English | Español
This repository, including all associated workflows and automations, represents an opinionated set of best practices aimed at demonstrating a reference architecture for building a web application on Google Cloud using Cloud Run for Anthos.
A detailed description of the architecture of the web app can be found in architecture.md.
NOTE: the steps in this guide assume that you are working in a POSIX-based development environment.
The only requirement to run this example out of the box is a working
installation of gcloud
. Optionally, having make
installed will allow you
to make use of the convenience targets provided in the makefile
.
NOTE: Your gcloud
user account must have Owner permission in order
to complete setup of the application.
This example can be run directly from Cloud Shell!
Follow the steps to set up gcloud in your local environment,
then git clone
this repo.
For this reference application to work properly, you will need a custom domain that has been set up properly and verified.
The easiest way to do this is by running the interactive script domain-setup.sh:
./scripts/domain-setup.sh
This script:
Enable Identity Platform for your project.
Authorize your custom domain in Identity Platform.
Authorize your OAuth 2.0 Client ID to be usable by your custom domain.
https://
.Add Google as an Identity Provider in Identity Platform:
Configure the OAuth consent screen.
https://
).Setup webui/firebaseConfig.ts
.
webui/firebaseConfig.ts
:./scripts/firebase-config-setup.sh $PROJECT_ID $API_KEY
Create Firestore database:
Set up the Firestore security rules:
firestore/firestore.rules
.This project uses Cloud Build and Config Connector to automate code and infrastructure deployments. The instructions below describe how to deploy the application.
You will need to bootstrap the services and permissions required by this example. The easiest way to do so is by running bootstrap.sh:
./scripts/bootstrap.sh $PROJECT_ID
This step additionally creates a file named env.mk
based on env.mk.sample.
env.mk
Address the TODO comment at the top of env.mk
and ensure values are correct.
Run make cluster
Add the following service account as an additional verified owner:
cnrm-system@${PROJECT_ID}.iam.gserviceaccount.com
where ${PROJECT_ID}
is replaced by your Google Cloud project ID.
Run make build-all
.
Once your application is deployed, you can try it out by navigating to https://$DOMAIN
,
where $DOMAIN
is the custom domain you configured in env.mk
.
After you login at least once to the app, you can use this script to make your
account an admin
. Afterwards you'll be able to use the Users page to manage
other accounts. To use this script you will need to
Initialize the Firebase Admin SDK and setup
GOOGLE_APPLICATION_CREDENTIALS
environment variable.
cd webui
npm install
npm run init-admin <email>
Running make build-all
will rebuild and deploy the app, including any changes
made to the infrastructure. Note that removing resources from infrastructure-tpl.yaml
will not cause them to be deleted. You must either run make delete
before removing
the resource (then redeploy with make build-all
after removing it), or manually
delete the resource with kubectl delete
.
# builds and deploys backend, frontend, and KCC infrastructure
make build-all
# builds and deploys only the backend Go service
make build-backend
# builds and deploys only the frontend angular webapp
make build-webui
Running make delete
will delete the Config Connector resources from your cluster,
which will cause Config Connector to delete the associated GCP resources.
However, you must manually delete your Cloud Run for Anthos service and GKE Cluster.