Cloud Run YAML Reference

Cloud Run service YAML

This is the YAML representation of the Service object in the Cloud Run Admin API V1. The YAML maps exactly to the V1 API (see the v1 schema).

apiVersion: serving.knative.dev/v1
kind: Service
metadata:
  name: SERVICE_NAME
  namespace: PROJECT_NUMBER
  labels:
    cloud.googleapis.com/location: REGION
  annotations:
    run.googleapis.com/launch-stage: LAUNCH_STAGE
    run.googleapis.com/description: DESCRIPTION
    run.googleapis.com/ingress: INGRESS
    run.googleapis.com/binary-authorization: POLICY
    run.googleapis.com/binary-authorization-breakglass: JUSTIFICATION
    run.googleapis.com/minScale: SERVICE_MIN_INSTANCES
    run.googleapis.com/function-target: FUNCTION_ENTRY_POINT
    run.googleapis.com/invoker-iam-disabled: INVOKER_IAM_CHECK
spec:
  template:
    metadata:
      name: REVISION_NAME
      annotations:
        autoscaling.knative.dev/minScale: MIN_INSTANCES
        autoscaling.knative.dev/maxScale: MAX_INSTANCES
        run.googleapis.com/cpu-throttling: CPU_ALLOCATION
        run.googleapis.com/startup-cpu-boost: CPU_BOOST
        run.googleapis.com/sessionAffinity: SESSION_AFFINITY
        run.googleapis.com/cloudsql-instances: CLOUD_SQL_CONNECTION
        run.googleapis.com/execution-environment: EXECUTION_ENVIRONMENT
        run.googleapis.com/vpc-access-connector: SERVERLESS_VPC_CONNECTOR
        run.googleapis.com/vpc-access-egress: EGRESS
        run.googleapis.com/network-interfaces: VPC_NETWORK_SETTINGS_IN_JSON
        run.googleapis.com/encryption-key: CMEK
        run.googleapis.com/custom-audiences: '["AUDIENCE1","AUDIENCE2"]'
        run.googleapis.com/container-dependencies: CONTAINER_START_ORDER
        run.googleapis.com/base-images: '{"":"BASE_IMAGE"}'
    spec:
      containerConcurrency: MAX_CONCURRENCY
      timeoutSeconds: REQUEST_TIMEOUT
      nodeSelector:
        run.googleapis.com/accelerator: GPU_TYPE
      serviceAccountName: SERVICE_ACCOUNT_EMAIL
      containers:
      - image: IMAGE
        name: CONTAINER_NAME
        command:
        - COMMAND1
        - COMMAND2
        args:
        - ARGUMENT1
        - ARGUMENT2
        ports:
        - name: HTTP1_OR_H2C
          containerPort: PORT
        env:
        - name: KEY
          value: VALUE
        resources:
          limits:
            cpu: CPU_LIMIT
            memory: MEMORY_LIMIT
            nvidia.com/gpu: GPU_NUMBER
        volumeMounts:
        - name: VOLUME_NAME
          mountPath: MOUNT_PATH
        startupProbe:
          httpGet:
            path: CHECK_PATH
            httpHeaders:
              - name: HEADER_NAME
                value: HEADER_VALUE
            port: PORT
          tcpSocket:
            port: PORT
          grpc:
            service: GRPC_SERVICE
            port: PORT
          initialDelaySeconds: DELAY
          timeoutSeconds: TIMEOUT
          failureThreshold: THRESHOLD
          periodSeconds: PERIOD
        livenessProbe:
          httpGet:
            path: CHECK_PATH
            port: PORT
            httpHeaders:
              - name: HEADER_NAME
                value: HEADER_VALUE
          grpc:
            service: GRPC_SERVICE
            port: PORT
          initialDelaySeconds: DELAY
          timeoutSeconds: TIMEOUT
          failureThreshold: THRESHOLD
          periodSeconds: PERIOD
      - image: SIDECAR_IMAGE
        name: SIDECAR_NAME
      volumes:
      - name: VOLUME_NAME
        secret:
          secretName: SECRET
          items:
          - key: SECRET_VERSION
            path: PATH
      - name: VOLUME_NAME
        emptyDir:
          sizeLimit: IN_MEMORY_VOLUME_SIZE
          medium: Memory
      - name: VOLUME_NAME
        csi:
          driver: gcsfuse.run.googleapis.com
          readOnly: IS_READ_ONLY
          volumeAttributes:
            bucketName: BUCKET_NAME
      - name: VOLUME_NAME
        nfs:
          server: IP_ADDRESS
          path: NFS_PATH
          readonly: IS_READ_ONLY
    runtimeClassName: run.googleapis.com/linux-base-image-update
  traffic:
  - percent: PERCENT_TO_LATEST
    latestRevision: true
  - percent: PERCENT_TO_REVISION
    revisionName: REVISION_NAME
  - tag: TAG
    revisionName: REVISION_NAME

With:

  • LAUNCH_STAGE: Set to BETA to use Preview features.
  • REVISION_NAME: Optional name for the revision to be created.
  • CONTAINER_NAME: Optional name for the container within a revision. Automatically generated if not supplied by the user.

Cloud Run job YAML

This is the YAML representation of the Job object in the Cloud Run Admin API V1. The YAML maps exactly to the V1 API (see the v1 schema).

apiVersion: run.googleapis.com/v1
kind: Job
metadata:
  name: JOB_NAME
  namespace: PROJECT_NUMBER
  labels:
    cloud.googleapis.com/location: REGION
  annotations:
    run.googleapis.com/launch-stage: LAUNCH_STAGE
    run.googleapis.com/binary-authorization: POLICY
    run.googleapis.com/binary-authorization-breakglass: JUSTIFICATION
spec:
  template:
    metadata:
      annotations:
        run.googleapis.com/cloudsql-instances: CLOUD_SQL_CONNECTION
        run.googleapis.com/vpc-access-connector: SERVERLESS_VPC_CONNECTOR
        run.googleapis.com/vpc-access-egress: EGRESS
        run.googleapis.com/network-interfaces: VPC_NETWORK_SETTINGS_IN_JSON
        run.googleapis.com/encryption-key: CMEK
    spec:
      parallelism: PARALLELISM
      taskCount: TASK_COUNT
      template:
        spec:
          maxRetries: MAX_RETRIES
          timeoutSeconds: TASK_TIMEOUT
          serviceAccountName: SERVICE_ACCOUNT_EMAIL
          containers:
          - image: IMAGE
            command:
            - COMMAND1
            - COMMAND2
            args:
            - ARGUMENT1
            - ARGUMENT2
            env:
            - name: KEY
              value: VALUE
            resources:
              limits:
                cpu: CPU_LIMIT
                memory: MEMORY_LIMIT
            volumeMounts:
            - name: VOLUME_NAME
              mountPath: MOUNT_PATH
          volumes:
          - name: VOLUME_NAME
            secret:
              secretName: SECRET
              items:
              - key: SECRET_VERSION
                path: PATH
          - name: VOLUME_NAME
            emptyDir:
              sizeLimit: IN_MEMORY_VOLUME_SIZE
              medium: Memory
          - name: VOLUME_NAME
            csi:
              driver: gcsfuse.run.googleapis.com
              readOnly: IS_READ_ONLY
              volumeAttributes:
                bucketName: BUCKET_NAME
          - name: VOLUME_NAME
            nfs:
              server: IP_ADDRESS
              path: NFS_PATH
              readonly: IS_READ_ONLY

With:

  • LAUNCH_STAGE: Set to BETA to use Preview features