CloudFunctionsFunction
| Property | Value |
|---|---|
| Google Cloud Service Name | Cloud Functions |
| Google Cloud Service Documentation | /functions/docs/ |
| Google Cloud REST Resource Name | v1.projects.locations.functions |
| Google Cloud REST Resource Documentation | /functions/docs/reference/rest/v1/projects.locations.functions |
| Config Connector Resource Short Names | CloudFunctionsFunction gcpcloudfunctionsfunction gcpcloudfunctionsfunctions cloudfunctionsfunction |
| Config Connector Service Name | cloudfunctions.googleapis.com |
| Config Connector Resource Fully Qualified Name | cloudfunctionsfunctions.cloudfunctions.cnrm.cloud.google.com |
| Can Be Referenced by IAMPolicy/IAMPolicyMember | Yes |
| IAMPolicy/IAMPartialPolicy Supports Conditions | Yes |
| IAMPolicyMember Supports Conditions | No |
| Supports IAM Audit Configs | No |
| IAM External Reference Format |
projects/{{project}}/locations/{{region}}/functions/{{name}} |
| Config Connector Default Average Reconcile Interval In Seconds | 600 |
Custom Resource Definition Properties
Annotations
| Fields | |
|---|---|
cnrm.cloud.google.com/state-into-spec |
|
Spec
Schema
availableMemoryMb: integer
description: string
entryPoint: string
environmentVariables:
string: string
eventTrigger:
eventType: string
failurePolicy: boolean
resourceRef:
external: string
kind: string
name: string
namespace: string
service: string
httpsTrigger:
securityLevel: string
ingressSettings: string
maxInstances: integer
projectRef:
external: string
name: string
namespace: string
region: string
resourceID: string
runtime: string
serviceAccountRef:
external: string
name: string
namespace: string
sourceArchiveUrl: string
sourceRepository:
url: string
timeout: string
vpcConnectorEgressSettings: string
vpcConnectorRef:
external: string
name: string
namespace: string
| Fields | |
|---|---|
|
Optional |
Memory (in MB), available to the function. Default value is 256MB. Allowed values are: 128MB, 256MB, 512MB, 1024MB, and 2048MB. |
|
Optional |
User-provided description of a function. |
|
Optional |
Immutable. The name of the function (as defined in source code) that will be executed. Defaults to the resource name suffix, if not specified. For backward compatibility, if function with given name is not found, then the system will try to use function named "function". For Node.js this is name of a function exported by the module specified in `source_location`. |
|
Optional |
Environment variables that shall be available during function execution. |
|
Optional |
Immutable. A source that fires events in response to a condition in another service. |
|
Required* |
Immutable. Required. The type of event to observe. For example: `providers/cloud.storage/eventTypes/object.change` and `providers/cloud.pubsub/eventTypes/topic.publish`. Event types match pattern `providers/*/eventTypes/*.*`. The pattern contains: 1. namespace: For example, `cloud.storage` and `google.firebase.analytics`. 2. resource type: The type of resource on which event occurs. For example, the Google Cloud Storage API includes the type `object`. 3. action: The action that generates the event. For example, action for a Google Cloud Storage Object is 'change'. These parts are lower case. |
|
Optional |
Immutable. Specifies policy for failed executions. |
|
Required* |
Immutable. |
|
Optional |
Required. The resource(s) from which to observe events, for example, `projects/_/buckets/myBucket`. Not all syntactically correct values are accepted by all services. For example: 1. The authorization model must support it. Google Cloud Functions only allows EventTriggers to be deployed that observe resources in the same project as the `Function`. 2. The resource type must match the pattern expected for an `event_type`. For example, an `EventTrigger` that has an `event_type` of "google.pubsub.topic.publish" should have a resource that matches Google Cloud Pub/Sub topics. Additionally, some services may support short names when creating an `EventTrigger`. These will always be returned in the normalized "long" format. See each *service's* documentation for supported formats. Allowed values: * The Google Cloud resource name of a `StorageBucket` resource (format: `{{name}}`). * The Google Cloud resource name of a `PubSubTopic` resource (format: `projects/{{project}}/topics/{{name}}`). |
|
Optional |
Kind of the referent. Allowed values: StorageBucket,PubSubTopic |
|
Optional |
Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names |
|
Optional |
Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/ |
|
Optional |
Immutable. The hostname of the service that should be observed. If no string is provided, the default service implementing the API will be used. For example, `storage.googleapis.com` is the default for all event types in the `google.storage` namespace. |
|
Optional |
Immutable. An HTTPS endpoint type of source that can be triggered via URL. |
|
Optional |
Immutable. Both HTTP and HTTPS requests with URLs that match the handler succeed without redirects. The application can examine the request to determine which protocol was used and respond accordingly. Possible values: SECURITY_LEVEL_UNSPECIFIED, SECURE_ALWAYS, SECURE_OPTIONAL |
|
Optional |
