damccorm commented on code in PR #26513:
URL: https://github.com/apache/beam/pull/26513#discussion_r1197988495
##########
playground/terraform/infrastructure/cloudbuild-manual-setup/02.builders/variables.tf:
##########
@@ -16,93 +16,149 @@
# under the License.
variable "project_id" {
- type = string
description = "The ID of the Google Cloud project within which resources are
provisioned"
}
-variable "region" {
- type = string
- description = "The Google Cloud Platform (GCP) region (For example:
us-central1) where Cloud Build triggers will be created at"
-}
-
-variable "infra_trigger_name" {
- type = string
+variable "pg_infra_trigger_name" {
description = "The name of the trigger that will deploy Playground
infrastructure"
- default = "playground-infrastructure-trigger"
+ default = "Initialize-Playground-environment"
}
-variable "gke_trigger_name" {
- type = string
+variable "pg_gke_trigger_name" {
description = "The name of the trigger that will deploy Playground to GKE"
- default = "playground-to-gke-trigger"
+ default = "Deploy-Update-Playground-environment"
+}
+variable "pg_ci_trigger_name" {
+ description = "The name of the trigger to run CI checks"
+ default = "Playground-CI-stable"
}
-variable "cloudbuild_service_account_id" {
- type = string
- description = "The ID of the cloud build service account responsible for
provisioning Google Cloud resources"
- default = "playground-cloudbuild-sa"
+variable "pg_cd_trigger_name" {
+ description = "The name of the trigger to run CD checks"
+ default = "Playground-CD-stable"
}
-variable "github_repository_name" {
- type = string
- description = "The name of the GitHub repository. For example the repository
name for https://github.com/example/foo is 'foo'."
+variable "playground_deploy_sa" {
+ description = "The ID of the cloud build service account responsible for
deploying the Playground"
}
-variable "github_repository_owner" {
- type = string
- description = "The owner of the GitHub repository. For example the owner for
https://github.com/example/foo is 'example'."
+variable "playground_update_sa" {
+ description = "The ID of the cloud build service account responsible for
updating the Helm"
}
-variable "github_repository_branch" {
- type = string
- description = "The GitHub repository branch regex to match cloud build
trigger"
+variable "playground_ci_sa" {
+ description = "The ID of the cloud build service account responsible for
running CI checks and scripts"
}
+variable "playground_cd_sa" {
+ description = "The ID of the cloud build service account responsible for
running CD checks and scripts"
+}
+
variable "playground_environment_name" {
- description = <<EOF
-Environment name where to deploy Playground. Located in
playground/terraform/environment/{environment_name}. E.g. test, dev, prod.
-More details:
https://github.com/akvelon/beam/blob/cloudbuild%2Bmanualsetup%2Bplayground/playground/terraform/README.md#prepare-deployment-configuration";
- EOF
+ description = "An environment name which will have it is own configuration
of Playground"
+ default = "env"
}
variable "playground_dns_name" {
- description = <<EOF
-The DNS record name for Playground website.
-More details:
https://github.com/apache/beam/blob/master/playground/terraform/README.md#deploy-playground-infrastructure";
- EOF
+ description = "The DNS A-record name for Playground website"
+ default = "fqdn.playground.zone"
}
-variable "playground_network_name" {
- description = "The Google Cloud Platform (GCP) VPC Network Name for
Playground deployment"
+variable "state_bucket" {
+ description = "The Google Cloud Platform GCS bucket name for Playground
Terraform state file"
+ default = "playground-tfstate-project-env"
}
-variable "playground_gke_name" {
- description = "The Playground GKE Cluster name in Google Cloud Platform
(GCP)"
+variable "cloudbuild_bucket_private" {
+ description = "The Google Cloud Platform GCS bucket name for Playground
Cloudbuild Private logs"
}
-variable "state_bucket" {
- description = "The Google Cloud Platform (GCP) GCS bucket name for Beam
Playground temp files and Terraform state"
+variable "cloudbuild_bucket_public" {
+ description = "The Google Cloud Platform GCS bucket name for Playground
Cloudbuild Private logs"
Review Comment:
```suggestion
description = "The Google Cloud Platform GCS bucket name for Playground
Cloudbuild public logs"
```
+1
##########
playground/terraform/infrastructure/cloudbuild-manual-setup/README.md:
##########
@@ -20,97 +20,125 @@
This directory organizes Infrastructure-as-Code to provision dependent
resources and set up Cloud Build for Beam Playground.
