2021-10-31 14:40:28 -07:00
# Cloud Run Module
Cloud Run management, with support for IAM roles and optional Eventarc trigger creation.
## Examples
2021-11-01 12:34:23 -07:00
### Environment variables
This deploys a Cloud Run service and sets some environment variables.
```hcl
module "cloud_run" {
2022-09-06 08:46:09 -07:00
source = "./fabric/modules/cloud-run"
2021-11-01 12:34:23 -07:00
project_id = "my-project"
name = "hello"
containers = [{
2022-12-16 03:53:56 -08:00
image = "us-docker.pkg.dev/cloudrun/container/hello"
2021-11-03 15:48:01 -07:00
options = {
command = null
args = null
2022-12-16 03:53:56 -08:00
env = {
"VAR1" : "VALUE1",
"VAR2" : "VALUE2",
2021-11-03 15:48:01 -07:00
}
env_from = null
2021-11-01 12:34:23 -07:00
}
2022-12-16 03:53:56 -08:00
ports = null
resources = null
2021-11-01 12:34:23 -07:00
volume_mounts = null
}]
}
2022-01-28 11:15:35 -08:00
# tftest modules=1 resources=1
2021-11-01 12:34:23 -07:00
```
### Environment variables (value read from secret)
```hcl
module "cloud_run" {
2022-09-06 08:46:09 -07:00
source = "./fabric/modules/cloud-run"
2021-11-01 12:34:23 -07:00
project_id = "my-project"
name = "hello"
containers = [{
2021-11-03 15:48:01 -07:00
image = "us-docker.pkg.dev/cloudrun/container/hello"
options = {
2022-12-16 03:53:56 -08:00
command = null
args = null
env = null
env_from = {
"CREDENTIALS" : {
2021-11-03 15:48:01 -07:00
name = "credentials"
2022-12-16 03:53:56 -08:00
key = "1"
2021-11-03 15:48:01 -07:00
}
2021-11-01 12:34:23 -07:00
}
}
2022-12-16 03:53:56 -08:00
ports = null
resources = null
2021-11-01 12:34:23 -07:00
volume_mounts = null
}]
}
2022-01-28 11:15:35 -08:00
# tftest modules=1 resources=1
2021-11-01 12:34:23 -07:00
```
### Secret mounted as volume
```hcl
module "cloud_run" {
2022-12-16 03:53:56 -08:00
source = "./fabric/modules/cloud-run"
project_id = var.project_id
name = "hello"
region = var.region
2021-11-01 12:34:23 -07:00
revision_name = "green"
containers = [{
2022-12-16 03:53:56 -08:00
image = "us-docker.pkg.dev/cloudrun/container/hello"
options = null
ports = null
resources = null
2021-11-01 12:34:23 -07:00
volume_mounts = {
2022-12-16 03:53:56 -08:00
"credentials" : "/credentials"
2021-11-01 12:34:23 -07:00
}
}]
volumes = [
{
2022-12-16 03:53:56 -08:00
name = "credentials"
2021-11-01 12:34:23 -07:00
secret_name = "credentials"
items = [{
2022-12-16 03:53:56 -08:00
key = "1"
2021-11-01 12:34:23 -07:00
path = "v1.txt"
}]
}
]
}
2022-01-28 11:15:35 -08:00
# tftest modules=1 resources=1
2021-11-01 12:34:23 -07:00
```
2021-10-31 14:40:28 -07:00
### Traffic split
This deploys a Cloud Run service with traffic split between two revisions.
```hcl
module "cloud_run" {
2022-12-16 03:53:56 -08:00
source = "./fabric/modules/cloud-run"
project_id = "my-project"
name = "hello"
2021-10-31 14:40:28 -07:00
revision_name = "green"
containers = [{
2021-11-03 15:48:01 -07:00
image = "us-docker.pkg.dev/cloudrun/container/hello"
options = null
ports = null
resources = null
2021-10-31 14:40:28 -07:00
volume_mounts = null
}]
traffic = {
2022-12-16 03:53:56 -08:00
"blue" = 25
2021-10-31 14:40:28 -07:00
"green" = 75
}
}
2022-01-28 11:15:35 -08:00
# tftest modules=1 resources=1
2021-10-31 14:40:28 -07:00
```
### Eventarc trigger (Pub/Sub)
This deploys a Cloud Run service that will be triggered when messages are published to Pub/Sub topics.
