# variables.tf defines inputs for the module
variable "project" {
description = "Project containing the webapp."
}
variable "name" {
description = "Prefix used for form resource names"
default = "webapp"
}
variable "sql_instance_project" {
description = "Project containing SQL instance. Defaults to var.project."
default = ""
}
variable "sql_instance_connection_name" {
description = "SQL instance connection name"
default = ""
}
variable "cloud_run_region" {
description = "Override region used to create Cloud Resources"
default = ""
}
variable "environment_variables" {
description = "Environment variables which should be set on the service. Map from name to value."
default = {}
}
variable "min_scale" {
description = <<EOI
Minimum number of auto-scaled instances. Defaults to 0, thus, the container will stop
if it doesn't receive requests for a period of time and the following request will make
the container start from cold.
This should be carefully considered for containers that take a significant amount of
time starting from cold.
EOI
default = 0
}
variable "max_scale" {
description = "Maximum number of auto-scaled instances. For a container with N-workers, maxScale should be less than 1/N of the maximum connection count for the Cloud SQL instance."
}
variable "container_concurrency" {
description = "Maximum number of concurrent requests to an instance before it is auto-scaled. Defaults to 80 which is the maximum that Cloud Run allows"
default = "80"
}
variable "cpu_limit" {
description = "CPU limit for the deployed container. Defaults to 1 CPU, '1000m'."
default = "1000m"
}
variable "memory_limit" {
description = "Memory limit for the deployed container. Defaults to 512 MB, '512M'."
default = "512M"
}
variable "timeout_seconds" {
description = "The maximum duration, in seconds, the instance is allowed for responding to a request. Default to 300. Maximum is 900."
default = 300
}
variable "allow_unauthenticated_invocations" {
description = <<EOI
If true, the webapp will allow unauthenticated invocations. If false, the webapp requires authentication
as a Google user with the Cloud Run invoker permission on the deployment.
EOI
type = bool
default = true
}
variable "ingress_style" {
type = string
default = "domain-mapping"
description = "Whether to configure a load balancer or create a domain mapping"
validation {
condition = contains(["domain-mapping", "load-balancer"], var.ingress_style)
error_message = "Ingress style must be one of 'domain-mapping' or 'load-balancer'."
}
}
variable "dns_name" {
default = ""
description = <<EOI
Deprecated: use the dns_names variable instead.
If non-empty, var.dns_names will be ignored.
If non-empty, a domain mapping will be created for the webapp from this host
to point to the webapp or a load balancer will be created for this host depending
on the value of the ingress_style variable.
The domain must first have been verified by Google and the account being used by
the google provider must have been added as an owner.
If and only if a domain mapping has been created, the
"domain_mapping_present" output will be true.
If a domain mapping or load balancer has been created, the "dns_resource_records"
output contains the appropriate DNS records.
EOI
}
variable "dns_names" {
type = list(any)
default = []
description = <<EOI
List of DNS names for web application. Note that no records are created,
the records to be created can be found in the dns_resource_records output.
Ignored if var.dns_name is non-empty.
EOI
}
variable "use_ssl_certificates" {
type = bool
default = false
description = <<EOI
Whether to use the custom TLS certs in var.ssl_certificates for the load balancer
or the Google-managed certs for the specified var.dns_names.
EOI
}
variable "ssl_certificates" {
type = list(any)
default = []
description = <<EOI
A list of self-links to any custom TLS certificates to add to the load balancer.
Requires that var.ingress_style be "load-balancer". The self-link is available as
the "self_link" attribute of "google_compute_ssl_certificate" resources.
EOI
}
variable "enable_ipv6" {
type = bool
default = false
description = "Whether to enable IPv6 address on the CDN load-balancer."
}
variable "create_ipv6_address" {
type = bool
default = false
description = "Allocate an IPv6 address to the load balancer if var.enable_ipv6 is true."
}
variable "service_account_id" {
default = ""
description = <<EOI
A service account is always created for the web application. If non-empty this
variable overrides the default service account id. The default id is formed
from the "name" variable value with "-run" appended.
EOI
}
variable "service_account_display_name" {
default = ""
description = <<EOI
If non-empty, override the default display name of the webapp service account.
