b5e1e7f3cf | ||
---|---|---|
.. | ||
README.md | ||
main.tf | ||
outputs.tf | ||
variables.tf | ||
versions.tf |
README.md
Cloud Run Module
Cloud Run management, with support for IAM roles and optional Eventarc trigger creation.
Examples
Traffic split
This deploys a Cloud Run service with traffic split between two revisions.
module "cloud_run" {
source = "../../modules/cloud-run"
project_id = "my-project"
name = "hello"
revision_name = "green"
containers = [{
image = "us-docker.pkg.dev/cloudrun/container/hello"
command = null
args = null
env = null
env_from = null
ports = null
resources = null
volume_mounts = null
}]
traffic = {
"blue" = 25
"green" = 75
}
}
# tftest:skip
Eventarc trigger (Pub/Sub)
This deploys a Cloud Run service that will be triggered when messages are published to Pub/Sub topics.
module "cloud_run" {
source = "../../modules/cloud-run"
project_id = "my-project"
name = "hello"
containers = [{
image = "us-docker.pkg.dev/cloudrun/container/hello"
command = null
args = null
env = null
env_from = null
ports = null
resources = null
volume_mounts = null
}]
pub_sub_triggers = [
"topic1",
"topic2"
]
}
# tftest:skip
Eventarc trigger (Audit logs)
This deploys a Cloud Run service that will be triggered when specific log events are written to Google Cloud audit logs.
module "cloud_run" { source = "../../modules/cloud-run" project_id = "my-project" name = "hello" containers = [{ image = "us-docker.pkg.dev/cloudrun/container/hello" command = null args = null env = null env_from = null ports = null resources = null volume_mounts = null }] audit_log_triggers = [ { service_name = "cloudresourcemanager.googleapis.com" method_name = "SetIamPolicy" } ] }
Service account management
To use a custom service account managed by the module, set service_account_create
to true
and leave service_account
set to null
value (default).
module "cloud_run" {
source = "../../modules/cloud-run"
project_id = "my-project"
name = "hello"
containers = [{
image = "us-docker.pkg.dev/cloudrun/container/hello"
command = null
args = null
env = null
env_from = null
ports = null
resources = null
volume_mounts = null
}]
service_account_create = true
}
# tftest:skip
To use an externally managed service account, pass its email in service_account
and leave service_account_create
to false
(the default).
module "cloud_run" {
source = "../../modules/cloud-run"
project_id = "my-project"
name = "hello"
containers = [{
image = "us-docker.pkg.dev/cloudrun/container/hello"
command = null
args = null
env = null
env_from = null
ports = null
resources = null
volume_mounts = null
}]
service_account = local.service_account_email
}
# tftest:skip
Variables
name | description | type | required | default |
---|---|---|---|---|
containers | Containers | list(object({...})) |
✓ | |
name | Name used for cloud run service | string |
✓ | |
project_id | Project id used for all resources. | string |
✓ | |
audit_log_triggers | Event arc triggers (Audit log) | list(object({...})) |
null |
|
iam | IAM bindings for topic in {ROLE => [MEMBERS]} format. | map(list(string)) |
{} |
|
ingress_settings | Ingress settings | string |
null |
|
labels | Resource labels | map(string) |
{} |
|
prefix | Optional prefix used for resource names. | string |
null |
|
pubsub_triggers | Eventarc triggers (Pub/Sub) | list(string) |
null |
|
region | Region used for all resources. | string |
europe-west1 |
|
revision_name | Revision name | string |
null |
|
service_account | Service account email. Unused if service account is auto-created. | string |
null |
|
service_account_create | Auto-create service account. | bool |
false |
|
traffic | Traffic | map(number) |
null |
|
volumes | Volumes | list(object({...})) |
null |
|
vpc_connector_config | VPC connector configuration. Set create_config attributes to trigger creation. |
object({...}) |
null |
Outputs
name | description | sensitive |
---|---|---|
service | Cloud Run service | |
service_account | Service account resource. | |
service_account_email | Service account email. | |
service_account_iam_email | Service account email. | |
service_name | Cloud Run service name | |
vpc_connector | VPC connector resource if created. |