Merge pull request #14 from DeNA/feature/add-gcs-for-plugin-daemon-storage-volume

Author: sotazum

terraform/environments/dev/main.tf

@@ -55,6 +55,7 @@ module "cloudrun" {
   plugin_daemon_key           = var.plugin_daemon_key
   plugin_dify_inner_api_key   = var.plugin_dify_inner_api_key
   dify_plugin_daemon_version  = var.dify_plugin_daemon_version
+  plugin_daemon_storage_name  = module.storage.plugin_daemon_storage_bucket_name
   shared_env_vars             = local.shared_env_vars
 }
 

terraform/environments/dev/provider.tf

@@ -1,20 +1,4 @@
 terraform {
-  required_version = ">=1.5.0"
-  required_providers {
-    google = {
-      source  = "hashicorp/google"
-      version = "5.10.0"
-    }
-    google-beta = {
-      source  = "hashicorp/google-beta"
-      version = "5.10.0"
-    }
-    archive = {
-      source  = "hashicorp/archive"
-      version = "2.4.0"
-    }
-  }
-
   backend "gcs" {
     bucket = "your-tfstate-bucket" # replace with your bucket name
     prefix = "dify"

terraform/modules/cloudrun/main.tf

@@ -6,6 +6,7 @@ resource "google_service_account" "dify_service_account" {
 resource "google_project_iam_member" "dify_service_account_role" {
   for_each = toset([
     "roles/run.admin",
+    "roles/storage.admin",
   ])
   project = var.project_id
   member  = "serviceAccount:${google_service_account.dify_service_account.email}"
@@ -35,7 +36,8 @@ resource "google_cloud_run_v2_service" "dify_service" {
   location = var.region
   ingress  = var.cloud_run_ingress
   template {
-    service_account = google_service_account.dify_service_account.email
+    service_account       = google_service_account.dify_service_account.email
+    execution_environment = "EXECUTION_ENVIRONMENT_GEN2"
     containers {
       name  = "nginx"
       image = "${var.region}-docker.pkg.dev/${var.project_id}/${var.nginx_repository_id}/dify-nginx:latest"
@@ -185,6 +187,11 @@ resource "google_cloud_run_v2_service" "dify_service" {
         name  = "PM2_INSTANCES"
         value = 2
       }
+      # NOTE: Changing PM2_HOME is required for pm2 to work properly on Cloud Run Gen2 environment because of permission issues
+      env {
+        name  = "PM2_HOME"
+        value = "/app/web/.pm2"
+      }
       env {
         name  = "LOOP_NODE_MAX_COUNT"
         value = 100
@@ -286,6 +293,10 @@ resource "google_cloud_run_v2_service" "dify_service" {
           port = 5003
         }
       }
+      volume_mounts {
+        name       = "plugin-daemon"
+        mount_path = "/app/storage"
+      }
     }
     vpc_access {
       network_interfaces {
@@ -298,6 +309,13 @@ resource "google_cloud_run_v2_service" "dify_service" {
       min_instance_count = 1
       max_instance_count = 5
     }
+    volumes {
+      name = "plugin-daemon"
+      gcs {
+        bucket    = var.plugin_daemon_storage_name
+        read_only = false
+      }
+    }
   }
 }
 

terraform/modules/cloudrun/variables.tf

@@ -58,6 +58,10 @@ variable "dify_plugin_daemon_version" {
   type = string
 }
 
+variable "plugin_daemon_storage_name" {
+  type = string
+}
+
 variable "shared_env_vars" {
   type = map(string)
 }

terraform/modules/storage/main.tf

@@ -8,6 +8,13 @@ resource "google_storage_bucket" "dify_storage" {
   uniform_bucket_level_access = true
 }
 
+resource "google_storage_bucket" "plugin_daemon_storage" {
+  force_destroy = false
+  location      = upper(var.region)
+  name          = "${var.project_id}_plugin-daemon-storage"
+  project       = var.project_id
+}
+
 resource "google_service_account" "storage_admin" {
   account_id   = "storage-admin-for-dify"
   display_name = "Storage Admin Service Account"

terraform/modules/storage/outputs.tf

@@ -4,4 +4,8 @@ output "storage_admin_key_base64" {
 
 output "storage_bucket_name" {
   value = google_storage_bucket.dify_storage.name
+}
+
+output "plugin_daemon_storage_bucket_name" {
+  value = google_storage_bucket.plugin_daemon_storage.name
 }