EOI
}
variable "alerting_email_address" {
default = ""
type = string
description = <<EOT
Email address for basic uptime alerts. If empty (the default) no alerting will be configured. Otherwise note that the project must be in a Stackdriver monitoring workspace and this must be configured manually (no terraform support).
EOT
}
variable "alerting_uptime_timeout" {
default = "30s"
type = string
description = "timeout for http polling"
}
variable "alerting_uptime_period" {
type = string
default = "300s"
description = "Frequency of uptime checks"
}
variable "alerting_success_threshold_percent" {
type = number
default = 75
description = <<EOT
If the percentage of successful uptime checks within the given uptime period falls below
this, an alert will be triggered. Set to 100 to trigger an alert if any uptime check fails,
set to a lower number to tolerate failures without alerting.
Experience has taught us that uptime checks can fail semi-regularly due to transient
problems outside our control, therefore we allow some leeway before triggering an alert.
EOT
}
variable "alerting_enabled" {
type = bool
default = true
description = "Whether alerting policy is enabled"
}
variable "monitoring_path" {
type = string
default = "/"
description = "path component of url to be monitored"
}
variable "allowed_ingress" {
default = "all"
description = <<EOL
Specify the allowed ingress to the service. Should be one of:
"all", "internal" or "internal-and-cloud-load-balancing".
If var.ingress_style == "load-balancer", the provided var.allowed_ingress will be ignored
and the allowed ingress will be set automatically to "internal-and-cloud-load-balancing".
Setting this to a value other than "all" implies that the service will be
moved to the "beta" launch stage. See
https://cloud.google.com/run/docs/troubleshooting#launch-stage-validation.
EOL
}
variable "service_annotations" {
type = map(string)
default = {}
description = <<EOL
Map containing additional annotations to be added to the Cloud Run service
itself.
EOL
}
variable "template_annotations" {
type = map(string)
default = {}
description = <<EOL
Map containing additional annotations to be added to the Cloud Run service
template.
EOL
}
variable "enable_beta_launch_stage" {
default = false
description = "Force use of the 'BETA' launch stage for the service."
}
variable "disable_monitoring" {
default = false
description = <<-EOL
Optional. If true, do not create uptime checks. This is useful if, for
example, the service is configured to require authenticated invocations.
Note that this is different from not specifying an alerting email address.
If no alerting email address is specified the uptime checks are still
created, they just don't alert if they fail.
EOL
}
variable "enable_static_egress_ip" {
default = false
type = bool
description = <<-EOL
Whether to assign a static ip for egress from this cloud run instance. If enabled the
service "vpcaccess.googleapis.com" must also be enabled on the project.
EOL
}
variable "static_egress_ip_cidr_range" {
default = "10.124.0.0/28"
description = "The cidr range used to create a subnet that this cloud run will use if assigned a static ip"
}
variable "secrets_volume" {
type = list(object({
name = string # name of the file that is going to be mounted
path = string # name of the directory of the volume mount. e.g. "/secrets". Must be unique for each secret.
id = string # id of the GCP Cloud Secret Manager secret
version = string # version of the GCP Cloud Secret Manager secret, defaults to "latest" if empty
}))
default = []
description = <<-EOL
Optional. If containing a list of maps specifying a Secret Manager secret ID,
a name and a secret version, will create named files from the secrets.
EOL
}
variable "secrets_envars" {
type = list(object({
name = string # name of the environment variables
id = string # id of the GCP Cloud Secret Manager secret
version = string # version of the GCP Cloud Secret Manager secret, defaults to "latest" if empty
}))
default = []
description = <<-EOL
Optional. If containing a list of maps specifying a Secret Manager secret ID,
a name and a secret version, will create named environment variables from the
secrets.
EOL
}
variable "image_name" {
type = string
default = ""
description = <<-EOL
The docker image that will be deployed. If unset, the value of existing_image_name
is preferred.
EOL
}
variable "existing_image_name" {
type = string
default = ""
description = <<-EOL
The image currently deployed, which needs to be passed into this module to
avoid a cyclic dependency. If unset, the hello container will be deployed.
EOL
}