Skip to content

itTrident/terraform-google-cloudrun-filestore

BranchesTags

Folders and files

NameName
Last commit message
Last commit date

Latest commit

 

History

49 Commits
.github/workflows
.github/workflows
 
 
.husky
.husky
 
 
example
example
 
 
modules
modules
 
 
.commitlintrc.json
.commitlintrc.json
 
 
.gitignore
.gitignore
 
 
.releaserc.json
.releaserc.json
 
 
CHANGELOG.md
CHANGELOG.md
 
 
README.md
README.md
 
 
package-lock.json
package-lock.json
 
 
package.json
package.json
 
 

Repository files navigation

This is the Terraform module for setup the cloudRun with Filestore

Discription:

  • A Terraform module for creating and managing Google Cloud Run with optional Filestore
  • This module use to connect the Filestore with Cloud Run

Modules:

This module implements the following Terraform resources

  • google_cloud_run_v2_service (module_name: cloud-runV2)
  • google_filestore_instance (module_name: filestore)
  • google_vpc_access_connector (module_name: serverless-vpc-access-connector)

Note: While building the docker image you have to update the Dockerfile CMD like the following

CMD echo "Mounting Cloud Filestore." && mount -o nolock $FILE_STORE_ENDPOINT <target-dir> && echo "Mounting completed." && <application stating command>

# $FILE_STORE_ENDPOINT => this variable value will get from the module output "module.filestore.nfs_mount_point"

Get Started:

We can give the following variables and values in main.tf file with respective modules.

Cloud Run V2:

  • name: (Requiredsting)

    Name must be unique within a namespace, within a Cloud Run region. Is required when creating resources. Name is primarily intended for creation idempotence and configuration definition. Cannot be updated.

  • location: (Required string)

    The location of the cloud run instance. eg us-central1.

  • project_id: (Optional string)

    The ID of the project in which the resource belongs. If it is not provided, the provider project is used.

  • execution_environment: (Optional string)

    The sandbox environment to host this Revision. Possible values are: EXECUTION_ENVIRONMENT_GEN1, EXECUTION_ENVIRONMENT_GEN2.

  • ingress: (Optional string)

    Provides the ingress settings for this Service. On output, returns the currently observed ingress settings, or INGRESS_TRAFFIC_UNSPECIFIED if no revision is active. Possible values are: INGRESS_TRAFFIC_ALL, INGRESS_TRAFFIC_INTERNAL_ONLY, INGRESS_TRAFFIC_INTERNAL_LOAD_BALANCER.

  • scaling_config: (Optional list)

    Scaling settings for this Revision.

    Default is {}.

    The scaling_config object accepts the following attributes:

    • min_instance_count: (Optional nubmer)

      Minimum number of serving instances that this resource should have.

      Default is 0.

    • max_instance_count: (Optional nubmer)

      Maximum number of serving instances that this resource should have.

      Default is 100.

  • service_account: (Optional string)

    Email address of the IAM service account associated with the revision of the service. The service account represents the identity of the running revision, and determines what permissions the revision has. If not provided, the revision will use the project's default service account.

  • labels: (Optional map(string))

    Unstructured key value map that can be used to organize and categorize objects. User-provided labels are shared with Google's billing system, so they can be used to filter, or break down billing charges by team, component, environment, state, etc. For more information, visit https://cloud.google.com/resource-manager/docs/creating-managing-labels or https://cloud.google.com/run/docs/configuring/labels. Cloud Run API v2 does not support labels with run.googleapis.com, cloud.googleapis.com, serving.knative.dev, or autoscaling.knative.dev namespaces, and they will be rejected. All system labels in v1 now have a corresponding field in v2 RevisionTemplate.

  • annotations: (Optional map(string))

    Unstructured key value map that may be set by external tools to store and arbitrary metadata. They are not queryable and should be preserved when modifying objects. Cloud Run API v2 does not support annotations with run.googleapis.com, cloud.googleapis.com, serving.knative.dev, or autoscaling.knative.dev namespaces, and they will be rejected. All system annotations in v1 now have a corresponding field in v2 RevisionTemplate. This field follows Kubernetes annotations' namespacing, limits, and rules.

  • containers_temp: (Optional list)

    Holds the containers that define the unit of execution for this Service.

    The containers_temp object accepts the following attributes:

    • image: (Optional string)

      URL of the Container image in Google Container Registry or Google Artifact Registry. More info: https://kubernetes.io/docs/concepts/containers/images

    • name: (Optional string)

      Name of the container specified as a DNS_LABEL.

