RunService
| Property | Value |
|---|---|
| Google Cloud Service Name | Run |
| Google Cloud Service Documentation | /run/docs/ |
| Google Cloud REST Resource Name | v2.projects.locations.services |
| Google Cloud REST Resource Documentation | /run/docs/reference/rest/v2/projects.locations.services |
| Config Connector Resource Short Names | gcprunservice gcprunservices runservice |
| Config Connector Service Name | run.googleapis.com |
| Config Connector Resource Fully Qualified Name | runservices.run.cnrm.cloud.google.com |
| Can Be Referenced by IAMPolicy/IAMPolicyMember | Yes |
| Supports IAM Conditions | No |
| Supports IAM Audit Configs | No |
| IAM External Reference Format |
projects/{{project}}/locations/{{location}}/services/{{name}} |
| Config Connector Default Average Reconcile Interval In Seconds | 600 |
Custom Resource Definition Properties
Annotations
| Fields | |
|---|---|
cnrm.cloud.google.com/state-into-spec |
|
Spec
Schema
annotations:
string: string
binaryAuthorization:
breakglassJustification: string
useDefault: boolean
client: string
clientVersion: string
customAudiences:
- string
description: string
ingress: string
launchStage: string
location: string
projectRef:
external: string
name: string
namespace: string
resourceID: string
template:
annotations:
string: string
containers:
- args:
- string
command:
- string
dependsOn:
- string
env:
- name: string
value: string
valueSource:
secretKeyRef:
secretRef:
external: string
name: string
namespace: string
versionRef:
external: string
name: string
namespace: string
image: string
livenessProbe:
failureThreshold: integer
grpc:
port: integer
service: string
httpGet:
httpHeaders:
- name: string
value: string
path: string
port: integer
initialDelaySeconds: integer
periodSeconds: integer
timeoutSeconds: integer
name: string
ports:
- containerPort: integer
name: string
resources:
cpuIdle: boolean
limits:
string: string
startupCpuBoost: boolean
startupProbe:
failureThreshold: integer
grpc:
port: integer
service: string
httpGet:
httpHeaders:
- name: string
value: string
path: string
port: integer
initialDelaySeconds: integer
periodSeconds: integer
tcpSocket:
port: integer
timeoutSeconds: integer
volumeMounts:
- mountPath: string
name: string
workingDir: string
encryptionKeyRef:
external: string
name: string
namespace: string
executionEnvironment: string
labels:
string: string
maxInstanceRequestConcurrency: integer
revision: string
scaling:
maxInstanceCount: integer
minInstanceCount: integer
serviceAccountRef:
external: string
name: string
namespace: string
sessionAffinity: boolean
timeout: string
volumes:
- cloudSqlInstance:
instances:
- external: string
name: string
namespace: string
emptyDir:
medium: string
sizeLimit: string
name: string
secret:
defaultMode: integer
items:
- mode: integer
path: string
versionRef:
external: string
name: string
namespace: string
secretRef:
external: string
name: string
namespace: string
vpcAccess:
connectorRef:
external: string
name: string
namespace: string
egress: string
networkInterfaces:
- networkRef:
external: string
name: string
namespace: string
subnetworkRef:
external: string
name: string
namespace: string
tags:
- string
traffic:
- percent: integer
revision: string
tag: string
type: string
| Fields | |
|---|---|
|
Optional |
Unstructured key value map that may be set by external tools to store and arbitrary metadata. They are not queryable and should be preserved when modifying objects. Cloud Run API v2 does not support annotations with 'run.googleapis.com', 'cloud.googleapis.com', 'serving.knative.dev', or 'autoscaling.knative.dev' namespaces, and they will be rejected in new resources. All system annotations in v1 now have a corresponding field in v2 Service. This field follows Kubernetes annotations' namespacing, limits, and rules. |
|
Optional |
Settings for the Binary Authorization feature. |
|
Optional |
If present, indicates to use Breakglass using this justification. If useDefault is False, then it must be empty. For more information on breakglass, see https://cloud.google.com/binary-authorization/docs/using-breakglass. |
|
Optional |
If True, indicates to use the default project's binary authorization policy. If False, binary authorization will be disabled. |
|
Optional |
Arbitrary identifier for the API client. |
|
Optional |
Arbitrary version identifier for the API client. |
|
Optional |
One or more custom audiences that you want this service to support. Specify each custom audience as the full URL in a string. The custom audiences are encoded in the token and used to authenticate requests. For more information, see https://cloud.google.com/run/docs/configuring/custom-audiences. |
|
Optional |
|
|
Optional |
User-provided description of the Service. This field currently has a 512-character limit. |
|
Optional |
Provides the ingress settings for this Service. On output, returns the currently observed ingress settings, or INGRESS_TRAFFIC_UNSPECIFIED if no revision is active. Possible values: ["INGRESS_TRAFFIC_ALL", "INGRESS_TRAFFIC_INTERNAL_ONLY", "INGRESS_TRAFFIC_INTERNAL_LOAD_BALANCER"]. |
|
Optional |
The launch stage as defined by [Google Cloud Platform Launch Stages](https://cloud.google.com/products#product-launch-stages). Cloud Run supports ALPHA, BETA, and GA. If no value is specified, GA is assumed. Set the launch stage to a preview stage on input to allow use of preview features in that stage. On read (or output), describes whether the resource uses preview features. For example, if ALPHA is provided as input, but only BETA and GA-level features are used, this field will be BETA on output. Possible values: ["UNIMPLEMENTED", "PRELAUNCH", "EARLY_ACCESS", "ALPHA", "BETA", "GA", "DEPRECATED"]. |
