Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Support direct VPC egress #196

Merged
merged 3 commits into from
Apr 3, 2024
Merged

Support direct VPC egress #196

Show file tree
Hide file tree
Changes from all commits
Commits
Show all changes
3 commits
Select commit Hold shift + click to select a range
d315446
Support direct VPC egress
wolfthom Mar 27, 2024
43408f5
Merge branch 'master' into support-direct-vpc-egress
heubeck Apr 3, 2024
6639604
Merge branch 'master' into support-direct-vpc-egress
steinbrueckri Apr 3, 2024
File filter

Filter by extension

Filter by extension
Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
7 changes: 5 additions & 2 deletions README.MD
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -31,8 +31,11 @@ A Github Action that deploys a service to Google Cloud Run (GCP managed Knative-
| `no_traffic` | Set to true to just deploy a new revision without shifting traffic | `false` | false | [gcloud run deploy](https://cloud.google.com/sdk/gcloud/reference/run/deploy#--no-traffic) |
| `cloudsql_instances` | Comma separated list of CloudSQL instances to connect to | | false | [gcloud run deploy](https://cloud.google.com/sdk/gcloud/reference/run/deploy#--set-cloudsql-instances) |
| `vpc_connector` | Name of the Serverless VPC Access connector to use with this service | | false | [gcloud run deploy](https://cloud.google.com/sdk/gcloud/reference/run/deploy#--vpc-connector) |
| `vpc_egress` | Outbound traffic configuration, if a vpc_connector is configured; options are: `private-ranges-only`, `all-traffic` | `private-ranges-only` | false | [gcloud run deploy](https://cloud.google.com/sdk/gcloud/reference/run/deploy#--vpc-egress) |
| `ingress` | Allowed ingress traffic sources; options are: `all`, `internal`, `internal-and-cloud-load-balancing` | `all` | false | [gcloud run deploy](https://cloud.google.com/sdk/gcloud/reference/run/deploy#--ingress) |
| `vpc_egress` | Outbound traffic configuration, if a vpc_connector is configured; options are: `private-ranges-only`, `all-traffic` | `private-ranges-only` | false | [gcloud run deploy](https://cloud.google.com/sdk/gcloud/reference/run/deploy#--vpc-egress) |
| `vpc_network` | Name of VPC network when using direct VPC egress w/o vpc connector | | false | [gcloud run deploy](https://cloud.google.com/run/docs/configuring/vpc-direct-vpc#direct-vpc-service) |
| `vpc_subnet` | Name of VPC network's subnet when using direct VPC egress w/o vpc connector | | false | [gcloud run deploy](https://cloud.google.com/run/docs/configuring/vpc-direct-vpc#direct-vpc-service) |
| `vpc_network_tags` | Comma-separated list of network tags for the VPC network to be used | | false | [gcloud run deploy](https://cloud.google.com/run/docs/configuring/vpc-direct-vpc#direct-vpc-service)|
| `ingress` | Allowed ingress traffic sources; options are: `all`, `internal`, `internal-and-cloud-load-balancing` | `all` | false | [gcloud run deploy](https://cloud.google.com/sdk/gcloud/reference/run/deploy#--ingress) |
| `execution_environment` | Selects the execution environment where the application will run; options are: `gen1`, `gen2` | | false | [gcloud run deploy](https://cloud.google.com/sdk/gcloud/reference/run/deploy#--execution-environment), [cloud run docs](https://cloud.google.com/run/docs/about-execution-environments) |
| `debug` | Whether the gcloud commands should be printed to output | `false` | false | |

Expand Down
12 changes: 12 additions & 0 deletions action.yml
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -84,6 +84,18 @@ inputs:
description: 'Outbound traffic configuration, if a vpc_connector is configured'
required: false
default: 'private-ranges-only'
vpc_network:
description: 'Name of VPC network when using direct VPC egress'
required: false
default: ''
vpc_subnet:
description: 'Name of VPC network''s subnet'
required: false
default: ''
vpc_network_tags:
description: 'Comma-separated list of network tags'
required: false
default: ''
ingress:
description: 'Allowed ingress traffic sources'
required: false
Expand Down
25 changes: 25 additions & 0 deletions entrypoint.sh
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -149,6 +149,30 @@ if [ -n "$INPUT_VPC_CONNECTOR" ]; then
fi
fi

# Network and Network Tags can/must be cleared. There is no --clear-subnet flag
# At most one of --clear-network | --network --subnet --clear-network-tags | --network-tags can be specified
VPC_NETWORK="--clear-network"
VPC_SUBNET=""
VPC_NETWORK_TAGS=""

if [ -n "$INPUT_VPC_NETWORK" ]; then
VPC_NETWORK="--network=$INPUT_VPC_NETWORK"
VPC_NETWORK_TAGS="--clear-network-tags" # if VPC_NETWORK is set and NETWORK_TAGS is not

if [ -n "$INPUT_VPC_SUBNET" ]; then
VPC_SUBNET="--subnet=$INPUT_VPC_SUBNET"
fi

if [ -n "$INPUT_VPC_NETWORK_TAGS" ]; then
VPC_NETWORK_TAGS="--network-tags=$INPUT_VPC_NETWORK_TAGS"
fi

if [ -n "${INPUT_VPC_EGRESS}" ]; then
VPC_EGRESS="--vpc-egress=$INPUT_VPC_EGRESS"
fi

fi

INGRESS=""
if [ -n "$INPUT_INGRESS" ]; then
INGRESS="--ingress=$INPUT_INGRESS"
Expand Down Expand Up @@ -193,6 +217,7 @@ gcloud beta run deploy "$SERVICE_NAME" \
$SERVICE_ACCOUNT \
$CLOUDSQL_INSTANCES \
$VPC_CONNECTOR $VPC_EGRESS \
$VPC_NETWORK $VPC_SUBNET $VPC_NETWORK_TAGS \
$INGRESS \
$EXECUTION_ENVIRONMENT \
$ENV_VARS \
Expand Down