At Cycloid, we developed Inframap: a command line interface (CLI) used to generate graphs from Terraform HCL or TFState. Behind this CLI, there is a library: why not use it to provide a service? Like an endpoint where you send your TFState and it returns a graph? Let’s try!
One of Google Cloud Platform's most famous serverless features is Google Cloud Functions but it has some cons: you depend on the supported runtimes, their versions, and you can’t serve “complex” applications with specific system dependencies.
Let’s try Google Cloud Run, an alternative allowing you to provide serverless features through a Docker container.
In terms of requirements, you only need a Google Cloud Platform account and a Docker setup somewhere - don’t forget to configure your Google Container Registry access.
$ gcloud auth configure-dockerNow, let’s write some code: we want a simple HTTP server, handling POST requests on the root. Content of the request (TFState) will be provided to InfraMap’s lib in order to generate a graph from it.
The code here is not really interesting but you can check it out on GitHub.
Same for the Dockerfile, nothing fancy: a multistage build with a cache strategy for the dependencies but now we start realizing what's so cool about Google Cloud Run: you deploy a Docker image so you're in control of the environment.
Now, let’s build and push our Docker image to our Google Container Registry.
$ docker build -t gcr.io/your-project-id/inframap-service
$ docker push gcr.io/your-project-id/inframap-serviceThat’s it, we now have everything for our Google Cloud Run application to run.
$ gcloud run deploy inframap-service --image gcr.io/your-project-id/inframap-service --platform managedYep, it’s that easy! The application should now be available, let’s try to find the endpoint and try a request:
$ curl -X POST $(gcloud run services describe inframap-service --platform managed --format json | jq -r '.status.url ') -H "Content-Type: application/text" --data @generate/testdata/flexibleengine.json
strict digraph G {
"flexibleengine_networking_secgroup_rule_v2.ZPPPO"->"flexibleengine_networking_secgroup_v2.uiWdG";
"flexibleengine_networking_secgroup_v2.mDAul"->"flexibleengine_networking_secgroup_rule_v2.ZPPPO";
"flexibleengine_compute_instance_v2.Aumwn"->"flexibleengine_blockstorage_volume_v2.hOHQu";
"flexibleengine_compute_instance_v2.Aumwn"->"flexibleengine_networking_port_v2.nLwOe";
"flexibleengine_compute_instance_v2.bkbLl"->"flexibleengine_blockstorage_volume_v2.hOHQu";
"flexibleengine_compute_instance_v2.bkbLl"->"flexibleengine_networking_port_v2.nLyuK";
"flexibleengine_networking_secgroup_v2.uiWdG"->"flexibleengine_networking_port_v2.nLwOe";
…Cool! It works as expected: exactly the same behavior as on the CLI but now it’s hosted and available through an endpoint on the cloud!
Keep in mind that this is a proof of concept and that TFStates can contain sensitive data so we don't recommend sending it to an unknown endpoint!
Read More
KubeConEU 2022 - Day 3
This is the last article on KubeCon + CloudNativeCon Europe 2022! After mentioning confidential...Why are MSPs embracing internal developer platforms?
“Adapt or become irrelevant!” is the motto of digital and IT transformation. Just as IT...5 posts for 5 years of doing DevOps differently
In April 2020, Cycloid turned 5. In the midst of corona-madness, we celebrated the fact that in the...