|
Required |
Immutable. The location of the cloud run service. |
|
Required |
The project that this resource belongs to. |
|
Optional |
Allowed value: The `name` field of a `Project` resource. |
|
Optional |
Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names |
|
Optional |
Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/ |
|
Optional |
Immutable. Optional. The name of the resource. Used for creation and acquisition. When unset, the value of `metadata.name` is used as the default. |
|
Required |
The template used to create revisions for this Service. |
|
Optional |
Unstructured key value map that may be set by external tools to store and arbitrary metadata. They are not queryable and should be preserved when modifying objects. Cloud Run API v2 does not support annotations with 'run.googleapis.com', 'cloud.googleapis.com', 'serving.knative.dev', or 'autoscaling.knative.dev' namespaces, and they will be rejected. All system annotations in v1 now have a corresponding field in v2 RevisionTemplate. This field follows Kubernetes annotations' namespacing, limits, and rules. |
|
Optional |
Holds the containers that define the unit of execution for this Service. |
|
Optional |
|
|
Optional |
Arguments to the entrypoint. The docker image's CMD is used if this is not provided. Variable references $(VAR_NAME) are expanded using the container's environment. If a variable cannot be resolved, the reference in the input string will be unchanged. The $(VAR_NAME) syntax can be escaped with a double $$, ie: $$(VAR_NAME). Escaped references will never be expanded, regardless of whether the variable exists or not. More info: https://kubernetes.io/docs/tasks/inject-data-application/define-command-argument-container/#running-a-command-in-a-shell. |
|
Optional |
|
|
Optional |
Entrypoint array. Not executed within a shell. The docker image's ENTRYPOINT is used if this is not provided. Variable references $(VAR_NAME) are expanded using the container's environment. If a variable cannot be resolved, the reference in the input string will be unchanged. The $(VAR_NAME) syntax can be escaped with a double $$, ie: $$(VAR_NAME). Escaped references will never be expanded, regardless of whether the variable exists or not. More info: https://kubernetes.io/docs/tasks/inject-data-application/define-command-argument-container/#running-a-command-in-a-shell. |
|
Optional |
|
|
Optional |
Containers which should be started before this container. If specified the container will wait to start until all containers with the listed names are healthy. |
|
Optional |
|
|
Optional |
List of environment variables to set in the container. |
|
Optional |
|
|
Required* |
Name of the environment variable. Must be a C_IDENTIFIER, and mnay not exceed 32768 characters. |
|
Optional |
Variable references $(VAR_NAME) are expanded using the previous defined environment variables in the container and any route environment variables. If a variable cannot be resolved, the reference in the input string will be unchanged. The $(VAR_NAME) syntax can be escaped with a double $$, ie: $$(VAR_NAME). Escaped references will never be expanded, regardless of whether the variable exists or not. Defaults to "", and the maximum length is 32768 bytes. |
|
Optional |
Source for the environment variable's value. |
|
Optional |
Selects a secret and a specific version from Cloud Secret Manager. |
|
Required* |
The name of the secret in Cloud Secret Manager. Format: {secretName} if the secret is in the same project. projects/{project}/secrets/{secretName} if the secret is in a different project. |
|
Optional |
Allowed value: The `name` field of a `SecretManagerSecret` resource. |
|
Optional |
Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names |
|
Optional |
Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/ |
|
Optional |
The Cloud Secret Manager secret version. Can be 'latest' for the latest value or an integer for a specific version. |
|
Optional |
Allowed value: The `version` field of a `SecretManagerSecretVersion` resource. |
|
Optional |
Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names |
|
Optional |
Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/ |
|
Required* |
URL of the Container image in Google Container Registry or Google Artifact Registry. More info: https://kubernetes.io/docs/concepts/containers/images. |
|
Optional |
Periodic probe of container liveness. Container will be restarted if the probe fails. More info: https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle#container-probes. |
|
Optional |
Minimum consecutive failures for the probe to be considered failed after having succeeded. Defaults to 3. Minimum value is 1. |
|
Optional |
GRPC specifies an action involving a GRPC port. |
|
Optional |
Port number to access on the container. Number must be in the range 1 to 65535. If not specified, defaults to the same value as container.ports[0].containerPort. |
|
Optional |
The name of the service to place in the gRPC HealthCheckRequest (see https://github.com/grpc/grpc/blob/master/doc/health-checking.md). If this is not specified, the default behavior is defined by gRPC. |