    • command: (Optional list)

      Entrypoint array. Not executed within a shell. The docker image's ENTRYPOINT is used if this is not provided. More info: https://kubernetes.io/docs/tasks/inject-data-application/define-command-argument-container/#running-a-command-in-a-shell

    • args: (Optional list)

      Arguments to the entrypoint. The docker image's CMD is used if this is not provided. More info: https://kubernetes.io/docs/tasks/inject-data-application/define-command-argument-container/#running-a-command-in-a-shell

    • env: (Optional list(object))

      List of environment variables to set in the container. The env object accepts the following attributes:

      • name: (Required string)

        Name of the environment variable. Must be a C_IDENTIFIER, and mnay not exceed 32768 characters

      • value: (Optional string)

        Variable references $(VAR_NAME) are expanded using the previous defined environment variables in the container and any route environment variables. If a variable cannot be resolved, the reference in the input string will be unchanged. The $(VAR_NAME) syntax can be escaped with a double $$, ie: $$(VAR_NAME). Escaped references will never be expanded, regardless of whether the variable exists or not. Defaults to "", and the maximum length is 32768 bytes

    • value_source: (Optional list(object))

      Source for the environment variable's value.

      The value_source object accepts the following attributes:

      • secret: (Required string)

        The name of the secret in Cloud Secret Manager. Format: {secretName} if the secret is in the same project. projects/{project}/secrets/{secretName} if the secret is in a different project.

      • version: (Optional string)

        The Cloud Secret Manager secret version. Can be 'latest' for the latest value or an integer for a specific version.

    • resources: (Optional list)

      Compute Resource requirements by this container.

      The resources object accepts the following attributes:

    • ports: (Optional list)

      List of ports to expose from the container. Only a single port can be specified. The specified ports must be listening on all interfaces (0.0.0.0) within the container to be accessible. If omitted, a port number will be chosen and passed to the container through the PORT environment variable for the container to listen on

      The ports object accepts the following attributes:

      • name: (Optional string)

        If specified, used to specify which protocol to use. Allowed values are "http1" and "h2c".

      • container_port: (Optional list)

        Port number the container listens on. This must be a valid TCP port number, 0 < containerPort < 65536

    • volume_mounts: (Optional list)

      Volume to mount into the container's filesystem

      The volume_mounts object accepts the following attributes:

      • name: (Required string)

        This must match the Name of a Volume.

      • mount_path: (Required list)

        Path within the container at which the volume should be mounted. Must not contain ':'. For Cloud SQL volumes, it can be left empty, or must otherwise be /cloudsql. All instances defined in the Volume will be available as /cloudsql/[instance]. For more information on Cloud SQL volumes, visit https://cloud.google.com/sql/docs/mysql/connect-run

    • working_dir: (Optional string)

      Container's working directory. If not specified, the container runtime's default will be used, which might be configured in the container image.

Filestore:

  • name: (Required string)

    The resource name of the instance.

  • tier: (Required string)

    The service tier of the instance. Possible values include: STANDARD, PREMIUM, BASIC_HDD, BASIC_SSD, HIGH_SCALE_SSD, ZONAL and ENTERPRISE

  • file_shares: (Required string)

    File system shares on the instance. For this version, only a single file share is supported

    The file_shares object accepts the following attributes:

    • name: (Required string)

      The name of the fileshare (16 characters or less)

    • capacity_gb: (Required string)

      File share capacity in GiB. This must be at least 1024 GiB for the standard tier, or 2560 GiB for the premium tier.

    • source_backup: (Optional string)

      The resource name of the backup, in the format projects/{projectId}/locations/{locationId}/backups/{backupId}, that this file share has been restored from.

    • nfs_export_options: (Optional list(object))

      Nfs Export Options. There is a limit of 10 export options per file share

      The nfs_export_options object accepts the following attributes:

      • ip_ranges: (Optional list)

        List of either IPv4 addresses, or ranges in CIDR notation which may mount the file share. Overlapping IP ranges are not allowed, both within and across NfsExportOptions. An error will be returned. The limit is 64 IP ranges/addresses for each FileShareConfig among all NfsExportOptions.

      • access_mode: (Optional string)

        Either READ_ONLY, for allowing only read requests on the exported directory, or READ_WRITE, for allowing both read and write requests. The default is READ_WRITE. Default value is READ_WRITE. Possible values are: READ_ONLY, READ_WRITE.

      • squash_mode: (Optional string)

        Either NO_ROOT_SQUASH, for allowing root access on the exported directory, or ROOT_SQUASH, for not allowing root access. The default is NO_ROOT_SQUASH. Default value is NO_ROOT_SQUASH. Possible values are: NO_ROOT_SQUASH, ROOT_SQUASH.

      • anon_uid: (Optional Number)

        An integer representing the anonymous user id with a default value of 65534. Anon_uid may only be set with squashMode of ROOT_SQUASH. An error will be returned if this field is specified for other squashMode settings.

      • anon_gid: (Optional Number)

        An integer representing the anonymous group id with a default value of 65534. Anon_gid may only be set with squashMode of ROOT_SQUASH. An error will be returned if this field is specified for other squashMode settings.

  • network: (Optional string)

    VPC networks to which the instance is connected. For this version, only a single network is supported.

    The network object accepts the following attributes:

    • network: (Required String)

      The name of the GCE VPC network to which the instance is connected.

    • modes: (Requried String)

      IP versions for which the instance has IP addresses assigned. Each value may be one of: ADDRESS_MODE_UNSPECIFIED, MODE_IPV4, MODE_IPV6.

