feat: new configs for gcp and redeploy

.github/workflows/create-cluster.yml

@@ -13,6 +13,7 @@ jobs:
       run: wget -O terraform.zip https://releases.hashicorp.com/terraform/1.9.4/terraform_1.9.4_linux_amd64.zip && unzip terraform.zip && chmod +x terraform && sudo mv terraform /usr/local/bin
     - name: Apply Terraform
       id: apply-terraform
+      # Bucket names have to be unique across gcloud, so it is best practice to add project_id suffix, since it is also unique
       run: terraform init -backend-config="bucket=tf-state-sba-terraform-${{ secrets.PROJECT_ID }}" && terraform workspace select ${GITHUB_REF##*/} ||  terraform workspace new ${GITHUB_REF##*/} && terraform apply -auto-approve -var="project_id=${{ secrets.PROJECT_ID  }}" -var="branch=${GITHUB_REF##*/}"
       env:
         GOOGLE_CREDENTIALS: ${{ secrets.GCP_CREDENTIALS }}

terraform/main.tf

@@ -0,0 +1,37 @@
+# This file is responsible for the creation of gke cluster and a service account.
+
+resource "google_service_account" "main" {
+  # Since there will be two clusters for 'prod' and 'dev' envs, we need to be able to
+  # distinguish their service accounts.
+  account_id   = "gke-${var.cluster_name}-${var.branch}-sa"
+  display_name = "GKE Cluster ${var.cluster_name}-${var.branch} Service Account"
+}
+
+# After the creation of service account, the email attribute will be exposed automatically.
+# With locals definition, it will be more readable for users to see which attributes are created.
+locals {
+  service_account_email = google_service_account.main.email
+}
+
+resource "google_container_cluster" "main" {
+  name               = "${var.cluster_name}-${var.branch}"
+  location           = var.location
+  initial_node_count = 2
+
+  node_config {
+    service_account = local.service_account_email # Retrieving the email of the service account from locals
+    disk_size_gb    = 10                          # Setting disk size to 10 GB because of the free account quota limits
+    oauth_scopes = [
+      # This scope is a Google Cloud OAuth scope that grants the client full access to all Google Cloud services.
+      # It’s a broad scope that allows the application or service account to perform any action across the entire Google Cloud Platform,
+      # including managing resources, accessing APIs, and interacting with various services.
+      "https://www.googleapis.com/auth/cloud-platform"
+
+    ]
+  }
+  # Defines how long Terraform should wait for the create and update operations to complete.
+  timeouts {
+    create = "30m" # Allows up to 30 minutes for the cluster creation process
+    update = "40m" # Allows up to 40 minutes for the cluster update process
+  }
+}

terraform/provider.tf

@@ -6,6 +6,8 @@ provider "google" {
 
 terraform {
   backend "gcs" {
+    # Terraform state files will be located in the following path:
+    # tf-state-sba-terraform-${{ secrets.PROJECT_ID }}/sba-terraform/terraform.tfstateenv:${GITHUB_REF##*/}
     prefix = "sba-terraform"
   }
 }

terraform/variables.tf

@@ -1,6 +1,9 @@
 # This variable will be initialized from cli using --vars flag
 # during the workflow process. It will be retrived from repository secrets.
-variable "project_id" {}
+variable "project_id" {
+  description = "Google Cloud Project ID"
+  type        = string
+}
 
 # For provider "google"
 variable "region" {
@@ -16,16 +19,15 @@ variable "zone" {
   default     = "me-west1-b"
 }
 
-
 # For resource google_service_account.main
 variable "cluster_name" {
   type        = string
   description = "GKE Cluster Name"
   default     = "sba-cluster"
 }
 
-# This variable will be initialized from cli using --vars flag
-# during the workflow process. It will be retrieved from current branch name.
+# This variable will be initialized from cli using --vars flag during the workflow process.
+# It will be retrieved from current branch name.
 # For resource google_service_account.main
 variable "branch" {
   description = "Git Branch Name"