# Copyright 2023 Google LLC # # Licensed under the Apache License, Version 2.0 (the "License"); # you may not use this file except in compliance with the License. # You may obtain a copy of the License at # # https://www.apache.org/licenses/LICENSE-2.0 # # Unless required by applicable law or agreed to in writing, software # distributed under the License is distributed on an "AS IS" BASIS, # WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. # See the License for the specific language governing permissions and # limitations under the License. apiVersion: serving.knative.dev/v1 kind: Service # [START cloudrun_mc_hello_sidecar_step_metadata] metadata: name: "MC_SERVICE_NAME" labels: cloud.googleapis.com/location: "REGION" annotations: # Required to use Cloud Run multi-containers (preview feature) run.googleapis.com/launch-stage: BETA run.googleapis.com/description: sample tutorial service # Externally available run.googleapis.com/ingress: all # [END cloudrun_mc_hello_sidecar_step_metadata] # [START cloudrun_mc_hello_sidecar_step_deps] spec: template: metadata: annotations: # Defines container startup order within multi-container service. # Below requires hello container to spin up before nginx container, # which depends on the hello container. # https://cloud.google.com/run/docs/configuring/containers#container-ordering run.googleapis.com/container-dependencies: "{nginx: [hello]}" # [END cloudrun_mc_hello_sidecar_step_deps] # [START cloudrun_mc_hello_sidecar_step_serving] spec: containers: # A) Serving ingress container "nginx" listening at PORT 8080 # Main entrypoint of multi-container service. # Source is stored in nginx_config secret in Secret Manager. # Any pings to this container will proxy over to hello container at PORT 8888. # https://cloud.google.com/run/docs/container-contract#port - image: nginx name: nginx ports: - name: http1 containerPort: 8080 resources: limits: cpu: 500m memory: 256Mi # Referencing declared volume below, # Declaring volume to mount in current ingress container's filesystem # https://cloud.google.com/run/docs/reference/rest/v2/Container#volumemount volumeMounts: - name: nginx-conf-secret readOnly: true mountPath: /etc/nginx/conf.d/ startupProbe: timeoutSeconds: 240 periodSeconds: 240 failureThreshold: 1 tcpSocket: port: 8080 # [END cloudrun_mc_hello_sidecar_step_serving] # B) Sidecar container "hello" listening at PORT 8888, # which can only be accessed by serving ingress container # [START cloudrun_mc_hello_sidecar_step_sidecar] - image: us-docker.pkg.dev/cloudrun/container/hello name: hello env: - name: PORT value: "8888" resources: limits: cpu: 1000m memory: 512Mi startupProbe: timeoutSeconds: 240 periodSeconds: 240 failureThreshold: 1 tcpSocket: port: 8888 # [END cloudrun_mc_hello_sidecar_step_sidecar] # Named volume pointing to # nginx_config secret in secret manager # [START cloudrun_mc_hello_sidecar_step_secret] volumes: - name: nginx-conf-secret secret: secretName: nginx_config items: - key: latest path: default.conf # [END cloudrun_mc_hello_sidecar_step_secret]