|
Optional |
HTTPGet specifies the http request to perform. |
|
Optional |
Custom headers to set in the request. HTTP allows repeated headers. |
|
Optional |
|
|
Required* |
The header field name. |
|
Optional |
The header field value. |
|
Optional |
Path to access on the HTTP server. Defaults to '/'. |
|
Optional |
Port number to access on the container. Number must be in the range 1 to 65535. If not specified, defaults to the same value as container.ports[0].containerPort. |
|
Optional |
Number of seconds after the container has started before the probe is initiated. Defaults to 0 seconds. Minimum value is 0. Maximum value for liveness probe is 3600. Maximum value for startup probe is 240. More info: https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle#container-probes. |
|
Optional |
How often (in seconds) to perform the probe. Default to 10 seconds. Minimum value is 1. Maximum value for liveness probe is 3600. Maximum value for startup probe is 240. Must be greater or equal than timeoutSeconds. |
|
Optional |
Number of seconds after which the probe times out. Defaults to 1 second. Minimum value is 1. Maximum value is 3600. Must be smaller than periodSeconds. More info: https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle#container-probes. |
|
Optional |
Name of the container specified as a DNS_LABEL. |
|
Optional |
List of ports to expose from the container. Only a single port can be specified. The specified ports must be listening on all interfaces (0.0.0.0) within the container to be accessible. If omitted, a port number will be chosen and passed to the container through the PORT environment variable for the container to listen on. |
|
Optional |
|
|
Optional |
Port number the container listens on. This must be a valid TCP port number, 0 < containerPort < 65536. |
|
Optional |
If specified, used to specify which protocol to use. Allowed values are "http1" and "h2c". |
|
Optional |
Compute Resource requirements by this container. More info: https://kubernetes.io/docs/concepts/storage/persistent-volumes#resources. |
|
Optional |
Determines whether CPU should be throttled or not outside of requests. |
|
Optional |
Only memory and CPU are supported. Note: The only supported values for CPU are '1', '2', '4', and '8'. Setting 4 CPU requires at least 2Gi of memory. The values of the map is string form of the 'quantity' k8s type: https://github.com/kubernetes/kubernetes/blob/master/staging/src/k8s.io/apimachinery/pkg/api/resource/quantity.go. |
|
Optional |
Determines whether CPU should be boosted on startup of a new container instance above the requested CPU threshold, this can help reduce cold-start latency. |
|
Optional |
Startup probe of application within the container. All other probes are disabled if a startup probe is provided, until it succeeds. Container will not be added to service endpoints if the probe fails. More info: https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle#container-probes. |
|
Optional |
Minimum consecutive failures for the probe to be considered failed after having succeeded. Defaults to 3. Minimum value is 1. |
|
Optional |
GRPC specifies an action involving a GRPC port. |
|
Optional |
Port number to access on the container. Number must be in the range 1 to 65535. If not specified, defaults to the same value as container.ports[0].containerPort. |
|
Optional |
The name of the service to place in the gRPC HealthCheckRequest (see https://github.com/grpc/grpc/blob/master/doc/health-checking.md). If this is not specified, the default behavior is defined by gRPC. |
|
Optional |
HTTPGet specifies the http request to perform. Exactly one of HTTPGet or TCPSocket must be specified. |
|
Optional |
Custom headers to set in the request. HTTP allows repeated headers. |
|
Optional |
|
|
Required* |
The header field name. |
|
Optional |
The header field value. |
|
Optional |
Path to access on the HTTP server. Defaults to '/'. |
|
Optional |
Port number to access on the container. Must be in the range 1 to 65535. If not specified, defaults to the same value as container.ports[0].containerPort. |
|
Optional |
Number of seconds after the container has started before the probe is initiated. Defaults to 0 seconds. Minimum value is 0. Maximum value for liveness probe is 3600. Maximum value for startup probe is 240. More info: https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle#container-probes. |
|
Optional |
How often (in seconds) to perform the probe. Default to 10 seconds. Minimum value is 1. Maximum value for liveness probe is 3600. Maximum value for startup probe is 240. Must be greater or equal than timeoutSeconds. |
|
Optional |
TCPSocket specifies an action involving a TCP port. Exactly one of HTTPGet or TCPSocket must be specified. |
|
Optional |
Port number to access on the container. Must be in the range 1 to 65535. If not specified, defaults to the same value as container.ports[0].containerPort. |
|
Optional |
Number of seconds after which the probe times out. Defaults to 1 second. Minimum value is 1. Maximum value is 3600. Must be smaller than periodSeconds. More info: https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle#container-probes. |
|
Optional |
Volume to mount into the container's filesystem. |
|
Optional |
|
|
Required* |
