Newer
Older
# Cloud Run service variables
variable "name" {
description = "Prefix used to form resource names."
type = string
default = "webapp"
validation {
condition = length(var.name) <= 18
error_message = "var.name cannot be greater than 18 characters."
}
}
variable "region" {
description = "Location used to create Cloud Run service and other resources."
type = string
}
variable "description" {
description = "A description for the Cloud Run service."
type = string
default = null
}
variable "project" {
description = "Project containing the webapp."
variable "service_labels" {
A set of key/value label pairs to assign to the Cloud Run service.
type = map(string)
default = {}
variable "service_annotations" {
description = <<EOI
Map containing additional annotations to be added to the Cloud Run service
itself.
EOI
type = map(string)
default = {}
variable "ingress" {
description = <<EOI
The ingress setting for the Cloud Run service. Possible values are
INGRESS_TRAFFIC_ALL, INGRESS_TRAFFIC_INTERNAL_ONLY, and
INGRESS_TRAFFIC_INTERNAL_LOAD_BALANCER.
EOI
variable "launch_stage" {
description = <<EOI
The launch stage for the Cloud Run service. Possible values are UNIMPLEMENTED,
PRELAUNCH, EARLY_ACCESS, ALPHA, BETA, GA, and DEPRECATED.
EOI
# Template block variables
variable "revision" {
The unique name for the revision. If this field is omitted, it will be
automatically generated based on the Service name.
type = string
default = null
variable "template_labels" {
A set of key/value label pairs to assign to the Cloud Run service revision.
type = map(string)
default = {}
variable "template_annotations" {
Map containing additional annotations to be added to the Cloud Run service
template.
type = map(string)
default = {}
variable "timeout_seconds" {
The maximum duration, in seconds, the instance is allowed for responding to a
request. Maximum is 900s.
variable "execution_environment" {
description = <<EOI
The sandbox environment to host this revision. Possible values are
EXECUTION_ENVIRONMENT_GEN1, and EXECUTION_ENVIRONMENT_GEN2.
EOI
type = string
default = "EXECUTION_ENVIRONMENT_GEN1"
variable "encryption_key" {
description = <<EOI
The ID of a customer managed encryption key (CMEK) to use to encrypt this
container image.
EOI
type = string
variable "max_instance_request_concurrency" {
Roy Harrington
committed
description = <<EOI
Sets the maximum number of requests that each serving instance can receive.
Roy Harrington
committed
EOI
Roy Harrington
committed
default = null
}
variable "session_affinity" {
Enables session affinity. For more information, go to
https://cloud.google.com/run/docs/configuring/session-affinity.
EOI
variable "scaling" {
description = <<EOI
The minimum number of auto-scaled instances defaults to 0, thus, the container
will stop if it doesn't receive requests for a period of time and the
following request will make the container start from cold. This should be
carefully considered for containers that take a significant amount of time
starting from cold.
For a container with N-workers, the maximum number of auto-scaled instances
should be less than 1/N of the maximum connection count for the Cloud SQL
instance.
EOI
type = object({
min_instance_count = optional(number)
max_instance_count = optional(number)
})
default = null
variable "vpc_access" {
description = <<EOI
Configure VPC access for the Cloud Run service. For more information on these
options see
https://registry.terraform.io/providers/hashicorp/google/latest/docs/resources/cloud_run_v2_service#nested_vpc_access
EOI
type = object({
connector = optional(string)
egress = optional(string)
network_interfaces = optional(object({
network = optional(string)
subnetwork = optional(string)
tags = optional(string)
}))
})
default = null
description = <<EOI
Configure one or more container instances for the service. See
https://registry.terraform.io/providers/hashicorp/google/latest/docs/resources/cloud_run_v2_service#nested_containers
for information on the available arguments.
