diff --git a/modules/cloud-run/README.md b/modules/cloud-run/README.md
index 69318b9273..d3aee2f604 100644
--- a/modules/cloud-run/README.md
+++ b/modules/cloud-run/README.md
@@ -121,6 +121,28 @@ module "cloud_run" {
# tftest modules=1 resources=2 inventory=connector.yaml
```
+Note that if you are using Shared VPC you need to specify a subnet:
+
+```hcl
+module "cloud_run" {
+ source = "./fabric/modules/cloud-run"
+ project_id = var.project_id
+ name = "hello"
+ containers = {
+ hello = {
+ image = "us-docker.pkg.dev/cloudrun/container/hello"
+ }
+ }
+ vpc_connector_create = {
+ subnet = {
+ name = "subnet-vpc-access"
+ project_id = "host-project"
+ }
+ }
+}
+# tftest modules=1 resources=2 inventory=connector-shared.yaml
+```
+
### Traffic split
This deploys a Cloud Run service with traffic split between two revisions.
@@ -254,7 +276,7 @@ module "cloud_run" {
| [timeout_seconds](variables.tf#L180) | Maximum duration the instance is allowed for responding to a request. | number | | null |
| [traffic](variables.tf#L186) | Traffic steering configuration. If revision name is null the latest revision will be used. | map(object({…})) | | {} |
| [volumes](variables.tf#L197) | Named volumes in containers in name => attributes format. | map(object({…})) | | {} |
-| [vpc_connector_create](variables.tf#L211) | Populate this to create a VPC connector. You can then refer to it in the template annotations. | object({…}) | | null |
+| [vpc_connector_create](variables.tf#L211) | Populate this to create a VPC connector. You can then refer to it in the template annotations. | object({…}) | | null |
## Outputs
diff --git a/modules/cloud-run/main.tf b/modules/cloud-run/main.tf
index 474d05c5fe..f2d8e327f0 100644
--- a/modules/cloud-run/main.tf
+++ b/modules/cloud-run/main.tf
@@ -92,6 +92,10 @@ resource "google_vpc_access_connector" "connector" {
max_throughput = var.vpc_connector_create.throughput.max
min_instances = var.vpc_connector_create.instances.min
min_throughput = var.vpc_connector_create.throughput.min
+ subnet {
+ name = var.vpc_connector_create.subnet.name
+ project_id = var.vpc_connector_create.subnet.project_id
+ }
}
resource "google_cloud_run_service" "service" {
diff --git a/modules/cloud-run/variables.tf b/modules/cloud-run/variables.tf
index e82576fe98..afeeb4ddea 100644
--- a/modules/cloud-run/variables.tf
+++ b/modules/cloud-run/variables.tf
@@ -211,8 +211,8 @@ variable "volumes" {
variable "vpc_connector_create" {
description = "Populate this to create a VPC connector. You can then refer to it in the template annotations."
type = object({
- ip_cidr_range = string
- vpc_self_link = string
+ ip_cidr_range = optional(string)
+ vpc_self_link = optional(string)
machine_type = optional(string)
name = optional(string)
instances = optional(object({
@@ -223,6 +223,10 @@ variable "vpc_connector_create" {
max = optional(number)
min = optional(number)
}), {})
+ subnet = optional(object({
+ name = optional(string)
+ project_id = optional(string)
+ }), {})
})
default = null
}
diff --git a/tests/modules/cloud_run/examples/connector-shared.yaml b/tests/modules/cloud_run/examples/connector-shared.yaml
new file mode 100644
index 0000000000..4db0a3bcc6
--- /dev/null
+++ b/tests/modules/cloud_run/examples/connector-shared.yaml
@@ -0,0 +1,53 @@
+# Copyright 2023 Google LLC
+#
+# Licensed under the Apache License, Version 2.0 (the "License");
+# you may not use this file except in compliance with the License.
+# You may obtain a copy of the License at
+#
+# http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS,
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+# See the License for the specific language governing permissions and
+# limitations under the License.
+
+values:
+ module.cloud_run.google_cloud_run_service.service:
+ autogenerate_revision_name: false
+ location: europe-west1
+ metadata:
+ - {}
+ name: hello
+ project: project-id
+ template:
+ - metadata:
+ - labels: null
+ spec:
+ - containers:
+ - args: null
+ command: null
+ env: []
+ env_from: []
+ image: us-docker.pkg.dev/cloudrun/container/hello
+ liveness_probe: []
+ volume_mounts: []
+ working_dir: null
+ volumes: []
+ timeouts: null
+ module.cloud_run.google_vpc_access_connector.connector[0]:
+ ip_cidr_range: null
+ machine_type: e2-micro
+ max_throughput: 300
+ min_throughput: 200
+ name: hello
+ project: project-id
+ region: europe-west1
+ subnet:
+ - name: subnet-vpc-access
+ project_id: host-project
+ timeouts: null
+
+counts:
+ google_cloud_run_service: 1
+ google_vpc_access_connector: 1
diff --git a/tests/modules/cloud_run/examples/connector.yaml b/tests/modules/cloud_run/examples/connector.yaml
index ce2ec6fc32..79c5c3794b 100644
--- a/tests/modules/cloud_run/examples/connector.yaml
+++ b/tests/modules/cloud_run/examples/connector.yaml
@@ -41,7 +41,8 @@ values:
network: projects/example/host/global/networks/host
project: project-id
region: europe-west1
- subnet: []
+ subnet:
+ - name: null
counts:
google_cloud_run_service: 1