From 7d22a8deff610c942982b6a44aa0742baea4c481 Mon Sep 17 00:00:00 2001 From: Jieyu Tian Date: Fri, 25 Oct 2024 16:55:50 +0000 Subject: [PATCH 01/12] Enable Prometheus sidecar in Cloud Run v2. --- modules/v2/README.md | 3 ++- modules/v2/main.tf | 45 ++++++++++++++++++++++++++------ modules/v2/metadata.display.yaml | 3 +++ modules/v2/metadata.yaml | 29 ++++++++++++-------- modules/v2/variables.tf | 10 +++++++ 5 files changed, 70 insertions(+), 20 deletions(-) diff --git a/modules/v2/README.md b/modules/v2/README.md index 0d954b25..e3086373 100644 --- a/modules/v2/README.md +++ b/modules/v2/README.md @@ -40,10 +40,11 @@ Functional examples are included in the |------|-------------|------|---------|:--------:| | binary\_authorization | Settings for the Binary Authorization feature. | 
object({
    breakglass_justification = optional(bool) # If present, indicates to use Breakglass using this justification. If useDefault is False, then it must be empty. For more information on breakglass, see https://cloud.google.com/binary-authorization/docs/using-breakglass
    use_default              = optional(bool) #If True, indicates to use the default project's binary authorization policy. If False, binary authorization will be disabled.
  })
| `null` | no | | client | Arbitrary identifier for the API client and version identifier | 
object({
    name    = optional(string, null)
    version = optional(string, null)
  })
| `{}` | no | -| containers | Map of container images for the service | 
list(object({
    container_name       = optional(string, null)
    container_image      = string
    working_dir          = optional(string, null)
    depends_on_container = optional(list(string), null)
    container_args       = optional(list(string), null)
    container_command    = optional(list(string), null)
    env_vars             = optional(map(string), {})
    env_secret_vars = optional(map(object({
      secret  = string
      version = string
    })), {})
    volume_mounts = optional(list(object({
      name       = string
      mount_path = string
    })), [])
    ports = optional(object({
      name           = optional(string, "http1")
      container_port = optional(number, 8080)
    }), {})
    resources = optional(object({
      limits = optional(object({
        cpu    = optional(string)
        memory = optional(string)
      }))
      cpu_idle          = optional(bool, true)
      startup_cpu_boost = optional(bool, false)
    }), {})
    startup_probe = optional(object({
      failure_threshold     = optional(number, null)
      initial_delay_seconds = optional(number, null)
      timeout_seconds       = optional(number, null)
      period_seconds        = optional(number, null)
      http_get = optional(object({
        path = optional(string)
        port = optional(string)
        http_headers = optional(list(object({
          name  = string
          value = string
        })), [])
      }), null)
      tcp_socket = optional(object({
        port = optional(number)
      }), null)
      grpc = optional(object({
        port    = optional(number)
        service = optional(string)
      }), null)
    }), null)
    liveness_probe = optional(object({
      failure_threshold     = optional(number, null)
      initial_delay_seconds = optional(number, null)
      timeout_seconds       = optional(number, null)
      period_seconds        = optional(number, null)
      http_get = optional(object({
        path = optional(string)
        port = optional(string)
        http_headers = optional(list(object({
          name  = string
          value = string
        })), null)
      }), null)
      grpc = optional(object({
        port    = optional(number)
        service = optional(string)
      }), null)
    }), null)
  }))
| n/a | yes | +| containers | Map of container images for the service | 
list(object({
    container_name       = optional(string, null)
    container_image      = string
    working_dir          = optional(string, null)
    depends_on_container = optional(list(string), null)
    container_args       = optional(list(string), null)
    container_command    = optional(list(string), null)
    env_vars             = optional(map(string), {})
    env_secret_vars = optional(map(object({
      secret  = string
      version = string
    })), {})
    volume_mounts = optional(list(object({
      name       = string
      mount_path = string
    })), [])
    ports = optional(object({
      name           = optional(string, "http1")
      container_port = optional(number, 8080)
    }), {})
    resources = optional(object({
      limits = optional(object({
        cpu    = optional(string)
        memory = optional(string)
      }))
      cpu_idle          = optional(bool, true)
      startup_cpu_boost = optional(bool, false)
    }), {})
    startup_probe = optional(object({
      failure_threshold     = optional(number, null)
      initial_delay_seconds = optional(number, null)
      timeout_seconds       = optional(number, null)
      period_seconds        = optional(number, null)
      http_get = optional(object({
        path = optional(string)
        port = optional(string)