EOI
179
180
181
182
183
184
185
186
187
188
189
190
191
192
193
194
195
196
197
198
199
200
201
202
203
204
205
206
207
208
209
210
211
212
213
214
215
216
217
218
219
220
221
222
223
224
225
226
227
228
229
230
231
232
233
234
235
236
237
238
239
240
241
242
243
244
245
246
247
type = map(object({
name = optional(string)
image = string
command = optional(list(string))
args = optional(list(string))
env = optional(list(object({
name = string
value = optional(string)
value_source = optional(object({
secret_key_ref = optional(object({
secret = string
version = optional(string, "latest")
}))
}))
})), [])
resources = optional(object({
limits = optional(map(string))
cpu_idle = optional(bool)
startup_cpu_boost = optional(bool)
}))
ports = optional(list(object({
name = optional(string)
container_port = optional(number)
})), [])
volume_mounts = optional(list(object({
name = string
mount_path = string
})), [])
working_dir = optional(string)
liveness_probe = optional(object({
initial_delay_seconds = optional(number)
timeout_seconds = optional(number)
period_seconds = optional(number)
failure_threshold = optional(number)
http_get = optional(object({
path = optional(string)
port = optional(number)
http_headers = optional(list(object({
name = string
value = optional(string)
})), [])
}))
grpc = optional(object({
port = optional(number)
service = optional(string)
}))
}))
startup_probe = optional(object({
initial_delay_seconds = optional(number)
timeout_seconds = optional(number)
period_seconds = optional(number)
failure_threshold = optional(number)
http_get = optional(object({
path = optional(string)
port = optional(number)
http_headers = optional(list(object({
name = string
value = optional(string)
})), [])
}))
tcp_socket = optional(object({
port = number
}))
grpc = optional(object({
port = optional(number)
service = optional(string)
}))
}))
}))
}
variable "volumes" {
description = <<EOI
Configure one or more volumes for the service. See
https://registry.terraform.io/providers/hashicorp/google/latest/docs/resources/cloud_run_v2_service#nested_volumes
for more information on these options.
EOI
type = list(object({
name = string
secret = optional(object({
secret = string
default_mode = optional(number)
items = optional(list(object({
path = string
version = optional(string)
mode = optional(number)
})), [])
}))
cloud_sql_instance = optional(object({
instances = optional(list(string))
}))
}))
default = []
variable "traffic" {
description = <<EOI
Configure traffic allocation between one or more service revisions.
EOI
type = list(object({
type = optional(string)
revision = optional(string)
percent = optional(number)
tag = optional(string)
}))
default = []
variable "mount_cloudsql_instance" {
description = <<EOI
Mount a single CloudSQL instance in each container for the service. This value
should be the Cloud SQL instance connection name, for example
"example-devel-e662dd2b:europe-west2:sql-6e1dd60b". This is a convenience
variable to simplify mounting a single Cloud SQL instance. If you require more
control you can define one or more Cloud SQL mounts directly using
var.containers and var.volumes instead.
EOI
variable "sql_instance_project" {
description = "Project containing SQL instance. Defaults to var.project."
variable "grant_sql_client_role_to_webapp_sa" {
description = <<EOI
When set to true the roles/cloudsql.client role will be granted to the webapp
service account at the project level to allow it to connect to Cloud SQL.
EOI
type = bool
default = false
variable "allow_unauthenticated_invocations" {
description = <<EOI
If true, the webapp will allow unauthenticated invocations. If false, the
webapp requires authentication as a Google user with the Cloud Run invoker
permission on the deployment.
# Load Balancer variables
variable "enable_load_balancer" {
default = false
description = <<EOI
Whether to configure a load balancer or use the default run.app generated
hostname.
EOI
type = map(string)
default = {}
DNS names to configure for the web application. Note that DNS records are
_NOT_ created, they are used in the load balancer module to ensure the SSL
certificate is generated with the required SANs. The map's keys are arbitrary
and are only required to avoid errors when the DNS name is a value which
Terraform does not know until after the apply operation.
For example:
{ my_awesome_dns_name = "awesome.example.com" }
}
variable "use_ssl_certificates" {
type = bool
default = false
description = <<EOI
Whether to use the custom TLS certs in var.ssl_certificates for the load
balancer or the Google-managed certs for the specified var.dns_names.
EOI
type = list(any)
default = []
A list of self-links to any custom TLS certificates to add to the load
balancer. Requires that var.use_load_balancer be "true". The self-link is
available as the "self_link" attribute of "google_compute_ssl_certificate"
resources.
EOI
default = null
description = <<EOI
By default, the google_compute_ssl_policy.default SSL policy is applied to the
load balancer in load_balancer.tf. This sets the SSL profile to MODERN and
restricts TLS to >= 1.2. If a different SSL policy is required, it should be
created outside of this module and its ID passed through using this variable.
EOI
variable "enable_ipv6" {
type = bool
default = false
description = "Whether to enable IPv6 address on the CDN load-balancer."
