kovagoadi/hunfabric
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

Use of new module cloud-run-v2

Browse Source
This commit is contained in:
Julio Diez
2023-12-28 17:30:41 +01:00
parent 8889c18690
commit 2ca24d320e
5 changed files with 43 additions and 53 deletions
Download Patch File Download Diff File Expand all files Collapse all files

2
blueprints/serverless/cloud-run-microservices/alb.tf
View File

@@ -19,7 +19,7 @@
# Internal Application Load Balancer in main (host) project # Internal Application Load Balancer in main (host) project
module "int-alb" { module "int-alb" {
source = "../../../modules/net-lb-app-int" source = "../../../modules/net-lb-app-int"
count = try(var.project_configs.service.project_id, null) != null ? 1 : 0 count = local.two_projects == true ? 1 : 0
project_id = module.main-project.project_id project_id = module.main-project.project_id
name = "int-alb-cr" name = "int-alb-cr"
region = var.region region = var.region

75
blueprints/serverless/cloud-run-microservices/cloudrun.tf
View File

@@ -16,46 +16,51 @@
# tfdoc:file:description Cloud Run services. # tfdoc:file:description Cloud Run services.
resource "google_cloud_run_v2_service" "svc_a" { # The use case where both Cloud Run services are in the same project uses
project = module.main-project.project_id # a VPC access connector to connect from service A to service B.
# The use case with Shared VPC and internal ALB uses Direct VPC Egress.
module "cloud-run-svc-a" {
source = "../../../modules/cloud-run-v2"
project_id = module.main-project.project_id
name = local.svc_a_name name = local.svc_a_name
location = var.region region = var.region
ingress = "INGRESS_TRAFFIC_ALL" ingress = "INGRESS_TRAFFIC_ALL"
launch_stage = "BETA" # Required to use Direct VPC Egress launch_stage = "BETA" # Required to use Direct VPC Egress
template { containers = {
containers { tester = {
image = var.image_configs.svc_a image = var.image_configs.svc_a
} }
dynamic "vpc_access" { }
for_each = try(var.project_configs.service.project_id, null) == null ? [""] : [] iam = {
content { # Use Serverless VPC Access connector "roles/run.invoker" = ["allUsers"]
connector = google_vpc_access_connector.connector[0].id }
} revision = {
} vpc_access = {
dynamic "vpc_access" { egress = "ALL_TRAFFIC"
for_each = try(var.project_configs.service.project_id, null) != null ? [""] : [] subnet = ( # Direct VPC Egress
content { # Use Direct VPC Egress local.two_projects == true
network_interfaces { ? module.vpc-main.subnet_ids["${var.region}/subnet-vpc-direct"]
subnetwork = module.vpc-main.subnets["${var.region}/subnet-vpc-direct"].name : null
} )
}
} }
} }
} vpc_connector_create = (
local.two_projects == false
resource "google_cloud_run_v2_service_iam_binding" "svc_a_binding" { ? {
project = module.main-project.project_id subnet = {
location = var.region name = module.vpc-main.subnets["${var.region}/subnet-vpc-access"].name
name = google_cloud_run_v2_service.svc_a.name }
role = "roles/run.invoker" }
members = ["allUsers"] : null
)
} }
module "cloud-run-svc-b" { module "cloud-run-svc-b" {
source = "../../../modules/cloud-run" source = "../../../modules/cloud-run-v2"
project_id = try(module.service-project[0].project_id, module.main-project.project_id) project_id = try(module.service-project[0].project_id, module.main-project.project_id)
name = local.svc_b_name name = local.svc_b_name
region = var.region region = var.region
ingress = "INGRESS_TRAFFIC_INTERNAL_ONLY"
containers = { containers = {
default = { default = {
image = var.image_configs.svc_b image = var.image_configs.svc_b
@@ -64,20 +69,4 @@ module "cloud-run-svc-b" {
iam = { iam = {
"roles/run.invoker" = ["allUsers"] "roles/run.invoker" = ["allUsers"]
} }
ingress_settings = "internal"
}
# Serverless VPC Access connector
# The use case where both Cloud Run services are in the same project uses
# a VPC access connector to connect from service A to service B.
# The use case with Shared VPC and internal ALB uses Direct VPC Egress.
resource "google_vpc_access_connector" "connector" {
count = try(var.project_configs.service.project_id, null) == null ? 1 : 0
name = "connector"
project = module.main-project.project_id
region = var.region
subnet {
name = module.vpc-main.subnets["${var.region}/subnet-vpc-access"].name
project_id = module.main-project.project_id
}
} }