        http_headers = optional(list(object({
          name  = string
          value = string
        })), [])
      }), null)
      tcp_socket = optional(object({
        port = optional(number)
      }), null)
      grpc = optional(object({
        port    = optional(number)
        service = optional(string)
      }), null)
    }), null)
    liveness_probe = optional(object({
      failure_threshold     = optional(number, null)
      initial_delay_seconds = optional(number, null)
      timeout_seconds       = optional(number, null)
      period_seconds        = optional(number, null)
      http_get = optional(object({
        path = optional(string)
        port = optional(string)
        http_headers = optional(list(object({
          name  = string
          value = string
        })), null)
      }), null)
      tcp_socket = optional(object({
        port = optional(number)
      }), null)
      grpc = optional(object({
        port    = optional(number)
        service = optional(string)
      }), null)
    }), null)
  }))
| n/a | yes | | create\_service\_account | Create a new service account for cloud run service | `bool` | `true` | no | | custom\_audiences | One or more custom audiences that you want this service to support. Specify each custom audience as the full URL in a string. Refer https://cloud.google.com/run/docs/configuring/custom-audiences | `list(string)` | `null` | no | | description | Cloud Run service description. This field currently has a 512-character limit. | `string` | `null` | no | +| enable\_prometheus\_sidecar | Enable Pormetheus sidecar in Cloud Run instance. | `bool` | `true` | no | | encryption\_key | A reference to a customer managed encryption key (CMEK) to use to encrypt this container image. | `string` | `null` | no | | execution\_environment | The sandbox environment to host this Revision. | `string` | `"EXECUTION_ENVIRONMENT_GEN2"` | no | | ingress | Provides the ingress settings for this Service. On output, returns the currently observed ingress settings, or INGRESS\_TRAFFIC\_UNSPECIFIED if no revision is active. | `string` | `"INGRESS_TRAFFIC_ALL"` | no | diff --git a/modules/v2/main.tf b/modules/v2/main.tf index 86b17a00..aaa2b887 100644 --- a/modules/v2/main.tf +++ b/modules/v2/main.tf @@ -32,6 +32,27 @@ locals { email = google_service_account.sa[0].email, member = google_service_account.sa[0].member } : {} + + prometheus_sidecar_container = [{ + container_name = "collector" + container_image = "us-docker.pkg.dev/cloud-ops-agents-artifacts/cloud-run-gmp-sidecar/cloud-run-gmp-sidecar:1.1.1" + # Set default values for the sidecar container + ports = {} + working_dir = null + depends_on_container = null + container_args = null + container_command = null + env_vars = {} + env_secret_vars = {} + volume_mounts = [] + resources = { + cpu_idle = true + startup_cpu_boost = false + limits = {} + } + startup_probe = [] + liveness_probe = [] + }] } resource "google_service_account" "sa" { @@ -58,9 +79,14 @@ resource "google_cloud_run_v2_service" "main" { labels = var.service_labels template { - revision = var.revision - labels = var.template_labels - annotations = var.template_annotations + revision = var.revision + labels = var.template_labels + annotations = var.enable_prometheus_sidecar ? merge( + var.template_annotations, + { + "run.googleapis.com/container-dependencies" = jsonencode({ "collector" : [var.containers[0].container_name] }) + } + ) : var.template_annotations timeout = var.timeout service_account = local.service_account @@ -94,7 +120,8 @@ resource "google_cloud_run_v2_service" "main" { } dynamic "containers" { - for_each = var.containers + for_each = concat(var.containers, + var.enable_prometheus_sidecar ? local.prometheus_sidecar_container : []) content { name = containers.value.container_name image = containers.value.container_image @@ -102,10 +129,12 @@ resource "google_cloud_run_v2_service" "main" { args = containers.value.container_args working_dir = containers.value.working_dir depends_on = containers.value.depends_on_container - - ports { - name = containers.value.ports["name"] - container_port = containers.value.ports["container_port"] + dynamic "ports" { + for_each = lookup(containers.value, "ports", {}) != {} ? [containers.value.ports] : [] + content { + name = ports.value["name"] + container_port = ports.value["container_port"] + } } resources { diff --git a/modules/v2/metadata.display.yaml b/modules/v2/metadata.display.yaml index 52e1f410..2bf86aa8 100644 --- a/modules/v2/metadata.display.yaml +++ b/modules/v2/metadata.display.yaml @@ -46,6 +46,9 @@ spec: description: name: description title: Description + enable_prometheus_sidecar: + name: enable_prometheus_sidecar + title: Enable Prometheus Sidecar encryption_key: name: encryption_key title: Encryption Key diff --git a/modules/v2/metadata.yaml b/modules/v2/metadata.yaml index 76fe2c94..564c1c5a 100644 --- a/modules/v2/metadata.yaml +++ b/modules/v2/metadata.yaml @@ -138,7 +138,7 @@ spec: connections: - source: source: github.com/terraform-google-modules/terraform-google-network//modules/vpc-serverless-connector-beta - version: "~> 9.1.0" + version: ~> 9.1.0 spec: outputExpr: connector_ids inputPath: connector @@ -159,7 +159,7 @@ spec: connections: - source: source: github.com/terraform-google-modules/terraform-google-service-accounts//modules/simple-sa - version: "~> 4.3.0" + version: ~> 4.3.0 spec: outputExpr: email - name: encryption_key @@ -210,19 +210,19 @@ spec: connections: - source: source: github.com/terraform-google-modules/terraform-google-sql-db//modules/postgresql - version: "~> 21.0.0" + version: ~> 21.0.0 spec: outputExpr: instance_connection_name inputPath: cloud_sql_instance.instances - source: source: github.com/terraform-google-modules/terraform-google-sql-db//modules/mysql - version: "~> 22.0.0" + version: ~> 22.0.0 spec: outputExpr: instance_connection_name inputPath: cloud_sql_instance.instances - source: source: github.com/terraform-google-modules/terraform-google-cloud-storage//modules/simple_bucket - version: "~> 6.1.0" + version: ~> 6.1.0 spec: outputExpr: name inputPath: gcs.bucket @@ -291,6 +291,9 @@ spec: value = string })), null) }), null) + tcp_socket = optional(object({ + port = optional(number) + }), null) grpc = optional(object({ port = optional(number) service = optional(string) @@ -301,33 +304,33 @@ spec: connections: - source: source: github.com/terraform-google-modules/terraform-google-memorystore - version: "~> 10.0.0" + version: ~> 10.0.0 spec: outputExpr: env_vars inputPath: env_vars - source: source: github.com/terraform-google-modules/terraform-google-sql-db//modules/postgresql - version: "~> 21.0.0" + version: ~> 21.0.0 spec: outputExpr: env_vars inputPath: env_vars - source: source: github.com/terraform-google-modules/terraform-google-sql-db//modules/mysql - version: "~> 22.0.0" + version: ~> 22.0.0 spec: outputExpr: env_vars inputPath: env_vars - source: source: github.com/terraform-google-modules/terraform-google-service-accounts//modules/simple-sa - version: "~> 4.3.0" + version: ~> 4.3.0 spec: outputExpr: env_vars inputPath: env_vars - source: source: github.com/GoogleCloudPlatform/terraform-google-cloud-run//modules/v2 - version: "~> 0.12.0" + version: ~> 0.12.0 spec: - outputExpr: '{"SERVICE_ENDPOINT": service_uri}' + outputExpr: "{\"SERVICE_ENDPOINT\": service_uri}" inputPath: env_vars - name: members description: Users/SAs to be given invoker access to the service @@ -341,6 +344,10 @@ spec: description: Roles to grant to the newly created cloud run SA in specified project. Should be used with create_service_account set to true and no input for service_account varType: list(string) defaultValue: [] + - name: enable_prometheus_sidecar + description: Enable Pormetheus sidecar in Cloud Run instance. + varType: bool + defaultValue: true outputs: - name: apphub_service_uri description: Service URI in CAIS style to be used by Apphub. diff --git a/modules/v2/variables.tf b/modules/v2/variables.tf index a14c8e6f..69fd5cb6 100644 --- a/modules/v2/variables.tf +++ b/modules/v2/variables.tf @@ -293,6 +293,9 @@ variable "containers" { value = string })), null) }), null) + tcp_socket = optional(object({ + port = optional(number) + }), null) grpc = optional(object({ port = optional(number) service = optional(string) @@ -320,3 +323,10 @@ variable "service_account_project_roles" { description = "Roles to grant to the newly created cloud run SA in specified project. Should be used with create_service_account set to true and no input for service_account" default = [] } + +// Prometheus sidecar +variable "enable_prometheus_sidecar" { + type = bool + description = "Enable Pormetheus sidecar in Cloud Run instance." + default = true +} From 829039c608da51038fd53298a013e40c12d39d87 Mon Sep 17 00:00:00 2001 From: Jieyu Tian Date: Wed, 30 Oct 2024 17:42:28 +0000 Subject: [PATCH 02/12] Add example for v2 with prometheus sidecar --- examples/v2_with_gmp/README.md | 64 +++++++++++++++++++++++++++++++ examples/v2_with_gmp/main.tf | 29 ++++++++++++++ examples/v2_with_gmp/outputs.tf | 50 ++++++++++++++++++++++++ examples/v2_with_gmp/variables.tf | 20 ++++++++++ metadata.yaml | 2 + modules/v2/main.tf | 29 +++++++------- modules/v2/metadata.yaml | 24 ++++++------ 7 files changed, 194 insertions(+), 24 deletions(-) create mode 100644 examples/v2_with_gmp/README.md create mode 100644 examples/v2_with_gmp/main.tf create mode 100644 examples/v2_with_gmp/outputs.tf create mode 100644 examples/v2_with_gmp/variables.tf diff --git a/examples/v2_with_gmp/README.md b/examples/v2_with_gmp/README.md new file mode 100644 index 00000000..511aa1c9 --- /dev/null +++ b/examples/v2_with_gmp/README.md @@ -0,0 +1,64 @@ +# Cloud Run Service using v2 API and Prometheus Sidecar Example + +This example showcases the basic deployment of containerized applications with Prometheus Sidecar to provide observability on Cloud Run and IAM policy for the service. + +The resources/services/activations/deletions that this example will create/trigger are: + +* Creates a Cloud Run service with provided name and container. +* Add Prometheus Sidecar container to the Cloud Run instance. +* Creates a Service Account capable of writing metrics to be used by Cloud Run Service. + +## Assumptions and Prerequisites + +This example assumes that below mentioned prerequisites are in place