Google Cloud Run is the new Cloud Functions (#1483)

* cloud runnin

Signed-off-by: Joe Elliott <[email protected]>

* changelog

Signed-off-by: Joe Elliott <[email protected]>

* e2e cleanup

Signed-off-by: Joe Elliott <[email protected]>

* Improved serverless readme

Signed-off-by: Joe Elliott <[email protected]>

* Updated docs

Signed-off-by: Joe Elliott <[email protected]>

* fixed timestamps

Signed-off-by: Joe Elliott <[email protected]>

* Lambda and cloud run at 1.17

Signed-off-by: Joe Elliott <[email protected]>

.drone/drone.jsonnet

@@ -36,33 +36,19 @@ local docker_username_secret = secret('docker_username', 'infra/data/ci/docker_h
 local docker_password_secret = secret('docker_password', 'infra/data/ci/docker_hub', 'password');
 
 // secrets for pushing serverless code packages
-local fn_upload_ops_tools_secret = secret('ops_tools_fn_upload', 'infra/data/ci/tempo-ops-tools-function-upload', 'credentials.json');
+local image_upload_ops_tools_secret = secret('ops_tools_img_upload', 'infra/data/ci/tempo-ops-tools-function-upload', 'credentials.json');
 
 // secret needed to access us.gcr.io in deploy_to_dev()
 local docker_config_json_secret = secret('dockerconfigjson', 'secret/data/common/gcr', '.dockerconfigjson');
 
 // secret needed for dep-tools
 local gh_token_secret = secret('gh_token', 'infra/data/ci/github/grafanabot', 'pat');
 
-// gcs buckets to copy serverless functions to
-local gcp_secrets = [fn_upload_ops_tools_secret.name];
-local gcp_serverless_deployments = [
-  {
-    bucket: 'ops-tools-tempo-function-source',
-    secret: fn_upload_ops_tools_secret.name,
-  },
-  {
-    bucket: 'grafanalabs-global-tempo-function-source',
-    secret: fn_upload_ops_tools_secret.name,
-  },
-];
-
 local aws_dev_access_key_id = secret('AWS_ACCESS_KEY_ID-dev', 'infra/data/ci/tempo-dev/aws-credentials-drone', 'access_key_id');
 local aws_dev_secret_access_key = secret('AWS_SECRET_ACCESS_KEY-dev', 'infra/data/ci/tempo-dev/aws-credentials-drone', 'secret_access_key');
 local aws_prod_access_key_id = secret('AWS_ACCESS_KEY_ID-prod', 'infra/data/ci/tempo-prod/aws-credentials-drone', 'access_key_id');
 local aws_prod_secret_access_key = secret('AWS_SECRET_ACCESS_KEY-prod', 'infra/data/ci/tempo-prod/aws-credentials-drone', 'secret_access_key');
 
-
 local aws_serverless_deployments = [
   {
     env: 'dev',
@@ -239,26 +225,23 @@ local deploy_to_dev() = {
                 image: 'golang:1.17-alpine',
                 commands: [
                   'apk add make git zip bash',
+                  './tools/image-tag | cut -d, -f 1 | tr A-Z a-z > .tags', # values in .tags are used by the next step when pushing the image
                   'cd ./cmd/tempo-serverless',
-                  'make build-gcf-zip',
+                  'make build-docker-gcr-binary',
                   'make build-lambda-zip',
                 ],
               },
               {
-                name: 'deploy-tempo-serverless-gcs',
-                image: 'google/cloud-sdk',
-                environment: {
-                  [s]: {
-                    from_secret: s,
-                  }
-                  for s in gcp_secrets
+                name: 'deploy-tempo-serverless-gcr',
+                image: 'plugins/gcr',
+                settings: {
+                  repo: 'ops-tools-1203/tempo-serverless',
+                  context: './cmd/tempo-serverless/cloud-run',
+                  dockerfile: './cmd/tempo-serverless/cloud-run/Dockerfile',
+                  json_key: {
+                    from_secret: image_upload_ops_tools_secret.name,
+                  },
                 },
-                commands: [
-                  'cd ./cmd/tempo-serverless/cloud-functions',
-                ] + [
-                  'printf "%%s" "$%s" > ./creds.json && gcloud auth activate-service-account --key-file ./creds.json && gsutil cp tempo-serverless*.zip gs://%s' % [d.secret, d.bucket]
-                  for d in gcp_serverless_deployments
-                ],
               },
             ] +
             [
@@ -288,7 +271,7 @@ local deploy_to_dev() = {
   docker_password_secret,
   docker_config_json_secret,
   gh_token_secret,
-  fn_upload_ops_tools_secret,
+  image_upload_ops_tools_secret,
   aws_dev_access_key_id,
   aws_dev_secret_access_key,
   aws_prod_access_key_id,

