Google Cloud#

Pegasus can be deployed to Google Cloud Run using containers. This feature is in beta and Celery is not yet supported.

To build for Google Cloud, choose the “google_cloud” option when installing Pegasus. Then follow the steps below to deploy your app.

Prerequisites#

Pegasus deployments on Google Cloud Run loosely follow the Django on Cloud Run guide. However, instaed of running it in the Google Cloud Shell, we’ll use the gcloud CLI on our development machine. This allows you to more easily work with your existing codebase.

1. Set up the gcloud sdk.#

Though much of the setup can be completed in the cloud shell, you will need to install and configure the gcloud sdk on your development machine. Follow the google installation guide for your OS.

After you install the gcloud SDK you will also need to authenticate your account as described here. In particular, you will need to run:

gcloud auth login
gcloud init

2. Create and connect your project.#

Follow the instructions in Step 2 of the Google guide to create a new project for your app and enable billing.

Once you’ve created your project you should be able to run:

gcloud projects list

On your development machine and see it.

Next run:

gcloud config set project <project_id>

To set the project as the default for future commands.

3. Enable the Cloud APIs#

As per step 3 of the Google guide, run the following command to enable the services needed for your application.

gcloud services enable \
  run.googleapis.com \
  sql-component.googleapis.com \
  sqladmin.googleapis.com \
  compute.googleapis.com \
  cloudbuild.googleapis.com \
  secretmanager.googleapis.com \
  artifactregistry.googleapis.com

This command takes a while to finish, but should eventually output something like:

Operation "operations/acf.cc11852d-40af-47ad-9d59-477a12847c9e" finished successfully.

We will skip step 4 of Google’s guide, since we already have a project and move on to step 5.

4. Create the backing services.#

This section follows step 5 of Google’s guide, with some minor changes.

First create a service account:

gcloud iam service-accounts create cloudrun-serviceaccount

Set up your environment variables:

Everything you will need is defined in /deploy/.env.google.example. It is recommended that you copy this file to .env.google and update the values in it as needed—including setting any passwords and keys to random, autogenerated values. Once you have made all the modifications to this file, load it into your environment by running:

source deploy/.env.google

After running the above command you should be able to run the remaining commands in the same shell and the variables will be swapped in.

gcloud artifacts repositories create containers --repository-format docker --location $REGION

Create and configure the database:

Next, create the database instance. Note that in our .env.google file we are changing the instance name from the guide’s mysinstance to something unique to your project, and storing that as an environment variable.

gcloud sql instances create $DATABASE_INSTANCE_NAME --project $PROJECT_ID --database-version POSTGRES_14 --tier db-f1-micro --region $REGION

This command takes a long time to run. Once it completes, create a database in the instance, again using a unique name instead of the guide’s mydatabase:

gcloud sql databases create $DATABASE_NAME --instance $DATABASE_INSTANCE_NAME

Next, create the database user. Make sure you have set/changed DATABASE_PASSWORD in your deploy/.env.google file, then run:

gcloud sql users create ${DATABASE_USER} --instance ${DATABASE_INSTANCE_NAME} --password ${DATABASE_PASSWORD}

And finally, grant the service account permission to access the DB:

gcloud projects add-iam-policy-binding $PROJECT_ID --member serviceAccount:${SERVICE_ACCOUNT} --role roles/cloudsql.client

Create and configure the storage bucket:

gcloud storage buckets create gs://${GS_BUCKET_NAME} --location ${REGION}
gcloud storage buckets add-iam-policy-binding gs://${GS_BUCKET_NAME} \
    --member serviceAccount:${SERVICE_ACCOUNT} \
    --role roles/storage.admin

Store configuration as a secret.

Once you have completed the above you should have everything you need in place to run your app. The final step before deploying is to save your configuration as a secret.

Update the DATABASE_URL, and GS_BUCKET_NAME values in .env.production. You can find these values with the echo command, e.g.:

echo $DATABASE_URL

Then put the value in the .env.production file.

Next, save these secrets in google cloud:

gcloud secrets create application_settings --data-file .env.production

And allow the service account to access it:

gcloud secrets add-iam-policy-binding application_settings --member serviceAccount:${SERVICE_ACCOUNT} --role roles/secretmanager.secretAccessor

Create and deploy your docker containers#

From here on out we’ll stop using the guide, since Pegasus should handle everything else for you out of the box. Also, instead of using a Procfile we’ll use our own Docker container.

First make sure you have loaded your environment:

set -o allexport && source deploy/.env.google && set +o allexport

Now you can build your container for Google Cloud by running the following command.

make gcp-build

This, and all other make commands are defined in the Makefile in your project. You can see what they are doing there.

Once you’ve built your container, enable docker pushes with:

gcloud auth configure-docker

And then you can push it with:

make gcp-push

And finally deploy it with:

make gcp-deploy

This should deploy your application to a new container. It should output the URL for your app, which is now online!

Settings and Secrets#

You can use Google Secret Manager to add additional settings and secrets by adding them to .env.production and uploading it to Secret Manager using:

gcloud secrets versions add application_settings --data-file .env.production

See settings_production.py for examples of using these secrets in your settings file.