FAQ | This is a LIVE service | Changelog

Skip to content
Snippets Groups Projects
variables.tf 7.64 KiB
Newer Older
# variables.tf defines inputs for the module

variable "project" {
  description = "Project containing the webapp."

variable "name" {
  description = "Prefix used for form resource names"
  default     = "webapp"

variable "sql_instance_project" {
  description = "Project containing SQL instance. Defaults to var.project."
  default     = ""

variable "sql_instance_connection_name" {
  description = "SQL instance connection name"

variable "cloud_run_region" {
  description = "Override region used to create Cloud Resources"
  default     = ""

variable "environment_variables" {
  description = "Environment variables which should be set on the service. Map from name to value."
  default     = {}

variable "min_scale" {
  description = <<EOI
Minimum number of auto-scaled instances. Defaults to 0, thus, the container will stop
if it doesn't receive requests for a period of time and the following request will make
the container start from cold.
This should be carefully considered for containers that take a significant amount of
time starting from cold.
  default     = 0

variable "max_scale" {
  description = "Maximum number of auto-scaled instances. For a container with N-workers, maxScale should be less than 1/N of the maximum connection count for the Cloud SQL instance."

variable "container_concurrency" {
  description = "Maximum number of concurrent requests to an instance before it is auto-scaled. Defaults to 80 which is the maximum that Cloud Run allows"
  default     = "80"

variable "cpu_limit" {
Dr Abraham Martin's avatar
Dr Abraham Martin committed
  description = "CPU limit for the deployed container. Defaults to 1 CPU, '1000m'."
  default     = "1000m"

variable "memory_limit" {
Dr Abraham Martin's avatar
Dr Abraham Martin committed
  description = "Memory limit for the deployed container. Defaults to 512 MB, '512M'."
variable "timeout_seconds" {
  description = "The maximum duration, in seconds, the instance is allowed for responding to a request. Default to 300. Maximum is 900."
  default     = 300

Dr Abraham Martin's avatar
Dr Abraham Martin committed
variable "allow_unauthenticated_invocations" {
  description = <<EOI
If true, the webapp will allow unauthenticated invocations. If false, the webapp requires authentication
as a Google user with the Cloud Run invoker permission on the deployment.
  type        = bool
  default     = true

variable "dns_name" {
  description = <<EOI
If non-empty, a domain mapping will be created for the webapp from this domain
to point to the webapp. The domain must first have been verified by Google and
the account being used by the google provider must have been added as an owner.

If and only if a domain mapping has been created, the
"domain_mapping_resource_record" output will be a non-empty map and the
"domain_mapping_present" output will be true.
  default     = ""

variable "service_account_id" {
  default     = ""
  description = <<EOI
A service account is always created for the web application. If non-empty this
variable overrides the default service account id. The default id is formed
from the "name" variable value with "-run" appended.

variable "service_account_display_name" {
  default     = ""
  description = <<EOI
If non-empty, override the default display name of the webapp service account.
Paul Rudin's avatar
Paul Rudin committed

variable "alerting_email_address" {
  default     = ""
  type        = string
  description = <<EOT
Email address for basic uptime alerts. If empty (the default) no alerting will be configured. Otherwise note that the project must be in a Stackdriver monitoring workspace and this must be configured manually (no terraform support).

variable "alerting_uptime_timeout" {
  default     = "30s"
  type        = string
  description = "timeout for http polling"

variable "alerting_uptime_period" {
  type        = string
  default     = "300s"
  description = "Frequency of uptime checks"

variable "alerting_success_threshold_percent" {
  type        = number
  default     = 75
  description = <<EOT
If the percentage of successful uptime checks within the given uptime period falls below
this, an alert will be triggered. Set to 100 to trigger an alert if any uptime check fails,
set to a lower number to tolerate failures without alerting.

Experience has taught us that uptime checks can fail semi-regularly due to transient
problems outside our control, therefore we allow some leeway before triggering an alert.

Paul Rudin's avatar
Paul Rudin committed
variable "alerting_enabled" {
  type        = bool
  default     = true
Paul Rudin's avatar
Paul Rudin committed
  description = "Whether alerting policy is enabled"

variable "monitoring_path" {
  type        = string
  default     = "/"
  description = "path component of url to be monitored"

variable "allowed_ingress" {
  description = <<EOL
    Specify the allowed ingress to the service. Should be one of:
    "all", "internal" or "internal-and-cloud-load-balancing".
    Setting this to a value other than "all" implies that the service will be
    moved to the "beta" launch stage. See

variable "service_annotations" {
  type        = map(string)
  default     = {}
  description = <<EOL
    Map containing additional annotations to be added to the Cloud Run service

variable "template_annotations" {
  type        = map(string)
  default     = {}
  description = <<EOL
    Map containing additional annotations to be added to the Cloud Run service
variable "enable_beta_launch_stage" {
  default     = false
  description = "Force use of the 'BETA' launch stage for the service."

variable "disable_monitoring" {
  default     = false
  description = <<-EOL
    Optional. If true, do not create uptime checks. This is useful if, for
    example, the service is configured to require authenticated invocations.

    Note that this is different from not specifying an alerting email address.
    If no alerting email address is specified the uptime checks are still
    created, they just don't alert if they fail.
Monty Dawson's avatar
Monty Dawson committed

variable "enable_static_egress_ip" {
  default     = false
Monty Dawson's avatar
Monty Dawson committed
  description = <<-EOL
    Whether to assign a static ip for egress from this cloud run instance. If enabled the
    service "vpcaccess.googleapis.com" must also be enabled on the project.

variable "static_egress_ip_cidr_range" {
  default     = ""
  description = "The cidr range used to create a subnet that this cloud run will use if assigned a static ip"

variable "secrets_volume" {
  type = list(object({
    name    = string # name of the file that is going to be mounted
    path    = string # name of the directory of the volume mount. e.g. "/secrets". Must be unique for each secret.
    id      = string # id of the GCP Cloud Secret Manager secret
    version = string # version of the GCP Cloud Secret Manager secret, defaults to "latest" if empty

  default     = []
  description = <<-EOL
    Optional. If containing a list of maps specifying a Secret Manager secret ID,
    a name and a secret version, will create named files from the secrets.

variable "secrets_envars" {
  type = list(object({
    name    = string # name of the environment variables
    id      = string # id of the GCP Cloud Secret Manager secret
    version = string # version of the GCP Cloud Secret Manager secret, defaults to "latest" if empty

  default     = []
  description = <<-EOL
    Optional. If containing a list of maps specifying a Secret Manager secret ID,
    a name and a secret version, will create named environment variables from the

variable "image_name" {
  type        = string
  default     = ""
  description = <<-EOL
    Optional. The docker image that will be deployed. If unset, the value of
    existing_image_name is preferred.