Containerized applications on serverless platforms

At Cycloid, we developed Inframap: a command line interface (CLI) used to generate graphs from Terraform HCL or TFState. Behind this CLI, there is a library: why not use it to provide a service? Like an endpoint where you send your TFState and it returns a graph? Let’s try!

One of Google Cloud Platform's most famous serverless features is Google Cloud Functions but it has some cons: you depend on the supported runtimes, their versions, and you can’t serve “complex” applications with specific system dependencies.

Let’s try Google Cloud Run, an alternative allowing you to provide serverless features through a Docker container.

In terms of requirements, you only need a Google Cloud Platform account and a Docker setup somewhere - don’t forget to configure your Google Container Registry access.

$ gcloud auth configure-docker

Now, let’s write some code: we want a simple HTTP server, handling POST requests on the root. Content of the request (TFState) will be provided to InfraMap’s lib in order to generate a graph from it.

The code here is not really interesting but you can check it out on GitHub.

Same for the Dockerfile, nothing fancy: a multistage build with a cache strategy for the dependencies but now we start realizing what's so cool about Google Cloud Run: you deploy a Docker image so you're in control of the environment.

Now, let’s build and push our Docker image to our Google Container Registry.

$ docker build -t gcr.io/your-project-id/inframap-service
$ docker push gcr.io/your-project-id/inframap-service

That’s it, we now have everything for our Google Cloud Run application to run.

$ gcloud run deploy inframap-service --image gcr.io/your-project-id/inframap-service --platform managed

Yep, it’s that easy! The application should now be available, let’s try to find the endpoint and try a request:

$ curl -X POST $(gcloud run services describe inframap-service --platform managed --format json | jq -r '.status.url ') -H "Content-Type: application/text" --data @generate/testdata/flexibleengine.json

strict digraph G {
  "flexibleengine_networking_secgroup_rule_v2.ZPPPO"->"flexibleengine_networking_secgroup_v2.uiWdG";
  "flexibleengine_networking_secgroup_v2.mDAul"->"flexibleengine_networking_secgroup_rule_v2.ZPPPO";
  "flexibleengine_compute_instance_v2.Aumwn"->"flexibleengine_blockstorage_volume_v2.hOHQu";
  "flexibleengine_compute_instance_v2.Aumwn"->"flexibleengine_networking_port_v2.nLwOe";
  "flexibleengine_compute_instance_v2.bkbLl"->"flexibleengine_blockstorage_volume_v2.hOHQu";
  "flexibleengine_compute_instance_v2.bkbLl"->"flexibleengine_networking_port_v2.nLyuK";
  "flexibleengine_networking_secgroup_v2.uiWdG"->"flexibleengine_networking_port_v2.nLwOe";
  …

Cool! It works as expected: exactly the same behavior as on the CLI but now it’s hosted and available through an endpoint on the cloud!

Keep in mind that this is a proof of concept and that TFStates can contain sensitive data so we don't recommend sending it to an unknown endpoint!

Try it yourself with InfraMap

 



Read More

StackForms: ease of use for users, total control for you

Well, our devs keep coming up with new features, meaning my fingers are really going to need a...
Jul 01 - 2 min read

Helping diverse teams work better together

People, processes, tools. You’ve heard it before, but this time, I want you to REALLY consider it....
Sep 24 - 5 min read

Creating a better on-call culture in your tech team

Tech products play a crucial role in many of today’s lives. Some definitions of “crucial" are a...
Oct 15 - 5 min read