}
variable "create_ipv6_address" {
type = bool
default = false
description = <<EOI
Allocate an IPv6 address to the load balancer if var.enable_ipv6 is true.
EOI
398
399
400
401
402
403
404
405
406
407
408
409
410
411
412
413
414
415
416
417
418
419
420
421
422
423
424
425
426
427
428
429
430
431
432
433
434
435
436
437
438
439
440
441
442
443
444
445
446
447
448
449
450
451
452
453
454
455
456
457
458
459
460
461
462
463
464
465
# Cloud Run pre-deploy job variables
variable "enable_pre_deploy_job" {
description = <<EOI
Configure a Cloud Run Job to be executed *before* the main Cloud Run service
is deployed. This is useful for running database migrations for example.
EOI
type = bool
default = false
}
variable "pre_deploy_job_trigger" {
description = <<EOI
When true, the pre-deploy Cloud Run job is executed via a
null_resource-triggered gcloud command whenever Terraform detects that
var.pre_deploy_job_container.image has changed.
EOI
type = bool
default = true
}
variable "pre_deploy_job_force" {
description = <<EOI
When true, and only when used in addition to var.pre_deploy_job_trigger, the
pre-deploy Cloud Run job is executed at every terraform apply, regardless of
# the status of var.pre_deploy_job_container.image.
EOI
type = bool
default = false
}
variable "pre_deploy_job_labels" {
description = <<EOI
Map of key/value pairs containing labels to assign to the pre-deploy Cloud Run
job.
EOI
type = map(string)
default = null
}
variable "pre_deploy_job_annotations" {
description = <<EOI
Map of key/value pairs containing annotations to assign to the pre-deploy Cloud
Run job.
EOI
type = map(string)
default = null
}
variable "pre_deploy_job_parallelism" {
description = <<EOI
Specifies the maximum desired number of tasks the execution should run at
given time.
EOI
type = number
default = null
}
variable "pre_deploy_job_task_count" {
description = "Specifies the desired number of tasks the execution should run."
type = number
default = null
}
variable "pre_deploy_job_launch_stage" {
description = <<EOI
The launch stage for the pre-deploy Cloud Run job. Possible values are UNIMPLEMENTED,
PRELAUNCH, EARLY_ACCESS, ALPHA, BETA, GA, and DEPRECATED.
EOI
default = "GA"
}
variable "pre_deploy_job_container" {
Configure the container instance for the pre-deploy job. See
https://registry.terraform.io/providers/hashicorp/google/latest/docs/resources/cloud_run_v2_job#nested_containers
for more information on these options.
476
477
478
479
480
481
482
483
484
485
486
487
488
489
490
491
492
493
494
495
496
497
498
499
500
501
502
503
504
type = object({
name = optional(string)
image = optional(string)
command = optional(list(string))
args = optional(list(string))
env = optional(list(object({
name = string
value = optional(string)
value_source = optional(object({
secret_key_ref = optional(object({
secret = string
version = optional(string, "latest")
}))
}))
})), [])
resources = optional(object({
limits = optional(map(string))
}))
ports = optional(list(object({
name = optional(string)
container_port = optional(number)
})), [])
volume_mounts = optional(list(object({
name = string
mount_path = string
})), [])
working_dir = optional(string)
})
default = null
507
508
509
510
511
512
513
514
515
516
517
518
519
520
521
522
523
524
525
526
527
528
529
530
531
532
533
534
535
536
537
538
539
540
541
variable "pre_deploy_job_volumes" {
description = <<EOI
Configure one or more volumes for the pre-deploy job. See
https://registry.terraform.io/providers/hashicorp/google/latest/docs/resources/cloud_run_v2_job#nested_volumes
for more information on these options.
EOI
type = list(object({
name = string
secret = optional(object({
secret = string
default_mode = optional(number)
items = optional(list(object({
path = string
version = optional(string)
mode = optional(number)
})), [])
}))
cloud_sql_instance = optional(object({
instances = optional(list(string))
}))
}))
default = []
}
variable "pre_deploy_job_timeout" {
description = "Configure a timeout, in seconds, for the pre-deploy job."
type = string
default = null
}
variable "pre_deploy_job_execution_environment" {
description = <<EOI
The execution environment to host this task. Possible values are
EXECUTION_ENVIRONMENT_GEN1, and EXECUTION_ENVIRONMENT_GEN2
EOI
default = "EXECUTION_ENVIRONMENT_GEN2"
}
variable "pre_deploy_job_encryption_key" {
The ID of a customer managed encryption key (CMEK) to use to encrypt this
container image.
type = string
default = null
555
556
557
558
559
560
561
562
563
564
565
566
567
568
569
570
571
572
573
574
575
576
577
578
579
580
581
582
583
584
585
586
587
588
589
590
591
592
593
594
595
variable "pre_deploy_job_vpc_access" {
description = <<EOI
Configure VPC access for the pre-deploy job. See
https://registry.terraform.io/providers/hashicorp/google/latest/docs/resources/cloud_run_v2_job#nested_vpc_access
for more information on these options.