The ingress settings for the function, controlling what traffic can reach it. Possible values: INGRESS_SETTINGS_UNSPECIFIED, ALLOW_ALL, ALLOW_INTERNAL_ONLY, ALLOW_INTERNAL_AND_GCLB |
|
Optional |
The limit on the maximum number of function instances that may coexist at a given time. |
|
Required |
Immutable. The Project that this resource belongs to. |
|
Optional |
The project id of the function. Allowed value: The Google Cloud resource name of a `Project` resource (format: `projects/{{name}}`). |
|
Optional |
Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names |
|
Optional |
Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/ |
|
Required |
Immutable. The name of the Cloud Functions region of the function. |
|
Optional |
Immutable. Optional. The name of the resource. Used for creation and acquisition. When unset, the value of `metadata.name` is used as the default. |
|
Required |
The runtime in which to run the function. Required when deploying a new function, optional when updating an existing function. For a complete list of possible choices, see the [`gcloud` command reference](/sdk/gcloud/reference/functions/deploy#--runtime). |
|
Optional |
Immutable. |
|
Optional |
The email of the function's service account. If empty, defaults to `{project_id}@appspot.gserviceaccount.com`. Allowed value: The `email` field of an `IAMServiceAccount` resource. |
|
Optional |
Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names |
|
Optional |
Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/ |
|
Optional |
Immutable. The Google Cloud Storage URL, starting with gs://, pointing to the zip archive which contains the function. |
|
Optional |
Immutable. Represents parameters related to source repository where a function is hosted. |
|
Required* |
Immutable. The URL pointing to the hosted repository where the function is defined. There are supported Cloud Source Repository URLs in the following formats: To refer to a specific commit: `https://source.developers.google.com/projects/*/repos/*/revisions/*/paths/*` To refer to a moveable alias (branch): `https://source.developers.google.com/projects/*/repos/*/moveable-aliases/*/paths/*` In particular, to refer to HEAD use `master` moveable alias. To refer to a specific fixed alias (tag): `https://source.developers.google.com/projects/*/repos/*/fixed-aliases/*/paths/*` You may omit `paths/*` if you want to use the main directory. |
|
Optional |
The function execution timeout. Execution is considered failed and can be terminated if the function is not completed at the end of the timeout period. Defaults to 60 seconds. |
|
Optional |
The egress settings for the connector, controlling what traffic is diverted through it. Possible values: VPC_CONNECTOR_EGRESS_SETTINGS_UNSPECIFIED, PRIVATE_RANGES_ONLY, ALL_TRAFFIC |
|
Optional |
|
|
Optional |
The VPC Network Connector that this cloud function can connect to. It can be either the fully-qualified URI, or the short name of the network connector resource. The format of this field is `projects/*/locations/*/connectors/*` Allowed value: The Google Cloud resource name of a `VPCAccessConnector` resource (format: `projects/{{project}}/locations/{{location}}/connectors/{{name}}`). |
|
Optional |
Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names |
|
Optional |
Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/ |
* Field is required when parent field is specified
Status
Schema
conditions:
- lastTransitionTime: string
message: string
reason: string
status: string
type: string
httpsTrigger:
url: string
observedGeneration: integer
sourceRepository:
deployedUrl: string
status: string
updateTime: string
versionId: integer
| Fields | |
|---|---|
conditions |
Conditions represent the latest available observation of the resource's current state. |
conditions[] |
|
conditions[].lastTransitionTime |
Last time the condition transitioned from one status to another. |
conditions[].message |
Human-readable message indicating details about last transition. |
conditions[].reason |
Unique, one-word, CamelCase reason for the condition's last transition. |
conditions[].status |
Status is the status of the condition. Can be True, False, Unknown. |
conditions[].type |
Type is the type of the condition. |
httpsTrigger |
|
httpsTrigger.url |
Output only. The deployed url for the function. |
observedGeneration |
ObservedGeneration is the generation of the resource that was most recently observed by the Config Connector controller. If this is equal to metadata.generation, then that means that the current reported status reflects the most recent desired state of the resource. |
sourceRepository |
|
sourceRepository.deployedUrl |
Output only. The URL pointing to the hosted repository where the function were defined at the time of deployment. It always points to a specific commit in the format described above. |
status |
Output only. Status of the function deployment. Possible values: CLOUD_FUNCTION_STATUS_UNSPECIFIED, ACTIVE, OFFLINE, DEPLOY_IN_PROGRESS, DELETE_IN_PROGRESS, UNKNOWN |
updateTime |
Output only. The last update timestamp of a Cloud Function in RFC3339 UTC 'Zulu' format, with nanosecond resolution and up to nine fractional digits. |
versionId |
Output only. The version identifier of the Cloud Function. Each deployment attempt results in a new version of a function being created. |
Sample YAML(s)