.drone/drone.yml

@@ -237,19 +237,19 @@ steps:
   image: golang:1.17-alpine
   commands:
   - apk add make git zip bash
+  - ./tools/image-tag | cut -d, -f 1 | tr A-Z a-z > .tags
   - cd ./cmd/tempo-serverless
-  - make build-gcf-zip
+  - make build-docker-gcr-binary
   - make build-lambda-zip
 
-- name: deploy-tempo-serverless-gcs
-  image: google/cloud-sdk
-  commands:
-  - cd ./cmd/tempo-serverless/cloud-functions
-  - printf "%s" "$ops_tools_fn_upload" > ./creds.json && gcloud auth activate-service-account --key-file ./creds.json && gsutil cp tempo-serverless*.zip gs://ops-tools-tempo-function-source
-  - printf "%s" "$ops_tools_fn_upload" > ./creds.json && gcloud auth activate-service-account --key-file ./creds.json && gsutil cp tempo-serverless*.zip gs://grafanalabs-global-tempo-function-source
-  environment:
-    ops_tools_fn_upload:
-      from_secret: ops_tools_fn_upload
+- name: deploy-tempo-serverless-gcr
+  image: plugins/gcr
+  settings:
+    context: ./cmd/tempo-serverless/cloud-run
+    dockerfile: ./cmd/tempo-serverless/cloud-run/Dockerfile
+    json_key:
+      from_secret: ops_tools_img_upload
+    repo: ops-tools-1203/tempo-serverless
 
 - name: deploy-tempo-dev-serverless-lambda
   image: amazon/aws-cli
@@ -316,7 +316,7 @@ get:
 
 ---
 kind: secret
-name: ops_tools_fn_upload
+name: ops_tools_img_upload
 
 get:
   path: infra/data/ci/tempo-ops-tools-function-upload
@@ -356,6 +356,6 @@ get:
 
 ---
 kind: signature
-hmac: f6b369054ba6fc3a405267392d59434ef37a0609dad4bd37f6eecd136bb422fc
+hmac: 8228dfd60728f4d8356a1ac2c8ed9c941a08069aeeef29491ad5dcdb0722e7da
 
 ...

.github/workflows/ci.yml

@@ -69,9 +69,6 @@ jobs:
       - name: Check out code
         uses: actions/checkout@v2
 
-      - name: Add buildpack commands for serverless testing
-        uses: buildpacks/github-actions/[email protected]
-
       - name: Test
         run: make test-e2e-serverless
 

