245 lines
9.1 KiB
Markdown
245 lines
9.1 KiB
Markdown
# Cloud Run Module
|
|
|
|
Cloud Run management, with support for IAM roles and optional Eventarc trigger creation.
|
|
|
|
## Examples
|
|
|
|
### Environment variables
|
|
|
|
This deploys a Cloud Run service and sets some environment variables.
|
|
|
|
```hcl
|
|
module "cloud_run" {
|
|
source = "./fabric/modules/cloud-run"
|
|
project_id = "my-project"
|
|
name = "hello"
|
|
containers = [{
|
|
image = "us-docker.pkg.dev/cloudrun/container/hello"
|
|
options = {
|
|
command = null
|
|
args = null
|
|
env = {
|
|
"VAR1": "VALUE1",
|
|
"VAR2": "VALUE2",
|
|
}
|
|
env_from = null
|
|
}
|
|
ports = null
|
|
resources = null
|
|
volume_mounts = null
|
|
}]
|
|
}
|
|
# tftest modules=1 resources=1
|
|
```
|
|
|
|
### Environment variables (value read from secret)
|
|
|
|
```hcl
|
|
module "cloud_run" {
|
|
source = "./fabric/modules/cloud-run"
|
|
project_id = "my-project"
|
|
name = "hello"
|
|
containers = [{
|
|
image = "us-docker.pkg.dev/cloudrun/container/hello"
|
|
options = {
|
|
command = null
|
|
args = null
|
|
env = null
|
|
env_from = {
|
|
"CREDENTIALS": {
|
|
name = "credentials"
|
|
key = "1"
|
|
}
|
|
}
|
|
}
|
|
ports = null
|
|
resources = null
|
|
volume_mounts = null
|
|
}]
|
|
}
|
|
# tftest modules=1 resources=1
|
|
```
|
|
|
|
### Secret mounted as volume
|
|
|
|
```hcl
|
|
module "cloud_run" {
|
|
source = "./fabric/modules/cloud-run"
|
|
project_id = var.project_id
|
|
name = "hello"
|
|
region = var.region
|
|
revision_name = "green"
|
|
containers = [{
|
|
image = "us-docker.pkg.dev/cloudrun/container/hello"
|
|
options = null
|
|
ports = null
|
|
resources = null
|
|
volume_mounts = {
|
|
"credentials": "/credentials"
|
|
}
|
|
}]
|
|
volumes = [
|
|
{
|
|
name = "credentials"
|
|
secret_name = "credentials"
|
|
items = [{
|
|
key = "1"
|
|
path = "v1.txt"
|
|
}]
|
|
}
|
|
]
|
|
}
|
|
# tftest modules=1 resources=1
|
|
```
|
|
|
|
### Traffic split
|
|
|
|
This deploys a Cloud Run service with traffic split between two revisions.
|
|
|
|
```hcl
|
|
module "cloud_run" {
|
|
source = "./fabric/modules/cloud-run"
|
|
project_id = "my-project"
|
|
name = "hello"
|
|
revision_name = "green"
|
|
containers = [{
|
|
image = "us-docker.pkg.dev/cloudrun/container/hello"
|
|
options = null
|
|
ports = null
|
|
resources = null
|
|
volume_mounts = null
|
|
}]
|
|
traffic = {
|
|
"blue" = 25
|
|
"green" = 75
|
|
}
|
|
}
|
|
# tftest modules=1 resources=1
|
|
```
|
|
|
|
### Eventarc trigger (Pub/Sub)
|
|
|
|
This deploys a Cloud Run service that will be triggered when messages are published to Pub/Sub topics.
|
|
|
|
```hcl
|
|
module "cloud_run" {
|
|
source = "./fabric/modules/cloud-run"
|
|
project_id = "my-project"
|
|
name = "hello"
|
|
containers = [{
|
|
image = "us-docker.pkg.dev/cloudrun/container/hello"
|
|
options = null
|
|
ports = null
|
|
resources = null
|
|
volume_mounts = null
|
|
}]
|
|
pubsub_triggers = [
|
|
"topic1",
|
|
"topic2"
|
|
]
|
|
}
|
|
# tftest modules=1 resources=3
|
|
```
|
|
|
|
### Eventarc trigger (Audit logs)
|
|
|
|
This deploys a Cloud Run service that will be triggered when specific log events are written to Google Cloud audit logs.
|
|
|
|
```hcl
|
|
module "cloud_run" {
|
|
source = "./fabric/modules/cloud-run"
|
|
project_id = "my-project"
|
|
name = "hello"
|
|
containers = [{
|
|
image = "us-docker.pkg.dev/cloudrun/container/hello"
|
|
options = null
|
|
ports = null
|
|
resources = null
|
|
volume_mounts = null
|
|
}]
|
|
audit_log_triggers = [
|
|
{
|
|
service_name = "cloudresourcemanager.googleapis.com"
|
|
method_name = "SetIamPolicy"
|
|
}
|
|
]
|
|
}
|
|
# tftest modules=1 resources=2
|
|
```
|
|
|
|
### Service account management
|
|
|
|
To use a custom service account managed by the module, set `service_account_create` to `true` and leave `service_account` set to `null` value (default).
