_public" {
+ description = "The Google Cloud Platform GCS bucket name for Playground Cloudbuild Private logs"
Review Comment:
```suggestion
description = "The Google Cloud Platform GCS bucket name for Playground Cloudbuild public logs"
```
+1
##########
playground/terraform/infrastructure/cloudbuild-manual-setup/README.md:
##########
@@ -20,97 +20,125 @@
This directory organizes Infrastructure-as-Code to provision dependent resources and set up Cloud Build for Beam Playground.
Cloud Build triggers created by terraform scripts from this directory automate steps described in [readme](https://github.com/apache/beam/blob/master/playground/terraform/README.md).
-## Requirements:
+# Requirements:
-- [GCP project](https://cloud.google.com/resource-manager/docs/creating-managing-projects)
-- [GCP User account](https://cloud.google.com/appengine/docs/standard/access-control?tab=python) _(Note: You will find the instruction "How to create User account" for your new project)_<br>
+1. [GCP project](https://cloud.google.com/resource-manager/docs/creating-managing-projects)
+
+2. [GCP User account](https://cloud.google.com/appengine/docs/standard/access-control?tab=python) _(Note: You will find the instruction "How to create User account" for your new project)_<br>
Ensure that the account has at least the following [IAM roles](https://cloud.google.com/iam/docs/understanding-roles):
- Service Account Admin
- Storage Admin
- Service Usage Admin
- Cloud Build Editor
- Security Admin
- Service Account User
-- [gcloud CLI](https://cloud.google.com/sdk/docs/install-sdk)
-- An existing GCP Bucket to save Terraform state - `state-bucket`
-- DNS name for your Playground deployment instance
-- [Terraform](https://www.terraform.io/)
-- [Apache Beam GitHub](https://github.com/apache/beam) repository cloned locally
+ - Secret Manager Admin
-## 1. Set up the Google Cloud Build for your GCP project
+3. [Google Cloud Storage buckets](https://cloud.google.com/storage/docs/creating-buckets)for:
+- Terraform state for Cloud Build triggers: \<triggers-state-bucket\>
+- Cloud Build private logs: \<private-logs-bucket\>
+- Cloud Build public logs: \<public-logs-bucket\>. Don't enforce public access prevention on this bucket.
-The `playground/terraform/infrastructure/cloudbuild-manual-setup/01.setup` provisions dependencies required to set up Cloud Build for Playground:
-- Required API services
-- Cloud Build service account
-- IAM roles for Cloud Build service account
+4. DNS name for your Playground deployment instance
-#### To execute the module:
-
-**Note:** Please see [Cloud Build locations](https://cloud.google.com/build/docs/locations) for the list of all supported locations.
+5. OS with installed software listed below:
+- [Terraform](https://www.terraform.io/downloads)
+- [gcloud CLI](https://cloud.google.com/sdk/docs/install-sdk)
-1. Run commands:
+6. [GitHub Personal Access Token](https://docs.github.com/en/authentication/keeping-your-account-and-data-secure/creating-a-personal-access-token) for CI trigger
+# Prepare deployment configuration
-```console
-# Set environment variable for state bucket
-export STATE_BUCKET="state-bucket"
+1. Generate a Terraform variable file called `beam/playground/terraform/infrastructure/cloudbuild-manual-setup/common.tfvars`. Place the values listed below into the file, adjusting them as needed:
+```
+playground_deploy_sa = "pg-cb-deploy" # Service account for Initialize-Playground-environment trigger
+playground_update_sa = "pg-cb-update" # Service account for Deploy-Update-Playground-environment trigger
+playground_ci_sa = "pg-cb-ci" # SA name used for CI trigger
+playground_cd_sa = "pg-cb-cd" # SA name used for CD trigger
+project_id = "<PROJECT_ID>" # GCP Project ID
Review Comment:
```suggestion
project_id = "<PROJECT_ID>" # GCP Project ID
```
Indentation nit
--
This is an automated message from the Apache Git Service.
To respond to the message, please log on to GitHub and use the
URL above to go to the specific comment.
To unsubscribe, e-mail: github-unsubscribe@beam.apache.org
For queries about this service, please contact Infrastructure at:
users@infra.apache.org