Deploy a service instance with SaaS Runtime

Learn how to deploy a service instance using SaaS Runtime. In this quickstart example, your service instance is a VM.

Before you begin

If you don't already have one, sign up for a new account .

In the Google Cloud console, on the project selector page, select or create a Google Cloud project.

Verify that billing is enabled for your Google Cloud project .

Enable the SaaS Runtime, Artifact Registry, Infrastructure Manager, Developer Connect, Cloud Build, and Cloud Storage APIs.

Enable the APIs

Create a service account:

In the Google Cloud console, go to the Create service account page.
Go to Create service account
Select your project.
In the Service account name field, enter a name. The Google Cloud console fills in the Service account ID field based on this name.

In the Service account description field, enter a description. For example, Service account for quickstart .
Click Create and continue .
Grant the Project > Owner role to the service account.

To grant the role, find the Select a role list, then select Project > Owner .

Note : The Role field affects which resources the service account can access in your project. You can revoke these roles or grant additional roles later. In production environments, do not grant the Owner, Editor, or Viewer roles. Instead, grant a predefined role or custom role that meets your needs.
Click Continue .
Click Done to finish creating the service account.

Install the Google Cloud CLI.

Note:If you installed the gcloud CLI previously, make sure you have the latest version by running gcloud components update .

If you're using an external identity provider (IdP), you must first sign in to the gcloud CLI with your federated identity .

To initialize the gcloud CLI, run the following command:

gcloud  
init

In the Google Cloud console, on the project selector page, select or create a Google Cloud project.

Go to project selector

Verify that billing is enabled for your Google Cloud project .

Enable the SaaS Runtime, Artifact Registry, Infrastructure Manager, Developer Connect, Cloud Build, and Cloud Storage APIs.

Enable the APIs

Create a service account:

In the Google Cloud console, go to the Create service account page.
Go to Create service account
Select your project.
In the Service account name field, enter a name. The Google Cloud console fills in the Service account ID field based on this name.

In the Service account description field, enter a description. For example, Service account for quickstart .
Click Create and continue .
Grant the Project > Owner role to the service account.

To grant the role, find the Select a role list, then select Project > Owner .

Note : The Role field affects which resources the service account can access in your project. You can revoke these roles or grant additional roles later. In production environments, do not grant the Owner, Editor, or Viewer roles. Instead, grant a predefined role or custom role that meets your needs.
Click Continue .
Click Done to finish creating the service account.

Install the Google Cloud CLI.

Note:If you installed the gcloud CLI previously, make sure you have the latest version by running gcloud components update .

If you're using an external identity provider (IdP), you must first sign in to the gcloud CLI with your federated identity .

To initialize the gcloud CLI, run the following command:

gcloud  
init

Grant permissions to the SaaS runner service account

SaaS Runtime uses more than one service account. You created a service account in the previous section, and when you enable the SaaS Runtime API, SaaS Runtime creates another service account.

The service account created by SaaS Runtime is called service-PROJECT-NUMBER@gcp-sa-saasservicemgmt.iam.gserviceaccount.com , where PROJECT-NUMBER is your project number.

Grant this service account required permissions by doing the following:

Open the page SaaS Runtime> Overview> Get Started.

Go to Get started with SaaS Runtime
In banner with the message The required permissions for SaaS Runtime account haven't been granted, click Grant permissions.

Define the service instance using a Terraform configuration

You need to use a Terraform configuration to define the infrastructure to deploy for the service instance. In this quickstart, you're deploying a VM.

To create a Terraform configuration that defines a VM:

Create a directory named terraform-vm on your local machine.

Inside terraform-vm , create the following four Terraform files:

A file named versions.tf with the following contents:

 terraform {
  required_version = "1.5.7"
  required_providers {
    google = {
      source  = "hashicorp/google"
      version = "~> 4.0"
    }
  }
}

A file named outputs.tf with the following contents:

  output 
  
 "instance_name" 
  
 { 
  
 description 
  
 = 
  
 "Name of the instance" 
  
 value 
  
 = 
  
 google_compute_instance 
 . 
 vm_instance 
 . 
 name 
 } 
 output 
  
 "instance_external_ip" 
  
 { 
  
 description 
  
 = 
  
 "External IP of the instance" 
  
 value 
  
 = 
  
 google_compute_instance 
 . 
 vm_instance 
 . 
 network_interface 
 [ 
 0 
 ]. 
 access_config 
 [ 
 0 
 ]. 
 nat_ip 
 } 
 output 
  
