9.1 KiB
9.1 KiB
Cloud Run Module
Cloud Run management, with support for IAM roles and optional Eventarc trigger creation.
Examples
Environment variables
This deploys a Cloud Run service and sets some environment variables.
module "cloud_run" {
source = "./fabric/modules/cloud-run"
project_id = "my-project"
name = "hello"
containers = [{
image = "us-docker.pkg.dev/cloudrun/container/hello"
options = {
command = null
args = null
env = {
"VAR1" : "VALUE1",
"VAR2" : "VALUE2",
}
env_from = null
}
ports = null
resources = null
volume_mounts = null
}]
}
# tftest modules=1 resources=1
Environment variables (value read from secret)
module "cloud_run" {
source = "./fabric/modules/cloud-run"
project_id = "my-project"
name = "hello"
containers = [{
image = "us-docker.pkg.dev/cloudrun/container/hello"
options = {
command = null
args = null
env = null
env_from = {
"CREDENTIALS" : {
name = "credentials"
key = "1"
}
}
}
ports = null
resources = null
volume_mounts = null
}]
}
# tftest modules=1 resources=1
Secret mounted as volume
module "cloud_run" {
source = "./fabric/modules/cloud-run"
project_id = var.project_id
name = "hello"
region = var.region
revision_name = "green"
containers = [{
image = "us-docker.pkg.dev/cloudrun/container/hello"
options = null
ports = null
resources = null
volume_mounts = {
"credentials" : "/credentials"
}
}]
volumes = [
{
name = "credentials"
secret_name = "credentials"
items = [{
key = "1"
path = "v1.txt"
}]
}
]
}
# tftest modules=1 resources=1
Traffic split
This deploys a Cloud Run service with traffic split between two revisions.
module "cloud_run" {
source = "./fabric/modules/cloud-run"
project_id = "my-project"
name = "hello"
revision_name = "green"
containers = [{
image = "us-docker.pkg.dev/cloudrun/container/hello"
options = null
ports = null
resources = null
volume_mounts = null
}]
traffic = {
"blue" = 25
"green" = 75
}
}
# tftest modules=1 resources=1
Eventarc trigger (Pub/Sub)
This deploys a Cloud Run service that will be triggered when messages are published to Pub/Sub topics.
module "cloud_run" {
source = "./fabric/modules/cloud-run"
project_id = "my-project"
name = "hello"
containers = [{
image = "us-docker.pkg.dev/cloudrun/container/hello"
options = null
ports = null
resources = null
volume_mounts = null
}]
pubsub_triggers = [
"topic1",
"topic2"
]
}
# tftest modules=1 resources=3
Eventarc trigger (Audit logs)
This deploys a Cloud Run service that will be triggered when specific log events are written to Google Cloud audit logs.
module "cloud_run" {
source = "./fabric/modules/cloud-run"
project_id = "my-project"
name = "hello"
containers = [{
image = "us-docker.pkg.dev/cloudrun/container/hello"
options = null
ports = null
resources = null
volume_mounts = null
}]
audit_log_triggers = [
{
service_name = "cloudresourcemanager.googleapis.com"
method_name = "SetIamPolicy"
}
]
}
# tftest modules=1 resources=2
Service account management
To use a custom service account managed by the module, set service_account_create to true and leave service_account set to null value (default).
module "cloud_run" {
source = "./fabric/modules/cloud-run"
project_id = "my-project"
name = "hello"
containers = [{
image = "us-docker.pkg.dev/cloudrun/container/hello"
options = null
ports = null
resources = null
volume_mounts = null
}]
service_account_create = true
}
# tftest modules=1 resources=2
To use an externally managed service account, pass its email in service_account and leave service_account_create to false (the default).
module "cloud_run" {
source = "./fabric/modules/cloud-run"
project_id = "my-project"
name = "hello"
containers = [{
image = "us-docker.pkg.dev/cloudrun/container/hello"
options = null
ports = null
resources = null
volume_mounts = null
}]
service_account = "cloud-run@my-project.iam.gserviceaccount.com"
}
# tftest modules=1 resources=1
Variables
| name | description | type | required | default |
|---|---|---|---|---|
| containers | Containers. | list(object({…})) |
✓ | |
| name | Name used for cloud run service. | string |
✓ | |
| project_id | Project id used for all resources. | string |
✓ | |
| audit_log_triggers | Event arc triggers (Audit log). | list(object({…})) |
null |
|
| iam | IAM bindings for Cloud Run service in {ROLE => [MEMBERS]} format. | map(list(string)) |
{} |
|
| ingress_settings | Ingress settings. | string |
null |
|
| labels | Resource labels. | map(string) |
{} |
|
| prefix | Optional prefix used for resource names. | string |
null |
|
| pubsub_triggers | Eventarc triggers (Pub/Sub). | list(string) |
null |
|
| region | Region used for all resources. | string |
"europe-west1" |
|
| revision_annotations | Configure revision template annotations. | object({…}) |
null |
|
| revision_name | Revision name. | string |
null |
|
| service_account | Service account email. Unused if service account is auto-created. | string |
null |
|
| service_account_create | Auto-create service account. | bool |
false |
|
| traffic | Traffic. | map(number) |
null |
|
| volumes | Volumes. | list(object({…})) |
null |
|
| vpc_connector_create | Populate this to create a VPC connector. You can then refer to it in the template annotations. | object({…}) |
null |
Outputs
| name | description | sensitive |
|---|---|---|
| service | Cloud Run service. | |
| service_account | Service account resource. | |
| service_account_email | Service account email. | |
| service_account_iam_email | Service account email. | |
| service_name | Cloud Run service name. | |
| vpc_connector | VPC connector resource if created. |