EOI
type = object({
connector = optional(string)
egress = optional(string)
network_interfaces = optional(object({
network = optional(string)
subnetwork = optional(string)
tags = optional(string)
}))
})
default = null
}
variable "pre_deploy_job_max_retries" {
description = "Configure the maximum number of retries for the pre-deploy job."
type = number
default = null
}
variable "pre_deploy_job_mount_cloudsql_instance" {
description = <<EOI
Mount a CloudSQL instance in the pre-deploy job container. This is a
convenience variable to simplify mounting a Cloud SQL instance. However, if
you require more control over this you should define it directly in
var.pre_deploy_job_container instead.
EOI
type = string
default = null
}
# Monitoring and alerting
variable "monitoring_scoping_project" {
description = <<EOI
The ID of a Cloud Monitoring scoping project to create monitoring resources
in. If omitted, var.project will be used instead.
EOI
default = null
}
variable "enable_alerting" {
type = bool
default = true
description = "Enable alerting policies."
variable "alerting_notification_channels" {
default = []
type = list(string)
description = <<EOI
A list of notification channel IDs to send uptime alerts to. The format for
the channel IDs should be
"projects/[PROJECT_ID]/notificationChannels/[CHANNEL_ID]".
EOI
}
variable "alerting_uptime_timeout" {
default = "30s"
type = string
description = "Timeout for http polling."
}
variable "alerting_uptime_period" {
type = string
default = "300s"
description = "Frequency of uptime checks"
}
variable "alerting_success_threshold_percent" {
type = number
default = 75
description = <<EOI
If the percentage of successful uptime checks within the given uptime period
falls below this, an alert will be triggered. Set to 100 to trigger an alert
if any uptime check fails, set to a lower number to tolerate failures without
alerting.
Experience has taught us that uptime checks can fail semi-regularly due to
transient problems outside our control, therefore we allow some leeway before
triggering an alert.
EOI
variable "enable_monitoring" {
default = false
description = <<EOI
Optional. If true, create uptime and SSL expiry checks.
Note that this is different from not specifying an alerting email address. If
no alerting email address is specified the uptime checks are still created,
they just don't alert if they fail.
EOI
Dr Abraham Martin
committed
variable "monitoring_path" {
type = string
default = "/"
description = "Path component of url to be monitored."
Dr Abraham Martin
committed
}
# Service account variables
variable "service_account_id" {
default = ""
description = <<EOI
A service account is always created for the web application. If non-empty this
variable overrides the default service account id. The default id is formed
from the "name" variable value with "-run" appended.
EOI
variable "service_account_display_name" {
default = ""
type = string
description = <<EOI
If non-empty, override the default display name of the webapp service account.
EOI
variable "enable_static_egress_ip" {
default = false
description = <<EOI
Whether to assign a static ip for egress from this cloud run instance. If
enabled, the "vpcaccess.googleapis.com" API must also be enabled on the
project.
EOI
}
variable "static_egress_ip_cidr_range" {
default = "10.124.0.0/28"
description = <<EOI
The cidr range used to create a subnet that this cloud run will use if assigned
a static ip
EOI
# tflint-ignore: terraform_unused_declarations
variable "static_egress_ip_subnetwork_id" {
description = <<EOI
When using an existing VPC Access Connector with the static egress IP
configuration an existing subnetwork must be provided.
EOI
variable "min_ports_per_vm" {
default = 64
type = number
description = <<EOI
When using Cloud NAT to provide an egress route, Cloud NAT's minimum ports per
VM can be configured to determine how many concurrent connections can be
established to the same destination IP address and port.
EOI
variable "vpc_access_connector_max_throughput" {
type = number
default = 300
description = <<EOI
Optional. The maximum throughput of the connector in megabytes per second.
Defaults to 300.
EOI