This module handles the basic deployment of containerized applications on Cloud Run, along with domain mapping and IAM policy for the service.
The resources/services/activations/deletions that this module will create/trigger are:
- Creates a Cloud Run service with provided name and container
- Creates Domain mapping for the deployed service
- Applies IAM roles
This module assumes that below mentioned prerequisites are in place before consuming the module.
- All required APIs are enabled in the GCP Project
- Cloud SQL (optional)
- VPC Connector (optional)
- Environment Variables in Secret Manager (optional)
Basic usage of this module is as follows:
module "cloud_run" {
source = "terraform-google-modules/terraform-google-cloud-run/google"
version = "~> 0.0.1"
service_name = "<SERVICE NAME>"
project_id = "<PROJECT ID>"
location = "<LOCATION>"
requests = {
cpu = "500m"
memory = "128Mi"
}
}
Name | Description | Type | Default | Required |
---|---|---|---|---|
argument | Arguments passed to the ENTRYPOINT command | list(string) |
[] |
no |
certificate_mode | The mode of the certificate | string |
"NONE" |
no |
container_command | Leave blank to use the ENTRYPOINT command defined in the container image | list(string) |
[] |
no |
container_concurrency | Concurrent request limits to the service | number |
0 |
no |
domain_map_annotations | Annotations to the domain map | map(string) |
{} |
no |
domain_map_labels | A set of key/value label pairs to assign to the Domain mapping | map(string) |
{} |
no |
env_secret_vars | [Beta] Environment variables (Secret Manager) | list(object({ |
[] |
no |
env_vars | Environment variables (cleartext) | list(object({ |
[] |
no |
force_override | Option to force override existing mapping | bool |
false |
no |
generate_revision_name | Option to enable revision name generation | bool |
true |
no |
image | GCR hosted image URL to deploy | string |
n/a | yes |
limits | Resource limits to the container | map(string) |
{} |
no |
location | Cloud Run service deployment location | string |
n/a | yes |
members | Users/SAs to be given access to the service | list(string) |
[] |
no |
ports | Port which the container listens to | object({ |
{ |
no |
project_id | The project ID to deploy to | string |
n/a | yes |
requests | Resource requests to the container | map(string) |
{} |
no |
roles | Roles to be provisioned for the members | list(string) |
[] |
no |
service_account_email | Service Account email needed for the service | string |
null |
no |
service_annotations | Annotations to the service | map(string) |
{ |
no |
service_labels | A set of key/value label pairs to assign to the service | map(string) |
{} |
no |
service_name | The name of the Cloud Run service to create | string |
n/a | yes |
template_annotations | Annotations to the container metadata | map(string) |
{ |
no |
template_labels | A set of key/value label pairs to assign to the container metadata | map(string) |
{} |
no |
timeout_seconds | Timeout for each request | number |
120 |
no |
traffic_split | Managing traffic routing to the service | list(object({ |
[ |
no |
verified_domain_name | Custom Domain Name | string |
null |
no |
volume_mounts | [Beta] Volume Mounts to be attached to the container (when using secret) | list(object({ |
[] |
no |
volumes | [Beta] Volumes needed for environment variables (when using secret) | list(object({ |
[] |
no |
Name | Description |
---|---|
domain_map_id | Unique Identifier for the created domain map |
domain_map_status | Status of Domain mapping |
location | Location in which the Cloud Run service was created |
project_id | Google Cloud project in which the service was created |
revision | Deployed revision for the service |
service_id | Unique Identifier for the created service |
service_name | Name of the created service |
service_status | Status of the created service |
service_url | The URL on which the deployed service is available |
These sections describe requirements for using this module.
The following dependencies must be available:
- [Terraform][terraform] v0.13+
- [Terraform Provider for GCP][terraform-provider-gcp] plugin v3.53+
A user managed service account can be used with required roles to deploy and access other resources from Cloud Run service:
- GKE Admin:
roles/container.admin
- Storage Admin:
roles/storage.admin
Note: In order to deploy a service with a user-managed service account, the user deploying the service must have the iam.serviceAccounts.actAs
permission on that service account.
A project with the following APIs enabled must be used to host the main resource of this module:
- Google Cloud Run:
run.googleapis.com
- Serverless VPC Access (optional):
vpcaccess.googleapis.com
- Cloud SQL (optional):
sqladmin.googleapis.com
The [Project Factory module][project-factory-module] and the [IAM module][iam-module] may be used in combination to provision a service account with the necessary roles applied.
Refer to the contribution guidelines for information on contributing to this module.