Path within the container at which the volume should be mounted. Must not contain ':'. For Cloud SQL volumes, it can be left empty, or must otherwise be /cloudsql. All instances defined in the Volume will be available as /cloudsql/[instance]. For more information on Cloud SQL volumes, visit https://cloud.google.com/sql/docs/mysql/connect-run. |
|
Required* |
This must match the Name of a Volume. |
|
Optional |
Container's working directory. If not specified, the container runtime's default will be used, which might be configured in the container image. |
|
Optional |
A reference to a customer managed encryption key (CMEK) to use to encrypt this container image. For more information, go to https://cloud.google.com/run/docs/securing/using-cmek |
|
Optional |
Allowed value: The `selfLink` field of a `KMSCryptoKey` resource. |
|
Optional |
Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names |
|
Optional |
Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/ |
|
Optional |
The sandbox environment to host this Revision. Possible values: ["EXECUTION_ENVIRONMENT_GEN1", "EXECUTION_ENVIRONMENT_GEN2"]. |
|
Optional |
Unstructured key value map that can be used to organize and categorize objects. User-provided labels are shared with Google's billing system, so they can be used to filter, or break down billing charges by team, component, environment, state, etc. For more information, visit https://cloud.google.com/resource-manager/docs/creating-managing-labels or https://cloud.google.com/run/docs/configuring/labels. Cloud Run API v2 does not support labels with 'run.googleapis.com', 'cloud.googleapis.com', 'serving.knative.dev', or 'autoscaling.knative.dev' namespaces, and they will be rejected. All system labels in v1 now have a corresponding field in v2 RevisionTemplate. |
|
Optional |
Sets the maximum number of requests that each serving instance can receive. |
|
Optional |
The unique name for the revision. If this field is omitted, it will be automatically generated based on the Service name. |
|
Optional |
Scaling settings for this Revision. |
|
Optional |
Maximum number of serving instances that this resource should have. |
|
Optional |
Minimum number of serving instances that this resource should have. |
|
Optional |
Email address of the IAM service account associated with the revision of the service. The service account represents the identity of the running revision, and determines what permissions the revision has. If not provided, the revision will use the project's default service account. |
|
Optional |
Allowed value: The `email` field of an `IAMServiceAccount` resource. |
|
Optional |
Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names |
|
Optional |
Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/ |
|
Optional |
Enables session affinity. For more information, go to https://cloud.google.com/run/docs/configuring/session-affinity. |
|
Optional |
Max allowed time for an instance to respond to a request. A duration in seconds with up to nine fractional digits, ending with 's'. Example: "3.5s". |
|
Optional |
A list of Volumes to make available to containers. |
|
Optional |
|
|
Optional |
For Cloud SQL volumes, contains the specific instances that should be mounted. Visit https://cloud.google.com/sql/docs/mysql/connect-run for more information on how to connect Cloud SQL and Cloud Run. |
|
Optional |
|
|
Optional |
The Cloud SQL instance connection names, as can be found in https://console.cloud.google.com/sql/instances. Visit https://cloud.google.com/sql/docs/mysql/connect-run for more information on how to connect Cloud SQL and Cloud Run. Format: {project}:{location}:{instance} |
|
Optional |
Allowed value: The `connectionName` field of a `SQLInstance` resource. |
|
Optional |
Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names |
|
Optional |
Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/ |
|
Optional |
Ephemeral storage used as a shared volume. |
|
Optional |
The different types of medium supported for EmptyDir. Default value: "MEMORY" Possible values: ["MEMORY"]. |
|
Optional |
Limit on the storage usable by this EmptyDir volume. The size limit is also applicable for memory medium. The maximum usage on memory medium EmptyDir would be the minimum value between the SizeLimit specified here and the sum of memory limits of all containers in a pod. This field's values are of the 'Quantity' k8s type: https://kubernetes.io/docs/reference/kubernetes-api/common-definitions/quantity/. The default is nil which means that the limit is undefined. More info: https://kubernetes.io/docs/concepts/storage/volumes/#emptydir. |
|
Required* |
Volume's name. |
|
Optional |
Secret represents a secret that should populate this volume. More info: https://kubernetes.io/docs/concepts/storage/volumes#secret. |
|
Optional |
Integer representation of mode bits to use on created files by default. Must be a value between 0000 and 0777 (octal), defaulting to 0444. Directories within the path are not affected by this setting. |
|
Optional |
If unspecified, the volume will expose a file whose name is the secret, relative to VolumeMount.mount_path. If specified, the key will be used as the version to fetch from Cloud Secret Manager and the path will be the name of the file exposed in the volume. When items are defined, they must specify a path and a version. |
|
Optional |
|
|
Optional |
Integer octal mode bits to use on this file, must be a value between 01 and 0777 (octal). If 0 or not set, the Volume's default mode will be used. |