|
|
|
|
```hcl
|
|
module "cloud_run" {
|
|
source = "./fabric/modules/cloud-run"
|
|
project_id = "my-project"
|
|
name = "hello"
|
|
containers = [{
|
|
image = "us-docker.pkg.dev/cloudrun/container/hello"
|
|
options = null
|
|
ports = null
|
|
resources = null
|
|
volume_mounts = null
|
|
}]
|
|
service_account_create = true
|
|
}
|
|
# tftest modules=1 resources=2
|
|
```
|
|
|
|
To use an externally managed service account, pass its email in `service_account` and leave `service_account_create` to `false` (the default).
|
|
|
|
```hcl
|
|
module "cloud_run" {
|
|
source = "./fabric/modules/cloud-run"
|
|
project_id = "my-project"
|
|
name = "hello"
|
|
containers = [{
|
|
image = "us-docker.pkg.dev/cloudrun/container/hello"
|
|
options = null
|
|
ports = null
|
|
resources = null
|
|
volume_mounts = null
|
|
}]
|
|
service_account = "cloud-run@my-project.iam.gserviceaccount.com"
|
|
}
|
|
# tftest modules=1 resources=1
|
|
```
|
|
<!-- BEGIN TFDOC -->
|
|
|
|
## Variables
|
|
|
|
| name | description | type | required | default |
|
|
|---|---|:---:|:---:|:---:|
|
|
| [containers](variables.tf#L27) | Containers. | <code title="list(object({ image = string options = object({ command = list(string) args = list(string) env = map(string) env_from = map(object({ key = string name = string })) }) resources = object({ limits = object({ cpu = string memory = string }) requests = object({ cpu = string memory = string }) }) ports = list(object({ name = string protocol = string container_port = string })) volume_mounts = map(string) }))">list(object({…}))</code> | ✓ | |
|
|
| [name](variables.tf#L77) | Name used for cloud run service. | <code>string</code> | ✓ | |
|
|
| [project_id](variables.tf#L92) | Project id used for all resources. | <code>string</code> | ✓ | |
|
|
| [audit_log_triggers](variables.tf#L18) | Event arc triggers (Audit log). | <code title="list(object({ service_name = string method_name = string }))">list(object({…}))</code> | | <code>null</code> |
|
|
| [iam](variables.tf#L59) | IAM bindings for Cloud Run service in {ROLE => [MEMBERS]} format. | <code>map(list(string))</code> | | <code>{}</code> |
|
|
| [ingress_settings](variables.tf#L65) | Ingress settings. | <code>string</code> | | <code>null</code> |
|
|
| [labels](variables.tf#L71) | Resource labels. | <code>map(string)</code> | | <code>{}</code> |
|
|
| [prefix](variables.tf#L82) | Optional prefix used for resource names. | <code>string</code> | | <code>null</code> |
|
|
| [pubsub_triggers](variables.tf#L97) | Eventarc triggers (Pub/Sub). | <code>list(string)</code> | | <code>null</code> |
|
|
| [region](variables.tf#L103) | Region used for all resources. | <code>string</code> | | <code>"europe-west1"</code> |
|
|
| [revision_annotations](variables.tf#L109) | Configure revision template annotations. | <code title="object({ autoscaling = object({ max_scale = number min_scale = number }) cloudsql_instances = list(string) vpcaccess_connector = string vpcaccess_egress = string })">object({…})</code> | | <code>null</code> |
|
|
| [revision_name](variables.tf#L123) | Revision name. | <code>string</code> | | <code>null</code> |
|
|
| [service_account](variables.tf#L129) | Service account email. Unused if service account is auto-created. | <code>string</code> | | <code>null</code> |
|
|
| [service_account_create](variables.tf#L135) | Auto-create service account. | <code>bool</code> | | <code>false</code> |
|
|
| [traffic](variables.tf#L141) | Traffic. | <code>map(number)</code> | | <code>null</code> |
|
|
| [volumes](variables.tf#L147) | Volumes. | <code title="list(object({ name = string secret_name = string items = list(object({ key = string path = string })) }))">list(object({…}))</code> | | <code>null</code> |
|
|
| [vpc_connector_create](variables.tf#L160) | Populate this to create a VPC connector. You can then refer to it in the template annotations. | <code title="object({ ip_cidr_range = string name = string vpc_self_link = string })">object({…})</code> | | <code>null</code> |
|
|
|
|
## Outputs
|
|
|
|
| name | description | sensitive |
|
|
|---|---|:---:|
|
|
| [service](outputs.tf#L18) | Cloud Run service. | |
|
|
| [service_account](outputs.tf#L23) | Service account resource. | |
|
|
| [service_account_email](outputs.tf#L28) | Service account email. | |
|
|
| [service_account_iam_email](outputs.tf#L33) | Service account email. | |
|
|
| [service_name](outputs.tf#L41) | Cloud Run service name. | |
|
|
| [vpc_connector](outputs.tf#L47) | VPC connector resource if created. | |
|
|
|
|
<!-- END TFDOC -->
|