    • reserved_ip_range: (Optional String)

      A /29 CIDR block that identifies the range of IP addresses reserved for this instance.

    • ip_addresses: (Optional String)

      A list of IPv4 or IPv6 addresses.

    • connect_mode: (Optional String)

      The network connect mode of the Filestore instance. If not provided, the connect mode defaults to DIRECT_PEERING. Default value is DIRECT_PEERING. Possible values are: DIRECT_PEERING, PRIVATE_SERVICE_ACCESS

  • project_id: (Optional string)

    The ID of the project in which the resource belongs. If it is not provided, the provider project is used.

  • location: (Optional string)

    The name of the location of the instance. This can be a region for ENTERPRISE tier instances.

  • labels: (Optional map(string))

    Resource labels to represent user-provided metadata.

    Note: This field is non-authoritative, and will only manage the labels present in your configuration. Please refer to the field effective_labels for all of the labels present on the resource.

  • kms_key_name: (Optional string)

    KMS key name used for data encryption.

  • description: (Optional string)

    A description of the instance

Serverless VPC access connector:

  • name: (Required string)

    The name of the resource (Max 25 characters).

  • ip_cidr_range: (Optional string)

    The range of internal addresses that follows RFC 4632 notation. Example: 10.132.0.0/28.

  • project_id: (Optional string)

    The ID of the project in which the resource belongs. If it is not provided, the provider project is used

  • network_vpc: (Optional string)

    Name or self_link of the VPC network. Required if ip_cidr_range is set.

  • region: (Optional string)

    Region where the VPC Access connector resides. If it is not provided, the provider region is used.

  • machine_type: (Optional string)

    Machine type of VM Instance underlying connector. Default is e2-micro

  • min_throughput: (Optional string)

    Minimum throughput of the connector in Mbps. Default and min is 200.

  • max_throughput: (Optional string)

    Maximum throughput of the connector in Mbps, must be greater than min_throughput. Default is 300.

  • min_instances: (Optional string)

    Minimum value of instances in autoscaling group underlying the connector.

  • max_instances: (Optional string)

    Maximum value of instances in autoscaling group underlying the connector.

  • subnet: (Optional string)

    The subnet in which to house the connector

    The subnet object accepts the following attributes:

    Note: if you have provided the ip_cidr_range value, then don't provide the subnet configuration, it both get conflict when we give the both configuration

Module Configuration

  • module_enabled: (Optional bool)

    Specifies whether resources in the module will be created. note: this variable not for google_project_service

    Default is true.

  • module_timeouts: (Optional object(module_timeouts))

    A map of timeout objects that is keyed by Terraform resource name defining timeouts for create, update and delete Terraform operations.

    Supported resources are: google_cloud_run_v2_service, google_filestore_instance, google_vpc_access_connector, google_project_service

    Default is {}.

    Example:

    module_timeouts = {
  null_resource = {
    create = "4m"
    update = "4m"
    delete = "4m"
  }
}

    The module_timeouts object accepts the following attributes:

    • create: (Optional string)

      Timeout for create operations.

      Default is "6m".

    • update: (Optional string)

      Timeout for update operations.

      Default is "15m".

    • delete: (Optional string)

      Timeout for delete operations.

      Default is "4m".

  • module_depends_on: (Optional list(dependency))

    A list of dependencies. Any object can be assigned to this list to define a hidden external dependency.

    Default is [].

    Example:

    module_depends_on = [
  null_resource.name
]

Module output:

  • We can get the following output from the modules.
    • google_cloud_run_v2_service
      • URL:
        • we can get the cloud run url (module.cloud-runV2.url)
    • google_filestore_instance
      • nfs-endpoint
        • We can get the filestore endpoint (module.filestore.nfs_mount_point)
    • google_vpc_access_connector
      • Connector self_link
        • We can get the serverless vpc access connector self_link(module.serverless-vpc-access-connector.self_link)

Build the Docker Image:

  • Once run the Terraform module it will setup the VPC connector, Filestore, and Cloud Run. Then, you get the filestore nfs mount ip with share file (like ip:/fileshare).
  • Open the Dockerfile and add the following command alongwith the entrypoint or cmd " mount -o nolock FILESTORE_IP_ADDRESS:/FILE_SHARE_NAME MNT_DIR " (ex: like your CMD is "npm run start", you can add the mount command like this "CMD mount -o nolock $FILESTORE_IP_ADDRESS:/$FILE_SHARE_NAME $MNT_DIR && npm run start")
  • Afterware, Build the docker image and push it to GCP Artifact hub
  • Once pushed, replace that docker image link into the cloud run module and run again the terraform apply. Note: When we try to mount the filestore with cloudrun you have to choose the "Execution environment" is " Second generation". on cloud run module

About

No description, website, or topics provided.

Resources

Readme
Activity
Custom properties

Stars

0 stars

Watchers

1 watching

Forks

1 fork
Report repository

Releases 12

v1.2.1 Latest
Oct 12, 2023
+ 11 releases

Packages

No packages published

Contributors 2

  •  
  •  

Languages