|
Required* |
The relative path of the secret in the container. |
|
Optional |
The Cloud Secret Manager secret version. Can be 'latest' for the latest value or an integer for a specific version |
|
Optional |
Allowed value: The `version` field of a `SecretManagerSecretVersion` resource. |
|
Optional |
Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names |
|
Optional |
Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/ |
|
Required* |
The name of the secret in Cloud Secret Manager. Format: {secret} if the secret is in the same project. projects/{project}/secrets/{secret} if the secret is in a different project. |
|
Optional |
Allowed value: The `name` field of a `SecretManagerSecret` resource. |
|
Optional |
Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names |
|
Optional |
Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/ |
|
Optional |
VPC Access configuration to use for this Task. For more information, visit https://cloud.google.com/run/docs/configuring/connecting-vpc. |
|
Optional |
VPC Access connector name. Format: projects/{project}/locations/{location}/connectors/{connector}, where {project} can be project id or number. |
|
Optional |
Allowed value: The `selfLink` field of a `VPCAccessConnector` resource. |
|
Optional |
Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names |
|
Optional |
Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/ |
|
Optional |
Traffic VPC egress settings. Possible values: ["ALL_TRAFFIC", "PRIVATE_RANGES_ONLY"]. |
|
Optional |
Direct VPC egress settings. Currently only single network interface is supported. |
|
Optional |
|
|
Optional |
The VPC network that the Cloud Run resource will be able to send traffic to. At least one of network or subnetwork must be specified. If both network and subnetwork are specified, the given VPC subnetwork must belong to the given VPC network. If network is not specified, it will be looked up from the subnetwork. |
|
Optional |
Allowed value: The `selfLink` field of a `ComputeNetwork` resource. |
|
Optional |
Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names |
|
Optional |
Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/ |
|
Optional |
The VPC subnetwork that the Cloud Run resource will get IPs from. At least one of network or subnetwork must be specified. If both network and subnetwork are specified, the given VPC subnetwork must belong to the given VPC network. If subnetwork is not specified, the subnetwork with the same name with the network will be used. |
|
Optional |
Allowed value: The `selfLink` field of a `ComputeSubnetwork` resource. |
|
Optional |
Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names |
|
Optional |
Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/ |
|
Optional |
Network tags applied to this Cloud Run service. |
|
Optional |
|
|
Optional |
Specifies how to distribute traffic over a collection of Revisions belonging to the Service. If traffic is empty or not provided, defaults to 100% traffic to the latest Ready Revision. |
|
Optional |
|
|
Optional |
Specifies percent of the traffic to this Revision. This defaults to zero if unspecified. |
|
Optional |
Revision to which to send this portion of traffic, if traffic allocation is by revision. |
|
Optional |
Indicates a string to be part of the URI to exclusively reference this target. |
|
Optional |
The allocation type for this traffic target. Possible values: ["TRAFFIC_TARGET_ALLOCATION_TYPE_LATEST", "TRAFFIC_TARGET_ALLOCATION_TYPE_REVISION"]. |
* Field is required when parent field is specified
Status
Schema
conditions:
- lastTransitionTime: string
message: string
reason: string
status: string
type: string
createTime: string
creator: string
deleteTime: string
etag: string
expireTime: string
lastModifier: string
latestCreatedRevision: string
latestReadyRevision: string
observedGeneration: integer
reconciling: boolean
terminalCondition:
lastTransitionTime: string
message: string
reason: string
revisionReason: string
severity: string
state: string
type: string
trafficStatuses:
- percent: integer
revision: string
tag: string
type: string
uri: string
uid: string
updateTime: string
uri: string
| Fields | |
|---|---|
conditions |
Conditions represent the latest available observation of the resource's current state. |
conditions[] |
|
conditions[].lastTransitionTime |
Last time the condition transitioned from one status to another. |
conditions[].message |
Human-readable message indicating details about last transition. |
conditions[].reason |
Unique, one-word, CamelCase reason for the condition's last transition. |
conditions[].status |
Status is the status of the condition. Can be True, False, Unknown. |
conditions[].type |
Type is the type of the condition. |
createTime |
The creation time. |
creator |
Email address of the authenticated creator. |
deleteTime |
The deletion time. |
etag |
A system-generated fingerprint for this version of the resource. May be used to detect modification conflict during updates. |
expireTime |
For a deleted resource, the time after which it will be permamently deleted. |
lastModifier |
Email address of the last authenticated modifier. |
latestCreatedRevision |
Name of the last created revision. See comments in reconciling for additional information on reconciliation process in Cloud Run. |
latestReadyRevision |
Name of the latest revision that is serving traffic. See comments in reconciling for additional information on reconciliation process in Cloud Run. |
