kovagoadi/hunfabric
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

Use of new module cloud-run-v2

Browse Source
This commit is contained in:
Julio Diez
2023-12-28 17:30:41 +01:00
parent 8889c18690
commit 2ca24d320e
5 changed files with 43 additions and 53 deletions
Download Patch File Download Diff File Expand all files Collapse all files

2
blueprints/serverless/cloud-run-microservices/alb.tf
View File

@@ -19,7 +19,7 @@
# Internal Application Load Balancer in main (host) project
module "int-alb" {
source = "../../../modules/net-lb-app-int"
count = try(var.project_configs.service.project_id, null) != null ? 1 : 0
count = local.two_projects == true ? 1 : 0
project_id = module.main-project.project_id
name = "int-alb-cr"
region = var.region

75
blueprints/serverless/cloud-run-microservices/cloudrun.tf
View File

@@ -16,46 +16,51 @@
# tfdoc:file:description Cloud Run services.
resource "google_cloud_run_v2_service" "svc_a" {
project = module.main-project.project_id
# The use case where both Cloud Run services are in the same project uses
# a VPC access connector to connect from service A to service B.
# The use case with Shared VPC and internal ALB uses Direct VPC Egress.
module "cloud-run-svc-a" {
source = "../../../modules/cloud-run-v2"
project_id = module.main-project.project_id
name = local.svc_a_name
location = var.region
region = var.region
ingress = "INGRESS_TRAFFIC_ALL"
launch_stage = "BETA" # Required to use Direct VPC Egress
template {
containers {
containers = {
tester = {
image = var.image_configs.svc_a
}
dynamic "vpc_access" {
for_each = try(var.project_configs.service.project_id, null) == null ? [""] : []
content { # Use Serverless VPC Access connector
connector = google_vpc_access_connector.connector[0].id
}
}
dynamic "vpc_access" {
for_each = try(var.project_configs.service.project_id, null) != null ? [""] : []
content { # Use Direct VPC Egress
network_interfaces {
subnetwork = module.vpc-main.subnets["${var.region}/subnet-vpc-direct"].name
}
}
}
iam = {
"roles/run.invoker" = ["allUsers"]
}
revision = {
vpc_access = {
egress = "ALL_TRAFFIC"
subnet = ( # Direct VPC Egress
local.two_projects == true
? module.vpc-main.subnet_ids["${var.region}/subnet-vpc-direct"]
: null
)
}
}
}
resource "google_cloud_run_v2_service_iam_binding" "svc_a_binding" {
project = module.main-project.project_id
location = var.region
name = google_cloud_run_v2_service.svc_a.name
role = "roles/run.invoker"
members = ["allUsers"]
vpc_connector_create = (
local.two_projects == false
? {
subnet = {
name = module.vpc-main.subnets["${var.region}/subnet-vpc-access"].name
}
}
: null
)
}
module "cloud-run-svc-b" {
source = "../../../modules/cloud-run"
source = "../../../modules/cloud-run-v2"
project_id = try(module.service-project[0].project_id, module.main-project.project_id)
name = local.svc_b_name
region = var.region
ingress = "INGRESS_TRAFFIC_INTERNAL_ONLY"
containers = {
default = {
image = var.image_configs.svc_b
@@ -64,20 +69,4 @@ module "cloud-run-svc-b" {
iam = {
"roles/run.invoker" = ["allUsers"]
}
ingress_settings = "internal"
}
# Serverless VPC Access connector
# The use case where both Cloud Run services are in the same project uses
# a VPC access connector to connect from service A to service B.
# The use case with Shared VPC and internal ALB uses Direct VPC Egress.
resource "google_vpc_access_connector" "connector" {
count = try(var.project_configs.service.project_id, null) == null ? 1 : 0
name = "connector"
project = module.main-project.project_id
region = var.region
subnet {
name = module.vpc-main.subnets["${var.region}/subnet-vpc-access"].name
project_id = module.main-project.project_id
}
}

2
blueprints/serverless/cloud-run-microservices/dns.tf
View File

@@ -35,7 +35,7 @@ module "private-dns-main" {
# DNS configuration for the Cloud Run custom domain (when using internal ALB)
module "private-dns-main-custom" {
source = "../../../modules/dns"
count = try(var.project_configs.service.project_id, null) != null ? 1 : 0
count = local.two_projects == true ? 1 : 0
project_id = module.main-project.project_id
name = "cloud-run-custom"
zone_config = {

7
blueprints/serverless/cloud-run-microservices/main.tf
View File

@@ -20,6 +20,9 @@ locals {
cloud_run_domain = "run.app."
svc_a_name = "svc-a"
svc_b_name = "svc-b"
two_projects = (
try(var.project_configs.service.project_id, null) != null ? true : false
)
}
module "main-project" {
@@ -29,7 +32,7 @@ module "main-project" {
project_create = var.project_configs.main.billing_account_id != null
billing_account = try(var.project_configs.main.billing_account_id, null)
parent = try(var.project_configs.main.parent, null)
# Enable Shared VPC by default, some use cases will use this project as host
# Enable Shared VPC by default, a use case will use this project as host
shared_vpc_host_config = {
enabled = true
}
@@ -44,7 +47,7 @@ module "main-project" {
module "service-project" {
source = "../../../modules/project"
count = try(var.project_configs.service.project_id, null) != null ? 1 : 0
count = local.two_projects == true ? 1 : 0
name = var.project_configs.service.project_id
prefix = var.prefix
project_create = var.project_configs.service.billing_account_id != null

10
blueprints/serverless/cloud-run-microservices/outputs.tf
View File

@@ -17,23 +17,21 @@
output "custom_domain" {
description = "Custom domain for the Application Load Balancer."
value = (
try(var.project_configs.service.project_id, null) != null
? "http://${var.custom_domain}" : "none"
local.two_projects == true ? "http://${var.custom_domain}" : "none"
)
}
output "default_URLs" {
description = "Cloud Run services default URLs."
value = {
service_a = google_cloud_run_v2_service.svc_a.uri
service_b = module.cloud-run-svc-b.service.status[0].url
service_a = module.cloud-run-svc-a.service.uri
service_b = module.cloud-run-svc-b.service.uri
}
}
output "load_balancer_ip" {
description = "Load Balancer IP address."
value = (
try(var.project_configs.service.project_id, null) != null
? module.int-alb[0].address : "none"
local.two_projects == true ? module.int-alb[0].address : "none"
)
}