otel-python-cloud-run/setup-gcr.sh at main · dgildeh/otel-python-cloud-run · GitHub

1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
#!/bin/bash

# Get Google Cloud project ID
if [ $# -eq 0 ]
  then
    echo "No Google Project ID provided" >&2
    exit 1
fi

project_id=$1
region="us-central1"

echo "Using Google Project ID $project_id";
gcloud config set project $project_id

# Make sure all necessary services are enabled
echo "Enabling services for $project_id"
gcloud services enable containerregistry.googleapis.com
gcloud services enable run.googleapis.com
gcloud services enable cloudtrace.googleapis.com
gcloud services enable vpcaccess.googleapis.com

# Setup Service Accounts with IAM Roles
echo "Setting up Service Accounts with IAM Roles for $project_id"
# https://cloud.google.com/iam/docs/understanding-roles

# Setup API Service Account
gcloud iam service-accounts create "oteldemo-api-service" \
    --description="OpenTelemetry Demo API Service Service Account" \
    --display-name="OTEL Demo API Service"

gcloud projects add-iam-policy-binding $project_id \
    --member="serviceAccount:oteldemo-api-service@$project_id.iam.gserviceaccount.com" \
    --role="roles/run.invoker"

gcloud projects add-iam-policy-binding $project_id \
    --member="serviceAccount:oteldemo-api-service@$project_id.iam.gserviceaccount.com" \
    --role="roles/cloudtrace.agent"

gcloud projects add-iam-policy-binding $project_id \
    --member="serviceAccount:oteldemo-api-service@$project_id.iam.gserviceaccount.com" \
    --role="roles/vpcaccess.user"

# Setup Backend Service Account
gcloud iam service-accounts create "oteldemo-backend-service" \
    --description="OpenTelemetry Demo Backend Service Service Account" \
    --display-name="OTEL Demo Backend Service"

gcloud projects add-iam-policy-binding $project_id \
    --member="serviceAccount:oteldemo-backend-service@$project_id.iam.gserviceaccount.com" \
    --role="roles/run.invoker"

gcloud projects add-iam-policy-binding $project_id \
    --member="serviceAccount:oteldemo-backend-service@$project_id.iam.gserviceaccount.com" \
    --role="roles/cloudtrace.agent"

gcloud projects add-iam-policy-binding $project_id \
    --member="serviceAccount:oteldemo-backend-service@$project_id.iam.gserviceaccount.com" \
    --role="roles/vpcaccess.user"

# Setup VPC and Serverless Connector
echo "Setting up VPC with connectors for $project_id"

gcloud compute networks create otel-demo-vpc \
    --subnet-mode=auto \
    --bgp-routing-mode=regional

gcloud compute networks vpc-access connectors create otel-demo-vpc-connector \
--network otel-demo-vpc \
--region $region \
--range 10.8.0.0/28