At work we use Google Cloud Run (a wrapper around Knative).
All our infrastructure is provisioned via Terraform. We provision a Cloud Run service via Terraform in the following way:
resource "google_cloud_run_v2_service" "my_service" {
name = "my-service"
lifecycle {
ignore_changes = all
}
template {
containers {
image = "gcr.io/cloudrun/hello"
}
}
}
... and we deploy a new Cloud Run revision in our CI/CD pipelines via the gcloud CLI:
gcloud run deploy $SERVICE \
--image=$IMAGE:$TAG \
--cpu=$CPU_UNITS \
--memory=$MEMORY \
...
The environment variables you see above are taken from JSON files. Each service has its own JSON files that specify image name, image tag, CPU, memory, and so forth.
Maintaining these schema-less JSON files and manually parsing them to parametrize a command-line gcloud command works fine, but we're wondering if there isn't a better way to do this.
I can think of the following approaches to this problem, but I am not sure if perhaps another, better approach exists:
- Our current approach: declare the Cloud Run service as a dummy TF resource, then use the gcloud CLI to provision actual revisions on top of this service.
- Use Terraform a bit more: declare image name, CPU, memory, and so forth via Terraform, then use the gcloud CLI to provision revisions that only specify the image tag. In the code above you would just replace the TF
ignore_changes = allwithignore_changes = [ template[0].containers[0].image_tag ]or something like that. - Use the gcloud CLI to reference a YAML file with a Knative/Kubernetes configuration. Generate that configuration via a templating tool like
kustomize.
Which one of these solutions is preferable? Is there a best practice to version-control Google Cloud Run configuration?
My impression is that the first approach is in the middle; the second approach sees Cloud Run as a black box; the third approach sees Cloud Run as really just Knative/k8s that should be configured directly with YAML files following k8s schemas.