Deploy a service instance with SaaS Runtime

Grant permissions to the SaaS runner service account

SaaS Runtime uses more than one service account. You created a service account in the previous section, and when you enable the SaaS Runtime API, SaaS Runtime creates another service account.

The service account created by SaaS Runtime is called service-PROJECT-NUMBER@gcp-sa-saasservicemgmt.iam.gserviceaccount.com, where PROJECT-NUMBER is your project number.

Grant this service account required permissions by doing the following:

1. Open the page SaaS Runtime > Overview > Get Started.

   Go to Get started with SaaS Runtime

2. In banner with the message The required permissions for SaaS Runtime account haven't been granted, click Grant permissions.

Define the service instance using a Terraform configuration

You need to use a Terraform configuration to define the infrastructure to deploy for the service instance. In this quickstart, you're deploying a VM.

To create a Terraform configuration that defines a VM:

1. Create a directory named terraform-vm on your local machine.

2. Inside terraform-vm, create the following four Terraform files:

   1. A file named versions.tf with the following contents:

      terraform {
        required_version = "1.5.7"
        required_providers {
          google = {
            source  = "hashicorp/google"
            version = "~> 4.0"
          }
        }
      }
      

   2. A file named outputs.tf with the following contents:

      output "instance_name" {
        description = "Name of the instance"
        value       = google_compute_instance.vm_instance.name
      }
      
      output "instance_external_ip" {
        description = "External IP of the instance"
        value       = google_compute_instance.vm_instance.network_interface[0].access_config[0].nat_ip
      }
      
      output "instance_self_link" {
        description = "Self-link of the instance"
        value       = google_compute_instance.vm_instance.self_link
      }
      

   3. A file named variables.tf with the following contents:

      variable "region" {
        description = "The Google Cloud region"
        type        = string
        default     = "us-central1"
      }
      
      variable "zone" {
        description = "The Google Cloud zone"
        type        = string
        default     = "us-central1-a"
      }
      
      variable "instance_name" {
        description = "Name for the Compute Engine instance"
        type        = string
        default = "saas-runtime-vm-instance"
      }
      
      variable "machine_type" {
        description = "Machine type for the Compute Engine instance"
        type        = string
        default = "e2-medium"
      }
      
      variable "disk_size" {
        description = "Boot disk size in GB"
        type        = number
        default = 10
      }
      
      variable "actuation_sa" {
        description = "The email of the Actuation Service Account"
        type        = string
      }
      
      variable "tenant_project_id" {
        description = "The project ID of the tenant project"
        type        = string
      }
      
      variable "tenant_project_number" {
        description = "The project number of the tenant project"
        type        = number
      }
      

   4. A file named main.tf with the following contents:

      resource "google_compute_instance" "vm_instance" {
        project      = var.tenant_project_id
        name         = var.instance_name
        machine_type = var.machine_type
        zone         = var.zone
      
        boot_disk {
          initialize_params {
            image = "debian-cloud/debian-11"
            size  = var.disk_size
          }
        }
      
        network_interface {
          network = "default"
          access_config {
            # Ephemeral public IP - empty block is okay here
          }
        }
      
        tags = ["allow-ssh"]
      }
      

3. To create a zip archive containing these four Terraform configuration files, navigate to the terraform-vm directory in your terminal and run the following command:

   zip terraform-files.zip main.tf outputs.tf variables.tf versions.tf
   

   You now have a zipped archive named terraform-files.zip which contains all four of the Terraform configuration files.

Create a repository in Artifact Registry

To use SaaS Runtime, you need a repository in Artifact Registry. To create this repository, do the following:

1. In the console, go to Artifact Registry.

   Go to Artifact Registry

2. Click Create repository.

3. For Name, type vm-quickstart-repo.

4. Keep the Format selected as Docker.

5. For Region, choose us-central1 (Iowa).

6. Click Create.

Create a SaaS offering

You have the Terraform configuration that defines the VM that you want to deploy and a repository. You can now use SaaS Runtime to model the units of deployment and deploy the VM.

Create a SaaS offering resource

1. In the console, go to SaaS Runtime > SaaS Offering.

   Go to SaaS Offering

2. Click Create.

3. In the Name of the SaaS offering field, type: vm-quickstart-saas-offering.

4. In the Region field, select the region us-central1, then click Ok.

5. Click Create.

The regions that you selected for the SaaS offering are where the deployments of your SaaS offering are hosted. In the example of this quickstart, the SaaS offering is a single VM, and so these regions are where the VM is provisioned and hosted.

