» google_cloud_run_service

Service acts as a top-level container that manages a set of Routes and Configurations which implement a network service. Service exists to provide a singular abstraction which can be access controlled, reasoned about, and which encapsulates software lifecycle decisions such as rollout policy and team resource ownership. Service acts only as an orchestrator of the underlying Routes and Configurations (much as a kubernetes Deployment orchestrates ReplicaSets).

The Service's controller will track the statuses of its owned Configuration and Route, reflecting their statuses and conditions as its own.

See also: https://github.com/knative/serving/blob/master/docs/spec/overview.md#service

To get more information about Service, see:

» Example Usage - Cloud Run Service Basic

resource "google_cloud_run_service" "default" {
  name     = "tftest-cloudrun"
  location = "us-central1"

  template {
    spec {
      containers {
        image = "gcr.io/cloudrun/hello"
      }
    }
  }

  traffic {
    percent         = 100
    latest_revision = true
  }
}

» Example Usage - Cloud Run Service Sql

resource "google_cloud_run_service" "default" {
  name     = "tftest-cloudrun"
  location = "us-central1"

  template {
    spec {
      containers {
        image = "gcr.io/cloudrun/hello"
      }
    }

    metadata {
      annotations = {
        "autoscaling.knative.dev/maxScale"      = "1000"
        "run.googleapis.com/cloudsql-instances" = "my-project-name:us-central1:${google_sql_database_instance.instance.name}"
        "run.googleapis.com/client-name"        = "cloud-console"
      }
    }
  }
}

resource "google_sql_database_instance" "instance" {
  name   = "cloudrun-sql"
  region = "us-east1"
  settings {
    tier = "D0"
  }
}

» Example Usage - Cloud Run Service Noauth

resource "google_cloud_run_service" "default" {
  name     = "tftest-cloudrun"
  location = "us-central1"

  template {
    spec {
      containers {
        image = "gcr.io/cloudrun/hello"
      }
    }
  }
}

data "google_iam_policy" "noauth" {
  binding {
    role = "roles/run.invoker"
    members = [
      "allUsers",
    ]
  }
}

resource "google_cloud_run_service_iam_policy" "noauth" {
  location    = google_cloud_run_service.default.location
  project     = google_cloud_run_service.default.project
  service     = google_cloud_run_service.default.name

  policy_data = data.google_iam_policy.noauth.policy_data
}

» Argument Reference

The following arguments are supported:

  • name - (Required) Name must be unique within a namespace, within a Cloud Run region. Is required when creating resources. Name is primarily intended for creation idempotence and configuration definition. Cannot be updated. More info: http://kubernetes.io/docs/user-guide/identifiers#names

  • location - (Required) The location of the cloud run instance. eg us-central1

The traffic block supports:

  • revision_name - (Optional) RevisionName of a specific revision to which to send this portion of traffic.

  • percent - (Required) Percent specifies percent of the traffic to this Revision or Configuration.

  • latest_revision - (Optional) LatestRevision may be optionally provided to indicate that the latest ready Revision of the Configuration should be used for this traffic target. When provided LatestRevision must be true if RevisionName is empty; it must be false when RevisionName is non-empty.

The template block supports:

  • metadata - (Optional) Optional metadata for this Revision, including labels and annotations. Name will be generated by the Configuration. To set minimum instances for this revision, use the "autoscaling.knative.dev/minScale" annotation key. To set maximum instances for this revision, use the "autoscaling.knative.dev/maxScale" annotation key. To set Cloud SQL connections for the revision, use the "run.googleapis.com/cloudsql-instances" annotation key. Structure is documented below.

  • spec - (Required) RevisionSpec holds the desired state of the Revision (from the client). Structure is documented below.

The metadata block supports:

The spec block supports:

  • containers - (Required) Container defines the unit of execution for this Revision. In the context of a Revision, we disallow a number of the fields of this Container, including: name, ports, and volumeMounts. The runtime contract is documented here: https://github.com/knative/serving/blob/master/docs/runtime-contract.md Structure is documented below.

  • container_concurrency - (Optional) ContainerConcurrency specifies the maximum allowed in-flight (concurrent) requests per container of the Revision. Values are:

    • 0 thread-safe, the system should manage the max concurrency. This is the default value.
    • 1 not-thread-safe. Single concurrency
    • 2-N thread-safe, max concurrency of N
  • service_account_name - (Optional) Email address of the IAM service account associated with the revision of the service. The service account represents the identity of the running revision, and determines what permissions the revision has. If not provided, the revision will use the project's default service account.

  • serving_state - ServingState holds a value describing the state the resources are in for this Revision. It is expected that the system will manipulate this based on routability and load.

The containers block supports:

  • working_dir - (Optional, Deprecated) Container's working directory. If not specified, the container runtime's default will be used, which might be configured in the container image.