Eventtrigger With Pubsubtopic
# Copyright 2022 Google LLC
#
# Licensed under the Apache License, Version 2.0 (the "License");
# you may not use this file except in compliance with the License.
# You may obtain a copy of the License at
#
# http://www.apache.org/licenses/LICENSE-2.0
#
# Unless required by applicable law or agreed to in writing, software
# distributed under the License is distributed on an "AS IS" BASIS,
# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
# See the License for the specific language governing permissions and
# limitations under the License.
apiVersion: cloudfunctions.cnrm.cloud.google.com/v1beta1
kind: CloudFunctionsFunction
metadata:
name: cloudfunctionsfunction-sample-pubsubtopic
spec:
projectRef:
# Replace ${PROJECT_ID?} with your project ID
external: "projects/${PROJECT_ID?}"
description: "A sample cloud function with an event trigger from PubSubTopic and a VPCAccessConnector"
region: "us-west2"
runtime: "nodejs10"
availableMemoryMb: 128
serviceAccountRef:
# Replace ${PROJECT_ID?} with your project ID
external: "${PROJECT_ID?}@appspot.gserviceaccount.com"
# Replace ${REPO_URL?} with your cloud source repository url
# Example: https://source.developers.google.com/projects/config-connector-samples/repos/config-connnector-samples/moveable-aliases/main/paths/cloudfunctionsfunction
sourceRepository:
url: "${REPO_URL?}"
timeout: "60s"
entryPoint: "helloGET"
ingressSettings: "ALLOW_INTERNAL_ONLY"
environmentVariables:
TEST_ENV_VARIABLE: "test-env-variable-value"
maxInstances: 10
vpcConnectorRef:
name: "function-dep-trigger"
vpcConnectorEgressSettings: "PRIVATE_RANGES_ONLY"
eventTrigger:
eventType: "providers/cloud.pubsub/eventTypes/topic.publish"
resourceRef:
name: "cloudfunctionsfunction-dep-pubsubtopic"
kind: "PubSubTopic"
failurePolicy: true
service: "pubsub.googleapis.com"
---
apiVersion: compute.cnrm.cloud.google.com/v1beta1
kind: ComputeNetwork
metadata:
name: cloudfunctionsfunction-dep-pubsubtopic
spec:
autoCreateSubnetworks: false
---
apiVersion: pubsub.cnrm.cloud.google.com/v1beta1
kind: PubSubTopic
metadata:
name: cloudfunctionsfunction-dep-pubsubtopic
---
apiVersion: vpcaccess.cnrm.cloud.google.com/v1beta1
kind: VPCAccessConnector
metadata:
name: function-dep-trigger
spec:
location: "us-west2"
networkRef:
name: cloudfunctionsfunction-dep-pubsubtopic
ipCidrRange: "10.5.0.0/28"
minThroughput: 300
maxThroughput: 400
projectRef:
# Replace ${PROJECT_ID?} with your project ID
external: "projects/${PROJECT_ID?}"
Eventtrigger With Storagebucket
# Copyright 2022 Google LLC
#
# Licensed under the Apache License, Version 2.0 (the "License");
# you may not use this file except in compliance with the License.
# You may obtain a copy of the License at
#
# http://www.apache.org/licenses/LICENSE-2.0
#
# Unless required by applicable law or agreed to in writing, software
# distributed under the License is distributed on an "AS IS" BASIS,
# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
# See the License for the specific language governing permissions and
# limitations under the License.
apiVersion: cloudfunctions.cnrm.cloud.google.com/v1beta1
kind: CloudFunctionsFunction
metadata:
name: cloudfunctionsfunction-sample-bucket
spec:
projectRef:
# Replace ${PROJECT_ID?} with your project ID
external: "projects/${PROJECT_ID?}"
description: "A sample cloud function with an event trigger from StorageBucket"
region: "us-west2"
runtime: "nodejs10"
sourceArchiveUrl: "gs://config-connector-samples/cloudfunctionsfunction/http_trigger.zip"
entryPoint: "helloGET"
eventTrigger:
eventType: "providers/cloud.storage/eventTypes/object.change"
resourceRef:
name: ${PROJECT_ID?}-cloudfunctionsfunction-dep-bucket
kind: StorageBucket
failurePolicy: true
service: "storage.googleapis.com"
---
apiVersion: storage.cnrm.cloud.google.com/v1beta1
kind: StorageBucket
metadata:
# StorageBucket names must be globally unique. Replace ${PROJECT_ID?} with your project ID.
name: ${PROJECT_ID?}-cloudfunctionsfunction-dep-bucket
spec:
lifecycleRule:
- action:
type: Delete
condition:
age: 7
withState: ANY
versioning:
enabled: true
Httpstrigger
# Copyright 2022 Google LLC
#
# Licensed under the Apache License, Version 2.0 (the "License");
# you may not use this file except in compliance with the License.
# You may obtain a copy of the License at
#
# http://www.apache.org/licenses/LICENSE-2.0
#
# Unless required by applicable law or agreed to in writing, software
# distributed under the License is distributed on an "AS IS" BASIS,
# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
# See the License for the specific language governing permissions and
# limitations under the License.
apiVersion: cloudfunctions.cnrm.cloud.google.com/v1beta1
kind: CloudFunctionsFunction
metadata:
name: cloudfunctionsfunction-sample-httpstrigger
spec:
projectRef:
# Replace ${PROJECT_ID?} with your project ID
external: "projects/${PROJECT_ID?}"
region: "us-west2"
runtime: "nodejs10"
sourceArchiveUrl: "gs://config-connector-samples/cloudfunctionsfunction/http_trigger.zip"
entryPoint: "helloGET"
httpsTrigger:
securityLevel: "SECURE_OPTIONAL"