```hcl
module "cloud_run" {
2022-09-06 08:46:09 -07:00
source = "./fabric/modules/cloud-run"
2021-10-31 14:40:28 -07:00
project_id = "my-project"
name = "hello"
containers = [{
2021-11-03 15:48:01 -07:00
image = "us-docker.pkg.dev/cloudrun/container/hello"
options = null
ports = null
resources = null
2021-10-31 14:40:28 -07:00
volume_mounts = null
}]
2021-11-01 12:05:04 -07:00
pubsub_triggers = [
2021-10-31 14:40:28 -07:00
"topic1",
"topic2"
]
}
2022-01-28 11:15:35 -08:00
# tftest modules=1 resources=3
2021-10-31 14:40:28 -07:00
```
### Eventarc trigger (Audit logs)
This deploys a Cloud Run service that will be triggered when specific log events are written to Google Cloud audit logs.
2021-11-01 12:05:04 -07:00
```hcl
2021-10-31 14:40:28 -07:00
module "cloud_run" {
2022-09-06 08:46:09 -07:00
source = "./fabric/modules/cloud-run"
2021-10-31 14:40:28 -07:00
project_id = "my-project"
name = "hello"
containers = [{
2021-11-03 15:48:01 -07:00
image = "us-docker.pkg.dev/cloudrun/container/hello"
options = null
ports = null
resources = null
2021-10-31 14:40:28 -07:00
volume_mounts = null
}]
audit_log_triggers = [
{
2022-12-16 03:53:56 -08:00
service_name = "cloudresourcemanager.googleapis.com"
method_name = "SetIamPolicy"
2021-10-31 14:40:28 -07:00
}
]
}
2022-01-28 11:15:35 -08:00
# tftest modules=1 resources=2
2021-11-01 12:05:04 -07:00
```
2021-10-31 14:40:28 -07:00
### Service account management
To use a custom service account managed by the module, set `service_account_create` to `true` and leave `service_account` set to `null` value (default).
```hcl
module "cloud_run" {
2022-09-06 08:46:09 -07:00
source = "./fabric/modules/cloud-run"
2021-10-31 14:40:28 -07:00
project_id = "my-project"
name = "hello"
containers = [{
2021-11-03 15:48:01 -07:00
image = "us-docker.pkg.dev/cloudrun/container/hello"
options = null
ports = null
resources = null
2021-10-31 14:40:28 -07:00
volume_mounts = null
}]
service_account_create = true
}
2022-01-28 11:15:35 -08:00
# tftest modules=1 resources=2
2021-10-31 14:40:28 -07:00
```
To use an externally managed service account, pass its email in `service_account` and leave `service_account_create` to `false` (the default).
