Docs
Start typing to search…

Google Cloud Platform

Self-hosting on Google Cloud Platform

To self-host Membrane on Google Cloud Platform, you need to set up an S3-compatible storage.

Everything else is the same as in the main guide.

Setting up S3-compatible storage

This guide follows the methodologies and best practices declared here by Google: https://cloud.google.com/storage/docs/authentication/hmackeys

This guide uses terraform to manage the infrastructure.

Create a service account for usage of Integration APP And Cloud Buckets:

module "storage-service-account" {
  source = "../../your_sa_module"
  region = "us-central1"

  service_type = "app"
  service_slug = "integration-app"
  description = "Integration APP Service Account for Cloud Buckets"

  project_roles = [
    "roles/storage.objectUser"
  ]
}
  1. Create HMAC Secret Key and Secret
resource "google_storage_hmac_key" "key" {
  service_account_email = module.storage-service-account.service_account_email
}
  1. Create your buckets
module "tmp-persistence-bucket" {
  source = "../../.........."

  bucket_name = "integration-app-tmp"

  lifecycle_rules = [
    {
      condition = {
        age = 14 # day
      }
      action = {
        type = "Delete"
      }
    }
  ]

  member_access = [
    {
      # this account is producer and manager of the data
      role = "roles/storage.objectAdmin"
      member = "serviceAccount:${module.storage-service-account.service_account_email}"
    },
    {
      # this account is producer and manager of the data
      role = "roles/storage.legacyBucketOwner"
      member = "serviceAccount:${module.storage-service-account.service_account_email}"
    }
  ]
}
  1. Pass the secrets to your deployment
google_storage_hmac_key.key.secret

Updated about 1 month ago