before consuming the example. + +* All required APIs are enabled in the GCP Project + + +## Inputs + +| Name | Description | Type | Default | Required | +|------|-------------|------|---------|:--------:| +| project\_id | The project ID to deploy to | `string` | n/a | yes | + +## Outputs + +| Name | Description | +|------|-------------| +| observed\_generation | The generation of this Service currently serving traffic. | +| project\_id | Project ID of the service | +| service\_id | Unique Identifier for the created service with format projects/{{project}}/locations/{{location}}/services/{{name}} | +| service\_location | Location in which the Cloud Run service was created | +| service\_name | Name of the created service | +| service\_uri | The URL on which the deployed service is available | +| traffic\_statuses | Detailed status information for corresponding traffic targets. | + + + +## Requirements + +These sections describe requirements for using this example. + +### Software + +* [Terraform](https://www.terraform.io/downloads.html) ~> v0.13+ +* [Terraform Provider for GCP](https://github.com/terraform-providers/terraform-provider-google) ~> v5.0+ +* [Terraform Provider for GCP Beta](https://github.com/terraform-providers/terraform-provider-google-beta) ~> + v5.0+ + +### Service Account + +A service account can be used with required roles to execute this example: + +* Cloud Run Admin: `roles/run.admin` + +Know more about [Cloud Run Deployment Permissions](https://cloud.google.com/run/docs/reference/iam/roles#additional-configuration). + +The [Project Factory module](https://registry.terraform.io/modules/terraform-google-modules/project-factory/google/latest) and the +[IAM module](https://registry.terraform.io/modules/terraform-google-modules/iam/google/latest) may be used in combination to provision a service account with the necessary roles applied. + +### APIs + +A project with the following APIs enabled must be used to host the main resource of this example: + +* Google Cloud Run: `run.googleapis.com` diff --git a/examples/v2_with_gmp/main.tf b/examples/v2_with_gmp/main.tf new file mode 100644 index 00000000..30969cb3 --- /dev/null +++ b/examples/v2_with_gmp/main.tf @@ -0,0 +1,29 @@ +/** + * Copyright 2024 Google LLC + * + * Licensed under the Apache License, Version 2.0 (the "License"); + * you may not use this file except in compliance with the License. + * You may obtain a copy of the License at + * + * http://www.apache.org/licenses/LICENSE-2.0 + * + * Unless required by applicable law or agreed to in writing, software + * distributed under the License is distributed on an "AS IS" BASIS, + * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + * See the License for the specific language governing permissions and + * limitations under the License. + */ + +module "cloud_run_v2" { + source = "tjy9206/cloud-run/google//modules/v2" + + service_name = "ci-cloud-run-v2-gmp" + project_id = var.project_id + location = "us-central1" + containers = [ + { + container_image = "us-docker.pkg.dev/cloudrun/container/hello" + container_name = "hello-world" + } + ] +} diff --git a/examples/v2_with_gmp/outputs.tf b/examples/v2_with_gmp/outputs.tf new file mode 100644 index 00000000..73701062 --- /dev/null +++ b/examples/v2_with_gmp/outputs.tf @@ -0,0 +1,50 @@ +/** + * Copyright 2024 Google LLC + * + * Licensed under the Apache License, Version 2.0 (the "License"); + * you may not use this file except in compliance with the License. + * You may obtain a copy of the License at + * + * http://www.apache.org/licenses/LICENSE-2.0 + * + * Unless required by applicable law or agreed to in writing, software + * distributed under the License is distributed on an "AS IS" BASIS, + * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + * See the License for the specific language governing permissions and + * limitations under the License. + */ + +output "project_id" { + value = module.cloud_run_v2.project_id + description = "Project ID of the service" +} + +output "service_name" { + value = module.cloud_run_v2.service_name + description = "Name of the created service" +} + +output "service_uri" { + value = module.cloud_run_v2.service_uri + description = "The URL on which the deployed service is available" +} + +output "service_id" { + value = module.cloud_run_v2.service_id + description = "Unique Identifier for the created service with format projects/{{project}}/locations/{{location}}/services/{{name}}" +} + +output "service_location" { + value = module.cloud_run_v2.location + description = "Location in which the Cloud Run service was created" +} + +output "traffic_statuses" { + value = module.cloud_run_v2.traffic_statuses + description = "Detailed status information for corresponding traffic targets." +} + +output "observed_generation" { + value = module.cloud_run_v2.observed_generation + description = "The generation of this Service currently serving traffic." +} diff --git a/examples/v2_with_gmp/variables.tf b/examples/v2_with_gmp/variables.tf new file mode 100644 index 00000000..f284ef4d --- /dev/null +++ b/examples/v2_with_gmp/variables.tf @@ -0,0 +1,20 @@ +/** + * Copyright 2024 Google LLC + * + * Licensed under the Apache License, Version 2.0 (the "License"); + * you may not use this file except in compliance with the License. + * You may obtain a copy of the License at + * + * http://www.apache.org/licenses/LICENSE-2.0 + * + * Unless required by applicable law or agreed to in writing, software + * distributed under the License is distributed on an "AS IS" BASIS, + * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + * See the License for the specific language governing permissions and + * limitations under the License. + */ + +variable "project_id" { + description = "The project ID to deploy to" + type = string +} diff --git a/metadata.yaml b/metadata.yaml index 9c8163f1..2413851c 100644 --- a/metadata.yaml +++ b/metadata.yaml @@ -62,6 +62,8 @@ spec: location: examples/simple_job_exec - name: v2 location: examples/v2 + - name: v2_with_gmp + location: examples/v2_with_gmp interfaces: variables: - name: project_id diff --git a/modules/v2/main.tf b/modules/v2/main.tf index aaa2b887..93107111 100644 --- a/modules/v2/main.tf +++ b/modules/v2/main.tf @@ -33,13 +33,17 @@ locals { member = google_service_account.sa[0].member } : {} + ingress_container = try( + [for container in var.containers : container if length(try(container.ports, {})) > 0][0], + null + ) prometheus_sidecar_container = [{ container_name = "collector" container_image = "us-docker.pkg.dev/cloud-ops-agents-artifacts/cloud-run-gmp-sidecar/cloud-run-gmp-sidecar:1.1.1" # Set default values for the sidecar container ports = {} working_dir = null - depends_on_container = null + depends_on_container = [local.ingress_container.container_name] container_args = null container_command = null env_vars = {} @@ -63,10 +67,14 @@ resource "google_service_account" "sa" { } resource "google_project_iam_member" "roles" { - for_each = toset(var.service_account_project_roles) - project = var.project_id - role = each.value - member = "serviceAccount:${local.service_account}" + for_each = toset(distinct(concat( + var.service_account_project_roles, + var.enable_prometheus_sidecar ? ["roles/monitoring.metricWriter"] : [] + ))) + + project = var.project_id + role = each.value + member = "serviceAccount:${local.service_account}" } resource "google_cloud_run_v2_service" "main" { @@ -79,14 +87,9 @@ resource "google_cloud_run_v2_service" "main" { labels = var.service_labels template { - revision = var.revision - labels = var.template_labels - annotations = var.enable_prometheus_sidecar ? merge( - var.template_annotations, - { - "run.googleapis.com/container-dependencies" = jsonencode({ "collector" : [var.containers[0].container_name] }) - } - ) : var.template_annotations + revision = var.revision + labels = var.template_labels + annotations = var.template_annotations timeout = var.timeout service_account = local.service_account diff --git a/modules/v2/metadata.yaml b/modules/v2/metadata.yaml index 564c1c5a..bdb5d4aa 100644 --- a/modules/v2/metadata.yaml +++ b/modules/v2/metadata.yaml @@ -46,6 +46,8 @@ spec: location: examples/simple_job_exec - name: v2 location: examples/v2 + - name: v2_with_gmp + location: examples/v2_with_gmp interfaces: variables: - name: project_id @@ -138,7 +140,7 @@ spec: connections: - source: source: github.com/terraform-google-modules/terraform-google-network//modules/vpc-serverless-connector-beta - version: ~> 9.1.0 + version: ~> 9.1 spec: outputExpr: connector_ids inputPath: connector @@ -159,7 +161,7 @@ spec: connections: - source: source: github.com/terraform-google-modules/terraform-google-service-accounts//modules/simple-sa - version: ~> 4.3.0 + version: ~> 4.4 spec: outputExpr: email - name: encryption_key @@ -210,19 +212,19 @@ spec: connections: - source: source: github.com/terraform-google-modules/terraform-google-sql-db//modules/postgresql - version: ~> 21.0.0 + version: ~> 23.0 spec: outputExpr: instance_connection_name inputPath: cloud_sql_instance.instances - source: source: github.com/terraform-google-modules/terraform-google-sql-db//modules/mysql - version: ~> 22.0.0 + version: ~> 23.0 spec: outputExpr: instance_connection_name inputPath: cloud_sql_instance.instances - source: source: github.com/terraform-google-modules/terraform-google-cloud-storage//modules/simple_bucket - version: ~> 6.1.0 + version: ~> 8.0 spec: outputExpr: name inputPath: gcs.bucket @@ -304,33 +306,33 @@ spec: connections: - source: source: github.com/terraform-google-modules/terraform-google-memorystore - version: ~> 10.0.0 + version: ~> 12.0 spec: outputExpr: env_vars inputPath: env_vars - source: source: github.com/terraform-google-modules/terraform-google-sql-db//modules/postgresql - version: ~> 21.0.0 + version: ~> 23.0 spec: outputExpr: env_vars inputPath: env_vars - source: source: github.com/terraform-google-modules/terraform-google-sql-db//modules/mysql - version: ~> 22.0.0 + version: ~> 23.0 spec: outputExpr: env_vars inputPath: env_vars - source: source: github.com/terraform-google-modules/terraform-google-service-accounts//modules/simple-sa - version: ~> 4.3.0 + version: ~> 4.4 spec: outputExpr: env_vars inputPath: env_vars - source: source: github.com/GoogleCloudPlatform/terraform-google-cloud-run//modules/v2 - version: ~> 