```hcl
module "cloud_run" {
2022-09-06 08:46:09 -07:00
source = "./fabric/modules/cloud-run"
2021-10-31 14:40:28 -07:00
project_id = "my-project"
name = "hello"
containers = [{
2021-11-03 15:48:01 -07:00
image = "us-docker.pkg.dev/cloudrun/container/hello"
options = null
ports = null
resources = null
2021-10-31 14:40:28 -07:00
volume_mounts = null
}]
2021-11-01 12:05:04 -07:00
service_account = "cloud-run@my-project.iam.gserviceaccount.com"
2021-10-31 14:40:28 -07:00
}
2022-01-28 11:15:35 -08:00
# tftest modules=1 resources=1
2021-10-31 14:40:28 -07:00
```
<!-- BEGIN TFDOC -->
2021-12-20 23:51:51 -08:00
2021-10-31 14:40:28 -07:00
## Variables
| name | description | type | required | default |
2021-12-20 23:51:51 -08:00
|---|---|:---:|:---:|:---:|
2022-01-31 01:45:34 -08:00
| [containers ](variables.tf#L27 ) | Containers. | < code title = "list(object({ image = string options = object({ command = list(string) args = list(string) env = map(string) env_from = map(object({ key = string name = string })) }) resources = object({ limits = object({ cpu = string memory = string }) requests = object({ cpu = string memory = string }) }) ports = list(object({ name = string protocol = string container_port = string })) volume_mounts = map(string) }))" > list( object({…})) </ code > | ✓ | |
| [name ](variables.tf#L77 ) | Name used for cloud run service. | < code > string</ code > | ✓ | |
2022-11-10 07:05:53 -08:00
| [project_id ](variables.tf#L92 ) | Project id used for all resources. | < code > string</ code > | ✓ | |
2022-01-31 01:45:34 -08:00
| [audit_log_triggers ](variables.tf#L18 ) | Event arc triggers (Audit log). | < code title = "list(object({ service_name = string method_name = string }))" > list( object({…})) </ code > | | < code > null</ code > |
2022-01-22 04:34:35 -08:00
| [iam ](variables.tf#L59 ) | IAM bindings for Cloud Run service in {ROLE => [MEMBERS]} format. | < code > map( list( string)) </ code > | | < code > {} </ code > |
2022-01-31 01:45:34 -08:00
| [ingress_settings ](variables.tf#L65 ) | Ingress settings. | < code > string</ code > | | < code > null</ code > |
| [labels ](variables.tf#L71 ) | Resource labels. | < code > map( string) </ code > | | < code > {} </ code > |
2022-01-22 04:34:35 -08:00
| [prefix ](variables.tf#L82 ) | Optional prefix used for resource names. | < code > string</ code > | | < code > null</ code > |
2022-11-10 07:05:53 -08:00
| [pubsub_triggers ](variables.tf#L97 ) | Eventarc triggers (Pub/Sub). | < code > list( string) </ code > | | < code > null</ code > |
| [region ](variables.tf#L103 ) | Region used for all resources. | < code > string</ code > | | < code > " europe-west1" </ code > |
| [revision_annotations ](variables.tf#L109 ) | Configure revision template annotations. | < code title = "object({ autoscaling = object({ max_scale = number min_scale = number }) cloudsql_instances = list(string) vpcaccess_connector = string vpcaccess_egress = string })" > object({…}) </ code > | | < code > null</ code > |
| [revision_name ](variables.tf#L123 ) | Revision name. | < code > string</ code > | | < code > null</ code > |
| [service_account ](variables.tf#L129 ) | Service account email. Unused if service account is auto-created. | < code > string</ code > | | < code > null</ code > |
| [service_account_create ](variables.tf#L135 ) | Auto-create service account. | < code > bool</ code > | | < code > false</ code > |
| [traffic ](variables.tf#L141 ) | Traffic. | < code > map( number) </ code > | | < code > null</ code > |
| [volumes ](variables.tf#L147 ) | Volumes. | < code title = "list(object({ name = string secret_name = string items = list(object({ key = string path = string })) }))" > list( object({…})) </ code > | | < code > null</ code > |
| [vpc_connector_create ](variables.tf#L160 ) | Populate this to create a VPC connector. You can then refer to it in the template annotations. | < code title = "object({ ip_cidr_range = string name = string vpc_self_link = string })" > object({…}) </ code > | | < code > null</ code > |
2021-10-31 14:40:28 -07:00
## Outputs
| name | description | sensitive |
|---|---|:---:|
2022-01-31 01:45:34 -08:00
| [service ](outputs.tf#L18 ) | Cloud Run service. | |
2022-01-22 04:34:35 -08:00
| [service_account ](outputs.tf#L23 ) | Service account resource. | |
| [service_account_email ](outputs.tf#L28 ) | Service account email. | |
| [service_account_iam_email ](outputs.tf#L33 ) | Service account email. | |
2022-01-31 01:45:34 -08:00
| [service_name ](outputs.tf#L41 ) | Cloud Run service name. | |
2022-01-22 04:34:35 -08:00
| [vpc_connector ](outputs.tf#L47 ) | VPC connector resource if created. | |
2021-12-20 23:51:51 -08:00
2021-10-31 14:40:28 -07:00
<!-- END TFDOC -->
