| .. | ||
| artifact_registry.tf | ||
| cloud_run.tf | ||
| loadbalancer.tf | ||
| main.tf | ||
| mysql.tf | ||
| readme.md | ||
| redis.tf | ||
| services.tf | ||
| variables.tf | ||
| vpc.tf | ||
Fleet on GCP
Required Variables:
project_id = "<your project id>"
prefix = "fleet"
dns_name = "<the domain you want to host fleet at>" // eg. myfleet.fleetdm.com.
Overview
Fleet server
The fleet webserver is running as Google Cloud Run containers, this is very similar to how the existing terraform for AWS runs fleet as Fargate compute. NOTE: Cloud Run has limitations on what container images it will run. In our deployment we create and Artifact Registry and deploy the public fleet container image into Artifact Registry.
MySQL
We are running MySQL using Google Cloud SQL only reachable via CloudSQLProxy and from Cloud Run using Serverless VPC Access Connector.
Redis
We are running Redis using Google Cloud Memorystore (Redis engine). This can run in cluster mode, but by default we are running in standalone mode.
Pushing the Fleet image into Google Artifact registry
More details can be found here.
Login with gcloud helper:
gcloud auth configure-docker \
us-central1-docker.pkg.dev
Pull latest image:
docker pull <latest fleet version> for example docker pull fleetdm/fleet:v4.10.0
Tag it:
docker tag fleetdm/fleet:v10.0.0 us-central1-docker.pkg.dev/<project_id>/fleet-repository/fleet:v10.0.0
Push to Google Artifact registry:
docker push us-central1-docker.pkg.dev/<project_id>/fleet-repository/fleet:v4.9.1
GCP Managed Certificates
In this example we are using GCP Managed Certificates to handle TLS and TLS termination at the LoadBalancer. In order for the certificate to be properly issued, you'll need to update your domain registrar with the nameserver values generated by the new Zone created in GCP DNS.