2
blueprints/serverless/cloud-run-microservices/dns.tf
View File

@@ -35,7 +35,7 @@ module "private-dns-main" {
# DNS configuration for the Cloud Run custom domain (when using internal ALB) # DNS configuration for the Cloud Run custom domain (when using internal ALB)
module "private-dns-main-custom" { module "private-dns-main-custom" {
source = "../../../modules/dns" source = "../../../modules/dns"
count = try(var.project_configs.service.project_id, null) != null ? 1 : 0 count = local.two_projects == true ? 1 : 0
project_id = module.main-project.project_id project_id = module.main-project.project_id
name = "cloud-run-custom" name = "cloud-run-custom"
zone_config = { zone_config = {

7
blueprints/serverless/cloud-run-microservices/main.tf
View File

@@ -20,6 +20,9 @@ locals {
cloud_run_domain = "run.app." cloud_run_domain = "run.app."
svc_a_name = "svc-a" svc_a_name = "svc-a"
svc_b_name = "svc-b" svc_b_name = "svc-b"
two_projects = (
try(var.project_configs.service.project_id, null) != null ? true : false
)
} }
module "main-project" { module "main-project" {
@@ -29,7 +32,7 @@ module "main-project" {
project_create = var.project_configs.main.billing_account_id != null project_create = var.project_configs.main.billing_account_id != null
billing_account = try(var.project_configs.main.billing_account_id, null) billing_account = try(var.project_configs.main.billing_account_id, null)
parent = try(var.project_configs.main.parent, null) parent = try(var.project_configs.main.parent, null)
# Enable Shared VPC by default, some use cases will use this project as host # Enable Shared VPC by default, a use case will use this project as host
shared_vpc_host_config = { shared_vpc_host_config = {
enabled = true enabled = true
} }
@@ -44,7 +47,7 @@ module "main-project" {
module "service-project" { module "service-project" {
source = "../../../modules/project" source = "../../../modules/project"
count = try(var.project_configs.service.project_id, null) != null ? 1 : 0 count = local.two_projects == true ? 1 : 0
name = var.project_configs.service.project_id name = var.project_configs.service.project_id
prefix = var.prefix prefix = var.prefix
project_create = var.project_configs.service.billing_account_id != null project_create = var.project_configs.service.billing_account_id != null

10
blueprints/serverless/cloud-run-microservices/outputs.tf
View File

@@ -17,23 +17,21 @@
output "custom_domain" { output "custom_domain" {
description = "Custom domain for the Application Load Balancer." description = "Custom domain for the Application Load Balancer."
value = ( value = (
try(var.project_configs.service.project_id, null) != null local.two_projects == true ? "http://${var.custom_domain}" : "none"
? "http://${var.custom_domain}" : "none"
) )
} }
output "default_URLs" { output "default_URLs" {
description = "Cloud Run services default URLs." description = "Cloud Run services default URLs."
value = { value = {
service_a = google_cloud_run_v2_service.svc_a.uri service_a = module.cloud-run-svc-a.service.uri
service_b = module.cloud-run-svc-b.service.status[0].url service_b = module.cloud-run-svc-b.service.uri
} }
} }
output "load_balancer_ip" { output "load_balancer_ip" {
description = "Load Balancer IP address." description = "Load Balancer IP address."
value = ( value = (
try(var.project_configs.service.project_id, null) != null local.two_projects == true ? module.int-alb[0].address : "none"
? module.int-alb[0].address : "none"
) )
} }