 "instance_self_link" 
  
 { 
  
 description 
  
 = 
  
 "Self-link of the instance" 
  
 value 
  
 = 
  
 google_compute_instance 
 . 
 vm_instance 
 . 
 self_link 
 }

A file named variables.tf with the following contents:

  variable 
  
 "region" 
  
 { 
  
 description 
  
 = 
  
 "The Google Cloud region" 
  
 type 
  
 = 
  
 string 
  
 default 
  
 = 
  
 "us-central1" 
 } 
 variable 
  
 "zone" 
  
 { 
  
 description 
  
 = 
  
 "The Google Cloud zone" 
  
 type 
  
 = 
  
 string 
  
 default 
  
 = 
  
 "us-central1-a" 
 } 
 variable 
  
 "instance_name" 
  
 { 
  
 description 
  
 = 
  
 "Name for the Compute Engine instance" 
  
 type 
  
 = 
  
 string 
  
 default 
  
 = 
  
 "saas-runtime-vm-instance" 
 } 
 variable 
  
 "machine_type" 
  
 { 
  
 description 
  
 = 
  
 "Machine type for the Compute Engine instance" 
  
 type 
  
 = 
  
 string 
  
 default 
  
 = 
  
 "e2-medium" 
 } 
 variable 
  
 "disk_size" 
  
 { 
  
 description 
  
 = 
  
 "Boot disk size in GB" 
  
 type 
  
 = 
  
 number 
  
 default 
  
 = 
  
 10 
 } 
 variable 
  
 "actuation_sa" 
  
 { 
  
 description 
  
 = 
  
 "The email of the Actuation Service Account" 
  
 type 
  
 = 
  
 string 
 } 
 variable 
  
 "tenant_project_id" 
  
 { 
  
 description 
  
 = 
  
 "The project ID of the tenant project" 
  
 type 
  
 = 
  
 string 
 } 
 variable 
  
 "tenant_project_number" 
  
 { 
  
 description 
  
 = 
  
 "The project number of the tenant project" 
  
 type 
  
 = 
  
 number 
 }

A file named main.tf with the following contents:

  resource 
  
 "google_compute_instance" 
  
 "vm_instance" 
  
 { 
  
 project 
  
 = 
  
 var 
 . 
 tenant_project_id 
  
 name 
  
 = 
  
 var 
 . 
 instance_name 
  
 machine_type 
  
 = 
  
 var 
 . 
 machine_type 
  
 zone 
  
 = 
  
 var 
 . 
 zone 
  
 boot_disk 
  
 { 
  
 initialize_params 
  
 { 
  
 image 
  
 = 
  
 "debian-cloud/debian-11" 
  
 size 
  
 = 
  
 var 
 . 
 disk_size 
  
 } 
  
 } 
  
 network_interface 
  
 { 
  
 network 
  
 = 
  
 "default" 
  
 access_config 
  
 { 
  
 # Ephemeral public IP - empty block is okay here 
  
 } 
  
 } 
  
 tags 
  
 = 
  
 [ 
 "allow-ssh" 
 ] 
 }

To create a zip archive containing these four Terraform configuration files, navigate to the terraform-vm directory in your terminal and run the following command:
```
  zip 
  
 terraform 
 - 
 files 
 . 
 zip 
  
 main 
 . 
 tf 
  
 outputs 
 . 
 tf 
  
 variables 
 . 
 tf 
  
 versions 
 . 
 tf 
 
```
You now have a zipped archive named terraform-files.zip which contains all four of the Terraform configuration files.

Create a repository in Artifact Registry

To use SaaS Runtime, you need a repository in Artifact Registry. To create this repository, do the following:

In the console, go to Artifact Registry.

Go to Artifact Registry
Click Create repository.
For Name, type vm-quickstart-repo .
Keep the Formatselected as Docker.
For Region, choose us-central1 (Iowa) .
Click Create.

Create a SaaS offering

You have the Terraform configuration that defines the VM that you want to deploy and a repository. You can now use SaaS Runtime to model the units of deployment and deploy the VM.

Create a SaaS offering resource

In the console, go to SaaS Runtime> SaaS Offering.

Go to SaaS Offering
Click Create.
In the Name of the SaaSoffering field, type: vm-quickstart-saas-offering .
In the Regionfield, select the region us-central1 , then click Ok.
Click Create.

The regions that you selected for the SaaS offering are where the deployments of your SaaS offering are hosted. In the example of this quickstart, the SaaS offering is a single VM, and so these regions are where the VM is provisioned and hosted.

