Skip to content

Commit

Permalink
Merge pull request #16 from artefactory/feature/app_engine
Browse files Browse the repository at this point in the history
Feature/app engine
  • Loading branch information
griseau authored Oct 5, 2020
2 parents 741b875 + 0e1ff65 commit a94e42f
Show file tree
Hide file tree
Showing 19 changed files with 236 additions and 196 deletions.
16 changes: 10 additions & 6 deletions IaC/main.tf
Original file line number Diff line number Diff line change
@@ -1,7 +1,7 @@
terraform {
backend "gcs" {
}
required_version = "=0.12.29"
required_version = "~> 0.13.2"
required_providers {
google = "~> 3.13"
}
Expand All @@ -15,19 +15,23 @@ provider "google-beta" {
project = var.project_id
}

resource "random_id" "artifacts_bucket_name_suffix" {
byte_length = 5
}

module "network" {
source = "./modules/network"
vpc_name = var.network_name
network_name = var.network_name
}

module "mlflow" {
source = "./modules/mlflow"
artifacts_bucket_name = var.artifacts_bucket
artifacts_bucket_name = "${var.artifacts_bucket}-${random_id.artifacts_bucket_name_suffix.hex}"
db_password_value = var.db_password_value
private_vpc_connection = module.network.private_vpc_connection
network_link = module.network.network_link
server_docker_image = var.mlflow_docker_image
project_id = var.project_id
vpc_connector = module.network.vpc_connector
consent_screen_support_email = var.consent_screen_support_email
web_app_users = var.web_app_users
network_self_link = module.network.network_self_link
network_short_name = module.network.network_short_name
}
5 changes: 1 addition & 4 deletions IaC/modules/mlflow/database/main.tf
Original file line number Diff line number Diff line change
Expand Up @@ -7,19 +7,16 @@ resource "google_sql_database_instance" "this_instance" {
database_version = var.database_version
region = var.region

depends_on = [var.private_vpc_connection]

settings {
tier = var.size
ip_configuration {
ipv4_enabled = false
private_network = var.network_link
private_network = var.network_self_link
}
backup_configuration {
enabled = true
}
availability_type = var.availability_type

}
}

Expand Down
12 changes: 4 additions & 8 deletions IaC/modules/mlflow/database/variables.tf
Original file line number Diff line number Diff line change
Expand Up @@ -13,19 +13,11 @@ variable "region" {
description = "Region of the database instance"
default = "europe-west1"
}
variable "private_vpc_connection" {
type = any
description = "Private connection used to connect your instance with"
}
variable "size" {
type = string
description = "Size of the database instance"
default = "db-f1-micro"
}
variable "network_link" {
type = string
description = "Network link you want to connect your database with"
}
variable "availability_type" {
type = string
description = "Availability of your instance"
Expand All @@ -48,3 +40,7 @@ variable "module_depends_on" {
type = any
default = null
}

variable "network_self_link" {
type = string
}
9 changes: 5 additions & 4 deletions IaC/modules/mlflow/main.tf
Original file line number Diff line number Diff line change
Expand Up @@ -17,13 +17,12 @@ module "database" {
instance_prefix = var.db_instance_prefix
database_version = var.db_version
region = var.db_region
private_vpc_connection = var.private_vpc_connection
size = var.db_size
network_link = var.network_link
availability_type = var.db_availability_type
database_name = var.db_name
username = var.db_username
password = module.db_secret.secret_value
network_self_link = var.network_self_link
}

module "server" {
Expand All @@ -32,13 +31,15 @@ module "server" {
location = var.server_location
docker_image_name = var.server_docker_image
env_variables = var.server_env_variables
sql_instance_name = module.database.instance_connection_name
db_private_ip = module.database.private_ip
project_id = var.project_id
db_password_name = var.db_password_name
db_username = var.db_username
db_name = var.db_name
db_instance = module.database.instance_connection_name
gcs_backend = module.artifacts.url
vpc_connector = var.vpc_connector
module_depends_on = var.module_depends_on
consent_screen_support_email = var.consent_screen_support_email
web_app_users = var.web_app_users
network_short_name = var.network_short_name
}
126 changes: 71 additions & 55 deletions IaC/modules/mlflow/server/main.tf
Original file line number Diff line number Diff line change
Expand Up @@ -10,85 +10,101 @@ locals {
}, var.env_variables)
}

data "google_project" "project" {
}

resource "google_service_account" "service_account_cloud_run" {
account_id = format("cloud-run-%s", var.server_name)
display_name = "Cloud run service account used"
resource "google_app_engine_application" "app" {
location_id = var.location
iap {
enabled = true
oauth2_client_id = google_iap_client.project_client.client_id
oauth2_client_secret = google_iap_client.project_client.secret
}
}

resource "google_project_iam_member" "cloudsql" {
project = google_service_account.service_account_cloud_run.project
project = data.google_project.project.project_id
role = "roles/cloudsql.client"
member = format("serviceAccount:%s", google_service_account.service_account_cloud_run.email)
member = format("serviceAccount:%s@appspot.gserviceaccount.com", data.google_project.project.name)
}

