https://github.com/googlecloudplatform/terraform-google-cloud-deploy

Create Cloud Deploy pipelines and targets
https://github.com/googlecloudplatform/terraform-google-cloud-deploy

cft-terraform developer-tools

Last synced: 4 months ago
JSON representation

Create Cloud Deploy pipelines and targets

• Host: GitHub
• URL: https://github.com/googlecloudplatform/terraform-google-cloud-deploy
• Owner: GoogleCloudPlatform
• License: apache-2.0
• Created: 2022-11-07T21:51:47.000Z (over 2 years ago)
• Default Branch: main
• Last Pushed: 2024-11-04T19:28:31.000Z (7 months ago)
• Last Synced: 2024-12-18T08:41:28.167Z (6 months ago)
• Topics: cft-terraform, developer-tools
• Language: HCL
• Homepage: https://registry.terraform.io/modules/GoogleCloudPlatform/cloud-deploy/google
• Size: 158 KB
• Stars: 15
• Watchers: 16
• Forks: 8
• Open Issues: 4
• Metadata Files:
  • Readme: README.md
  • Changelog: CHANGELOG.md
  • Contributing: CONTRIBUTING.md
  • License: LICENSE
  • Codeowners: CODEOWNERS
  • Security: SECURITY.md

Awesome Lists containing this project

README

        
# Cloud Deploy terraform module

This module is used  to create Google Cloud Deploy [delivery pipelines, targets](https://cloud.google.com/deploy/docs/create-pipeline-targets) and their respective service accounts.

## Prerequisites

This example needs below mentioned prerequisites are in place before consuming the example.

Target GKE clusters should be operational

Edit the Organization Policy "iam.disableCrossProjectServiceAccountUsage" to "not enforce" in all the target project in case deployment service accounts are created in different projects.

Cloud deploy manifests file repo should be connected in cloud builds trigger section

VPC and VPN creation (https://cloud.google.com/architecture/accessing-private-gke-clusters-with-cloud-build-private-pools) for private clusters

The service accounts and targets are unique across delivery pipeline.

## Sample Usage:

```hcl

module "cloud_deploy" {

  source = "GoogleCloudPlatform/cloud-deploy/google"

  pipeline_name = "google-pipeline-same-gke-1"

  location      = "us-central1"

  project       = "gdc-clouddeploy-source"

  stage_targets = [{

    target_name   = "dev-1-test"

    profiles      = ["test"]

    target_create = true

    target_type   = "gke"

    target_spec = {

      project_id       = "gdc-clouddeploy-source"

      location         = "us-central1-c"

      gke_cluster_name = "cluster-2"

      gke_cluster_sa   = "[email protected]"

    }

    require_approval   = false

    exe_config_sa_name = "deployment-test-1-google-test"

    execution_config = {

      execution_timeout = "3600s"

      worker_pool       = null

      artifact_storage  = ""

    }

    strategy = {

      standard = {

        verify = true

      }

    }

    }, {

    target_name   = "prod-1-test"

    profiles      = ["prod"]

    target_create = true

    target_type   = "gke"

    target_spec = {

      project_id       = "gdc-clouddeploy-source"

      location         = "us-central1-c"

      gke_cluster_name = "cluster-2"

      gke_cluster_sa   = "[email protected]"

     }

    require_approval   = true

    exe_config_sa_name = "deployment-prod-1-google-test"

    execution_config   = {}

    strategy           = {}

  }]

  trigger_sa_name   = "cd-trigger-1"

  trigger_sa_create = true

}

```

## Inputs

| Name | Description | Type | Default | Required |

|------|-------------|------|---------|:--------:|

| location | Location of the Pipeline | `string` | n/a | yes |

| pipeline\_name | Name of the Delivery Pipeline | `string` | n/a | yes |

| project | Project ID | `string` | n/a | yes |

| stage\_targets | List of object specifications for Deploy Targets | 
list(object({
    target_name        = string
    profiles           = list(string)
    target_create      = bool
    target_type        = string
    target_spec        = map(string)
    require_approval   = bool
    exe_config_sa_name = string
    execution_config   = map(string)
    strategy           = any
  }))
 | n/a | yes |

| trigger\_sa\_create | True for trigger service account creation, False to reuse existing trigger service account | `bool` | `true` | no |

| trigger\_sa\_name | Name of the Trigger service account | `string` | n/a | yes |


## Outputs

| Name | Description |

|------|-------------|

| delivery\_pipeline\_and\_target | List of Delivery Pipeline and respective Target |

| execution\_sa | List of Deploy target Execution Service Account |

| trigger\_sa | List of Cloud Build Trigger Service Account |

## Requirements

These sections describe requirements for using this example.

## Software

The following dependencies must be available:

* Terraform ~> v0.13+

* Terraform Provider for GCP ~> v3.53+

* Terraform Provider for GCP Beta ~> v3.53+

## Service Account:

Add yourself to service account user roles for the created service account.

## APIs

Enable below api's

* "clouddeploy.googleapis.com"

* "container.googleapis.com".

## Contributing

Refer to the [contribution guidelines](./CONTRIBUTING.md) for

information on contributing to this module.

## Security Disclosures

Please see our [security disclosure process](./SECURITY.md).