cloud-compose

Deploy a docker compose project to a Google Cloud Compute Instance.

Requirements

Name	Version
terraform	>= 1.2.4
cloudinit	~> 2.3
google	~> 7.0
time	~> 0.12

Providers

Name	Version
cloudinit	~> 2.3
google	~> 7.0
time	~> 0.12

Modules

Name	Source	Version
ppb	git::https://github.com/libops/terraform-cloudrun-v2	0.5.1

Resources

Name	Type
google_artifact_registry_repository_iam_member.private-policy-cloud-compose	resource
google_compute_disk.boot	resource
google_compute_disk.data	resource
google_compute_disk.docker-volumes	resource
google_compute_disk.overlay_disk	resource
google_compute_disk_resource_policy_attachment.daily_snapshot	resource
google_compute_disk_resource_policy_attachment.weekly_snapshot	resource
google_compute_firewall.allow_ssh_ipv4	resource
google_compute_firewall.allow_ssh_ipv6	resource
google_compute_instance.cloud-compose	resource
google_compute_resource_policy.daily_snapshot	resource
google_compute_resource_policy.weekly_snapshot	resource
google_project_iam_member.gce-start	resource
google_project_iam_member.gce-suspend	resource
google_project_iam_member.log	resource
google_project_iam_member.stackdriver	resource
google_service_account.app	resource
google_service_account.cloud-compose	resource
google_service_account.internal-services	resource
google_service_account.ppb	resource
google_service_account_iam_member.app-keys	resource
google_service_account_iam_member.gsa-user	resource
google_service_account_iam_member.internal-services-keys	resource
google_service_account_iam_member.self_jwt_signer_policy	resource
google_service_account_iam_member.token-creator	resource
time_static.snapshot_time_static	resource
cloudinit_config.ci	data source
google_compute_snapshot.latest_prod	data source
google_project_iam_custom_role.gce-start	data source
google_project_iam_custom_role.gce-suspend	data source

Inputs

Name	Description	Type	Default	Required
docker_compose_repo	git repo to checkout that contains a docker compose project	string	n/a	yes
name	The site name (will be the name of the GCP instance)	string	n/a	yes
project_id	The GCP project ID	string	n/a	yes
project_number	The GCP project number	string	n/a	yes
allowed_ips	CIDR IP Addresses allowed to turn on this site's GCP instance	list(string)	[]	no
allowed_ssh_ipv4	CIDR IPv4 Addresses allowed to to SSH into this site's GCP instance	list(string)	[]	no
allowed_ssh_ipv6	CIDR IPv6 Addresses allowed to SSH into this site's GCP instance	list(string)	[]	no
artifact_registry_location	Artifact Registry location for var.artifact_registry_repository.	string	"us"	no
artifact_registry_repository	Optional Artifact Registry repository name to grant the VM service account reader access to. Leave empty to skip creating the IAM binding.	string	""	no
disk_size_gb	Data disk size in GB	number	50	no
disk_type	The disk type for disks attached to the machine	string	"hyperdisk-balanced"	no
docker_compose_branch	git branch to checkout for var.docker_compose_repo	string	"main"	no
docker_compose_down	Command to stop the docker compose project	list(string)	[ "docker compose down" ]	no
docker_compose_init	After cloning the docker compose git repo, any initialization that needs to happen before the docker compose project can start. One command per list value	list(string)	[]	no
docker_compose_up	Command to start the docker compose project	list(string)	[ "docker compose up --remove-orphans" ]	no
frontend	Optional frontend container to deploy as a sidecar next to ppb. When set, ppb continues to power on and ping the VM referenced by machineMetadata, but proxies incoming requests to this container on localhost instead of to the VM. Use this to serve a frontend from Cloud Run while keeping backend services on the VM.	object({ image = string port = optional(number, 8080) cpu = optional(string, "1000m") memory = optional(string, "1Gi") })	null	no
ingress_port	TCP port on the VM that the Cloud Run ingress should connect to.	number	80	no
initcmd	Commands to run before /home/cloud-compose/run.sh	list(string)	[]	no
machine_type	VM machine type (General-purpose series that support Hyperdisk Balanced	string	"n4-standard-2"	no
os	The host OS to install on the GCP instance	string	"cos-125-19216-220-130"	no
overlay_source_instance	Name of production instance to get latest snapshot from (e.g., 'ojs-production'). Terraform will automatically use the most recent snapshot from this instance's data disk. Leave empty for production environments.	string	""	no
region	GCP region for resources	string	"us-east5"	no
rootfs	Path to additional rootfs files to copy into the VM. Files will be merged with the base rootfs. Example: '/path/to/custom/rootfs'	string	""	no
run_snapshots	Enable daily snapshots of the data disk (recommended for production). Last seven days of snapshots are available. Also weekly snapshots for past year.	bool	false	no
runcmd	Additional commands to run during cloud-init. Commands are executed after the main initialization.	list(string)	[]	no
service_account_email	Existing service account email for the VM. When empty, this module creates one.	string	""	no
users	Map of usernames to lists of SSH public keys. Users will be created with docker group membership. Example: { "alice" = ["ssh-rsa AAAA..."], "bob" = ["ssh-ed25519 AAAA...", "ssh-rsa BBBB..."] }	map(list(string))	{}	no
volume_names	List of docker volumes to overlay from production snapshot (e.g., ['compose_ojs-public']). Production data is mounted read-only as lower layer, staging writes go to upper layer.	list(string)	[]	no
zone	GCP zone for resources	string	"us-east5-b"	no

Outputs

Name	Description
appGsa	The Google Service Account the app can leverage to auth to other Google services
backend	Backend service ID for attaching the Cloud Run ingress to an external HTTPS load balancer.
external_ip	The Google Compute instance external IPv4 address.
instance	The Google Compute instance ID, name, zone, data disk, GSA for the instance.
instance_id	The Google Compute instance ID.
serviceGsa	The Google Service Account internal services that manage the VM runs as
urls	Cloud Run ingress URLs by region.