mmv1/products/cloudrunv2/Service.yaml

# Copyright 2024 Google Inc. # Licensed under the Apache License, Version 2.0 (the "License"); # you may not use this file except in compliance with the License. # You may obtain a copy of the License at # # http://www.apache.org/licenses/LICENSE-2.0 # # Unless required by applicable law or agreed to in writing, software # distributed under the License is distributed on an "AS IS" BASIS, # WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. # See the License for the specific language governing permissions and # limitations under the License. --- name: 'Service' description: | Service acts as a top-level container that manages a set of configurations and revision templates which implement a network service. Service exists to provide a singular abstraction which can be access controlled, reasoned about, and which encapsulates software lifecycle decisions such as rollout policy and team resource ownership. references: guides: 'Official Documentation': 'https://cloud.google.com/run/docs/' api: 'https://cloud.google.com/run/docs/reference/rest/v2/projects.locations.services' docs: id_format: 'projects/{{project}}/locations/{{location}}/services/{{name}}' base_url: 'projects/{{project}}/locations/{{location}}/services' self_link: 'projects/{{project}}/locations/{{location}}/services/{{name}}' create_url: 'projects/{{project}}/locations/{{location}}/services?serviceId={{name}}' update_verb: 'PATCH' import_format: - 'projects/{{project}}/locations/{{location}}/services/{{name}}' timeouts: insert_minutes: 20 update_minutes: 20 delete_minutes: 20 autogen_async: true async: actions: ['create', 'delete', 'update'] type: 'OpAsync' operation: base_url: '{{op_id}}' result: resource_inside_response: true iam_policy: method_name_separator: ':' parent_resource_attribute: 'name' base_url: 'projects/{{project}}/locations/{{location}}/services/{{name}}' example_config_body: 'templates/terraform/iam/iam_attributes.go.tmpl' import_format: - 'projects/{{project}}/locations/{{location}}/services/{{name}}' - '{{name}}' custom_code: pre_delete: 'templates/terraform/pre_delete/cloudrunv2_service_deletion_policy.go.tmpl' taint_resource_on_failed_create: true examples: - name: 'cloudrunv2_service_basic' primary_resource_id: 'default' primary_resource_name: 'fmt.Sprintf("tf-test-cloudrun-service%s", context["random_suffix"])' vars: cloud_run_service_name: 'cloudrun-service' ignore_read_extra: - 'deletion_protection' - name: 'cloudrunv2_service_limits' primary_resource_id: 'default' vars: cloud_run_service_name: 'cloudrun-service' ignore_read_extra: - 'deletion_protection' - name: 'cloudrunv2_service_sql' primary_resource_id: 'default' primary_resource_name: 'fmt.Sprintf("tf-test-cloudrun-srv%s", context["random_suffix"])' vars: cloud_run_service_name: 'cloudrun-service' secret_id: 'secret-1' cloud_run_sql_name: 'cloudrun-sql' deletion_protection: 'true' test_vars_overrides: 'deletion_protection': 'false' oics_vars_overrides: 'deletion_protection': 'false' ignore_read_extra: - 'deletion_protection' - name: 'cloudrunv2_service_vpcaccess' primary_resource_id: 'default' primary_resource_name: 'fmt.Sprintf("tf-test-cloudrun-srv%s", context["random_suffix"])' vars: cloud_run_service_name: 'cloudrun-service' vpc_access_connector_name: 'run-vpc' vpc_compute_subnetwork_name: 'run-subnetwork' compute_network_name: 'run-network' ignore_read_extra: - 'deletion_protection' - name: 'cloudrunv2_service_directvpc' primary_resource_id: 'default' primary_resource_name: 'fmt.Sprintf("tf-test-cloudrun-srv%s", context["random_suffix"])' vars: cloud_run_service_name: 'cloudrun-service' ignore_read_extra: - 'deletion_protection' - name: 'cloudrunv2_service_gpu' primary_resource_id: 'default' primary_resource_name: 'fmt.Sprintf("tf-test-cloudrun-srv%s", context["random_suffix"])' vars: cloud_run_service_name: 'cloudrun-service' ignore_read_extra: - 'deletion_protection' - name: 'cloudrunv2_service_probes' primary_resource_id: 'default' primary_resource_name: 'fmt.Sprintf("tf-test-cloudrun-srv%s", context["random_suffix"])' vars: cloud_run_service_name: 'cloudrun-service' ignore_read_extra: - 'deletion_protection' - name: 'cloudrunv2_service_secret' primary_resource_id: 'default' primary_resource_name: 'fmt.Sprintf("tf-test-cloudrun-srv%s", context["random_suffix"])' vars: cloud_run_service_name: 'cloudrun-service' secret_id: 'secret-1' ignore_read_extra: - 'deletion_protection' - name: 'cloudrunv2_service_multicontainer' primary_resource_id: 'default' primary_resource_name: 'fmt.Sprintf("tf-test-cloudrun-service%s", context["random_suffix"])' vars: cloud_run_service_name: 'cloudrun-service' ignore_read_extra: - 'deletion_protection' - name: 'cloudrunv2_service_mount_gcs' primary_resource_id: 'default' primary_resource_name: 'fmt.Sprintf("tf-test-cloudrun-service-%s", context["random_suffix"])' vars: cloud_run_service_name: 'cloudrun-service' ignore_read_extra: - 'deletion_protection' # Currently failing skip_vcr: true - name: 'cloudrunv2_service_mount_nfs' primary_resource_id: 'default' primary_resource_name: 'fmt.Sprintf("tf-test-cloudrun-service-%s", context["random_suffix"])' vars: cloud_run_service_name: 'cloudrun-service' ignore_read_extra: - 'deletion_protection' # Currently failing skip_vcr: true - name: 'cloudrunv2_service_mesh' primary_resource_id: 'default' primary_resource_name: 'fmt.Sprintf("tf-test-cloudrun-service-%s", context["random_suffix"])' min_version: 'beta' vars: cloud_run_service_name: 'cloudrun-service' mesh_name: 'network-services-mesh' ignore_read_extra: - 