  • args - (Optional) Arguments to the entrypoint. The docker image's CMD is used if this is not provided. Variable references $(VAR_NAME) are expanded using the container's environment. If a variable cannot be resolved, the reference in the input string will be unchanged. The $(VAR_NAME) syntax can be escaped with a double $$, ie: $$(VAR_NAME). Escaped references will never be expanded, regardless of whether the variable exists or not. More info: https://kubernetes.io/docs/tasks/inject-data-application/define-command-argument-container/#running-a-command-in-a-shell

  • env_from - (Optional, Deprecated) List of sources to populate environment variables in the container. All invalid keys will be reported as an event when the container is starting. When a key exists in multiple sources, the value associated with the last source will take precedence. Values defined by an Env with a duplicate key will take precedence. Structure is documented below.

  • image - (Required) Docker image name. This is most often a reference to a container located in the container registry, such as gcr.io/cloudrun/hello More info: https://kubernetes.io/docs/concepts/containers/images

  • command - (Optional) Entrypoint array. Not executed within a shell. The docker image's ENTRYPOINT is used if this is not provided. Variable references $(VAR_NAME) are expanded using the container's environment. If a variable cannot be resolved, the reference in the input string will be unchanged. The $(VAR_NAME) syntax can be escaped with a double $$, ie: $$(VAR_NAME). Escaped references will never be expanded, regardless of whether the variable exists or not. More info: https://kubernetes.io/docs/tasks/inject-data-application/define-command-argument-container/#running-a-command-in-a-shell

  • env - (Optional) List of environment variables to set in the container. Structure is documented below.

  • resources - (Optional) Compute Resources required by this container. Used to set values such as max memory More info: https://kubernetes.io/docs/concepts/storage/persistent-volumes#resources Structure is documented below.

The env_from block supports:

  • prefix - (Optional) An optional identifier to prepend to each key in the ConfigMap.

  • config_map_ref - (Optional) The ConfigMap to select from. Structure is documented below.

  • secret_ref - (Optional) The Secret to select from. Structure is documented below.

The config_map_ref block supports:

  • optional - (Optional) Specify whether the ConfigMap must be defined

  • local_object_reference - (Optional) The ConfigMap to select from. Structure is documented below.

The local_object_reference block supports:

The secret_ref block supports:

  • local_object_reference - (Optional) The Secret to select from. Structure is documented below.

  • optional - (Optional) Specify whether the Secret must be defined

The local_object_reference block supports:

The env block supports:

  • name - (Optional) Name of the environment variable.

  • value - (Optional) Variable references $(VAR_NAME) are expanded using the previous defined environment variables in the container and any route environment variables. If a variable cannot be resolved, the reference in the input string will be unchanged. The $(VAR_NAME) syntax can be escaped with a double $$, ie: $$(VAR_NAME). Escaped references will never be expanded, regardless of whether the variable exists or not. Defaults to "".

The resources block supports:


  • traffic - (Optional) Traffic specifies how to distribute traffic over a collection of Knative Revisions and Configurations Structure is documented below.

  • template - (Optional) template holds the latest specification for the Revision to be stamped out. The template references the container image, and may also include labels and annotations that should be attached to the Revision. To correlate a Revision, and/or to force a Revision to be created when the spec doesn't otherwise change, a nonce label may be provided in the template metadata. For more details, see: https://github.com/knative/serving/blob/master/docs/client-conventions.md#associate-modifications-with-revisions Cloud Run does not currently support referencing a build that is responsible for materializing the container image from source. Structure is documented below.

  • metadata - (Optional) Metadata associated with this Service, including name, namespace, labels, and annotations. Structure is documented below.

  • project - (Optional) The ID of the project in which the resource belongs. If it is not provided, the provider project is used.

The metadata block supports:

» Attributes Reference

In addition to the arguments listed above, the following computed attributes are exported:

  • status - The current status of the Service. Structure is documented below.

The status block contains:

  • conditions - Array of observed Service Conditions, indicating the current ready state of the service. Structure is documented below.

  • url - From RouteStatus. URL holds the url that will distribute traffic over the provided traffic targets. It generally has the form https://{route-hash}-{project-hash}-{cluster-level-suffix}.a.run.app

  • observed_generation - ObservedGeneration is the 'Generation' of the Route that was last processed by the controller. Clients polling for completed reconciliation should poll until observedGeneration = metadata.generation and the Ready condition's status is True or False.

  • latest_created_revision_name - From ConfigurationStatus. LatestCreatedRevisionName is the last revision that was created from this Service's Configuration. It might not be ready yet, for that use LatestReadyRevisionName.

  • latest_ready_revision_name - From ConfigurationStatus. LatestReadyRevisionName holds the name of the latest Revision stamped out from this Service's Configuration that has had its "Ready" condition become "True".

The conditions block contains:

  • message - Human readable message indicating details about the current status.

  • status - Status of the condition, one of True, False, Unknown.

  • reason - One-word CamelCase reason for the condition's current status.

  • type - Type of domain mapping condition.

» Timeouts

This resource provides the following Timeouts configuration options:

  • create - Default is 6 minutes.
  • update - Default is 6 minutes.
  • delete - Default is 4 minutes.

» Import

Service can be imported using any of these accepted formats:

$ terraform import google_cloud_run_service.default locations/{{location}}/namespaces/{{project}}/services/{{name}}
$ terraform import google_cloud_run_service.default {{location}}/{{project}}/{{name}}
$ terraform import google_cloud_run_service.default {{location}}/{{name}}

» User Project Overrides

This resource supports User Project Overrides.