// Copyright 2022 Google Inc. All Rights Reserved. // // Licensed under the Apache License, Version 2.0 (the "License"); // you may not use this file except in compliance with the License. // You may obtain a copy of the License at // // http://www.apache.org/licenses/LICENSE-2.0 // // Unless required by applicable law or agreed to in writing, software // distributed under the License is distributed on an "AS IS" BASIS, // WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. // See the License for the specific language governing permissions and // limitations under the License. locals { image = var.image != "" ? var.image : "gcr.io/${var.project}/${var.repository}:latest" regions = jsondecode(file("${path.module}/regions.json")) } // Enable Cloud Run API. resource "google_project_service" "run" { service = "run.googleapis.com" // used to ensure gcr api is disabled on tf destroy depends_on = [ google_project_service.gcr ] } // Deploy a Cloud Run service in each region listed in the regions.json resource "google_cloud_run_service" "regions" { for_each = local.regions name = each.key location = each.key template { metadata { annotations = { "autoscaling.knative.dev/maxScale" = "3" // Control costs. "run.googleapis.com/launch-stage" = "BETA" } } spec { service_account_name = google_service_account.minimal.email containers { image = local.image env { name = "REGION" value = each.key } } } } lifecycle { ignore_changes = [ // This gets added by the Cloud Run API post deploy and causes diffs, can be ignored... template[0].metadata[0].annotations["run.googleapis.com/sandbox"], ] } traffic { percent = 100 latest_revision = true } depends_on = [ google_project_service.run, google_project_service.gcr, ] } // Make each Cloud Run service invokable by unauthenticated users. resource "google_cloud_run_service_iam_member" "allUsers" { for_each = google_cloud_run_service.regions service = google_cloud_run_service.regions[each.key].name location = each.key role = "roles/run.invoker" member = "allUsers" depends_on = [google_cloud_run_service.regions] } // Create a regional network endpoint group (NEG) for each regional Cloud Run service. resource "google_compute_region_network_endpoint_group" "regions" { for_each = google_cloud_run_service.regions name = google_cloud_run_service.regions[each.key].name network_endpoint_type = "SERVERLESS" region = each.key cloud_run { service = google_cloud_run_service.regions[each.key].name } lifecycle { create_before_destroy = true } depends_on = [google_project_service.compute] }