Cloud Build triggers created by terraform scripts from this directory automate
steps described in
[readme](https://github.com/apache/beam/blob/master/playground/terraform/README.md).
-## Requirements:
+# Requirements:
-- [GCP
project](https://cloud.google.com/resource-manager/docs/creating-managing-projects)
-- [GCP User
account](https://cloud.google.com/appengine/docs/standard/access-control?tab=python)
_(Note: You will find the instruction "How to create User account" for your
new project)_<br>
+1. [GCP
project](https://cloud.google.com/resource-manager/docs/creating-managing-projects)
+
+2. [GCP User
account](https://cloud.google.com/appengine/docs/standard/access-control?tab=python)
_(Note: You will find the instruction "How to create User account" for your
new project)_<br>
Ensure that the account has at least the following [IAM
roles](https://cloud.google.com/iam/docs/understanding-roles):
- Service Account Admin
- Storage Admin
- Service Usage Admin
- Cloud Build Editor
- Security Admin
- Service Account User
-- [gcloud CLI](https://cloud.google.com/sdk/docs/install-sdk)
-- An existing GCP Bucket to save Terraform state - `state-bucket`
-- DNS name for your Playground deployment instance
-- [Terraform](https://www.terraform.io/)
-- [Apache Beam GitHub](https://github.com/apache/beam) repository cloned
locally
+ - Secret Manager Admin
-## 1. Set up the Google Cloud Build for your GCP project
+3. [Google Cloud Storage
buckets](https://cloud.google.com/storage/docs/creating-buckets)for:
+- Terraform state for Cloud Build triggers: \<triggers-state-bucket\>
+- Cloud Build private logs: \<private-logs-bucket\>
+- Cloud Build public logs: \<public-logs-bucket\>. Don't enforce public access
prevention on this bucket.
-The `playground/terraform/infrastructure/cloudbuild-manual-setup/01.setup`
provisions dependencies required to set up Cloud Build for Playground:
-- Required API services
-- Cloud Build service account
-- IAM roles for Cloud Build service account
+4. DNS name for your Playground deployment instance
-#### To execute the module:
-
-**Note:** Please see [Cloud Build
locations](https://cloud.google.com/build/docs/locations) for the list of all
supported locations.
+5. OS with installed software listed below:
+- [Terraform](https://www.terraform.io/downloads)
+- [gcloud CLI](https://cloud.google.com/sdk/docs/install-sdk)
-1. Run commands:
+6. [GitHub Personal Access
Token](https://docs.github.com/en/authentication/keeping-your-account-and-data-secure/creating-a-personal-access-token)
for CI trigger
+# Prepare deployment configuration
-```console
-# Set environment variable for state bucket
-export STATE_BUCKET="state-bucket"
+1. Generate a Terraform variable file called
`beam/playground/terraform/infrastructure/cloudbuild-manual-setup/common.tfvars`.
Place the values listed below into the file, adjusting them as needed:
+```
+playground_deploy_sa = "pg-cb-deploy" #
Service account for Initialize-Playground-environment trigger
+playground_update_sa = "pg-cb-update" #
Service account for Deploy-Update-Playground-environment trigger
+playground_ci_sa = "pg-cb-ci" #
SA name used for CI trigger
+playground_cd_sa = "pg-cb-cd" #
SA name used for CD trigger
+project_id = "<PROJECT_ID>"
# GCP Project ID
Review Comment:
```suggestion
project_id = "<PROJECT_ID>"
# GCP Project ID
```
Indentation nit
--
This is an automated message from the Apache Git Service.
To respond to the message, please log on to GitHub and use the
URL above to go to the specific comment.
To unsubscribe, e-mail: [email protected]
For queries about this service, please contact Infrastructure at:
[email protected]