0.12.0 + version: ~> 0.13 spec: - outputExpr: "{\"SERVICE_ENDPOINT\": service_uri}" + outputExpr: '{"SERVICE_ENDPOINT": service_uri}' inputPath: env_vars - name: members description: Users/SAs to be given invoker access to the service From d94847e0a386ac5944721f11d9e83ba0eac51d48 Mon Sep 17 00:00:00 2001 From: Jieyu Tian Date: Mon, 4 Nov 2024 13:53:04 -0500 Subject: [PATCH 03/12] Update modules/v2/variables.tf Co-authored-by: Bharath KKB --- modules/v2/variables.tf | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/modules/v2/variables.tf b/modules/v2/variables.tf index 69fd5cb6..5cad8f8e 100644 --- a/modules/v2/variables.tf +++ b/modules/v2/variables.tf @@ -327,6 +327,6 @@ variable "service_account_project_roles" { // Prometheus sidecar variable "enable_prometheus_sidecar" { type = bool - description = "Enable Pormetheus sidecar in Cloud Run instance." + description = "Enable Prometheus sidecar in Cloud Run instance." default = true } From 396c030a38a269a48c9c07f87f03865d14484d77 Mon Sep 17 00:00:00 2001 From: Jieyu Tian Date: Mon, 4 Nov 2024 19:43:01 +0000 Subject: [PATCH 04/12] set enable_prometheus_sidecar to false --- examples/v2_with_gmp/main.tf | 1 + modules/v2/variables.tf | 2 +- 2 files changed, 2 insertions(+), 1 deletion(-) diff --git a/examples/v2_with_gmp/main.tf b/examples/v2_with_gmp/main.tf index 30969cb3..d788a5c1 100644 --- a/examples/v2_with_gmp/main.tf +++ b/examples/v2_with_gmp/main.tf @@ -26,4 +26,5 @@ module "cloud_run_v2" { container_name = "hello-world" } ] + enable_prometheus_sidecar = true } diff --git a/modules/v2/variables.tf b/modules/v2/variables.tf index 5cad8f8e..02b37eb9 100644 --- a/modules/v2/variables.tf +++ b/modules/v2/variables.tf @@ -328,5 +328,5 @@ variable "service_account_project_roles" { variable "enable_prometheus_sidecar" { type = bool description = "Enable Prometheus sidecar in Cloud Run instance." - default = true + default = false } From 5590e888ff13cff626badfbcca5fa1273cd6eb87 Mon Sep 17 00:00:00 2001 From: Jieyu Tian Date: Mon, 4 Nov 2024 19:51:53 +0000 Subject: [PATCH 05/12] temporarily switch to relative path to fix lint issue, will have a followup PR to fix it --- examples/v2_with_gmp/main.tf | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/examples/v2_with_gmp/main.tf b/examples/v2_with_gmp/main.tf index d788a5c1..78c6f961 100644 --- a/examples/v2_with_gmp/main.tf +++ b/examples/v2_with_gmp/main.tf @@ -15,7 +15,7 @@ */ module "cloud_run_v2" { - source = "tjy9206/cloud-run/google//modules/v2" + source = "../../modules/v2" service_name = "ci-cloud-run-v2-gmp" project_id = var.project_id From f90a70ad37bf272fd65fda05a89dd9861a5a92a0 Mon Sep 17 00:00:00 2001 From: Jieyu Tian Date: Mon, 4 Nov 2024 20:00:32 +0000 Subject: [PATCH 06/12] change to false in readme --- modules/v2/README.md | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/modules/v2/README.md b/modules/v2/README.md index e3086373..55caa7d4 100644 --- a/modules/v2/README.md +++ b/modules/v2/README.md @@ -44,7 +44,7 @@ Functional examples are included in the | create\_service\_account | Create a new service account for cloud run service | `bool` | `true` | no | | custom\_audiences | One or more custom audiences that you want this service to support. Specify each custom audience as the full URL in a string. Refer https://cloud.google.com/run/docs/configuring/custom-audiences | `list(string)` | `null` | no | | description | Cloud Run service description. This field currently has a 512-character limit. | `string` | `null` | no | -| enable\_prometheus\_sidecar | Enable Pormetheus sidecar in Cloud Run instance. | `bool` | `true` | no | +| enable\_prometheus\_sidecar | Enable Prometheus sidecar in Cloud Run instance. | `bool` | `false` | no | | encryption\_key | A reference to a customer managed encryption key (CMEK) to use to encrypt this container image. | `string` | `null` | no | | execution\_environment | The sandbox environment to host this Revision. | `string` | `"EXECUTION_ENVIRONMENT_GEN2"` | no | | ingress | Provides the ingress settings for this Service. On output, returns the currently observed ingress settings, or INGRESS\_TRAFFIC\_UNSPECIFIED if no revision is active. | `string` | `"INGRESS_TRAFFIC_ALL"` | no | From 35d854674d8444aea4bb8c8d59935f1769e5b257 Mon Sep 17 00:00:00 2001 From: Jieyu Tian Date: Tue, 5 Nov 2024 23:18:11 +0000 Subject: [PATCH 07/12] regenerate readme --- modules/v2/README.md | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/modules/v2/README.md b/modules/v2/README.md index 67819ba0..02ac726b 100644 --- a/modules/v2/README.md +++ b/modules/v2/README.md @@ -41,7 +41,7 @@ Functional examples are included in the | binary\_authorization | Settings for the Binary Authorization feature. | 
object({
    breakglass_justification = optional(bool) # If present, indicates to use Breakglass using this justification. If useDefault is False, then it must be empty. For more information on breakglass, see https://cloud.google.com/binary-authorization/docs/using-breakglass
    use_default              = optional(bool) #If True, indicates to use the default project's binary authorization policy. If False, binary authorization will be disabled.
