Cloud Run management, with support for IAM roles and optional Eventarc trigger creation.
This Module tries to stay close to the low level provider resources they encapsulate.
An interface that combines management of one resource or set or resources, and the corresponding IAM bindings.
Authoritative IAM bindings are primarily used so that each module is authoritative for specific roles on the resources it manages, and can neutralize or reconcile IAM changes made elsewhere.
Specific modules also offer support for non-authoritative bindings, to allow granular permission management on resources that they don't manage directly.
-
Use GitHub sources with refs to reference the modules. See an example below:
module "my_cloud_run_service" { source = "github.com/HairstonSolutions/terraform-cloud-run?ref=v1.0.0" project = "my-project" }
This deploys a Cloud Run service and sets some environment variables.
module "cloud_run" {
source = "github.com/HairstonSolutions/terraform-cloud-run"
project = "my-project"
name = "hello"
containers = [{
image = "us-docker.pkg.dev/cloudrun/container/hello"
options = {
command = null
args = null
env = {
"VAR1": "VALUE1",
"VAR2": "VALUE2",
}
env_from = null
}
resources = null
volume_mounts = null
}]
}
# tftest modules=1 resources=1module "cloud_run" {
source = "github.com/HairstonSolutions/terraform-cloud-run"
project = "my-project"
name = "hello"
containers = [{
image = "us-docker.pkg.dev/cloudrun/container/hello"
options = {
command = null
args = null
env = null
env_from = {
"CREDENTIALS": {
name = "credentials"
key = "1"
}
}
}
resources = null
volume_mounts = null
}]
}
# tftest modules=1 resources=1module "cloud_run" {
source = "github.com/HairstonSolutions/terraform-cloud-run"
project = var.project
name = "hello"
region = var.region
revision_name = "green"
containers = [{
image = "us-docker.pkg.dev/cloudrun/container/hello"
options = null
resources = null
volume_mounts = {
"credentials": "/credentials"
}
}]
volumes = [
{
name = "credentials"
secret_name = "credentials"
items = [{
key = "1"
path = "v1.txt"
}]
}
]
}
# tftest modules=1 resources=1This deploys a Cloud Run service with traffic split between two revisions.
module "cloud_run" {
source = "github.com/HairstonSolutions/terraform-cloud-run"
project = "my-project"
name = "hello"
revision_name = "green"
containers = [{
image = "us-docker.pkg.dev/cloudrun/container/hello"
options = null
resources = null
volume_mounts = null
}]
traffic = {
"blue" = 25
"green" = 75
}
}
# tftest modules=1 resources=1This deploys a Cloud Run service that will be triggered when messages are published to Pub/Sub topics.
module "cloud_run" {
source = "github.com/HairstonSolutions/terraform-cloud-run"
project = "my-project"
name = "hello"
containers = [{
image = "us-docker.pkg.dev/cloudrun/container/hello"
options = null
resources = null
volume_mounts = null
}]
pubsub_triggers = [
"topic1",
"topic2"
]
}
# tftest modules=1 resources=3This deploys a Cloud Run service that will be triggered when specific log events are written to Google Cloud audit logs.
module "cloud_run" {
source = "github.com/HairstonSolutions/terraform-cloud-run"
project = "my-project"
name = "hello"
containers = [{
image = "us-docker.pkg.dev/cloudrun/container/hello"
options = null
resources = null
volume_mounts = null
}]
audit_log_triggers = [
{
service_name = "cloudresourcemanager.googleapis.com"
method_name = "SetIamPolicy"
}
]
}
# tftest modules=1 resources=2To use a custom service account managed by the module, set service_account_create to true and leave service_account set to null value (default).
module "cloud_run" {
source = "github.com/HairstonSolutions/terraform-cloud-run"
project = "my-project"
name = "hello"
containers = [{
image = "us-docker.pkg.dev/cloudrun/container/hello"
options = null
resources = null
volume_mounts = null
}]
service_account_create = true
}
# tftest modules=1 resources=2To use an externally managed service account, pass its email in service_account and leave service_account_create to false (the default).
module "cloud_run" {
source = "github.com/HairstonSolutions/terraform-cloud-run"
project = "my-project"
name = "hello"
containers = [{
image = "us-docker.pkg.dev/cloudrun/container/hello"
options = null
resources = null
volume_mounts = null
}]
service_account = "[email protected]"
}
# tftest modules=1 resources=1| name | description | type | required | default |
|---|---|---|---|---|
| containers | Containers. | list(object({…})) |
✓ | |
| name | Name used for cloud run service. | string |
✓ | |
| project | Project name used for all resources. | string |
✓ | |
| audit_log_triggers | Event arc triggers (Audit log). | list(object({…})) |
null |
|
| iam | IAM bindings for Cloud Run service in {ROLE => [MEMBERS]} format. | map(list(string)) |
{} |
|
| ingress_settings | Ingress settings. | string |
null |
|
| labels | Resource labels. | map(string) |
{} |
|
| prefix | Optional prefix used for resource names. | string |
null |
|
| pubsub_triggers | Eventarc triggers (Pub/Sub). | list(string) |
null |
|
| region | Region used for all resources. | string |
"europe-west1" |
|
| revision_annotations | Configure revision template annotations. | object({…}) |
null |
|
| revision_name | Revision name. | string |
null |
|
| service_account | Service account email. Unused if service account is auto-created. | string |
null |
|
| service_account_create | Auto-create service account. | bool |
false |
|
| traffic | Traffic. | map(number) |
null |
|
| volumes | Volumes. | list(object({…})) |
null |
|
| vpc_connector_create | Populate this to create a VPC connector. You can then refer to it in the template annotations. | object({…}) |
null |
| name | description | sensitive |
|---|---|---|
| service | Cloud Run service. | |
| service_account | Service account resource. | |
| service_account_email | Service account email. | |
| service_account_iam_email | Service account email. | |
| service_name | Cloud Run service name. | |
| vpc_connector | VPC connector resource if created. | |
| service_uri | Cloud Run service URI. |