2021-10-31 14:40:28 -07:00
# Cloud Run Module
Cloud Run management, with support for IAM roles and optional Eventarc trigger creation.
## Examples
2021-11-01 12:34:23 -07:00
### Environment variables
This deploys a Cloud Run service and sets some environment variables.
```hcl
module "cloud_run" {
source = "./modules/cloud-run"
project_id = "my-project"
name = "hello"
containers = [{
image = "us-docker.pkg.dev/cloudrun/container/hello"
2021-11-03 15:48:01 -07:00
options = {
command = null
args = null
env = {
"VAR1": "VALUE1",
"VAR2": "VALUE2",
}
env_from = null
2021-11-01 12:34:23 -07:00
}
ports = null
resources = null
volume_mounts = null
}]
}
# tftest:modules=1:resources=1
```
### Environment variables (value read from secret)
```hcl
module "cloud_run" {
source = "./modules/cloud-run"
project_id = "my-project"
name = "hello"
containers = [{
2021-11-03 15:48:01 -07:00
image = "us-docker.pkg.dev/cloudrun/container/hello"
options = {
command = null
args = null
env = null
env_from = {
"CREDENTIALS": {
name = "credentials"
key = "1"
}
2021-11-01 12:34:23 -07:00
}
}
ports = null
resources = null
volume_mounts = null
}]
}
# tftest:modules=1:resources=1
```
### Secret mounted as volume
```hcl
module "cloud_run" {
source = "./modules/cloud-run"
project_id = var.project_id
name = "hello"
region = var.region
revision_name = "green"
containers = [{
2021-11-03 15:48:01 -07:00
image = "us-docker.pkg.dev/cloudrun/container/hello"
options = null
ports = null
resources = null
2021-11-01 12:34:23 -07:00
volume_mounts = {
"credentials": "/credentials"
}
}]
volumes = [
{
name = "credentials"
secret_name = "credentials"
items = [{
key = "1"
path = "v1.txt"
}]
}
]
}
# tftest:modules=1:resources=1
```
2021-10-31 14:40:28 -07:00
### Traffic split
This deploys a Cloud Run service with traffic split between two revisions.
```hcl
module "cloud_run" {
2021-11-01 12:05:04 -07:00
source = "./modules/cloud-run"
2021-10-31 14:40:28 -07:00
project_id = "my-project"
name = "hello"
revision_name = "green"
containers = [{
2021-11-03 15:48:01 -07:00
image = "us-docker.pkg.dev/cloudrun/container/hello"
options = null
ports = null
resources = null
2021-10-31 14:40:28 -07:00
volume_mounts = null
}]
traffic = {
"blue" = 25
"green" = 75
}
}
2021-11-01 12:05:04 -07:00
# tftest:modules=1:resources=1
2021-10-31 14:40:28 -07:00
```
### Eventarc trigger (Pub/Sub)
This deploys a Cloud Run service that will be triggered when messages are published to Pub/Sub topics.
```hcl
module "cloud_run" {
2021-11-01 12:05:04 -07:00
source = "./modules/cloud-run"
2021-10-31 14:40:28 -07:00
project_id = "my-project"
name = "hello"
containers = [{
2021-11-03 15:48:01 -07:00
image = "us-docker.pkg.dev/cloudrun/container/hello"
options = null
ports = null
resources = null
2021-10-31 14:40:28 -07:00
volume_mounts = null
}]
2021-11-01 12:05:04 -07:00
pubsub_triggers = [
2021-10-31 14:40:28 -07:00
"topic1",
"topic2"
]
}
2021-11-01 12:05:04 -07:00
# tftest:modules=1:resources=3
2021-10-31 14:40:28 -07:00
```
### Eventarc trigger (Audit logs)
This deploys a Cloud Run service that will be triggered when specific log events are written to Google Cloud audit logs.
2021-11-01 12:05:04 -07:00
```hcl
2021-10-31 14:40:28 -07:00
module "cloud_run" {
2021-11-01 12:05:04 -07:00
source = "./modules/cloud-run"
2021-10-31 14:40:28 -07:00
project_id = "my-project"
name = "hello"
containers = [{
2021-11-03 15:48:01 -07:00
image = "us-docker.pkg.dev/cloudrun/container/hello"
options = null
ports = null
resources = null
2021-10-31 14:40:28 -07:00
volume_mounts = null
}]
audit_log_triggers = [
{
2021-11-03 15:48:01 -07:00
service_name = "cloudresourcemanager.googleapis.com"
method_name = "SetIamPolicy"
2021-10-31 14:40:28 -07:00
}
]
}
2021-11-01 12:05:04 -07:00
# tftest:modules=1:resources=2
```
2021-10-31 14:40:28 -07:00
### Service account management
To use a custom service account managed by the module, set `service_account_create` to `true` and leave `service_account` set to `null` value (default).
```hcl
module "cloud_run" {
2021-11-01 12:05:04 -07:00
source = "./modules/cloud-run"
2021-10-31 14:40:28 -07:00
project_id = "my-project"
name = "hello"
containers = [{
2021-11-03 15:48:01 -07:00
image = "us-docker.pkg.dev/cloudrun/container/hello"
options = null
ports = null
resources = null
2021-10-31 14:40:28 -07:00
volume_mounts = null
}]
service_account_create = true
}
2021-11-01 12:05:04 -07:00
# tftest:modules=1:resources=2
2021-10-31 14:40:28 -07:00
```
To use an externally managed service account, pass its email in `service_account` and leave `service_account_create` to `false` (the default).
```hcl
module "cloud_run" {
2021-11-01 12:05:04 -07:00
source = "./modules/cloud-run"
2021-10-31 14:40:28 -07:00
project_id = "my-project"
name = "hello"
containers = [{
2021-11-03 15:48:01 -07:00
image = "us-docker.pkg.dev/cloudrun/container/hello"
options = null
ports = null
resources = null
2021-10-31 14:40:28 -07:00
volume_mounts = null
}]
2021-11-01 12:05:04 -07:00
service_account = "cloud-run@my-project.iam.gserviceaccount.com"
2021-10-31 14:40:28 -07:00
}
2021-11-01 12:05:04 -07:00
# tftest:modules=1:resources=1
2021-10-31 14:40:28 -07:00
```
<!-- BEGIN TFDOC -->
## Variables
| name | description | type | required | default |
|---|---|:---: |:---:|:---:|
2021-11-03 15:48:01 -07:00
| containers | Containers | < code title = "list(object({ image = string options = object({ command = list(string) args = list(string) env = map(string) env_from = map(object({ key = string name = string })) }) resources = object({ limits = object({ cpu = string memory = string }) requests = object({ cpu = string memory = string }) }) ports = list(object({ name = string protocol = string container_port = string })) volume_mounts = map(string) }))" > list(object({...}))< / code > | ✓ | |
2021-10-31 14:40:28 -07:00
| name | Name used for cloud run service | < code title = "" > string< / code > | ✓ | |
| project_id | Project id used for all resources. | < code title = "" > string< / code > | ✓ | |
| *audit_log_triggers* | Event arc triggers (Audit log) | < code title = "list(object({ service_name = string method_name = string }))" > list(object({...}))</ code > | | < code title = "" > null</ code > |
2021-11-01 11:12:39 -07:00
| *iam* | IAM bindings for Cloud Run service in {ROLE => [MEMBERS]} format. | < code title = "map(list(string))" > map(list(string))</ code > | | < code title = "" > {}</ code > |
2021-10-31 14:40:28 -07:00
| *ingress_settings* | Ingress settings | < code title = "" > string</ code > | | < code title = "" > null</ code > |
| *labels* | Resource labels | < code title = "map(string)" > map(string)</ code > | | < code title = "" > {}</ code > |
| *prefix* | Optional prefix used for resource names. | < code title = "" > string</ code > | | < code title = "" > null</ code > |
| *pubsub_triggers* | Eventarc triggers (Pub/Sub) | < code title = "list(string)" > list(string)</ code > | | < code title = "" > null</ code > |
| *region* | Region used for all resources. | < code title = "" > string</ code > | | < code title = "" > europe-west1</ code > |
| *revision_name* | Revision name | < code title = "" > string</ code > | | < code title = "" > null</ code > |
| *service_account* | Service account email. Unused if service account is auto-created. | < code title = "" > string</ code > | | < code title = "" > null</ code > |
| *service_account_create* | Auto-create service account. | < code title = "" > bool</ code > | | < code title = "" > false</ code > |
| *traffic* | Traffic | < code title = "map(number)" > map(number)</ code > | | < code title = "" > null</ code > |
| *volumes* | Volumes | < code title = "list(object({ name = string secret_name = string items = list(object({ key = string path = string })) }))" > list(object({...}))</ code > | | < code title = "" > null</ code > |
2021-11-03 16:23:44 -07:00
| *vpc_connector* | VPC connector configuration. Set create to 'true' if a new connecto needs to be created | < code title = "object({ create = bool name = string egress_settings = string })" > object({...})</ code > | | < code title = "" > null</ code > |
2021-11-03 15:48:01 -07:00
| *vpc_connector_config* | VPC connector network configuration. Must be provided if new VPC connector is being created | < code title = "object({ ip_cidr_range = string network = string })" > object({...})</ code > | | < code title = "" > null</ code > |
2021-10-31 14:40:28 -07:00
## Outputs
| name | description | sensitive |
|---|---|:---:|
| service | Cloud Run service | |
| service_account | Service account resource. | |
| service_account_email | Service account email. | |
| service_account_iam_email | Service account email. | |
| service_name | Cloud Run service name | |
| vpc_connector | VPC connector resource if created. | |
<!-- END TFDOC -->