  })
| `null` | no | | client | Arbitrary identifier for the API client and version identifier | 
object({
    name    = optional(string, null)
    version = optional(string, null)
  })
| `{}` | no | | cloud\_run\_deletion\_protection | This field prevents Terraform from destroying or recreating the Cloud Run v2 Jobs and Services | `bool` | `true` | no | -| containers | Map of container images for the service | 
list(object({
    container_name       = optional(string, null)
    container_image      = string
    working_dir          = optional(string, null)
    depends_on_container = optional(list(string), null)
    container_args       = optional(list(string), null)
    container_command    = optional(list(string), null)
    env_vars             = optional(map(string), {})
    env_secret_vars = optional(map(object({
      secret  = string
      version = string
    })), {})
    volume_mounts = optional(list(object({
      name       = string
      mount_path = string
    })), [])
    ports = optional(object({
      name           = optional(string, "http1")
      container_port = optional(number, 8080)
    }), {})
    resources = optional(object({
      limits = optional(object({
        cpu    = optional(string)
        memory = optional(string)
      }))
      cpu_idle          = optional(bool, true)
      startup_cpu_boost = optional(bool, false)
    }), {})
    startup_probe = optional(object({
      failure_threshold     = optional(number, null)
      initial_delay_seconds = optional(number, null)
      timeout_seconds       = optional(number, null)
      period_seconds        = optional(number, null)
      http_get = optional(object({
        path = optional(string)
        port = optional(string)
        http_headers = optional(list(object({
          name  = string
          value = string
        })), [])
      }), null)
      tcp_socket = optional(object({
        port = optional(number)
      }), null)
      grpc = optional(object({
        port    = optional(number)
        service = optional(string)
      }), null)
    }), null)
    liveness_probe = optional(object({
      failure_threshold     = optional(number, null)
      initial_delay_seconds = optional(number, null)
      timeout_seconds       = optional(number, null)
      period_seconds        = optional(number, null)
      http_get = optional(object({
        path = optional(string)
        port = optional(string)
        http_headers = optional(list(object({
          name  = string
          value = string
        })), null)
      }), null)
      grpc = optional(object({
        port    = optional(number)
        service = optional(string)
      }), null)
    }), null)
  }))
| n/a | yes | +| containers | Map of container images for the service | 
list(object({
    container_name       = optional(string, null)
    container_image      = string
    working_dir          = optional(string, null)
    depends_on_container = optional(list(string), null)
    container_args       = optional(list(string), null)
    container_command    = optional(list(string), null)
    env_vars             = optional(map(string), {})
    env_secret_vars = optional(map(object({
      secret  = string
      version = string
    })), {})
    volume_mounts = optional(list(object({
      name       = string
      mount_path = string
    })), [])
    ports = optional(object({
      name           = optional(string, "http1")
      container_port = optional(number, 8080)
    }), {})
    resources = optional(object({
      limits = optional(object({
        cpu    = optional(string)
        memory = optional(string)
      }))
      cpu_idle          = optional(bool, true)
      startup_cpu_boost = optional(bool, false)
    }), {})
    startup_probe = optional(object({
      failure_threshold     = optional(number, null)
      initial_delay_seconds = optional(number, null)
      timeout_seconds       = optional(number, null)
      period_seconds        = optional(number, null)
      http_get = optional(object({
        path = optional(string)
        port = optional(string)
        http_headers = optional(list(object({
          name  = string
          value = string
        })), [])
      }), null)
      tcp_socket = optional(object({
        port = optional(number)
      }), null)
      grpc = optional(object({
        port    = optional(number)
        service = optional(string)
      }), null)
    }), null)
    liveness_probe = optional(object({
      failure_threshold     = optional(number, null)
      initial_delay_seconds = optional(number, null)
      timeout_seconds       = optional(number, null)
