https://github.com/libops/terraform-cloudrun-v2
https://github.com/libops/terraform-cloudrun-v2
Last synced: about 1 month ago
JSON representation
- Host: GitHub
- URL: https://github.com/libops/terraform-cloudrun-v2
- Owner: libops
- License: mit
- Created: 2025-06-18T09:52:25.000Z (10 months ago)
- Default Branch: main
- Last Pushed: 2026-02-22T11:47:00.000Z (about 1 month ago)
- Last Synced: 2026-02-22T17:19:26.049Z (about 1 month ago)
- Language: HCL
- Size: 34.2 KB
- Stars: 0
- Watchers: 0
- Forks: 0
- Open Issues: 1
-
Metadata Files:
- Readme: README.md
- License: LICENSE
Awesome Lists containing this project
README
# terraform-cloudrun-v2
Terraform module for a multi-region [Google Cloud Run v2 Service](https://registry.terraform.io/providers/hashicorp/google/latest/docs/resources/cloud_run_v2_service) behind a [serverless Network Endpoint Group (NEG)](https://cloud.google.com/load-balancing/docs/negs/serverless-neg-concepts).
Variables support GPUs, GCS mounts, multi-containers.
## Requirements
| Name | Version |
|------|---------|
| [google](#requirement\_google) | ~> 7.0 |
## Providers
| Name | Version |
|------|---------|
| [google](#provider\_google) | ~> 7.0 |
## Modules
No modules.
## Resources
| Name | Type |
|------|------|
| [google_cloud_run_v2_service.cloudrun](https://registry.terraform.io/providers/hashicorp/google/latest/docs/resources/cloud_run_v2_service) | resource |
| [google_cloud_run_v2_service_iam_member.invoker](https://registry.terraform.io/providers/hashicorp/google/latest/docs/resources/cloud_run_v2_service_iam_member) | resource |
| [google_compute_backend_service.backend](https://registry.terraform.io/providers/hashicorp/google/latest/docs/resources/compute_backend_service) | resource |
| [google_compute_region_network_endpoint_group.neg](https://registry.terraform.io/providers/hashicorp/google/latest/docs/resources/compute_region_network_endpoint_group) | resource |
| [google_service_account.service_account](https://registry.terraform.io/providers/hashicorp/google/latest/docs/data-sources/service_account) | data source |
## Inputs
| Name | Description | Type | Default | Required |
|------|-------------|------|---------|:--------:|
| [addl\_env\_vars](#input\_addl\_env\_vars) | Additional environment variables to set in containers |
list(object({
name = string
value = string
})) | `[]` | no |
| [containers](#input\_containers) | List of container configurations to run in the service. At least one container needs a port. This allows easily configuring multi-container deployments. | list(object({
image = string
name = string
command = optional(list(string), null)
args = optional(list(string), null)
port = optional(number, 0)
memory = optional(string, "512Mi")
cpu = optional(string, "1000m")
liveness_probe = optional(string, "")
gpus = optional(string, "")
volume_mounts = optional(list(object({
name = string
mount_path = string
})), [])
})) | n/a | yes |
| [empty\_dir\_volumes](#input\_empty\_dir\_volumes) | List of empty directory volumes to create and mount | list(object({
name = string
size_limit = optional(string, "2Mi")
})) | `[]` | no |
| [gcs\_volumes](#input\_gcs\_volumes) | List of Google Cloud Storage buckets to mount as volumes. Must ensure the Cloud Run GSA has proper IAM set on the bucket | list(object({
name = string
bucket = string
read_only = optional(bool, true)
})) | `[]` | no |
| [gsa](#input\_gsa) | Service account name the Cloud Run service will run as. If empty, creates a new one. | `string` | n/a | yes |
| [invokers](#input\_invokers) | List of members to grant Cloud Run invoker role | `list(string)` | [
"allUsers"
]
| no |
| [max\_instances](#input\_max\_instances) | Maximum number of instances to scale to | `string` | `"100"` | no |
| [min\_instances](#input\_min\_instances) | Minimum number of instances to keep running | `string` | `"0"` | no |
| [name](#input\_name) | Name of the Cloud Run service | `string` | n/a | yes |
| [project](#input\_project) | The GCP project to use | `string` | n/a | yes |
| [regions](#input\_regions) | The GCP region(s) to deploy to | `list(string)` | [
"us-east4",
"us-east5",
"us-central1",
"us-west3",
"us-west1",
"us-west4",
"us-south1",
"northamerica-northeast1",
"northamerica-northeast2",
"northamerica-south1",
"australia-southeast1",
"australia-southeast2"
]
| no |
| [secrets](#input\_secrets) | List of Secret Manager secrets to mount as environment variables | list(object({
name = string
secret_id = string
secret_name = string
})) | `[]` | no |
| [skipNeg](#input\_skipNeg) | Skip creating Network Endpoint Group and Backend Service | `bool` | `false` | no |
| [vpc\_direct\_egress](#input\_vpc\_direct\_egress) | Traffic VPC egress settings. Possible values are: `ALL_TRAFFIC`, `PRIVATE_RANGES_ONLY`. | `string` | `"OFF"` | no |
| [vpc\_direct\_egress\_network](#input\_vpc\_direct\_egress\_network) | The VPC network that the Cloud Run resource will be able to send traffic to | `string` | `"default"` | no |
| [vpc\_direct\_egress\_subnetwork](#input\_vpc\_direct\_egress\_subnetwork) | The VPC subnetwork that the Cloud Run resource will get IPs from | `string` | `"default"` | no |
| [vpc\_direct\_egress\_tags](#input\_vpc\_direct\_egress\_tags) | Network tags applied to this Cloud Run service | `list(string)` | `null` | no |
## Outputs
| Name | Description |
|------|-------------|
| [backend](#output\_backend) | Backend service ID for load balancer (empty if skipNeg is true) |
| [name](#output\_name) | Map of region to Cloud Run service names |
| [url](#output\_url) | Primary Cloud Run service URL (first region) |
| [urls](#output\_urls) | Map of region to Cloud Run service URLs |