GCP + Terraform
エミュレータ色々
CloudRunのベース技術はKnative
Terraform と Cloud Run
code:error
Error: project: required field is not set
│
│ with data.google_project.project,
│ on cloudrun.tf line 1, in data "google_project" "project":
│ 1: data "google_project" "project" {
Serverless Neg + Cloud Run + HTTP Loadbalancer
Practice
Terraform 公式
https://cloud.google.com/load-balancing/images/lb-serverless-run.svg
module lb-http をterraform すると....
code:result
# module.lb-http.google_compute_backend_service.default"default" will be created + resource "google_compute_backend_service" "default" {
+ connection_draining_timeout_sec = 300
+ creation_timestamp = (known after apply)
+ enable_cdn = false
+ fingerprint = (known after apply)
+ id = (known after apply)
+ load_balancing_scheme = "EXTERNAL"
+ name = "loadbalancer-for-neg-backend-default"
+ port_name = (known after apply)
+ project = "myblog-314601"
+ protocol = (known after apply)
+ self_link = (known after apply)
+ session_affinity = (known after apply)
+ timeout_sec = (known after apply)
+ backend {
+ balancing_mode = "UTILIZATION"
+ capacity_scaler = 1
+ group = "projects/myblog-314601/regions/asia-northeast1/networkEndpointGroups/cloudrun-neg"
+ max_utilization = 0.8
}
+ cdn_policy {
+ cache_mode = (known after apply)
+ client_ttl = (known after apply)
+ default_ttl = (known after apply)
+ max_ttl = (known after apply)
+ negative_caching = (known after apply)
+ serve_while_stale = (known after apply)
+ signed_url_cache_max_age_sec = (known after apply)
+ cache_key_policy {
+ include_host = (known after apply)
+ include_protocol = (known after apply)
+ include_query_string = (known after apply)
+ query_string_blacklist = (known after apply)
+ query_string_whitelist = (known after apply)
}
+ negative_caching_policy {
+ code = (known after apply)
+ ttl = (known after apply)
}
}
+ log_config {
+ enable = true
+ sample_rate = 1
}
}
# module.lb-http.google_compute_global_address.default0 will be created + resource "google_compute_global_address" "default" {
+ address = (known after apply)
+ creation_timestamp = (known after apply)
+ id = (known after apply)
+ name = "loadbalancer-for-neg-address"
+ project = "myblog-314601"
+ self_link = (known after apply)
}
# module.lb-http.google_compute_global_forwarding_rule.http0 will be created + resource "google_compute_global_forwarding_rule" "http" {
+ id = (known after apply)
+ ip_address = (known after apply)
+ ip_protocol = (known after apply)
+ load_balancing_scheme = "EXTERNAL"
+ name = "loadbalancer-for-neg"
+ port_range = "80"
+ project = "myblog-314601"
+ self_link = (known after apply)
+ target = (known after apply)
}
# module.lb-http.google_compute_target_http_proxy.default0 will be created + resource "google_compute_target_http_proxy" "default" {
+ creation_timestamp = (known after apply)
+ id = (known after apply)
+ name = "loadbalancer-for-neg-http-proxy"
+ project = "myblog-314601"
+ proxy_bind = (known after apply)
+ proxy_id = (known after apply)
+ self_link = (known after apply)
+ url_map = (known after apply)
}
# module.lb-http.google_compute_url_map.default0 will be created + resource "google_compute_url_map" "default" {
+ creation_timestamp = (known after apply)
+ default_service = (known after apply)
+ fingerprint = (known after apply)
+ id = (known after apply)
+ map_id = (known after apply)
+ name = "loadbalancer-for-neg-url-map"
+ project = "myblog-314601"
+ self_link = (known after apply)
}
iam周りで困ってる
code:error
Step #2: ERROR: (gcloud.run.deploy) PERMISSION_DENIED: Google Cloud Run Service Agent does not have permission to get access tokens for the service account NUMBER-compute@developer.gserviceaccount.com. Please give service-NUMBER@serverless-robot-prod.iam.gserviceaccount.com permission iam.serviceAccounts.getAccessToken on the service account. Alternatively, if the service account is unspecified or in the same project you are deploying in, ensure that the Service Agent is assigned the Google Cloud Run Service Agent role roles/run.serviceAgent. code:erro
Step #2: ERROR: (gcloud.run.deploy) PERMISSION_DENIED: Google Cloud Run Service Agent does not have permission to get access tokens for the service account 529277301641-compute@developer.gserviceaccount.com. Please give service-529277301641@serverless-robot-prod.iam.gserviceaccount.com permission iam.serviceAccounts.getAccessToken on the service account. Alternatively, if the service account is unspecified or in the same project you are deploying in, ensure that the Service Agent is assigned the Google Cloud Run Service Agent role roles/run.serviceAgent.