If you have end-users accessing these VMs, they would access these VMs that are deployed in the regions you specific here.

Model the units of deployment

To model the SaaS offering, you create components called unit kinds . A unit kind defines a component within your service to deploy and manage. For example, you might have one unit kind for a VM, and a second unit kind for the application running on that VM.

In this quickstart you create one unit kind for the VM.

To create the unit kind:

In the console, go to SaaS Runtime> Unit Kinds.

Go to Unit kinds
Select Create.
On the page Create blueprints:
1. Select Upload.
2. To upload the Terraform configuration that defines the VM, do the following:
  1. In the field File picker, select Browse.
  2. Navigate to and select terraform-files.zip , which is the zip archive file that you previously created.
  3. Select Open.
3. Click Next: Configure blueprint.
On the page Store blueprint:
1. Select the Artifact Registry:
  1. In the field Select repository from Artifact Registry, select Browse.
  2. Select vm-quickstart-repo , which is the repository you previously created.
  3. Click Select.
2. In the field Artifact image name, type vm-quickstart-blueprint .
3. For Infrastructure Manager terraform version, select 1.5.7 .
4. For the Cloud Build service account, select the service account you created in the section Before you begin .
5. Click Next: Unit kind details.
On the page Configure unit kind properties, do the following:
1. For Unit kind name, type vm-quickstart-unit-kind .
2. For SaaS Offering, select vm-quickstart-saas-offering , which is the SaaS offering resource you created previously.
3. Click Next: Release configuration
For Release name, type vm-quickstart-first-release .
Click Create.

Provision the service instance

To provision the resources that are part of a unit kind, you create units . When you create a unit, SaaS Runtime provisions the resources defined in the Terraform configuration that is connected to the unit kind. The resources are provisioned in each region that is part of the SaaS offering.

In the example of this quickstart, the VM is provisioned in the region us-central1 .

Create a unit:
1. In the console, go to SaaS Runtime> Units.
  
  Go to Units
2. Select Create.
3. On the Create a unitpage:
  1. For Unit name, type: vm-quickstart-unit .
  2. Under SaaS offering, select the SaaS offering resource that you created earlier: vm-quickstart-saas-offering .
  3. Under Region, select us-central1 .
  4. Under Unit kind, select the unit kind you created earlier: vm-quickstart-unit-kind .
  5. Select Create.
To provision the VM:
1. On the Unit detailpage, select Provision.
2. For the Releasefield, select vm-quickstart-first-release .
3. For the Service account, select the service account you created in the section Before you begin .
4. Add a Tenant project:
  1. Select Add tenant project variables.
  2. Select the Google Cloud project that you are using for this quickstart. When SaaS Runtime deploys the VM, it deploys it to this project.
5. Select Provision.

SaaS Runtime provisions a VM in the region that you specified in the SaaS offering. You can create units in any of the regions you specified in the unit. In this quickstart, you specified one region ( us-central1 ), and this region is where the VM is provisioned.

View the deployed VM

You have now used SaaS Runtime to deploy the VM.

To view the VM that you deployed in this quickstart:

In console, go to the SaaS Runtime> Units> Unit detailspage.

Go to Units
Click the name of your unit: vm-quickstart-unit .
On the Unit detailspage:
1. See that the Stateis:
  - Readyif the VM is provisioned.
  - Provisioningif the operation is still in progress.
2. Expand the Variablessection.
3. In the Output variables, you can see the external IP that you can use to reach the instance.
You can also view the VM in Compute Engine:
1. In the console, go to the Compute Engine> VM instancespage.
  
  Go to VM instances
2. See the VM listed under VM instances.

Clean Up

To avoid incurring charges to your Google Cloud account for the resources used on this page, you can delete the project that you used for this quickstart.

Delete the project

If you deployed the solution in a new Google Cloud project, and if you no longer the project, then delete it by completing the following steps:

In the Google Cloud console, go to the Manage resources page.
Go to Manage resources
In the project list, select the project that you want to delete, and then click Delete .
At the prompt, type the project ID, and then click Shut down .

Clean up

To avoid incurring charges to your Google Cloud account for the resources used on this page, follow these steps.

What's next

To understand more about SaaS Runtime, see SaaS Runtime overview .
To get started with SaaS Runtime, begin with Create a SaaS offering .
To understand how service accounts are used and how to grant granular permissions for these accounts, see SaaS Runtime service accounts .
For the steps to update the release, see Rollout a release .