-
Notifications
You must be signed in to change notification settings - Fork 24
Commit
This commit does not belong to any branch on this repository, and may belong to a fork outside of the repository.
feat!: autoscaler with scaling schedules
Add the ability to use an autoscaler to scale down to zero outside the defined schedules. Only non-stateful MIGs can be used with autoscalers, so this commit also removes the responsibility of creating the home folder disk (atlantis-disk-0) from the MIG, effectively making it a stateless MIG. Nonetheless, destroying the group will not destroy the disk. Add resources for the disk and the autoscaler, and a usage example. Update the README. BREAKING CHANGE: the 50GB stateful disk is no longer created by the mig, which makes the mig no longer stateful. Additionally, if terraform destroy is executed, the disk is destroyed. Signed-off-by: David Costa <[email protected]>
- Loading branch information
Showing
6 changed files
with
208 additions
and
24 deletions.
There are no files selected for viewing
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -0,0 +1,35 @@ | ||
# Example usage | ||
|
||
This example uses [scaling schedules](https://cloud.google.com/compute/docs/autoscaler/scaling-schedules#schedule_configuration_options) to only deploy Atlantis during business hours. | ||
|
||
The schedules follow the syntax [described in the documentation](https://registry.terraform.io/providers/hashicorp/google/latest/docs/resources/compute_autoscaler#nested_scaling_schedules), but in short: | ||
|
||
- The time zone must be a time zone from the tz database: <http://en.wikipedia.org/wiki/Tz_database> | ||
- The schedule field uses the extended cron format | ||
|
||
> [!NOTE] | ||
> It takes 2 to 3 minutes from the beginning of the scheduled time for the instance to be ready to serve requests. After the scheduled end time, it approximately takes 10 minutes for the instance to be destroyed. | ||
Read through the below before you deploy this module. | ||
|
||
- [Prerequisites](#prerequisites) | ||
- [How to deploy](#how-to-deploy) | ||
- [After it's successfully deployed](#after-its-successfully-deployed) | ||
|
||
## Prerequisites | ||
|
||
This module expects that you already own or create the below resources yourself. | ||
|
||
- Google network, subnetwork and a Cloud NAT | ||
- Service account, [specifics can be found here](../../README.md#service-account) | ||
- Domain, [specifics can be found here](../../README.md#dns-record) | ||
|
||
If you prefer an example that includes the above resources, see [`complete example`](https://github.com/runatlantis/atlantis-on-gcp-vm/tree/master/examples/complete). | ||
|
||
## How to deploy | ||
|
||
See [`main.tf`](https://github.com/runatlantis/atlantis-on-gcp-vm/tree/master/examples/basic/main.tf) and the [`server-atlantis.yaml`](https://github.com/runatlantis/atlantis-on-gcp-vm/tree/master/examples/basic/server-atlantis.yaml). | ||
|
||
## After it's successfully deployed | ||
|
||
Once you're done, see [Configuring Webhooks for Atlantis](https://www.runatlantis.io/docs/configuring-webhooks.html#configuring-webhooks) |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -0,0 +1,93 @@ | ||
locals { | ||
project_id = "<your-project-id>" | ||
network = "<your-network>" | ||
subnetwork = "<your-subnetwork>" | ||
region = "<your-region>" | ||
zone = "<your-zone>" | ||
domain = "<example.com>" | ||
managed_zone = "<your-managed-zone>" | ||
|
||
github_repo_allow_list = "github.com/example/*" | ||
github_user = "<your-github-handle>" | ||
github_token = "<your-github-user>" | ||
github_webhook_secret = "<your-github-webhook-secret>" | ||
} | ||
|
||
# Create a service account and attach the required Cloud Logging permissions to it. | ||
resource "google_service_account" "atlantis" { | ||
account_id = "atlantis" | ||
display_name = "Service Account for Atlantis" | ||
project = local.project_id | ||
} | ||
|
||
resource "google_project_iam_member" "atlantis_log_writer" { | ||
role = "roles/logging.logWriter" | ||
member = "serviceAccount:${google_service_account.atlantis.email}" | ||
project = local.project_id | ||
} | ||
|
||
resource "google_project_iam_member" "atlantis_metric_writer" { | ||
role = "roles/monitoring.metricWriter" | ||
member = "serviceAccount:${google_service_account.atlantis.email}" | ||
project = local.project_id | ||
} | ||
|
||
module "atlantis" { | ||
source = "bschaatsbergen/atlantis/gce" | ||
name = "atlantis" | ||
network = local.network | ||
subnetwork = local.subnetwork | ||
region = local.region | ||
zone = local.zone | ||
service_account = { | ||
email = google_service_account.atlantis.email | ||
scopes = ["cloud-platform"] | ||
} | ||
# Note: environment variables are shown in the Google Cloud UI | ||
# See the `examples/secure-env-vars` if you want to protect sensitive information | ||
env_vars = { | ||
ATLANTIS_GH_USER = local.github_user | ||
ATLANTIS_GH_TOKEN = local.github_token | ||
ATLANTIS_GH_WEBHOOK_SECRET = local.github_webhook_secret | ||
ATLANTIS_REPO_ALLOWLIST = local.github_repo_allow_list | ||
ATLANTIS_ATLANTIS_URL = "https://${local.domain}" | ||
ATLANTIS_REPO_CONFIG_JSON = jsonencode(yamldecode(file("${path.module}/server-atlantis.yaml"))) | ||
} | ||
|
||
autoscaling = { | ||
schedules = [ | ||
# Monday through Friday, between 7h30 and 19h30 | ||
{ | ||
name = "business-hours" | ||
description = "Deploy during business hours" | ||
schedule = "30 07 * * 1-5" | ||
time_zone = "Europe/London" | ||
duration_sec = 12 * 60 * 60 | ||
}, | ||
# Monday through Friday, all day | ||
# { | ||
# name = "mon-fri" | ||
# description = "Deploy during weekdays" | ||
# schedule = "00 00 * * 1-5" | ||
# time_zone = "Europe/London" | ||
# duration_sec = 24 * 60 * 60 | ||
# }, | ||
] | ||
} | ||
|
||
domain = local.domain | ||
project = local.project_id | ||
} | ||
|
||
# As your DNS records might be managed at another registrar's site, we create the DNS record outside of the module. | ||
# This record is mandatory in order to provision the managed SSL certificate successfully. | ||
resource "google_dns_record_set" "default" { | ||
name = "${local.domain}." | ||
type = "A" | ||
ttl = 60 | ||
managed_zone = local.managed_zone | ||
rrdatas = [ | ||
module.atlantis.ip_address | ||
] | ||
project = local.project_id | ||
} |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -0,0 +1,6 @@ | ||
repos: | ||
- id: /.*/ | ||
apply_requirements: [mergeable] | ||
allowed_overrides: [apply_requirements, workflow] | ||
allow_custom_workflows: true | ||
delete_source_branch_on_merge: true |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters