167 lines
6.6 KiB
Markdown
167 lines
6.6 KiB
Markdown
|
# Cloud Run Module
|
||
|
|
||
|
Cloud Run management, with support for IAM roles and optional Eventarc trigger creation.
|
||
|
|
||
|
## Examples
|
||
|
|
||
|
### Traffic split
|
||
|
|
||
|
This deploys a Cloud Run service with traffic split between two revisions.
|
||
|
|
||
|
```hcl
|
||
|
module "cloud_run" {
|
||
|
source = "../../modules/cloud-run"
|
||
|
project_id = "my-project"
|
||
|
name = "hello"
|
||
|
revision_name = "green"
|
||
|
containers = [{
|
||
|
image = "us-docker.pkg.dev/cloudrun/container/hello"
|
||
|
command = null
|
||
|
args = null
|
||
|
env = null
|
||
|
env_from = null
|
||
|
ports = null
|
||
|
resources = null
|
||
|
volume_mounts = null
|
||
|
}]
|
||
|
traffic = {
|
||
|
"blue" = 25
|
||
|
"green" = 75
|
||
|
}
|
||
|
}
|
||
|
# tftest:skip
|
||
|
```
|
||
|
|
||
|
### Eventarc trigger (Pub/Sub)
|
||
|
|
||
|
This deploys a Cloud Run service that will be triggered when messages are published to Pub/Sub topics.
|
||
|
|
||
|
```hcl
|
||
|
module "cloud_run" {
|
||
|
source = "../../modules/cloud-run"
|
||
|
project_id = "my-project"
|
||
|
name = "hello"
|
||
|
containers = [{
|
||
|
image = "us-docker.pkg.dev/cloudrun/container/hello"
|
||
|
command = null
|
||
|
args = null
|
||
|
env = null
|
||
|
env_from = null
|
||
|
ports = null
|
||
|
resources = null
|
||
|
volume_mounts = null
|
||
|
}]
|
||
|
pub_sub_triggers = [
|
||
|
"topic1",
|
||
|
"topic2"
|
||
|
]
|
||
|
}
|
||
|
# tftest:skip
|
||
|
```
|
||
|
|
||
|
### Eventarc trigger (Audit logs)
|
||
|
|
||
|
This deploys a Cloud Run service that will be triggered when specific log events are written to Google Cloud audit logs.
|
||
|
|
||
|
module "cloud_run" {
|
||
|
source = "../../modules/cloud-run"
|
||
|
project_id = "my-project"
|
||
|
name = "hello"
|
||
|
containers = [{
|
||
|
image = "us-docker.pkg.dev/cloudrun/container/hello"
|
||
|
command = null
|
||
|
args = null
|
||
|
env = null
|
||
|
env_from = null
|
||
|
ports = null
|
||
|
resources = null
|
||
|
volume_mounts = null
|
||
|
}]
|
||
|
audit_log_triggers = [
|
||
|
{
|
||
|
service_name = "cloudresourcemanager.googleapis.com"
|
||
|
method_name = "SetIamPolicy"
|
||
|
}
|
||
|
]
|
||
|
}
|
||
|
|
||
|
### Service account management
|
||
|
|
||
|
To use a custom service account managed by the module, set `service_account_create` to `true` and leave `service_account` set to `null` value (default).
|
||
|
|
||
|
```hcl
|
||
|
module "cloud_run" {
|
||
|
source = "../../modules/cloud-run"
|
||
|
project_id = "my-project"
|
||
|
name = "hello"
|
||
|
containers = [{
|
||
|
image = "us-docker.pkg.dev/cloudrun/container/hello"
|
||
|
command = null
|
||
|
args = null
|
||
|
env = null
|
||
|
env_from = null
|
||
|
ports = null
|
||
|
resources = null
|
||
|
volume_mounts = null
|
||
|
}]
|
||
|
service_account_create = true
|
||
|
}
|
||
|
# tftest:skip
|
||
|
```
|
||
|
|
||
|
To use an externally managed service account, pass its email in `service_account` and leave `service_account_create` to `false` (the default).
|
||
|
|
||
|
```hcl
|
||
|
module "cloud_run" {
|
||
|
source = "../../modules/cloud-run"
|
||
|
project_id = "my-project"
|
||
|
name = "hello"
|
||
|
containers = [{
|
||
|
image = "us-docker.pkg.dev/cloudrun/container/hello"
|
||
|
command = null
|
||
|
args = null
|
||
|
env = null
|
||
|
env_from = null
|
||
|
ports = null
|
||
|
resources = null
|
||
|
volume_mounts = null
|
||
|
}]
|
||
|
service_account = local.service_account_email
|
||
|
}
|
||
|
# tftest:skip
|
||
|
```
|
||
|
|
||
|
<!-- BEGIN TFDOC -->
|
||
|
## Variables
|
||
|
|
||
|
| name | description | type | required | default |
|
||
|
|---|---|:---: |:---:|:---:|
|
||
|
| containers | Containers | <code title="list(object({ image = string command = list(string) args = list(string) env = map(string) env_from = map(object({ key = string name = string })) resources = object({ limits = object({ cpu = string memory = string }) requests = object({ cpu = string memory = string }) }) ports = list(object({ name = string protocol = string container_port = string })) volume_mounts = list(object({ name = string mount_path = string })) }))">list(object({...}))</code> | ✓ | |
|
||
|
| name | Name used for cloud run service | <code title="">string</code> | ✓ | |
|
||
|
| project_id | Project id used for all resources. | <code title="">string</code> | ✓ | |
|
||
|
| *audit_log_triggers* | Event arc triggers (Audit log) | <code title="list(object({ service_name = string method_name = string }))">list(object({...}))</code> | | <code title="">null</code> |
|
||
|
| *iam* | IAM bindings for topic in {ROLE => [MEMBERS]} format. | <code title="map(list(string))">map(list(string))</code> | | <code title="">{}</code> |
|
||
|
| *ingress_settings* | Ingress settings | <code title="">string</code> | | <code title="">null</code> |
|
||
|
| *labels* | Resource labels | <code title="map(string)">map(string)</code> | | <code title="">{}</code> |
|
||
|
| *prefix* | Optional prefix used for resource names. | <code title="">string</code> | | <code title="">null</code> |
|
||
|
| *pubsub_triggers* | Eventarc triggers (Pub/Sub) | <code title="list(string)">list(string)</code> | | <code title="">null</code> |
|
||
|
| *region* | Region used for all resources. | <code title="">string</code> | | <code title="">europe-west1</code> |
|
||
|
| *revision_name* | Revision name | <code title="">string</code> | | <code title="">null</code> |
|
||
|
| *service_account* | Service account email. Unused if service account is auto-created. | <code title="">string</code> | | <code title="">null</code> |
|
||
|
| *service_account_create* | Auto-create service account. | <code title="">bool</code> | | <code title="">false</code> |
|
||
|
| *traffic* | Traffic | <code title="map(number)">map(number)</code> | | <code title="">null</code> |
|
||
|
| *volumes* | Volumes | <code title="list(object({ name = string secret_name = string items = list(object({ key = string path = string })) }))">list(object({...}))</code> | | <code title="">null</code> |
|
||
|
| *vpc_connector_config* | VPC connector configuration. Set `create_config` attributes to trigger creation. | <code title="object({ egress_settings = string name = string ip_cidr_range = string network = string })">object({...})</code> | | <code title="">null</code> |
|
||
|
|
||
|
## Outputs
|
||
|
|
||
|
| name | description | sensitive |
|
||
|
|---|---|:---:|
|
||
|
| service | Cloud Run service | |
|
||
|
| service_account | Service account resource. | |
|
||
|
| service_account_email | Service account email. | |
|
||
|
| service_account_iam_email | Service account email. | |
|
||
|
| service_name | Cloud Run service name | |
|
||
|
| vpc_connector | VPC connector resource if created. | |
|
||
|
<!-- END TFDOC -->
|