If you have end-users accessing these VMs, they would access these VMs that are deployed in the regions you specific here.

Model the units of deployment

To model the SaaS offering, you create components called unit kinds. A unit kind defines a component within your service to deploy and manage. For example, you might have one unit kind for a VM, and a second unit kind for the application running on that VM.

In this quickstart you create one unit kind for the VM.

To create the unit kind:

1. In the console, go to SaaS Runtime > Unit Kinds.

   Go to Unit kinds

2. Select Create.

3. On the page Create blueprints:

   1. Select Upload.
   2. To upload the Terraform configuration that defines the VM, do the following:
      1. In the field File picker, select Browse.
      2. Navigate to and select terraform-files.zip, which is the zip archive file that you previously created.
      3. Select Open.
   3. Click Next: Configure blueprint.

4. On the page Store blueprint:

   1. Select the Artifact Registry:
      1. In the field Select repository from Artifact Registry, select Browse.
      2. Select vm-quickstart-repo, which is the repository you previously created.
      3. Click Select.
   2. In the field Artifact image name, type vm-quickstart-blueprint.
   3. For Infrastructure Manager terraform version, select 1.5.7.
   4. For the Cloud Build service account, select the service account you created in the section Before you begin.
   5. Click Next: Unit kind details.

5. On the page Configure unit kind properties, do the following:

   1. For Unit kind name, type vm-quickstart-unit-kind.
   2. For SaaS Offering, select vm-quickstart-saas-offering, which is the SaaS offering resource you created previously.
   3. Click Next: Release configuration

6. For Release name, type vm-quickstart-first-release.

7. Click Create.

Provision the service instance

To provision the resources that are part of a unit kind, you create units. When you create a unit, SaaS Runtime provisions the resources defined in the Terraform configuration that is connected to the unit kind. The resources are provisioned in each region that is part of the SaaS offering.

In the example of this quickstart, the VM is provisioned in the region us-central1.

1. Create a unit:

   1. In the console, go to SaaS Runtime > Units.

      Go to Units

   2. Select Create.

   3. On the Create a unit page:

      1. For Unit name, type: vm-quickstart-unit.
      2. Under SaaS offering, select the SaaS offering resource that you created earlier: vm-quickstart-saas-offering.
      3. Under Region, select us-central1.
      4. Under Unit kind, select the unit kind you created earlier: vm-quickstart-unit-kind.
      5. Select Create.

2. To provision the VM:

   1. On the Unit detail page, select Provision.
   2. For the Release field, select vm-quickstart-first-release.
   3. For the Service account, select the service account you created in the section Before you begin.

   4. Add a Tenant project:

      1. Select Add tenant project variables.
      2. Select the Google Cloud project that you are using for this quickstart. When SaaS Runtime deploys the VM, it deploys it to this project.

   5. Select Provision.

SaaS Runtime provisions a VM in the region that you specified in the SaaS offering. You can create units in any of the regions you specified in the unit. In this quickstart, you specified one region (us-central1), and this region is where the VM is provisioned.

View the deployed VM

You have now used SaaS Runtime to deploy the VM.

To view the VM that you deployed in this quickstart:

1. In console, go to the SaaS Runtime > Units > Unit details page.

   Go to Units

2. Click the name of your unit: vm-quickstart-unit.

3. On the Unit details page:

   1. See that the State is:

      • Ready if the VM is provisioned.
      • Provisioning if the operation is still in progress.

   2. Expand the Variables section.

   3. In the Output variables, you can see the external IP that you can use to reach the instance.

4. You can also view the VM in Compute Engine:

   1. In the console, go to the Compute Engine > VM instances page.

      Go to VM instances

   2. See the VM listed under VM instances.

Clean Up

To avoid incurring charges to your Google Cloud account for the resources used on this page, you can delete the project that you used for this quickstart.

Delete the project

If you deployed the solution in a new Google Cloud project, and if you no longer the project, then delete it by completing the following steps:

1. In the Google Cloud console, go to the Manage resources page.

   Go to Manage resources

2. In the project list, select the project that you want to delete, and then click Delete.
3. At the prompt, type the project ID, and then click Shut down.