From aec85a20c958044cc53c27e1325c4ab8b7d6461a Mon Sep 17 00:00:00 2001 From: Julio Diez Date: Fri, 5 May 2023 18:15:19 +0200 Subject: [PATCH 1/4] Add support for Shared VPC in Cloud Run A VPC access connector in a Shared VPC needs to specify the subnet and subnet project (the host project). --- modules/cloud-run/main.tf | 4 ++++ modules/cloud-run/variables.tf | 8 ++++++-- 2 files changed, 10 insertions(+), 2 deletions(-) diff --git a/modules/cloud-run/main.tf b/modules/cloud-run/main.tf index 474d05c5fe..f2d8e327f0 100644 --- a/modules/cloud-run/main.tf +++ b/modules/cloud-run/main.tf @@ -92,6 +92,10 @@ resource "google_vpc_access_connector" "connector" { max_throughput = var.vpc_connector_create.throughput.max min_instances = var.vpc_connector_create.instances.min min_throughput = var.vpc_connector_create.throughput.min + subnet { + name = var.vpc_connector_create.subnet.name + project_id = var.vpc_connector_create.subnet.project_id + } } resource "google_cloud_run_service" "service" { diff --git a/modules/cloud-run/variables.tf b/modules/cloud-run/variables.tf index e82576fe98..afeeb4ddea 100644 --- a/modules/cloud-run/variables.tf +++ b/modules/cloud-run/variables.tf @@ -211,8 +211,8 @@ variable "volumes" { variable "vpc_connector_create" { description = "Populate this to create a VPC connector. You can then refer to it in the template annotations." type = object({ - ip_cidr_range = string - vpc_self_link = string + ip_cidr_range = optional(string) + vpc_self_link = optional(string) machine_type = optional(string) name = optional(string) instances = optional(object({ @@ -223,6 +223,10 @@ variable "vpc_connector_create" { max = optional(number) min = optional(number) }), {}) + subnet = optional(object({ + name = optional(string) + project_id = optional(string) + }), {}) }) default = null } From 9eea6e3bbc64aa7c344ec96b543bc5914f2a346b Mon Sep 17 00:00:00 2001 From: Julio Diez Date: Fri, 5 May 2023 19:36:46 +0200 Subject: [PATCH 2/4] Update pytest inventory file to meet module change --- tests/modules/cloud_run/examples/connector.yaml | 3 ++- 1 file changed, 2 insertions(+), 1 deletion(-) diff --git a/tests/modules/cloud_run/examples/connector.yaml b/tests/modules/cloud_run/examples/connector.yaml index ce2ec6fc32..79c5c3794b 100644 --- a/tests/modules/cloud_run/examples/connector.yaml +++ b/tests/modules/cloud_run/examples/connector.yaml @@ -41,7 +41,8 @@ values: network: projects/example/host/global/networks/host project: project-id region: europe-west1 - subnet: [] + subnet: + - name: null counts: google_cloud_run_service: 1 From 252be12bd47ede366190bd56df91b5ff282c70b8 Mon Sep 17 00:00:00 2001 From: Julio Diez Date: Fri, 5 May 2023 19:38:34 +0200 Subject: [PATCH 3/4] Update README showing the Shared VPC use case --- modules/cloud-run/README.md | 22 ++++++++ .../cloud_run/examples/connector-shared.yaml | 53 +++++++++++++++++++ 2 files changed, 75 insertions(+) create mode 100644 tests/modules/cloud_run/examples/connector-shared.yaml diff --git a/modules/cloud-run/README.md b/modules/cloud-run/README.md index 69318b9273..99bd412789 100644 --- a/modules/cloud-run/README.md +++ b/modules/cloud-run/README.md @@ -121,6 +121,28 @@ module "cloud_run" { # tftest modules=1 resources=2 inventory=connector.yaml ``` +Note that if you are using Shared VPC you need to specify a subnet: + +```hcl +module "cloud_run" { + source = "./fabric/modules/cloud-run" + project_id = var.project_id + name = "hello" + containers = { + hello = { + image = "us-docker.pkg.dev/cloudrun/container/hello" + } + } + vpc_connector_create = { + subnet = { + name = "subnet-vpc-access" + project_id = "host-project" + } + } +} +# tftest modules=1 resources=2 inventory=connector-shared.yaml +``` + ### Traffic split This deploys a Cloud Run service with traffic split between two revisions. diff --git a/tests/modules/cloud_run/examples/connector-shared.yaml b/tests/modules/cloud_run/examples/connector-shared.yaml new file mode 100644 index 0000000000..4db0a3bcc6 --- /dev/null +++ b/tests/modules/cloud_run/examples/connector-shared.yaml @@ -0,0 +1,53 @@ +# Copyright 2023 Google LLC +# +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. + +values: + module.cloud_run.google_cloud_run_service.service: + autogenerate_revision_name: false + location: europe-west1 + metadata: + - {} + name: hello + project: project-id + template: + - metadata: + - labels: null + spec: + - containers: + - args: null + command: null + env: [] + env_from: [] + image: us-docker.pkg.dev/cloudrun/container/hello + liveness_probe: [] + volume_mounts: [] + working_dir: null + volumes: [] + timeouts: null + module.cloud_run.google_vpc_access_connector.connector[0]: + ip_cidr_range: null + machine_type: e2-micro + max_throughput: 300 + min_throughput: 200 + name: hello + project: project-id + region: europe-west1 + subnet: + - name: subnet-vpc-access + project_id: host-project + timeouts: null + +counts: + google_cloud_run_service: 1 + google_vpc_access_connector: 1 From 8c7b6b24106a555137e8db6519b3f9fef21ae8c0 Mon Sep 17 00:00:00 2001 From: Julio Diez Date: Fri, 5 May 2023 19:50:33 +0200 Subject: [PATCH 4/4] Update README tfdoc --- modules/cloud-run/README.md | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/modules/cloud-run/README.md b/modules/cloud-run/README.md index 99bd412789..d3aee2f604 100644 --- a/modules/cloud-run/README.md +++ b/modules/cloud-run/README.md @@ -276,7 +276,7 @@ module "cloud_run" { | [timeout_seconds](variables.tf#L180) | Maximum duration the instance is allowed for responding to a request. | number | | null | | [traffic](variables.tf#L186) | Traffic steering configuration. If revision name is null the latest revision will be used. | map(object({…})) | | {} | | [volumes](variables.tf#L197) | Named volumes in containers in name => attributes format. | map(object({…})) | | {} | -| [vpc_connector_create](variables.tf#L211) | Populate this to create a VPC connector. You can then refer to it in the template annotations. | object({…}) | | null | +| [vpc_connector_create](variables.tf#L211) | Populate this to create a VPC connector. You can then refer to it in the template annotations. | object({…}) | | null | ## Outputs