Skip to content

Latest commit

 

History

History
119 lines (91 loc) · 7.13 KB

README.md

File metadata and controls

119 lines (91 loc) · 7.13 KB

Terraform Cloud Run Module

This module handles the basic deployment of containerized applications on Cloud Run, along with domain mapping and IAM policy for the service.

The resources/services/activations/deletions that this module will create/trigger are:

  • Creates a Cloud Run service with provided name and container
  • Creates Domain mapping for the deployed service
  • Applies Cloud Run Invoker role to members

Assumptions and Prerequisites

This module assumes that below mentioned prerequisites are in place before consuming the module.

  • All required APIs are enabled in the GCP Project
  • Cloud SQL (optional)
  • VPC Connector (optional)
  • Environment Variables in Secret Manager (optional)

Usage

Basic usage of this module is as follows:

module "cloud_run" {
  source  = "GoogleCloudPlatform/cloud-run/google"
  version = "~> 0.2.0"

  # Required variables
  service_name           = "<SERVICE NAME>"
  project_id             = "<PROJECT ID>"
  location               = "<LOCATION>"
  image                  = "gcr.io/cloudrun/hello"
}

Inputs

Name Description Type Default Required
argument Arguments passed to the ENTRYPOINT command, include these only if image entrypoint needs arguments list(string) [] no
certificate_mode The mode of the certificate (NONE or AUTOMATIC) string "NONE" no
container_command Leave blank to use the ENTRYPOINT command defined in the container image, include these only if image entrypoint should be overwritten list(string) [] no
container_concurrency Concurrent request limits to the service number null no
domain_map_annotations Annotations to the domain map map(string) {} no
domain_map_labels A set of key/value label pairs to assign to the Domain mapping map(string) {} no
encryption_key CMEK encryption key self-link expected in the format projects/PROJECT/locations/LOCATION/keyRings/KEY-RING/cryptoKeys/CRYPTO-KEY. string null no
env_secret_vars [Beta] Environment variables (Secret Manager)
list(object({
name = string
value_from = set(object({
secret_key_ref = map(string)
}))
}))
[] no
env_vars Environment variables (cleartext)
list(object({
value = string
name = string
}))
[] no
force_override Option to force override existing mapping bool false no
generate_revision_name Option to enable revision name generation bool true no
image GCR hosted image URL to deploy string n/a yes
limits Resource limits to the container map(string) null no
location Cloud Run service deployment location string n/a yes
members Users/SAs to be given invoker access to the service list(string) [] no
ports Port which the container listens to (http1 or h2c)
object({
name = string
port = number
})
{
"name": "http1",
"port": 8080
}
no
project_id The project ID to deploy to string n/a yes
requests Resource requests to the container map(string) {} no
service_account_email Service Account email needed for the service string "" no
service_annotations Annotations to the service. Acceptable values all, internal, internal-and-cloud-load-balancing map(string)
{
"run.googleapis.com/ingress": "all"
}
no
service_labels A set of key/value label pairs to assign to the service map(string) {} no
service_name The name of the Cloud Run service to create string n/a yes
template_annotations Annotations to the container metadata including VPC Connector and SQL. See more details map(string)
{
"autoscaling.knative.dev/maxScale": 2,
"autoscaling.knative.dev/minScale": 1,
"generated-by": "terraform",
"run.googleapis.com/client-name": "terraform"
}
no
template_labels A set of key/value label pairs to assign to the container metadata map(string) {} no
timeout_seconds Timeout for each request number 120 no
traffic_split Managing traffic routing to the service
list(object({
latest_revision = bool
percent = number
revision_name = string
}))
[
{
"latest_revision": true,
"percent": 100,
"revision_name": "v1-0-0"
}
]
no
verified_domain_name Custom Domain Name string "" no
volume_mounts [Beta] Volume Mounts to be attached to the container (when using secret)
list(object({
mount_path = string
name = string
}))
[] no
volumes [Beta] Volumes needed for environment variables (when using secret)
list(object({
name = string
secret = set(object({
secret_name = string
items = map(string)
}))
}))
[] no

Outputs

Name Description
domain_map_id Unique Identifier for the created domain map
domain_map_status Status of Domain mapping
location Location in which the Cloud Run service was created
project_id Google Cloud project in which the service was created
revision Deployed revision for the service
service_id Unique Identifier for the created service
service_name Name of the created service
service_status Status of the created service
service_url The URL on which the deployed service is available

Requirements

These sections describe requirements for using this module.

Software

Service Account

A service account can be used with required roles to execute this module:

  • Cloud Run Admin: roles/run.admin

Know more about Cloud Run Deployment Permissions.

The Project Factory module and the IAM module may be used in combination to provision a service account with the necessary roles applied.

APIs

A project with the following APIs enabled must be used to host the main resource of this module:

  • Google Cloud Run: run.googleapis.com
  • Serverless VPC Access (optional): vpcaccess.googleapis.com
  • Cloud SQL (optional): sqladmin.googleapis.com

Contributing

Refer to the contribution guidelines for information on contributing to this module.