observedGeneration |
ObservedGeneration is the generation of the resource that was most recently observed by the Config Connector controller. If this is equal to metadata.generation, then that means that the current reported status reflects the most recent desired state of the resource. |
reconciling |
Returns true if the Service is currently being acted upon by the system to bring it into the desired state. When a new Service is created, or an existing one is updated, Cloud Run will asynchronously perform all necessary steps to bring the Service to the desired serving state. This process is called reconciliation. While reconciliation is in process, observedGeneration, latest_ready_revison, trafficStatuses, and uri will have transient values that might mismatch the intended state: Once reconciliation is over (and this field is false), there are two possible outcomes: reconciliation succeeded and the serving state matches the Service, or there was an error, and reconciliation failed. This state can be found in terminalCondition.state. If reconciliation succeeded, the following fields will match: traffic and trafficStatuses, observedGeneration and generation, latestReadyRevision and latestCreatedRevision. If reconciliation failed, trafficStatuses, observedGeneration, and latestReadyRevision will have the state of the last serving revision, or empty for newly created Services. Additional information on the failure can be found in terminalCondition and conditions. |
terminalCondition |
The Condition of this Service, containing its readiness status, and detailed error information in case it did not reach a serving state. See comments in reconciling for additional information on reconciliation process in Cloud Run. |
terminalCondition.lastTransitionTime |
Last time the condition transitioned from one status to another. |
terminalCondition.message |
Human readable message indicating details about the current status. |
terminalCondition.reason |
A common (service-level) reason for this condition. |
terminalCondition.revisionReason |
A reason for the revision condition. |
terminalCondition.severity |
How to interpret failures of this condition, one of Error, Warning, Info. |
terminalCondition.state |
State of the condition. |
terminalCondition.type |
type is used to communicate the status of the reconciliation process. See also: https://github.com/knative/serving/blob/main/docs/spec/errors.md#error-conditions-and-reporting Types common to all resources include: * "Ready": True when the Resource is ready. |
trafficStatuses |
Detailed status information for corresponding traffic targets. See comments in reconciling for additional information on reconciliation process in Cloud Run. |
trafficStatuses[] |
|
trafficStatuses[].percent |
Specifies percent of the traffic to this Revision. |
trafficStatuses[].revision |
Revision to which this traffic is sent. |
trafficStatuses[].tag |
Indicates the string used in the URI to exclusively reference this target. |
trafficStatuses[].type |
The allocation type for this traffic target. |
trafficStatuses[].uri |
Displays the target URI. |
uid |
Server assigned unique identifier for the trigger. The value is a UUID4 string and guaranteed to remain unchanged until the resource is deleted. |
updateTime |
The last-modified time. |
uri |
The main URI in which this Service is serving traffic. |
Sample YAML(s)
Run Service Basic
# Copyright 2021 Google LLC
#
# Licensed under the Apache License, Version 2.0 (the "License");
# you may not use this file except in compliance with the License.
# You may obtain a copy of the License at
#
# http://www.apache.org/licenses/LICENSE-2.0
#
# Unless required by applicable law or agreed to in writing, software
# distributed under the License is distributed on an "AS IS" BASIS,
# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
# See the License for the specific language governing permissions and
# limitations under the License.
apiVersion: run.cnrm.cloud.google.com/v1beta1
kind: RunService
metadata:
name: runservice-sample-basic
spec:
ingress: "INGRESS_TRAFFIC_ALL"
launchStage: "GA"
location: "us-central1"
projectRef:
# Replace ${PROJECT_ID?} with your project ID.
external: projects/${PROJECT_ID?}
template:
containers:
- env:
- name: "FOO"
value: "bar]"
image: "gcr.io/cloudrun/hello"
scaling:
maxInstanceCount: 2
traffic:
- percent: 100
type: "TRAFFIC_TARGET_ALLOCATION_TYPE_LATEST"
Run Service Encryptionkey
# Copyright 2022 Google LLC
#
# Licensed under the Apache License, Version 2.0 (the "License");
# you may not use this file except in compliance with the License.
# You may obtain a copy of the License at
#
# http://www.apache.org/licenses/LICENSE-2.0
#
# Unless required by applicable law or agreed to in writing, software
# distributed under the License is distributed on an "AS IS" BASIS,
# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
# See the License for the specific language governing permissions and
# limitations under the License.
apiVersion: run.cnrm.cloud.google.com/v1beta1
kind: RunService
metadata:
name: runservice-sample-encryptionkey
spec:
ingress: "INGRESS_TRAFFIC_ALL"
launchStage: "GA"
location: "us-central1"
projectRef:
# Replace ${PROJECT_ID?} with your project ID.
external: projects/${PROJECT_ID?}
template:
containers:
- image: "gcr.io/cloudrun/hello"
encryptionKeyRef:
name: runservice-dep-encryptionkey
---
# Replace ${PROJECT_ID?} and ${PROJECT_NUMBER?} below with your desired project
# ID and project number.
apiVersion: iam.cnrm.cloud.google.com/v1beta1
kind: IAMPolicyMember
metadata:
name: runservice-dep-encryptionkey
spec:
member: serviceAccount:service-${PROJECT_NUMBER?}@serverless-robot-prod.iam.gserviceaccount.com
role: roles/cloudkms.cryptoKeyEncrypterDecrypter # required by cloud run service agent to access KMS keys
resourceRef:
apiVersion: resourcemanager.cnrm.cloud.google.com/v1beta1
kind: Project
external: projects/${PROJECT_ID?}
---
apiVersion: kms.cnrm.cloud.google.com/v1beta1
kind: KMSCryptoKey
metadata:
name: runservice-dep-encryptionkey
spec:
keyRingRef:
name: runservice-dep-encryptionkey
purpose: ENCRYPT_DECRYPT
---
apiVersion: kms.cnrm.cloud.google.com/v1beta1
kind: KMSKeyRing
metadata:
name: runservice-dep-encryptionkey
spec:
location: us-central1
Run Service Multicontainer
# Copyright 2021 Google LLC
#
# Licensed under the Apache License, Version 2.0 (the "License");
# you may not use this file except in compliance with the License.
# You may obtain a copy of the License at
#
# http://www.apache.org/licenses/LICENSE-2.0
#
# Unless required by applicable law or agreed to in writing, software
# distributed under the License is distributed on an "AS IS" BASIS,
# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
# See the License for the specific language governing permissions and
# limitations under the License.
apiVersion: run.cnrm.cloud.google.com/v1beta1
kind: RunService
metadata:
name: runservice-sample-multicontainer
spec:
ingress: "INGRESS_TRAFFIC_ALL"
launchStage: "BETA"
location: "us-central1"
projectRef:
# Replace ${PROJECT_ID?} with your project ID.
external: projects/${PROJECT_ID?}
template:
containers:
- name: "hello-1"
image: "gcr.io/cloudrun/hello"
ports:
- containerPort: 8080
volumeMounts:
- name: "empty-dir-volume"
mountPath: "/mnt"
- name: "hello-2"
image: "gcr.io/cloudrun/hello"
volumes:
- name: "empty-dir-volume"
emptyDir:
medium: "MEMORY"
sizeLimit: "256Mi"
Run Service Probes
# Copyright 2021 Google LLC
#
# Licensed under the Apache License, Version 2.0 (the "License");
# you may not use this file except in compliance with the License.
# You may obtain a copy of the License at
#
# http://www.apache.org/licenses/LICENSE-2.0
#
# Unless required by applicable law or agreed to in writing, software
# distributed under the License is distributed on an "AS IS" BASIS,
# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
# See the License for the specific language governing permissions and
# limitations under the License.
apiVersion: run.cnrm.cloud.google.com/v1beta1
kind: RunService
metadata:
name: runservice-sample-serviceprobes
spec:
ingress: "INGRESS_TRAFFIC_ALL"
launchStage: "GA"
location: "us-central1"
projectRef:
# Replace ${PROJECT_ID?} with your project ID.
external: projects/${PROJECT_ID?}
template:
containers:
- image: "gcr.io/cloudrun/hello"
startupProbe:
initialDelaySeconds: 0
timeoutSeconds: 1
periodSeconds: 3
failureThreshold: 1
tcpSocket:
port: 8080
livenessProbe:
httpGet:
path: "/"
Run Service SQL
# Copyright 2022 Google LLC
#
# Licensed under the Apache License, Version 2.0 (the "License");
# you may not use this file except in compliance with the License.
# You may obtain a copy of the License at
#
# http://www.apache.org/licenses/LICENSE-2.0
#
# Unless required by applicable law or agreed to in writing, software
# distributed under the License is distributed on an "AS IS" BASIS,
# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
# See the License for the specific language governing permissions and
# limitations under the License.
apiVersion: run.cnrm.cloud.google.com/v1beta1
kind: RunService
metadata:
name: runservice-sample-sql
spec:
ingress: "INGRESS_TRAFFIC_ALL"
launchStage: "GA"
location: "us-central1"
projectRef:
# Replace ${PROJECT_ID?} with your project ID.
external: projects/${PROJECT_ID?}
template:
volumes:
- name: "cloudsql"
cloudSqlInstance:
instances:
- name: runservice-dep-sql
containers:
- image: "gcr.io/cloudrun/hello"
volumeMounts:
- name: "cloudsql"
mountPath: "/cloudsql"
---
apiVersion: sql.cnrm.cloud.google.com/v1beta1
kind: SQLInstance
metadata:
name: runservice-dep-sql
spec:
region: us-central1
databaseVersion: MYSQL_5_7
settings:
tier: db-n1-standard-1
Run Service Secret
# Copyright 2022 Google LLC
#
# Licensed under the Apache License, Version 2.0 (the "License");
# you may not use this file except in compliance with the License.
# You may obtain a copy of the License at
#
# http://www.apache.org/licenses/LICENSE-2.0
#
# Unless required by applicable law or agreed to in writing, software
# distributed under the License is distributed on an "AS IS" BASIS,
# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
# See the License for the specific language governing permissions and
# limitations under the License.
apiVersion: run.cnrm.cloud.google.com/v1beta1
kind: RunService
metadata:
name: runservice-sample-secret
spec:
ingress: "INGRESS_TRAFFIC_ALL"
launchStage: "GA"
location: "us-central1"
projectRef:
# Replace ${PROJECT_ID?} with your project ID.
external: projects/${PROJECT_ID?}
template:
containers:
- image: "gcr.io/cloudrun/hello"
volumeMounts:
- name: "a-volume"
mountPath: "/secrets"
volumes:
- name: "a-volume"
secret:
secretRef:
name: runservice-dep-secret
defaultMode: 292 # 0444
items:
- versionRef:
name: runservice-dep-secret
path: "my-secret"
mode: 256 # 0400
---
# Replace ${PROJECT_ID?} and ${PROJECT_NUMBER?} below with your desired project
# ID and project number.
apiVersion: iam.cnrm.cloud.google.com/v1beta1
kind: IAMPolicyMember
metadata:
name: runservice-dep-secret
spec:
member: serviceAccount:${PROJECT_NUMBER?}-compute@developer.gserviceaccount.com
role: roles/secretmanager.secretAccessor # required by default service account to access secrets
resourceRef:
apiVersion: resourcemanager.cnrm.cloud.google.com/v1beta1
kind: Project
external: projects/${PROJECT_ID?}
---
apiVersion: v1
kind: Secret
metadata:
name: runservice-dep-secret
data:
secretData: SSBhbHdheXMgbG92ZWQgc3BhcnJpbmcgd2l0aCBnaWFudCBjYW5keSBzd29yZHMsIGJ1dCBJIGhhZCBubyBpZGVhIHRoYXQgd2FzIG15IHN1cGVyIHNlY3JldCBpbmZvcm1hdGlvbiE=
---
apiVersion: secretmanager.cnrm.cloud.google.com/v1beta1
kind: SecretManagerSecret
metadata:
name: runservice-dep-secret
spec:
replication:
automatic: true
---
apiVersion: secretmanager.cnrm.cloud.google.com/v1beta1
kind: SecretManagerSecretVersion
metadata:
name: runservice-dep-secret
spec:
enabled: true
secretData:
valueFrom:
secretKeyRef:
key: secretData
name: runservice-dep-secret
secretRef:
name: runservice-dep-secret
Run Service Serviceaccount
apiVersion: iam.cnrm.cloud.google.com/v1beta1
kind: IAMServiceAccount
metadata:
name: runservice-dep-serviceaccount
---
apiVersion: run.cnrm.cloud.google.com/v1beta1
kind: RunService
metadata:
name: runservice-sample-serviceaccount
spec:
ingress: "INGRESS_TRAFFIC_ALL"
launchStage: "GA"
location: "us-central1"
projectRef:
# Replace ${PROJECT_ID?} with your project ID.
external: projects/${PROJECT_ID?}
template:
containers:
- image: "gcr.io/cloudrun/hello"
serviceAccountRef:
name: runservice-dep-serviceaccount
Run Service Vpcaccess
# Copyright 2022 Google LLC
#
# Licensed under the Apache License, Version 2.0 (the "License");
# you may not use this file except in compliance with the License.
# You may obtain a copy of the License at
#
# http://www.apache.org/licenses/LICENSE-2.0
#
# Unless required by applicable law or agreed to in writing, software
# distributed under the License is distributed on an "AS IS" BASIS,
# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
# See the License for the specific language governing permissions and
# limitations under the License.
apiVersion: run.cnrm.cloud.google.com/v1beta1
kind: RunService
metadata:
name: runservice-sample-vpcaccess
spec:
ingress: "INGRESS_TRAFFIC_ALL"
launchStage: "GA"
location: "us-central1"
projectRef:
# Replace ${PROJECT_ID?} with your project ID.
external: projects/${PROJECT_ID?}
template:
containers:
- image: "gcr.io/cloudrun/hello"
vpcAccess:
connectorRef:
name: runservice-dep-vpcaccess
egress: "ALL_TRAFFIC"
---
apiVersion: compute.cnrm.cloud.google.com/v1beta1
kind: ComputeNetwork
metadata:
name: runservice-dep-vpcaccess
spec:
autoCreateSubnetworks: false
---
apiVersion: vpcaccess.cnrm.cloud.google.com/v1beta1
kind: VPCAccessConnector
metadata:
name: runservice-dep-vpcaccess
spec:
location: "us-central1"
networkRef:
name: runservice-dep-vpcaccess
ipCidrRange: "10.132.0.0/28"
projectRef:
# Replace ${PROJECT_ID?} with your project ID
external: ${PROJECT_ID?}