A Terraform module for the Google Cloud Platform that simplifies the creation & configuration
of a Cloud Run (Fully Managed) service. This has been forked from garbetjie/terraform-google-cloud-run
This module is wrapper around the creation & configuration of Google Cloud Run (Fully managed) services, and provides sensible defaults for many of the options.
It attempts to be as complete as possible, and expose as much functionality as is available. As a result, some functionality might only be provided as part of BETA releases. Google's SLA support for this level of functionality is often not as solid as with Generally-Available releases. If you require absolute stability, this module might not be the best for you.
If your service requires the use of sensitive values, it is possible to store them in Google Secret Manager and reference those secrets in your service. This will prevent the values of those secrets from being exposed to anyone that might have access your service but not to the contents of the secrets.
Secrets can either be exposed as files through mounted volumes, or through environment variables. This can be configured
through the volumes and env input variables respectively.
Note: Environment variables using the latest secret version will not be updated when a new version is added. Volumes using the latest version will have their contents automatically updated to reflect the latest secret version.
Refer to https://cloud.google.com/run/docs/configuring/secrets for further reading on secrets in Cloud Run.
| Name | Version |
|---|---|
| terraform | >= 1.1 |
| terraform | >= 0.14 |
| >= 3.67.0 | |
| google-beta | >= 3.67.0 |
| Name | Version |
|---|---|
| >= 3.67.0 | |
| google-beta | >= 3.67.0 |
No modules.
| Name | Type |
|---|---|
| google-beta_google_cloud_run_service.default | resource |
| google_cloud_run_domain_mapping.domains | resource |
| google_cloud_run_service_iam_member.public_access | resource |
| Name | Description | Type | Default | Required |
|---|---|---|---|---|
| allow_public_access | Allow unauthenticated access to the service. | bool |
true |
no |
| args | Arguments to pass to the entrypoint. | list(string) |
[] |
no |
| cloudsql_connections | Cloud SQL connections to attach to container instances. | set(string) |
[] |
no |
| concurrency | Maximum allowed concurrent requests per container for this revision. | number |
null |
no |
| cpu_throttling | Configure CPU throttling outside of request processing. | bool |
true |
no |
| cpus | Number of CPUs to allocate per container. | number |
1 |
no |
| entrypoint | Entrypoint command. Defaults to the image's ENTRYPOINT if not provided. | list(string) |
[] |
no |
| env | Environment variables to inject into container instances. | set( |
[] |
no |
| execution_environment | Execution environment to run container instances under. | string |
"gen1" |
no |
| http2 | Enable use of HTTP/2 end-to-end. | bool |
false |
no |
| image | Docker image name. | string |
n/a | yes |
| ingress | Ingress settings for the service. Allowed values: ["all", "internal", "internal-and-cloud-load-balancing"] |
string |
"all" |
no |
| labels | Labels to apply to the service. | map(string) |
{} |
no |
| liveness_probe | Periodic probe of container liveness. Container will be restarted if the probe fails. More info: https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle#container-probes |
object({ |
null |
no |
| location | Location of the service. | string |
n/a | yes |
| map_domains | Domain names to map to the service. | set(string) |
[] |
no |
| max_instances | Maximum number of container instances allowed to start. | number |
1000 |
no |
| memory | Memory (in Mi) to allocate to containers. Minimum of 512Mi is required when execution_environment is "gen2". |
number |
256 |
no |
| min_instances | Minimum number of container instances to keep running. | number |
0 |
no |
| name | Name of the service. | string |
n/a | yes |
| port | Port on which the container is listening for incoming HTTP requests. | number |
8080 |
no |
| project | Google Cloud project in which to create resources. | string |
null |
no |
| revision | Revision name to use. When null, revision names are automatically generated. |
string |
null |
no |
| service_account_email | IAM service account email to assign to container instances. | string |
null |
no |
| startup_cpu_boost | Start containers faster by allocating more CPU during start-up time. | bool |
false |
no |
| startup_probe | Startup probe of application within the container. All other probes are disabled if a startup probe is provided, until it succeeds. Container will not be added to service endpoints if the probe fails. More info: https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle#container-probes |
object({ |
null |
no |
| timeout | Maximum duration (in seconds) allowed for responding to requests. | number |
60 |
no |
| volumes | Volumes to be mounted & populated from secrets. | set(object({ path = string, secret = string, versions = optional(map(string)) })) |
[] |
no |
| vpc_access | Control VPC access for the service. | object({ connector = optional(string), egress = optional(string) }) |
{ |
no |
| vpc_access_egress | Specify whether to divert all outbound traffic through the VPC, or private ranges only (Deprecated - use var.vpc_access.egress instead). |
string |
"private-ranges-only" |
no |
| vpc_connector_name | VPC connector to apply to this service (Deprecated - use var.vpc_access.connector instead). |
string |
null |
no |
| Name | Description |
|---|---|
| allow_public_access | Allow unauthenticated access to the service. |
| args | Arguments passed to the entrypoint. |
| cloudsql_connections | Cloud SQL connections attached to container instances. |
| concurrency | Maximum allowed concurrent requests per container for the created revision. |
| cpu_throttling | Configuration for CPU throttling outside of request processing. |
| cpus | Number of CPUs allocated per container. |
| cpus_suffixed | CPUs allocated per container, specified with the millicpu suffix (eg: "1000m" if var.cpus is 1). |
| dns | DNS records to populate for mapped domains. Keys are the domains that are mapped. |
| entrypoint | Entrypoint command used in the service. |
| env | Environment variables injected into container instances. |
| execution_environment | Execution environment container instances are running under. |
| http2 | Status of HTTP/2 end-to-end handling. |
| id | ID of the created service. |
| image | Docker image name. |
| ingress | Ingress settings applied to the service. |
| labels | Labels applied to the service. |
| latest_created_revision_name | Last revision created. |
| latest_ready_revision_name | Latest revision ready for use. |
| location | Location of the service. |
| map_domains | Domain names mapped to the service. |
| max_instances | Maximum number of container instances allowed to start. |
| memory | Memory (in Mi) allocated to container instances. |
| memory_suffixed | Memory allocated to containers instances, with the relevant suffix (eg: "256Mi" if var.memory is 256). |
| min_instances | Minimum number of container instances to keep running. |
| name | Name of the service. |
| port | Port on which the container is listening for incoming HTTP requests. |
| project | Google Cloud project in which resources were created. |
| revision | Revision name that was created. |
| service_account_email | IAM service account email to assigned to container instances. |
| timeout | Maximum duration (in seconds) allowed for responding to requests. |
| url | URL at which the service is available. |
| volumes | Secrets mounted as volumes into the service. |
| vpc_access | VPC access configuration. |