From 1cbbe62405a18d7825ebce8c09dfed925aedfa56 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Wiktor=20Niesiob=C4=99dzki?= Date: Sat, 16 Nov 2024 11:13:17 +0000 Subject: [PATCH] Add gcs mount_options, move direct vpc out of BETA --- modules/cloud-run-v2/README.md | 25 +++++++++---------- modules/cloud-run-v2/job.tf | 5 ++-- modules/cloud-run-v2/service.tf | 5 ++-- modules/cloud-run-v2/variables.tf | 5 ++-- ...-features.yaml => service-direct-vpc.yaml} | 0 5 files changed, 21 insertions(+), 19 deletions(-) rename tests/modules/cloud_run_v2/examples/{service-beta-features.yaml => service-direct-vpc.yaml} (100%) diff --git a/modules/cloud-run-v2/README.md b/modules/cloud-run-v2/README.md index 3053ae7b16..d8aa3d1e6d 100644 --- a/modules/cloud-run-v2/README.md +++ b/modules/cloud-run-v2/README.md @@ -7,7 +7,7 @@ Cloud Run Services and Jobs, with support for IAM roles and Eventarc trigger cre - [Mounting secrets as volumes](#mounting-secrets-as-volumes) - [Mounting GCS buckets](#mounting-gcs-buckets) - [Connecting to Cloud SQL database](#connecting-to-cloud-sql-database) -- [Beta features](#beta-features) +- [Direct VPC Egress](#direct-vpc-egress) - [VPC Access Connector](#vpc-access-connector) - [Using Customer-Managed Encryption Key](#using-customer-managed-encryption-key) - [Eventarc triggers](#eventarc-triggers) @@ -109,6 +109,10 @@ module "cloud_run" { gcs = { bucket = var.bucket is_read_only = false + mount_options = [ # Beta feature + "metadata-cache-ttl-secs=120s", + "type-cache-max-size-mb=4", + ] } } } @@ -143,18 +147,13 @@ module "cloud_run" { # tftest fixtures=fixtures/cloudsql-instance.tf inventory=cloudsql.yaml e2e ``` - -## Beta features - -To use beta features like Direct VPC Egress, set the launch stage to a preview stage. - +## Direct VPC Egress ```hcl module "cloud_run" { - source = "./fabric/modules/cloud-run-v2" - project_id = var.project_id - name = "hello" - region = var.region - launch_stage = "BETA" + source = "./fabric/modules/cloud-run-v2" + project_id = var.project_id + name = "hello" + region = var.region containers = { hello = { image = "us-docker.pkg.dev/cloudrun/container/hello" @@ -171,7 +170,7 @@ module "cloud_run" { } deletion_protection = false } -# tftest modules=1 resources=1 inventory=service-beta-features.yaml e2e +# tftest modules=1 resources=1 inventory=service-direct-vpc.yaml e2e ``` ## VPC Access Connector @@ -561,7 +560,7 @@ module "cloud_run" { | [service_account](variables.tf#L221) | Service account email. Unused if service account is auto-created. | string | | null | | [service_account_create](variables.tf#L227) | Auto-create service account. | bool | | false | | [tag_bindings](variables.tf#L233) | Tag bindings for this service, in key => tag value id format. | map(string) | | {} | -| [volumes](variables.tf#L240) | Named volumes in containers in name => attributes format. | map(object({…})) | | {} | +| [volumes](variables.tf#L240) | Named volumes in containers in name => attributes format. | map(object({…})) | | {} | | [vpc_connector_create](variables-vpcconnector.tf#L17) | Populate this to create a Serverless VPC Access connector. | object({…}) | | null | ## Outputs diff --git a/modules/cloud-run-v2/job.tf b/modules/cloud-run-v2/job.tf index 74b170408b..03175676fc 100644 --- a/modules/cloud-run-v2/job.tf +++ b/modules/cloud-run-v2/job.tf @@ -133,8 +133,9 @@ resource "google_cloud_run_v2_job" "job" { dynamic "gcs" { for_each = volumes.value.gcs == null ? [] : [""] content { - bucket = volumes.value.gcs.bucket - read_only = volumes.value.gcs.is_read_only + bucket = volumes.value.gcs.bucket + mount_options = volumes.value.gcs.mount_options + read_only = volumes.value.gcs.is_read_only } } dynamic "nfs" { diff --git a/modules/cloud-run-v2/service.tf b/modules/cloud-run-v2/service.tf index 0e35be1707..007ac66e15 100644 --- a/modules/cloud-run-v2/service.tf +++ b/modules/cloud-run-v2/service.tf @@ -211,8 +211,9 @@ resource "google_cloud_run_v2_service" "service" { dynamic "gcs" { for_each = volumes.value.gcs == null ? [] : [""] content { - bucket = volumes.value.gcs.bucket - read_only = volumes.value.gcs.is_read_only + bucket = volumes.value.gcs.bucket + mount_options = volumes.value.gcs.mount_options + read_only = volumes.value.gcs.is_read_only } } dynamic "nfs" { diff --git a/modules/cloud-run-v2/variables.tf b/modules/cloud-run-v2/variables.tf index 472b2f8e04..79bca0a022 100644 --- a/modules/cloud-run-v2/variables.tf +++ b/modules/cloud-run-v2/variables.tf @@ -251,8 +251,9 @@ variable "volumes" { empty_dir_size = optional(string) gcs = optional(object({ # needs revision.gen2_execution_environment - bucket = string - is_read_only = optional(bool) + bucket = string + is_read_only = optional(bool) + mount_options = optional(list(string)) })) nfs = optional(object({ server = string diff --git a/tests/modules/cloud_run_v2/examples/service-beta-features.yaml b/tests/modules/cloud_run_v2/examples/service-direct-vpc.yaml similarity index 100% rename from tests/modules/cloud_run_v2/examples/service-beta-features.yaml rename to tests/modules/cloud_run_v2/examples/service-direct-vpc.yaml