# Cloud Run Module
Cloud Run management, with support for IAM roles and optional Eventarc trigger creation.
## Examples
### Environment variables
This deploys a Cloud Run service and sets some environment variables.
```hcl
module "cloud_run" {
source = "./modules/cloud-run"
project_id = "my-project"
name = "hello"
containers = [{
image = "us-docker.pkg.dev/cloudrun/container/hello"
options = {
command = null
args = null
env = {
"VAR1": "VALUE1",
"VAR2": "VALUE2",
}
env_from = null
}
ports = null
resources = null
volume_mounts = null
}]
}
# tftest:modules=1:resources=1
```
### Environment variables (value read from secret)
```hcl
module "cloud_run" {
source = "./modules/cloud-run"
project_id = "my-project"
name = "hello"
containers = [{
image = "us-docker.pkg.dev/cloudrun/container/hello"
options = {
command = null
args = null
env = null
env_from = {
"CREDENTIALS": {
name = "credentials"
key = "1"
}
}
}
ports = null
resources = null
volume_mounts = null
}]
}
# tftest:modules=1:resources=1
```
### Secret mounted as volume
```hcl
module "cloud_run" {
source = "./modules/cloud-run"
project_id = var.project_id
name = "hello"
region = var.region
revision_name = "green"
containers = [{
image = "us-docker.pkg.dev/cloudrun/container/hello"
options = null
ports = null
resources = null
volume_mounts = {
"credentials": "/credentials"
}
}]
volumes = [
{
name = "credentials"
secret_name = "credentials"
items = [{
key = "1"
path = "v1.txt"
}]
}
]
}
# tftest:modules=1:resources=1
```
### Traffic split
This deploys a Cloud Run service with traffic split between two revisions.
```hcl
module "cloud_run" {
source = "./modules/cloud-run"
project_id = "my-project"
name = "hello"
revision_name = "green"
containers = [{
image = "us-docker.pkg.dev/cloudrun/container/hello"
options = null
ports = null
resources = null
volume_mounts = null
}]
traffic = {
"blue" = 25
"green" = 75
}
}
# tftest:modules=1:resources=1
```
### Eventarc trigger (Pub/Sub)
This deploys a Cloud Run service that will be triggered when messages are published to Pub/Sub topics.
```hcl
module "cloud_run" {
source = "./modules/cloud-run"
project_id = "my-project"
name = "hello"
containers = [{
image = "us-docker.pkg.dev/cloudrun/container/hello"
options = null
ports = null
resources = null
volume_mounts = null
}]
pubsub_triggers = [
"topic1",
"topic2"
]
}
# tftest:modules=1:resources=3
```
### Eventarc trigger (Audit logs)
This deploys a Cloud Run service that will be triggered when specific log events are written to Google Cloud audit logs.
```hcl
module "cloud_run" {
source = "./modules/cloud-run"
project_id = "my-project"
name = "hello"
containers = [{
image = "us-docker.pkg.dev/cloudrun/container/hello"
options = null
ports = null
resources = null
volume_mounts = null
}]
audit_log_triggers = [
{
service_name = "cloudresourcemanager.googleapis.com"
method_name = "SetIamPolicy"
}
]
}
# tftest:modules=1:resources=2
```
### Service account management
To use a custom service account managed by the module, set `service_account_create` to `true` and leave `service_account` set to `null` value (default).
```hcl
module "cloud_run" {
source = "./modules/cloud-run"
project_id = "my-project"
name = "hello"
containers = [{
image = "us-docker.pkg.dev/cloudrun/container/hello"
options = null
ports = null
resources = null
volume_mounts = null
}]
service_account_create = true
}
# tftest:modules=1:resources=2
```
To use an externally managed service account, pass its email in `service_account` and leave `service_account_create` to `false` (the default).
```hcl
module "cloud_run" {
source = "./modules/cloud-run"
project_id = "my-project"
name = "hello"
containers = [{
image = "us-docker.pkg.dev/cloudrun/container/hello"
options = null
ports = null
resources = null
volume_mounts = null
}]
service_account = "cloud-run@my-project.iam.gserviceaccount.com"
}
# tftest:modules=1:resources=1
```
## Variables
| name | description | type | required | default |
|---|---|:---: |:---:|:---:|
| containers | Containers | list(object({...}))
| ✓ | |
| name | Name used for cloud run service | string
| ✓ | |
| project_id | Project id used for all resources. | string
| ✓ | |
| *audit_log_triggers* | Event arc triggers (Audit log) | list(object({...}))
| | null
|
| *iam* | IAM bindings for Cloud Run service in {ROLE => [MEMBERS]} format. | map(list(string))
| | {}
|
| *ingress_settings* | Ingress settings | string
| | null
|
| *labels* | Resource labels | map(string)
| | {}
|
| *prefix* | Optional prefix used for resource names. | string
| | null
|
| *pubsub_triggers* | Eventarc triggers (Pub/Sub) | list(string)
| | null
|
| *region* | Region used for all resources. | string
| | europe-west1
|
| *revision_name* | Revision name | string
| | null
|
| *service_account* | Service account email. Unused if service account is auto-created. | string
| | null
|
| *service_account_create* | Auto-create service account. | bool
| | false
|
| *traffic* | Traffic | map(number)
| | null
|
| *volumes* | Volumes | list(object({...}))
| | null
|
| *vpc_connector* | None | object({...})
| | null
|
| *vpc_connector_config* | VPC connector network configuration. Must be provided if new VPC connector is being created | object({...})
| | null
|
## Outputs
| name | description | sensitive |
|---|---|:---:|
| service | Cloud Run service | |
| service_account | Service account resource. | |
| service_account_email | Service account email. | |
| service_account_iam_email | Service account email. | |
| service_name | Cloud Run service name | |
| vpc_connector | VPC connector resource if created. | |