Skip to content

Commit

Permalink
GH-4: Use explicit subnets and use Direct VPC for Cloud Run
Browse files Browse the repository at this point in the history
  • Loading branch information
@markhobson
markhobson committed Oct 19, 2023
1 parent a805f05 commit 4a019ac
Show file tree
Hide file tree
Showing 6 changed files with 28 additions and 19 deletions.
24 changes: 10 additions & 14 deletions cloud/schemes/cloud-run/main.tf
View file
Original file line number Diff line number Diff line change
Expand Up @@ -3,19 +3,15 @@ resource "google_project_service" "run" {
service = "run.googleapis.com"
}

resource "google_project_service" "vpc_access" {
project = var.project
service = "vpcaccess.googleapis.com"
}

resource "google_service_account" "cloud_run_schemes" {
account_id = "cloud-run-schemes"
}

resource "google_cloud_run_v2_service" "schemes" {
name = "schemes"
project = var.project
location = var.region
name = "schemes"
project = var.project
location = var.region
launch_stage = "BETA"

template {
containers {
Expand Down Expand Up @@ -71,8 +67,10 @@ resource "google_cloud_run_v2_service" "schemes" {
}
}
vpc_access {
connector = google_vpc_access_connector.cloud_run.id
egress = "PRIVATE_RANGES_ONLY"
network_interfaces {
subnetwork = google_compute_subnetwork.cloud_run.name
}
egress = "PRIVATE_RANGES_ONLY"
}
service_account = google_service_account.cloud_run_schemes.email
}
Expand Down Expand Up @@ -107,13 +105,11 @@ resource "google_project_iam_member" "cloud_run_artifact_registry_reader" {
depends_on = [google_project_service.run]
}

resource "google_vpc_access_connector" "cloud_run" {
resource "google_compute_subnetwork" "cloud_run" {
name = "cloud-run"
ip_cidr_range = "10.0.0.0/28"
ip_cidr_range = "10.1.0.0/24"
region = var.region
network = var.vpc_id

depends_on = [google_project_service.vpc_access]
}

# secret key
Expand Down
5 changes: 3 additions & 2 deletions cloud/schemes/cloud-sql/main.tf
View file
Original file line number Diff line number Diff line change
Expand Up @@ -8,8 +8,9 @@ resource "google_sql_database_instance" "main" {
tier = "db-f1-micro"

ip_configuration {
ipv4_enabled = false
private_network = var.vpc_id
ipv4_enabled = false
private_network = var.vpc_id
allocated_ip_range = var.vpc_private_ip_address_name
}
}
}
Expand Down
5 changes: 5 additions & 0 deletions cloud/schemes/cloud-sql/variables.tf
View file
Original file line number Diff line number Diff line change
Expand Up @@ -7,3 +7,8 @@ variable "vpc_id" {
description = "VPC ID"
type = string
}

variable "vpc_private_ip_address_name" {
description = "VPC private services IP address range name"
type = string
}
7 changes: 4 additions & 3 deletions cloud/schemes/main.tf
View file
Original file line number Diff line number Diff line change
Expand Up @@ -25,9 +25,10 @@ module "vpc" {
}

module "cloud_sql" {
source = "./cloud-sql"
region = local.location
vpc_id = module.vpc.id
source = "./cloud-sql"
region = local.location
vpc_id = module.vpc.id
vpc_private_ip_address_name = module.vpc.private_ip_address_name

depends_on = [
module.secret_manager,
Expand Down
1 change: 1 addition & 0 deletions cloud/schemes/vpc/main.tf
View file
Original file line number Diff line number Diff line change
Expand Up @@ -19,6 +19,7 @@ resource "google_compute_global_address" "private_ip_address" {

address_type = "INTERNAL"
purpose = "VPC_PEERING"
address = "10.0.0.0"
prefix_length = 16
}

Expand Down
5 changes: 5 additions & 0 deletions cloud/schemes/vpc/outputs.tf
View file
Original file line number Diff line number Diff line change
Expand Up @@ -2,3 +2,8 @@ output "id" {
description = "VPC ID"
value = google_compute_network.main.id
}

output "private_ip_address_name" {
description = "VPC private services IP address range name"
value = google_compute_global_address.private_ip_address.name
}

0 comments on commit 4a019ac

Please sign in to comment.