diff --git a/terraform/.terraform.lock.hcl b/terraform/.terraform.lock.hcl index 752d0d5..bea9b49 100644 --- a/terraform/.terraform.lock.hcl +++ b/terraform/.terraform.lock.hcl @@ -24,21 +24,21 @@ provider "registry.terraform.io/cloudflare/cloudflare" { } provider "registry.terraform.io/hashicorp/google" { - version = "4.8.0" + version = "4.9.0" constraints = ">= 3.74.0" hashes = [ - "h1:2EwEiinufTyL/mQ4eQHu+UOwKaHUQfhhU//aA+CopwQ=", - "zh:08d1fbdaee6f9d615e09ab6244d5f8f1b76fd079fc4193822a9f5ac4344b3738", - "zh:27afa2e26921ca5b96e804b781792296e9a9d4ac533d6f87c3855ae68e28ef80", - "zh:2d1fe33d3c6daa85a9ba6608b99d9710c7fcd61199d249e353e82d5bf1a18280", - "zh:31b2c41dbe458d8b75068069bb05864027bd1b4a3f4c8e8b7cd7b9d1fe47be7b", - "zh:4001c5237a4fb383014b685077c12a0b9cdbac28dce0c707a9a4622d62ef06c9", - "zh:82c9ef3f72fa6a8fba163cff94b0f7fd0572724e991af5c7f389feaaf83298d8", - "zh:9524a6dc9d8b2cbcef53ca2c04e121899bb1947ff8d4f9569c3b01b1cb9f736a", - "zh:a33dcd5d8efef4dafaa331918c79b793be036420fc56c40bb3fb313fdb56db0d", - "zh:aa36241871cb5376c7ba8cb8b2ddbfc488c4231e5c0d10b2f421ffaa14c0b462", - "zh:cd2c1ffbab0c6e154ed2472edc2788bc2cb9db93848325e389a7157ebbb540de", - "zh:f350242dabb33035e2b49cd3e925c88c6bf4b73becfaff298d503e4c64e46271", + "h1:7NS3UTI4ItiaxTW5cEWlFMqezqwRgpKzElaHUnO32EA=", + "zh:10887917815293d6ad26cc3784c766de4dfa2fa6b2c8b994de4f4b7b3bc31653", + "zh:343037e5ec514ac02bfacc200acb648861b04ee9024bed5bf72d13583d10783d", + "zh:40eaf3e06e44e2278ba64fc161e96b1bd05508f599ce12e1f094a924839d34a6", + "zh:5178f1043fa24a38602833aed72db5023f4183833e1fdb78bb1584a05ff53030", + "zh:616889b78ee00ee69d749f7848d63246de200f17efeebfaaf28dbe3f49ec6362", + "zh:695f6de8659d17f65a3317b9810cdc1c12738648b1b87dcf7eca90ebc019d889", + "zh:6e98efe69bff66120cfd0911eea4d20f7b17c62eed909e12098e46efb8f86e5a", + "zh:78f6615113f8fd0fb28f7b58102c55db42e7251463650e0410ec2d6f8877141c", + "zh:8a2f45c2f7e4c4077b720d6b98d5ee26347e97b6d2ee12489cca14d42fef2f36", + "zh:db1a462b72047342d5b35587953a3db30a4af248100e1db9eddc0ebb4b7c9a07", + "zh:fa64449c0efa1340077c860003059762e735b4d2a376d9ece90c174ad8d238c0", ] } diff --git a/terraform/bot.tf b/terraform/bot.tf index 64003b4..2a9d315 100644 --- a/terraform/bot.tf +++ b/terraform/bot.tf @@ -22,15 +22,31 @@ data "google_compute_subnetwork" "default_subnet" { region = local.botRegion } -module "gce_container" { - source = "github.com/terraform-google-modules/terraform-google-container-vm?ref=v2.0.0" - restart_policy = "Always" +data "google_compute_default_service_account" "default_service_account" { +} + +resource "random_pet" "name" { + keepers = { + region = local.botRegion + envtag = var.environment_tag + version = local.botTag + } } locals { + instance_name = "roleypoly-bot-${var.environment_tag}-${random_pet.name.id}" +} + +module "gce_container" { + source = "terraform-google-modules/container-vm/google" + version = ">=3.0.0" + + // https://cloud.google.com/container-optimized-os/docs/release-notes/m93#cos-93-16623-102-5 + cos_image_name = "cos-93-16623-102-5" + container = { - image = "ghcr.io/roleypoly/bot${local.botTag}" - restart_policy = "Always" + image = "ghcr.io/roleypoly/bot${local.botTag}" + env = [ { name = "BOT_TOKEN", @@ -47,25 +63,16 @@ locals { ] } - // generate container spec due to secret passing issues with terraform - specWithSecrets = { - spec = { - containers = [local.container] - } - } - - containerMetadataWithSecrets = yamlencode(local.specWithSecrets) - - vmName = "roleypoly-bot-${var.environment_tag}-${substr(md5(local.containerMetadataWithSecrets), 0, 8)}" + restart_policy = "Always" } -resource "google_compute_instance" "bot" { - count = var.deploy_bot == true ? 1 : 0 +resource "google_compute_instance" "vm" { + count = var.deploy_bot ? 1 : 0 - name = local.vmName - machine_type = var.bot_instance_size - zone = data.google_compute_zones.gcp_zones.names[random_integer.zone_index.result] - allow_stopping_for_update = true + project = var.gcp_project + name = local.instance_name + machine_type = var.bot_instance_size + zone = data.google_compute_zones.gcp_zones.names[random_integer.zone_index.result] boot_disk { initialize_params { @@ -81,12 +88,22 @@ resource "google_compute_instance" "bot" { } metadata = { - gce-container-declaration = local.containerMetadataWithSecrets - image = local.container.image - environment = var.environment_tag + gce-container-declaration = module.gce_container.metadata_value + google-logging-enabled = "true" + google-monitoring-enabled = "true" } labels = { container-vm = module.gce_container.vm_container_label } + + service_account { + email = data.google_compute_default_service_account.default_service_account.email + scopes = [ + "https://www.googleapis.com/auth/cloud-platform", + "https://www.googleapis.com/auth/logging.write", + "https://www.googleapis.com/auth/monitoring.write", + "https://www.googleapis.com/auth/trace.append", + ] + } } diff --git a/terraform/providers.tf b/terraform/providers.tf index 5ce265f..e8b986d 100644 --- a/terraform/providers.tf +++ b/terraform/providers.tf @@ -80,7 +80,7 @@ variable "gcp_project" { variable "gcp_region" { type = string - default = "us-east4" + default = "us-central1" // low CO2 yeet } provider "google" { diff --git a/terraform/variables/prod.tfvars b/terraform/variables/prod.tfvars index b33eaa3..a07f691 100644 --- a/terraform/variables/prod.tfvars +++ b/terraform/variables/prod.tfvars @@ -4,3 +4,4 @@ bot_instance_size = "e2-micro" ui_public_uri = "https://roleypoly.com" api_public_uri = "https://api-prod.roleypoly.com" allowed_callback_hosts = "https://roleypoly.com,https://next.roleypoly.com" +gcp_region = "us-central1" diff --git a/terraform/variables/stage.tfvars b/terraform/variables/stage.tfvars index 3384742..e6a05d8 100644 --- a/terraform/variables/stage.tfvars +++ b/terraform/variables/stage.tfvars @@ -4,3 +4,4 @@ bot_instance_size = "e2-micro" ui_public_uri = "https://stage.roleypoly.com" api_public_uri = "https://api-stage.roleypoly.com" allowed_callback_hosts = "https://roleypoly.com,https://stage.roleypoly.com,https://*.roleypoly.pages.dev" +gcp_region = "us-central1"