zecfoundation
/
cloud-foundation-fabric
mirror of https://github.com/ZcashFoundation/cloud-foundation-fabric.git
1
0
Fork 0
Code Issues Packages Projects Releases Wiki Activity
cloud-foundation-fabric/modules/cloud-run
History
apichick 2ae7965c5f Changed volume_mounts from list to map 2021-11-01 19:15:28 +01:00
..
README.md Changed volume_mounts from list to map 2021-11-01 19:15:28 +01:00
main.tf Changed volume_mounts from list to map 2021-11-01 19:15:28 +01:00
outputs.tf Added cloud-run module 2021-10-31 23:15:46 +01:00
variables.tf Changed volume_mounts from list to map 2021-11-01 19:15:28 +01:00
versions.tf Added cloud-run module 2021-10-31 23:15:46 +01:00

README.md

Cloud Run Module

Cloud Run management, with support for IAM roles and optional Eventarc trigger creation.

Examples

Traffic split

This deploys a Cloud Run service with traffic split between two revisions.

module "cloud_run" {
  source     = "../../modules/cloud-run"
  project_id = "my-project"
  name       = "hello"
  revision_name = "green"
  containers = [{
    image   = "us-docker.pkg.dev/cloudrun/container/hello"
    command = null
    args    = null
    env     = null
    env_from = null
    ports = null
    resources = null
    volume_mounts = null
  }]
  traffic = {
    "blue" = 25
    "green" = 75
  }
}
# tftest:skip

Eventarc trigger (Pub/Sub)

This deploys a Cloud Run service that will be triggered when messages are published to Pub/Sub topics.

module "cloud_run" {
  source     = "../../modules/cloud-run"
  project_id = "my-project"
  name       = "hello"
  containers = [{
    image   = "us-docker.pkg.dev/cloudrun/container/hello"
    command = null
    args    = null
    env     = null
    env_from = null
    ports = null
    resources = null
    volume_mounts = null
  }]
  pub_sub_triggers = [
    "topic1",
    "topic2"
  ]
}
# tftest:skip

Eventarc trigger (Audit logs)

This deploys a Cloud Run service that will be triggered when specific log events are written to Google Cloud audit logs.

module "cloud_run" { source = "../../modules/cloud-run" project_id = "my-project" name = "hello" containers = [{ image = "us-docker.pkg.dev/cloudrun/container/hello" command = null args = null env = null env_from = null ports = null resources = null volume_mounts = null }] audit_log_triggers = [ { service_name = "cloudresourcemanager.googleapis.com" method_name = "SetIamPolicy" } ] }

Service account management

To use a custom service account managed by the module, set service_account_create to true and leave service_account set to null value (default).

module "cloud_run" {
  source     = "../../modules/cloud-run"
  project_id = "my-project"
  name       = "hello"
  containers = [{
    image   = "us-docker.pkg.dev/cloudrun/container/hello"
    command = null
    args    = null
    env     = null
    env_from = null
    ports = null
    resources = null
    volume_mounts = null
  }]
  service_account_create = true
}
# tftest:skip

To use an externally managed service account, pass its email in service_account and leave service_account_create to false (the default).

module "cloud_run" {
  source     = "../../modules/cloud-run"
  project_id = "my-project"
  name       = "hello"
  containers = [{
    image   = "us-docker.pkg.dev/cloudrun/container/hello"
    command = null
    args    = null
    env     = null
    env_from = null
    ports = null
    resources = null
    volume_mounts = null
  }]
  service_account = local.service_account_email
}
# tftest:skip

Variables

name description type required default
containers Containers list(object({...}))
name Name used for cloud run service string
project_id Project id used for all resources. string
audit_log_triggers Event arc triggers (Audit log) list(object({...})) null
iam IAM bindings for Cloud Run service in {ROLE => [MEMBERS]} format. map(list(string)) {}
ingress_settings Ingress settings string null
labels Resource labels map(string) {}
prefix Optional prefix used for resource names. string null
pubsub_triggers Eventarc triggers (Pub/Sub) list(string) null
region Region used for all resources. string europe-west1
revision_name Revision name string null
service_account Service account email. Unused if service account is auto-created. string null
service_account_create Auto-create service account. bool false
traffic Traffic map(number) null
volumes Volumes list(object({...})) null
vpc_connector_config VPC connector configuration. Set create_config attributes to trigger creation. object({...}) null

Outputs

name description sensitive
service Cloud Run service
service_account Service account resource.
service_account_email Service account email.
service_account_iam_email Service account email.
service_name Cloud Run service name
vpc_connector VPC connector resource if created.