resource "google_project_iam_member" "secret" {
project = google_service_account.service_account_cloud_run.project
project = data.google_project.project.project_id
role = "roles/secretmanager.secretAccessor"
member = format("serviceAccount:%s", google_service_account.service_account_cloud_run.email)
member = format("serviceAccount:%s@appspot.gserviceaccount.com", data.google_project.project.name)
}

resource "google_project_iam_member" "gcs" {
project = google_service_account.service_account_cloud_run.project
project = data.google_project.project.project_id
role = "roles/storage.objectAdmin"
member = format("serviceAccount:%s", google_service_account.service_account_cloud_run.email)
member = format("serviceAccount:service-%[email protected]", data.google_project.project.number)
}

resource "google_project_iam_member" "gae_api" {
project = data.google_project.project.project_id
role = "roles/compute.networkUser"
member = format("serviceAccount:%[email protected]", data.google_project.project.name)
}

resource "google_cloud_run_service" "default" {
name = var.server_name
location = var.location
resource "google_app_engine_flexible_app_version" "myapp_v1" {
service = var.service
version_id = "v1"
runtime = "custom"

template {
spec {
service_account_name = google_service_account.service_account_cloud_run.email
containers {
image = var.docker_image_name
dynamic "env" {
for_each = local.env_variables
content {
name = env.key
value = env.value
}
}
resources {
limits = {
cpu = var.cpu_limit
memory = var.memory_limit
}
}
}
}
metadata {
annotations = {
"run.googleapis.com/cloudsql-instances" = var.sql_instance_name
"run.googleapis.com/vpc-access-connector" = var.vpc_connector
}
deployment {
container {
image = var.docker_image_name
}
}

traffic {
percent = 100
latest_revision = true
liveness_check {
path = "/"
}

readiness_check {
path = "/"
}
autogenerate_revision_name = true
depends_on = [google_project_iam_member.cloudsql, google_project_iam_member.secret, google_project_iam_member.gcs, var.module_depends_on]
}

env_variables = local.env_variables

data "google_iam_policy" "noauth" {
binding {
role = "roles/run.invoker"
members = [
"allUsers",
]
automatic_scaling {
cool_down_period = "120s"
max_total_instances = 1
min_total_instances = 1
cpu_utilization {
target_utilization = 0.5
}
}
resources {
cpu = 1
memory_gb = 2
}
network {
name = var.network_short_name
}
}

resource "google_cloud_run_service_iam_policy" "noauth" {
location = google_cloud_run_service.default.location
project = google_cloud_run_service.default.project
service = google_cloud_run_service.default.name
beta_settings = {
cloud_sql_instances = format("%s=tcp:3306", var.db_instance)
}

policy_data = data.google_iam_policy.noauth.policy_data
noop_on_destroy = true
depends_on = [google_project_iam_member.gcs, google_project_iam_member.cloudsql, google_project_iam_member.secret, google_project_iam_member.gae_api]
}

resource "google_iap_brand" "project_brand" {
support_email = var.consent_screen_support_email
application_title = "mlflow"
project = data.google_project.project.number
}
resource "google_iap_client" "project_client" {
display_name = "mlflow"
brand = google_iap_brand.project_brand.name
}
resource "google_iap_app_engine_service_iam_binding" "member" {
project = data.google_project.project.name
app_id = data.google_project.project.name
service = google_app_engine_flexible_app_version.myapp_v1.service
role = "roles/iap.httpsResourceAccessor"
members = var.web_app_users
depends_on = [google_app_engine_flexible_app_version.myapp_v1]
}
43 changes: 18 additions & 25 deletions IaC/modules/mlflow/server/variables.tf
Original file line number Diff line number Diff line change
Expand Up @@ -5,7 +5,7 @@ variable "server_name" {
variable "location" {
type = string
description = "Location to deploy your server"
default = "europe-west1"
default = "europe-west"
}
variable "docker_image_name" {
type = string
Expand All @@ -15,10 +15,6 @@ variable "env_variables" {
type = map
description = "Env variable to be used in your container"
}
variable "sql_instance_name" {
type = string
description = "Sql instance name your server needs access to"
}
variable "project_id" {
description = "GCP project"
type = string
Expand All @@ -35,34 +31,31 @@ variable "db_name" {
description = "Name of the database"
type = string
}
variable "gcs_backend" {
description = "Gcs bucket used for artifacts"
variable "db_instance" {
description = "Name of the database instance"
type = string
}
variable "cpu_limit" {
type = string
description = "Maximum cpu"
default = "1000m"
}
variable "memory_limit" {
type = string
description = "Memory limit of your container"
default = "1024Mi"
}
variable "vpc_connector" {
variable "gcs_backend" {
description = "Gcs bucket used for artifacts"
type = string
description = "Vpc connector of your private network"
}
variable "db_private_ip" {
type = string
description = "Private ip of the db"
}
variable "module_depends_on" {
type = any
default = null
type = any
default = null
}
variable "service_account_mlflow_users" {
variable "consent_screen_support_email" {
type = string
default = "mlflow-users"
description = "Service account created to connect to mlflow"
}
description = "Person or group to contact in case of problem"
}
variable "web_app_users" {
type = list(string)
description = "List of people who can acess the mlflow web app. e.g. [user:[email protected], group:[email protected]]"
}
variable "service" {
default = "default"
}
variable "network_short_name" {}
Loading

0 comments on commit a94e42f

Please sign in to comment.