      period_seconds        = optional(number, null)
      http_get = optional(object({
        path = optional(string)
        port = optional(string)
        http_headers = optional(list(object({
          name  = string
          value = string
        })), null)
      }), null)
      tcp_socket = optional(object({
        port = optional(number)
      }), null)
      grpc = optional(object({
        port    = optional(number)
        service = optional(string)
      }), null)
    }), null)
  }))
| n/a | yes | | create\_service\_account | Create a new service account for cloud run service | `bool` | `true` | no | | custom\_audiences | One or more custom audiences that you want this service to support. Specify each custom audience as the full URL in a string. Refer https://cloud.google.com/run/docs/configuring/custom-audiences | `list(string)` | `null` | no | | description | Cloud Run service description. This field currently has a 512-character limit. | `string` | `null` | no | From 4da6773ab18db962c6f292c211e86c715cb0ac3c Mon Sep 17 00:00:00 2001 From: Jieyu Tian Date: Thu, 7 Nov 2024 23:16:19 +0000 Subject: [PATCH 08/12] adressing comments for altDefaults and monitoring api dependency --- modules/v2/metadata.display.yaml | 3 +++ test/setup/main.tf | 3 ++- 2 files changed, 5 insertions(+), 1 deletion(-) diff --git a/modules/v2/metadata.display.yaml b/modules/v2/metadata.display.yaml index 2bf86aa8..56d7e5cd 100644 --- a/modules/v2/metadata.display.yaml +++ b/modules/v2/metadata.display.yaml @@ -49,6 +49,9 @@ spec: enable_prometheus_sidecar: name: enable_prometheus_sidecar title: Enable Prometheus Sidecar + altDefaults: + - type: ALTERNATE_TYPE_UNSPECIFIED + value: true encryption_key: name: encryption_key title: Encryption Key diff --git a/test/setup/main.tf b/test/setup/main.tf index bc590b29..7449749e 100644 --- a/test/setup/main.tf +++ b/test/setup/main.tf @@ -34,6 +34,7 @@ module "project" { "cloudkms.googleapis.com", "iam.googleapis.com", "accesscontextmanager.googleapis.com", - "cloudbilling.googleapis.com" + "cloudbilling.googleapis.com", + "monitoring.googleapis.com" ] } From c0911834233a8370f157713e639c3ae4cdff0db4 Mon Sep 17 00:00:00 2001 From: abhishek kumar tiwari Date: Mon, 11 Nov 2024 14:12:01 +0530 Subject: [PATCH 09/12] Update metadata.display.yaml --- modules/v2/metadata.display.yaml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/modules/v2/metadata.display.yaml b/modules/v2/metadata.display.yaml index efc0a34c..51fe58e3 100644 --- a/modules/v2/metadata.display.yaml +++ b/modules/v2/metadata.display.yaml @@ -50,7 +50,7 @@ spec: name: enable_prometheus_sidecar title: Enable Prometheus Sidecar altDefaults: - - type: ALTERNATE_TYPE_UNSPECIFIED + - type: ALTERNATE_TYPE_DC value: true encryption_key: name: encryption_key From 355588fcd25948612949f20cac67c066fdcb7f87 Mon Sep 17 00:00:00 2001 From: abhishek kumar tiwari Date: Mon, 11 Nov 2024 14:17:08 +0530 Subject: [PATCH 10/12] Update main.tf --- examples/v2_with_gmp/main.tf | 3 ++- 1 file changed, 2 insertions(+), 1 deletion(-) diff --git a/examples/v2_with_gmp/main.tf b/examples/v2_with_gmp/main.tf index 78c6f961..38f400d4 100644 --- a/examples/v2_with_gmp/main.tf +++ b/examples/v2_with_gmp/main.tf @@ -15,7 +15,8 @@ */ module "cloud_run_v2" { - source = "../../modules/v2" + source = "GoogleCloudPlatform/cloud-run/google//modules/v2" + version = "~> 0.14" service_name = "ci-cloud-run-v2-gmp" project_id = var.project_id From 940036d9b94992168df4d52944c747cb0444629c Mon Sep 17 00:00:00 2001 From: Jieyu Tian Date: Mon, 11 Nov 2024 16:17:27 +0000 Subject: [PATCH 11/12] update CFT version --- Makefile | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/Makefile b/Makefile index 524d1837..07f7099c 100644 --- a/Makefile +++ b/Makefile @@ -18,7 +18,7 @@ # Make will use bash instead of sh SHELL := /usr/bin/env bash -DOCKER_TAG_VERSION_DEVELOPER_TOOLS := 1.22 +DOCKER_TAG_VERSION_DEVELOPER_TOOLS := 1.22.17 DOCKER_IMAGE_DEVELOPER_TOOLS := cft/developer-tools REGISTRY_URL := gcr.io/cloud-foundation-cicd From 49f2826fd2abb1e87609044dee124c0f5539f77c Mon Sep 17 00:00:00 2001 From: Jieyu Tian Date: Mon, 11 Nov 2024 16:20:58 +0000 Subject: [PATCH 12/12] revert CFT version change --- Makefile | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/Makefile b/Makefile index 07f7099c..524d1837 100644 --- a/Makefile +++ b/Makefile @@ -18,7 +18,7 @@ # Make will use bash instead of sh SHELL := /usr/bin/env bash -DOCKER_TAG_VERSION_DEVELOPER_TOOLS := 1.22.17 +DOCKER_TAG_VERSION_DEVELOPER_TOOLS := 1.22 DOCKER_IMAGE_DEVELOPER_TOOLS := cft/developer-tools REGISTRY_URL := gcr.io/cloud-foundation-cicd