CHANGELOG.md

@@ -5,6 +5,7 @@
 * [CHANGE] metrics-generator: Changed added metric label `instance` to `__metrics_gen_instance` to reduce collisions with custom dimensions. [#1439](https://github.com/grafana/tempo/pull/1439) (@joe-elliott)
 * [CHANGE] Don't enforce `max_bytes_per_tag_values_query` when set to 0. [#1447](https://github.com/grafana/tempo/pull/1447) (@joe-elliott)
 * [CHANGE] Add new querier service in deployment jsonnet to serve `/status` endpoint. [#1474](https://github.com/grafana/tempo/pull/1474) (@annanay25)
+* [CHANGE] Swapped out Google Cloud Functions serverless docs and build for Google Cloud Run. [#1483](https://github.com/grafana/tempo/pull/1483) (@joe-elliott)
 * [CHANGE] **BREAKING CHANGE** Change spanmetrics metric names and labels to match OTel conventions. [#1478](https://github.com/grafana/tempo/pull/1478) (@mapno)
 Old metric names:
 ```

cmd/tempo-serverless/Makefile

@@ -1,35 +1,32 @@
-# todo: get docker run working?
-# PACK=docker run -u ${shell id -u} -v /var/run/docker.sock:/var/run/docker.sock -v $(PWD):/workspace -w /workspace buildpacksio/pack
 PACK=pack
 VERSION=$(shell ../../tools/image-tag | cut -d, -f 1)
 
-IN_CLOUD_FUNCTIONS=cd cloud-functions &&
+IN_CLOUD_RUN=cd cloud-run &&
 IN_LAMBDA=cd lambda &&
 
+LOWER_VERSION = `echo $(VERSION) | tr A-Z a-z`
+
 #
-# build docker images for local testing and code zip files for google cloud functions
+# build docker images for local testing and code zip files for google cloud run
 #
 .PHONY: build-docker
-build-docker: build-docker-gcf build-docker-lambda-test
-
-.PHONY: build-docker-gcf
-build-docker-gcf: 
-	$(IN_CLOUD_FUNCTIONS) go mod vendor
-	$(IN_CLOUD_FUNCTIONS) $(PACK) build tempo-serverless \
-	  								--builder gcr.io/buildpacks/builder:v1 \
-	  								--env GOOGLE_RUNTIME=go \
-	  								--env GOOGLE_FUNCTION_SIGNATURE_TYPE=http \
-	  								--env GOOGLE_FUNCTION_TARGET=Handler 	  
-	$(IN_CLOUD_FUNCTIONS) rm -rf vendor
-
-.PHONY: build-gcf-zip
-build-gcf-zip:
-	$(IN_CLOUD_FUNCTIONS) go mod vendor
-	$(IN_CLOUD_FUNCTIONS) zip tempo-serverless-$(VERSION).zip ./* -r
-	$(IN_CLOUD_FUNCTIONS) rm -rf vendor
+build-docker: build-docker-lambda-test build-docker-gcr
+
+#
+# google cloud run
+#
+.PHONY: build-docker-gcr-binary
+build-docker-gcr-binary:
+	$(IN_CLOUD_RUN) CGO_ENABLED=0 GOOS=linux GOARCH=amd64 go build -o main
+
+.PHONY: build-docker-gcr
+build-docker-gcr: build-docker-gcr-binary
+	$(IN_CLOUD_RUN) docker build -f ./Dockerfile -t tempo-serverless:$(LOWER_VERSION) .
+	$(IN_CLOUD_RUN) rm main
+	docker tag tempo-serverless:$(LOWER_VERSION) tempo-serverless:latest
 
 #
-# build docker images for local testing and code zip files for aws lambda
+# aws lambda
 #
 .PHONY: build-docker-lambda-test
 build-docker-lambda-test:
@@ -49,7 +46,8 @@ test:
 	go test -v .
 
 ### Tidy dependencies for tempo-serverless module
+ # todo: remove -compat arg when moving to 1.18
 .PHONY: update-mod
 update-mod:
-	$(IN_LAMBDA) go mod tidy -e
-	$(IN_CLOUD_FUNCTIONS) go mod tidy -e
+	$(IN_LAMBDA) go mod tidy -e -compat=1.17
+	$(IN_CLOUD_RUN) go mod tidy -e -compat=1.17

cmd/tempo-serverless/cloud-run/Dockerfile

@@ -0,0 +1,15 @@
+# 
+#  docker run -p 8080:8080 tempo-serverless
+#
+#  to exercise the function
+#    curl http://localhost:8080/?start=1000&end=1001&...
+#
+
+#
+# build the serverless container image
+#
+#  todo: FROM scratch saves ~5MB which could be meaningful in a serverless setting, but using scratch gave strange errors on query.
+FROM alpine:3.15 as certs 
+RUN apk --update add ca-certificates
+COPY ./main /main
+ENTRYPOINT ["/main"]