FAQ | This is a LIVE service | Changelog

Skip to content
Snippets Groups Projects
Normal view Permalink
main.tf 4.55 KiB
Newer Older
Dr Abraham Martin's avatar
GCP Cloud Run manager terraform module
Dr Abraham Martin committed
1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 27 28 29 30 31 32 33 34 35 36 37 38 39 
# main.tf configures top-level resources

# A service account which the webapp runs in the context of.
resource "google_service_account" "webapp" {
  project      = var.project
  account_id   = "webapp-run"
  display_name = "Web application Cloud Run service account"
}

# The webapp service account has the ability to connect to the SQL instance.
resource "google_project_iam_member" "webapp_sql_client" {
  project = local.sql_instance_project
  role    = "roles/cloudsql.client"
  member  = "serviceAccount:${google_service_account.webapp.email}"
}

# A Cloud Run service which hosts the webapp

resource "random_id" "webapp_revision_name" {
  byte_length = 4
  prefix      = "${var.name}-"
}

resource "google_cloud_run_service" "webapp" {
  name     = var.name
  location = var.cloud_run_region
  project  = var.project

  template {
    metadata {
      annotations = {
        # Maximum number of auto-scaled instances.  For a container with
        # N-workers, maxScale should be less than 1/N of the maximum connection
        # count for the Cloud SQL instance.
        "autoscaling.knative.dev/maxScale" = var.max_scale

        # Cloud SQL instances to auto-magically make appear in the container as
        # Unix sockets.
        "run.googleapis.com/cloudsql-instances" = var.sql_instance_connection_name
Robin Goodall's avatar
add placeholders and ignore metadata name change  
Robin Goodall committed
40 41 42 43 44 45 46 

        # As mentioned at https://www.terraform.io/docs/configuration/resources.html#ignore_changes
        # placeholders need to be created as the adding the key to the map is
        # considered a change and not ignored by ignore_changes
        "client.knative.dev/user-image"     = "placeholder"
        "run.googleapis.com/client-name"    = "placeholder"
        "run.googleapis.com/client-version" = "placeholder"
Dr Abraham Martin's avatar
GCP Cloud Run manager terraform module
Dr Abraham Martin committed
47 48 49 50 51 52 53 54 55 56 57 58 59 60 61 62 63 64 65 66 67 68 69 70 71 72 73 74 75 76 77 78 79 80 81 82 83 84 85 86 87 88 89 90 91 92 93 94 95 96 97 98 
      }

      # See the README for information on this.
      name = random_id.webapp_revision_name.hex
    }

    spec {
      # Maximum number of concurrent requests to an instance before it is
      # auto-scaled. For webapps which use connection pooling, it should be safe
      # to set this number without regard to the connection limit of the Cloud
      # SQL instance. This can be no greater than 80.
      #
      # See https://cloud.google.com/run/docs/about-concurrency.
      container_concurrency = var.container_concurrency

      service_account_name = google_service_account.webapp.email

      containers {
        # This is a bootstrap container image. The real image is deployed by
        # Gitlab CI.
        image = "gcr.io/cloudrun/hello:latest"

        resources {
          limits = {
            cpu    = var.cpu_limit
            memory = var.memory_limit
          }
        }

        dynamic "env" {
          for_each = var.environment_variables
          content {
            name  = env.key
            value = env.value
          }
        }
      }
    }
  }

  traffic {
    percent         = 100
    latest_revision = true
  }

  lifecycle {
    ignore_changes = [
      # Which image is deployed to the container will be updated by GitLab CI.
      # As such, don't view changes to the container image as requiring the
      # resource be updated.
      template[0].spec[0].containers[0].image,
Robin Goodall's avatar
add placeholders and ignore metadata name change  
Robin Goodall committed
99 100 101 
      # Also the name of the revision will change with each CI deployment
      template[0].metadata[0].name,
Dr Abraham Martin's avatar
GCP Cloud Run manager terraform module
Dr Abraham Martin committed
102 103 104 105 106 107 108 109 110 111 
      # Some common annotations which we don't care about.
      template[0].metadata[0].annotations["client.knative.dev/user-image"],
      template[0].metadata[0].annotations["run.googleapis.com/client-name"],
      template[0].metadata[0].annotations["run.googleapis.com/client-version"],
    ]
  }
}

# Allow unauthenticated invocations for the webapp.
resource "google_cloud_run_service_iam_member" "webapp_all_users_invoker" {
Dr Abraham Martin's avatar
Code Review changes  
Dr Abraham Martin committed
112 
  count    = var.allow_unauthenticated_invocations ? 1 : 0
Dr Abraham Martin's avatar
GCP Cloud Run manager terraform module
Dr Abraham Martin committed
113 114 115 116 117 118 119 
  location = google_cloud_run_service.webapp.location
  project  = google_cloud_run_service.webapp.project
  service  = google_cloud_run_service.webapp.name
  role     = "roles/run.invoker"
  member   = "allUsers"
}
Dr Rich Wareham's avatar
Add optional domain mapping  
Dr Rich Wareham committed
120 121 
# Domain mapping for default web-application. Only present if the domain is
# verified. We use the custom DNS name of the webapp if provided but otherwise
Dr Rich Wareham's avatar
fix some typos and clarify domain verification requirement [REVIEW]  
Dr Rich Wareham committed
122 
# the webapp is hosted at [SERVICE NAME].[PROJECT DNS ZONE]. We can't create
Dr Rich Wareham's avatar
Add optional domain mapping  
Dr Rich Wareham committed
123 124 125 126 127 128 129 130 131 132 133 134 135 136 137 138 139 140 
# the domain mapping if the domain is *not* verified because Google won't let
# us.
resource "google_cloud_run_domain_mapping" "webapp" {
  count = local.domain_mapping_present ? 1 : 0

  location = var.cloud_run_region

  name = var.dns_name

  metadata {
    # For managed Cloud Run, the namespace *must* be the project name.
    namespace = var.project
  }

  spec {
    route_name = google_cloud_run_service.webapp.name
  }
}