Open7

Cloud Load Balancing 配下で Cloud Run のタグを使ったBlueGreenデプロイを試す

YamatoYamato

全部Terraformで構成を書いていく

resource "google_cloud_run_v2_service" "default" {
  name     = "blue-green-run"
  location = "us-central1"

  template {
    scaling {
      max_instance_count = 2
    }
    containers {
      image = "us-docker.pkg.dev/cloudrun/container/hello"
    }
  }
}

resource "google_cloud_run_v2_service_iam_binding" "binding" {
  project = google_cloud_run_v2_service.default.project
  location = google_cloud_run_v2_service.default.location
  name = google_cloud_run_v2_service.default.name
  role = "roles/viewer"
  members = [
    "allUsers",
  ]
}
YamatoYamato

怒られた。
SAに権限が足りてなかった。

googleapi: Error 403: Permission 'run.services.setIamPolicy' denied on resource
YamatoYamato

Cloud RunはWEBコンソールでデプロイして、blueタグを付けた

YamatoYamato

ドメインはなしで、パスを使ったパターンを試してみる
バックエンドサービスの切り替えなので、ホスト名での切り替えも行ける

resource "google_compute_global_address" "default" {
  name = "${local.name}-address"
}

resource "google_compute_region_network_endpoint_group" "cloudrun_neg" {
  name                  = "${local.name}-neg"
  network_endpoint_type = "SERVERLESS"
  region                = local.region
  cloud_run {
    service = google_cloud_run_v2_service.default.name
  }
}

resource "google_compute_region_network_endpoint_group" "cloudrun_neg_blue" {
  name                  = "${local.name}-neg-blue"
  network_endpoint_type = "SERVERLESS"
  region                = local.region
  cloud_run {
    service = google_cloud_run_v2_service.default.name
    tag = "blue"
  }
}

resource "google_compute_url_map" "default" {
  name            = "${local.name}-urlmap"

  default_service = google_compute_backend_service.default.id

   host_rule {
    hosts = ["*"]
    path_matcher = "allpaths"
  }

  path_matcher {
     name =  "allpaths"
     default_service = google_compute_backend_service.default.id

    path_rule {
      paths   = ["/blue"]
      service = google_compute_backend_service.default_blue.id
    }
  }
}

resource "google_compute_backend_service" "default" {
  name      = "${local.name}-backend"

  protocol  = "HTTP"
  port_name = "http"
  timeout_sec = 30

  backend {
    group = google_compute_region_network_endpoint_group.cloudrun_neg.id
  }
}

resource "google_compute_backend_service" "default_blue" {
  name      = "${local.name}-blue-backend"

  protocol  = "HTTP"
  port_name = "http"
  timeout_sec = 30

  backend {
    group = google_compute_region_network_endpoint_group.cloudrun_neg_blue.id
  }
}


resource "google_compute_global_forwarding_rule" "default" {
  name   = "${local.name}-lb"

  ip_protocol           = "TCP"
  load_balancing_scheme = "EXTERNAL"
  port_range            = "80"
  target = google_compute_target_http_proxy.default.id
  ip_address = google_compute_global_address.default.address
}

resource "google_compute_target_http_proxy" "default" {
  name   = "${local.name}-http-proxy"
  url_map  = google_compute_url_map.default.id
}
YamatoYamato

{IP}/ -> latestに遷移
{IP}/blue -> blueタグがついたrevisionに遷移