Cloud Run YAML Reference

Stay organized with collections Save and categorize content based on your preferences.

Cloud Run service YAML

This is the YAML representation of the Service object in the Cloud Run Admin API V1.

apiVersion: serving.knative.dev/v1
kind: Service
metadata:
  name: SERVICE_NAME
  namespace: 'PROJECT_NUMBER'
  labels:
    cloud.googleapis.com/location: REGION
  annotations:
    run.googleapis.com/launch-stage: LAUNCH_STAGE
    run.googleapis.com/ingress: INGRESS
spec:
  template:
    metadata:
      name: REVISION_NAME
      annotations:
        autoscaling.knative.dev/minScale: 'MIN_INSTANCES'
        autoscaling.knative.dev/maxScale: 'MAX_INSTANCES'
        run.googleapis.com/cpu-throttling: 'CPU_ALLOCATION'
        run.googleapis.com/startup-cpu-boost: 'CPU_BOOST'
        run.googleapis.com/sessionAffinity: 'SESSION_AFFINITY'
        run.googleapis.com/cloudsql-instances: 'CLOUD_SQL_CONNECTION'
        run.googleapis.com/execution-environment: EXECUTION_ENVIRONMENT
        run.googleapis.com/vpc-access-connector: SERVERLESS_VPC_CONNECTOR
        run.googleapis.com/vpc-access-egress: EGRESS
        run.googleapis.com/encryption-key: CMEK
    spec:
      containerConcurrency: MAX_CONCURRENCY
      timeoutSeconds: REQUEST_TIMEOUT
      serviceAccountName: SERVICE_ACCOUNT_EMAIL
      containers:
      - image: IMAGE
        command:
        - COMMAND1
        - COMMAND2
        args:
        - ARGUMENT1
        - ARGUMENT2
        ports:
        - name: HTTP_2
          containerPort: PORT
        env:
        - name: KEY
          value: VALUE
        resources:
          limits:
            cpu: CPU_LIMIT
            memory: MEMORY_LIMIT
        volumeMounts:
        - name: VOLUME_NAME
          readOnly: true
          mountPath: MOUNT_PATH
        startupProbe:
          httpGet:
            path: CHECK_PATH
            httpHeaders:
              - name: HEADER_NAME
                value: HEADER_VALUE
          tcpSocket:
            port: PORT
          grpc:
            service: GRPC_SERVICE
          initialDelaySeconds: DELAY
          timeoutSeconds: TIMEOUT
          failureThreshold: THRESHOLD
          periodSeconds: PERIOD
        livenessProbe:
          httpGet:
            path: CHECK_PATH
            httpHeaders:
              - name: HEADER_NAME
                value: HEADER_VALUE
          grpc:
            service: GRPC_SERVICE
          initialDelaySeconds: DELAY
          timeoutSeconds: TIMEOUT
          failureThreshold: THRESHOLD
          periodSeconds: PERIOD
      volumes:
      - name: :VOLUME_NAME
        secret:
          secretName: SECRET
          items:
          - key: SECRET_VERSION
            path: PATH
  traffic:
  - percent: PERCENT_TO_LATEST
    latestRevision: true
  - revisionName: REVISION_NAME
    tag: TAG

With:

  • SERVICE_NAME: Name of the service.
  • PROJECT_NUMBER: Google Cloud project number
  • REGION: Location of the service
  • LAUNCH_STAGE: Set to BETA to use Preview features
  • INGRESS: Service ingress
  • REVISION_NAME: Optional name for the revision to be created.
  • MIN_INSTANCES: Minimum number of instances for the revision
  • MAX_INSTANCES: Maximum number of instances for the revision
  • CPU_ALLOCATION: Set CPU allocation. false for "CPU always allocated", true for "CPU only allocated during request processing"
  • CPU_BOOST: true to enable startup CPU boost
  • SESSION_AFFINITY: true to enable session affinity
  • CLOUD_SQL_CONNECTION: connection name of a Cloud SQL instance of the shape PROJECT_ID:LOCATION:INSTANCE_NAME
  • EXECUTION_ENVIRONMENT: execution environment, gen1 or gen2.
  • SERVERLESS_VPC_CONNECTOR: Serverless VPC Access connector, of the shape projects/PROJECT_ID/locations/LOCATION/connectors/CONNECTOR_NAME
  • EGRESS: VPC egress
  • CMEK: customer managed encryption keys, of the shape: projects/PROJECT_ID/locations/LOCATION/keyRings/RING/cryptoKeys/KEY
  • MAX_CONCURRENCY: maximum concurrent requests per instance
  • REQUEST_TIMEOUT: request timeout
  • SERVICE_ACCOUNT_EMAIL: email address for the service account used for service identity
  • IMAGE: URL of your container image
  • COMMAND1 and COMMAND2: container entrypoint commands
  • ARGUMENT1 and ARGUMENT2: container command arguments
  • HTTP_2: h2c to enable HTTP/2, leave empty for HTTP/1.
  • PORT: port requests are sent to
  • KEY: environment variable key
  • VALUE: environment variable value
  • CPU_LIMIT: CPU allocated to the container, for example 1
  • MEMORY_LIMIT: Memory allocated to the container, for example 2Gi
  • VOLUME_NAME: Arbitrary volume name.
  • MOUNT_PATH: the mount path of the volume
  • CHECK_PATH: the relative path to the health check HTTP endpoint, for example, /ready.
  • HEADER_NAME and HEADER_VALUE: headers to be sent alongside the HTTP health checks.
  • GRPC_SERVICE: Name of the gRPC service to send the health check to.
  • DELAY: Number of seconds to wait after the container has started before performing the first health check. Specify a value from 0 seconds to 240 seconds. The default value is 0 seconds.
  • TIMEOUT: Number of seconds to wait until the health check times out. This value cannot exceed the value specified for periodSeconds. Specify a value from 1 to 3600. The default is 1.
  • THRESHOLD: Number of times to retry the health check before marking the container as Unready. The default value is 3.
  • PERIOD: The frequency (in seconds) to perform the health check. Specify a value from 1 second to 240 seconds. The default value is 10 seconds.
  • SECRET: Secret from Secret Manager
  • SECRET_VERSION: The secret version. Use latest for latest version, or a number, for example, 2.
  • PATH: The filename of the secret, relative to MOUNT_PATH
  • PERCENT_TO_LATEST: Percentage of traffic that will reach the latest healthy revision, for example 10.
  • REVISION_NAME: Name of the revision to send traffic to.
  • TAG: Traffic tag