direct vpc access and domain mappings
This commit is contained in:
parent
010acc6d85
commit
c20929b06f
|
@ -38,17 +38,6 @@ resource "google_project_service" "serverless_vpc_api" {
|
||||||
disable_on_destroy = true
|
disable_on_destroy = true
|
||||||
}
|
}
|
||||||
|
|
||||||
resource "google_vpc_access_connector" "vpc_connector" {
|
|
||||||
name = "capstone-connector"
|
|
||||||
subnet {
|
|
||||||
name = "cloud-run-capstone"
|
|
||||||
}
|
|
||||||
region = var.project_region
|
|
||||||
machine_type = "f1-micro"
|
|
||||||
min_instances = 2
|
|
||||||
max_instances = 3
|
|
||||||
}
|
|
||||||
|
|
||||||
resource "google_artifact_registry_repository" "capstone_repo" {
|
resource "google_artifact_registry_repository" "capstone_repo" {
|
||||||
location = var.project_region
|
location = var.project_region
|
||||||
repository_id = "capstone-repo"
|
repository_id = "capstone-repo"
|
||||||
|
@ -65,17 +54,21 @@ resource "google_artifact_registry_repository" "capstone_repo" {
|
||||||
resource "google_cloud_run_v2_service" "webhook_service_cr" {
|
resource "google_cloud_run_v2_service" "webhook_service_cr" {
|
||||||
name = "webhook-service-cr"
|
name = "webhook-service-cr"
|
||||||
location = var.project_region
|
location = var.project_region
|
||||||
|
launch_stage = "BETA"
|
||||||
|
|
||||||
template {
|
template {
|
||||||
containers {
|
containers {
|
||||||
image = "${var.project_region}-docker.pkg.dev/${var.project_id}/${google_artifact_registry_repository.capstone_repo.name}/webhook-service:latest"
|
image = "${var.project_region}-docker.pkg.dev/${var.project_id}/${google_artifact_registry_repository.capstone_repo.name}/webhook-service:latest"
|
||||||
}
|
}
|
||||||
vpc_access{
|
vpc_access{
|
||||||
connector = google_vpc_access_connector.vpc_connector.id
|
network_interfaces {
|
||||||
|
network = "main"
|
||||||
|
subnetwork = "application"
|
||||||
|
}
|
||||||
egress = "ALL_TRAFFIC"
|
egress = "ALL_TRAFFIC"
|
||||||
}
|
}
|
||||||
}
|
}
|
||||||
depends_on = [ google_project_service.run_api, google_artifact_registry_repository.capstone_repo, google_vpc_access_connector.vpc_connector ]
|
depends_on = [ google_project_service.run_api, google_artifact_registry_repository.capstone_repo ]
|
||||||
}
|
}
|
||||||
|
|
||||||
|
|
||||||
|
@ -90,18 +83,22 @@ resource "google_cloud_run_v2_service_iam_member" "webhook_service_run_all_users
|
||||||
resource "google_cloud_run_v2_service" "frontend_service_cr" {
|
resource "google_cloud_run_v2_service" "frontend_service_cr" {
|
||||||
name = "frontend-service-cr"
|
name = "frontend-service-cr"
|
||||||
location = var.project_region
|
location = var.project_region
|
||||||
|
launch_stage = "BETA"
|
||||||
|
|
||||||
template {
|
template {
|
||||||
containers {
|
containers {
|
||||||
image = "${var.project_region}-docker.pkg.dev/${var.project_id}/${google_artifact_registry_repository.capstone_repo.name}/frontend-service:latest"
|
image = "${var.project_region}-docker.pkg.dev/${var.project_id}/${google_artifact_registry_repository.capstone_repo.name}/frontend-service:latest"
|
||||||
}
|
}
|
||||||
vpc_access{
|
vpc_access{
|
||||||
connector = google_vpc_access_connector.vpc_connector.id
|
network_interfaces {
|
||||||
|
network = "main"
|
||||||
|
subnetwork = "application"
|
||||||
|
}
|
||||||
egress = "ALL_TRAFFIC"
|
egress = "ALL_TRAFFIC"
|
||||||
}
|
}
|
||||||
}
|
}
|
||||||
|
|
||||||
depends_on = [ google_project_service.run_api, google_artifact_registry_repository.capstone_repo, google_vpc_access_connector.vpc_connector ]
|
depends_on = [ google_project_service.run_api, google_artifact_registry_repository.capstone_repo ]
|
||||||
}
|
}
|
||||||
|
|
||||||
|
|
||||||
|
@ -112,3 +109,58 @@ resource "google_cloud_run_v2_service_iam_member" "frontend_service_run_all_user
|
||||||
role = "roles/run.invoker"
|
role = "roles/run.invoker"
|
||||||
member = "allUsers"
|
member = "allUsers"
|
||||||
}
|
}
|
||||||
|
|
||||||
|
data "google_dns_managed_zone" "preston_baxter_zone" {
|
||||||
|
name = "pbaxter-main-zone"
|
||||||
|
}
|
||||||
|
|
||||||
|
resource "google_dns_record_set" "webhook_cname" {
|
||||||
|
name = "webhook.${data.google_dns_managed_zone.preston_baxter_zone.dns_name}"
|
||||||
|
managed_zone = data.google_dns_managed_zone.preston_baxter_zone.name
|
||||||
|
type = "CNAME"
|
||||||
|
ttl = 300
|
||||||
|
rrdatas = [
|
||||||
|
"ghs.googlehosted.com."
|
||||||
|
]
|
||||||
|
|
||||||
|
depends_on = [ google_cloud_run_v2_service.webhook_service_cr ]
|
||||||
|
}
|
||||||
|
|
||||||
|
resource "google_dns_record_set" "frontend_cname" {
|
||||||
|
name = "frontend.${data.google_dns_managed_zone.preston_baxter_zone.dns_name}"
|
||||||
|
managed_zone = data.google_dns_managed_zone.preston_baxter_zone.name
|
||||||
|
type = "CNAME"
|
||||||
|
ttl = 300
|
||||||
|
rrdatas = [
|
||||||
|
"ghs.googlehosted.com."
|
||||||
|
]
|
||||||
|
|
||||||
|
depends_on = [ google_cloud_run_v2_service.frontend_service_cr ]
|
||||||
|
}
|
||||||
|
|
||||||
|
resource "google_cloud_run_domain_mapping" "frontend_cname_mapping" {
|
||||||
|
location = "us-central1"
|
||||||
|
name = trimsuffix("frontend.${data.google_dns_managed_zone.preston_baxter_zone.dns_name}", ".")
|
||||||
|
|
||||||
|
metadata {
|
||||||
|
namespace = var.project_id
|
||||||
|
}
|
||||||
|
|
||||||
|
spec {
|
||||||
|
route_name = google_cloud_run_v2_service.frontend_service_cr.name
|
||||||
|
}
|
||||||
|
}
|
||||||
|
|
||||||
|
resource "google_cloud_run_domain_mapping" "webhook_cname_mapping" {
|
||||||
|
location = "us-central1"
|
||||||
|
name = trimsuffix("webhook.${data.google_dns_managed_zone.preston_baxter_zone.dns_name}", ".")
|
||||||
|
|
||||||
|
metadata {
|
||||||
|
namespace = var.project_id
|
||||||
|
}
|
||||||
|
|
||||||
|
|
||||||
|
spec {
|
||||||
|
route_name = google_cloud_run_v2_service.webhook_service_cr.name
|
||||||
|
}
|
||||||
|
}
|
||||||
|
|
Loading…
Reference in New Issue