This project demonstrates how to set up a secure microservices architecture using Google Cloud Run, with a public frontend and a private backend, all managed by Terraform.
- Google Cloud Platform account
- gcloud CLI
- Terraform
- Docker
- Clone the repository:
git clone git@github.com:finnng/demo-cloud-run-vpc.git
cd demo-cloud-run-vpc
- Set up your GCP project:
export PROJECT_ID=your-project-id
gcloud config set project $PROJECT_ID
- Enable necessary APIs:
gcloud services enable run.googleapis.com artifactregistry.googleapis.com compute.googleapis.com
- Create an Artifact Registry repository:
gcloud artifacts repositories create cloud-run-demo --repository-format=docker --location=us-central1
- Build and push Docker images:
Backend
cd backend
docker build -t us-central1-docker.pkg.dev/$PROJECT_ID/cloud-run-demo/backend:v1 .
docker push us-central1-docker.pkg.dev/$PROJECT_ID/cloud-run-demo/backend:v1
cd ..
Frontend
cd frontend
docker build -t us-central1-docker.pkg.dev/$PROJECT_ID/cloud-run-demo/frontend:v1 .
docker push us-central1-docker.pkg.dev/$PROJECT_ID/cloud-run-demo/frontend:v1
cd ..
- Configure Terraform:
- Update
terraform.tfvars
with your project details.
- Deploy with Terraform:
terraform init
terraform apply
- Test the deployment:
- Access the frontend URL output by Terraform.
- Verify that the backend is not publicly accessible.
- Clean up:
terraform destroy
backend/
: Backend service code and Dockerfilefrontend/
: Frontend service code and Dockerfilemain.tf
: Main Terraform configurationvariables.tf
: Terraform variablesoutputs.tf
: Terraform outputsterraform.tfvars
: Terraform variable values
- The backend is configured to be private and accessible only through the VPC.
- The frontend can communicate with the backend securely.
- Ensure to destroy resources after testing to avoid unnecessary charges.
Contributions are welcome! Please feel free to submit a Pull Request.
This project is licensed under the MIT License - see the LICENSE file for details.