Deploying services (developer’s guide)

This is a guide for developers that want to deploy Octue services themselves - it is not needed if Octue manages your services for you or if you are only asking questions to existing Octue services.

Attention

The octue deploy CLI command can be used to deploy services automatically, but it:

  • Is in alpha so may not work as intended

  • Requires the gcloud CLI tool with Google Cloud SDK 367.0.0 and beta 2021.12.10 to be available

  • Requires the correct permissions via the gcloud tool logged into a Google user account and/or with an appropriate service account available

For now, we recommend contacting us to help set up deployments for you.

What deployment enables

Deploying an Octue service to Google Cloud Run means it:

  • Is deployed as a docker container

  • Is ready to be asked questions by any other Octue service that has the correct permissions (you can control this)

  • Can ask questions to any other Octue service for which it has the correct permissions

  • Will automatically build and redeploy upon the conditions you provide (e.g. pushes or merges into main)

  • Will automatically start and run when Pub/Sub messages are received from the topic you created. The Pub/Sub messages can be sent from anywhere in the world, but the container will only run in the region you chose (you can create multiple Cloud Run services in different regions for the same repository if this is a problem).

  • Will automatically stop shortly after finishing the analyses asked for in the Pub/Sub message (although you can set a minimum container count so one is always running to minimise cold starts).

How to deploy

  1. Ensuring you are in the desired project, go to the Google Cloud Run page and create a new service

_images/create_service.png
  1. Give your service a unique name

_images/service_name_and_region.png
  1. Choose a low-carbon region that supports Eventarc triggers and is in a convenient geographic location for you (e.g. physically close to you for low latency or in a region compatible with your data protection requirements).

_images/low_carbon_regions.png
  1. Click “Next”. When changes are made to the source code, we want them to be deployed automatically. So, we need to connect the repository to GCP to enable this. Select “Continuously deploy new revisions from a source repository” and then “Set up with cloud build”.

_images/set_up_with_cloud_build.png
  1. Choose your source code repository provider and the repository containing the code you’d like to deploy. You’ll have to give the provider permission to access the repository. If your provider isn’t GitHub, BitBucket, or Google Cloud Source Repositories (GCSR), you’ll need to mirror the repository to GCSR before completing this step as Google Cloud Build only supports these three providers currently.

_images/choose_repository.png
  1. Click “Next”, enter a regular expression for the branches you want to automatically deploy from (main by default). As the service will run in a docker container, select “Dockerfile” and click “Save”.

_images/choose_dockerfile.png
  1. Click “Next”. If you want your service to be private, select “Allow internal traffic only” and “Require authentication”. This stops anyone without permission from using the service.

_images/set_traffic.png
  1. The service needs a trigger to start up and respond to. We’ll be using Google Pub/Sub. Click “Add eventarc trigger”, choose “Cloud Pub/Sub topic” as the trigger event, click on the menu called “Select a Cloud Pub/Sub topic”, then click “Create a topic”. Any services that want to ask your service a question will publish their question to this topic.

_images/create_trigger.png
  1. The topic ID should be in the form octue.services.my-organisation.my-service. Click “Create topic”.

  2. Under “Invocation settings”, click on the “Service account” menu and then “Create new service account”.

_images/create_service_account.png
  1. Make a new service account with a related name e.g. “my-service”, then click “Create”. Add the “octue-service-user” and “Cloud Run Invoker” roles to the service account. Contact us if the “octue-service-user” role is not available.

_images/add_roles_to_service_account.png
  1. Click “Save” and then “Create”.

_images/save_and_create.png
  1. You can now view your service in the list of Cloud Run services and view its build trigger in the list of Cloud Build triggers.