'deletion_protection' external_providers: ["time"] - name: 'cloudrunv2_service_invokeriam' primary_resource_id: 'default' primary_resource_name: 'fmt.Sprintf("tf-test-cloudrun-srv%s", context["random_suffix"])' min_version: 'beta' vars: cloud_run_service_name: 'cloudrun-service' ignore_read_extra: - 'deletion_protection' - name: 'cloudrunv2_service_function' primary_resource_id: 'default' primary_resource_name: 'fmt.Sprintf("tf-test-cloudrun-srv%s", context["random_suffix"])' vars: cloud_run_service_name: 'cloudrun-service' bucket_name: 'gcf-source' zip_path: 'function_source.zip' sa_name: 'build-sa' test_vars_overrides: 'zip_path': '"./test-fixtures/function-source.zip"' ignore_read_extra: - 'deletion_protection' - name: 'cloudrunv2_service_iap' primary_resource_id: 'default' primary_resource_name: 'fmt.Sprintf("tf-test-cloudrun-iap-service%s", context["random_suffix"])' min_version: 'beta' vars: cloud_run_service_name: 'cloudrun-iap-service' ignore_read_extra: - 'deletion_protection' virtual_fields: - name: 'deletion_protection' description: | Whether Terraform will be prevented from destroying the service. Defaults to true. When a`terraform destroy` or `terraform apply` would delete the service, the command will fail if this field is not set to false in Terraform state. When the field is set to true or unset in Terraform state, a `terraform apply` or `terraform destroy` that would delete the service will fail. When the field is set to false, deleting the service is allowed. type: Boolean default_value: true parameters: - name: 'location' type: String description: The location of the cloud run service url_param_only: true required: true immutable: true properties: - name: 'name' type: String description: | Name of the Service. url_param_only: true required: true immutable: true diff_suppress_func: 'tpgresource.CompareSelfLinkOrResourceName' custom_flatten: 'templates/terraform/custom_flatten/name_from_self_link.tmpl' custom_expand: 'templates/terraform/custom_expand/resource_from_self_link.go.tmpl' - name: 'description' type: String description: | User-provided description of the Service. This field currently has a 512-character limit. - name: 'uid' type: String description: | Server assigned unique identifier for the trigger. The value is a UUID4 string and guaranteed to remain unchanged until the resource is deleted. output: true - name: 'generation' type: String description: | A number that monotonically increases every time the user modifies the desired state. Please note that unlike v1, this is an int64 value. As with most Google APIs, its JSON representation will be a string instead of an integer. output: true - name: 'labels' type: KeyValueLabels description: |- Unstructured key value map that can be used to organize and categorize objects. User-provided labels are shared with Google's billing system, so they can be used to filter, or break down billing charges by team, component, environment, state, etc. For more information, visit https://cloud.google.com/resource-manager/docs/creating-managing-labels or https://cloud.google.com/run/docs/configuring/labels. Cloud Run API v2 does not support labels with `run.googleapis.com`, `cloud.googleapis.com`, `serving.knative.dev`, or `autoscaling.knative.dev` namespaces, and they will be rejected. All system labels in v1 now have a corresponding field in v2 Service. - name: 'annotations' type: KeyValueAnnotations description: |- Unstructured key value map that may be set by external tools to store and arbitrary metadata. They are not queryable and should be preserved when modifying objects. Cloud Run API v2 does not support annotations with `run.googleapis.com`, `cloud.googleapis.com`, `serving.knative.dev`, or `autoscaling.knative.dev` namespaces, and they will be rejected in new resources. All system annotations in v1 now have a corresponding field in v2 Service. This field follows Kubernetes annotations' namespacing, limits, and rules. - name: 'createTime' type: Time description: |- The creation time. output: true - name: 'updateTime' type: Time description: |- The last-modified time. output: true - name: 'deleteTime' type: Time description: |- The deletion time. output: true - name: 'expireTime' type: Time description: |- For a deleted resource, the time after which it will be permanently deleted. output: true - name: 'creator' type: String description: |- Email address of the authenticated creator. output: true - name: 'lastModifier' type: String description: |- Email address of the last authenticated modifier. output: true - name: 'client' type: String description: | Arbitrary identifier for the API client. - name: 'clientVersion' type: String description: | Arbitrary version identifier for the API client. - name: 'ingress' type: Enum description: | Provides the ingress settings for this Service. On output, returns the currently observed ingress settings, or INGRESS_TRAFFIC_UNSPECIFIED if no revision is active. default_from_api: true enum_values: - 'INGRESS_TRAFFIC_ALL' - 'INGRESS_TRAFFIC_INTERNAL_ONLY' - 'INGRESS_TRAFFIC_INTERNAL_LOAD_BALANCER' - name: 'launchStage' type: Enum description: | The launch stage as defined by [Google Cloud Platform Launch Stages](https://cloud.google.com/products#product-launch-stages). Cloud Run supports ALPHA, BETA, and GA. If no value is specified, GA is assumed. Set the launch stage to a preview stage on input to allow use of preview features in that stage. On read (or output), describes whether the resource uses preview features. For example, if ALPHA is provided as input, but only BETA and GA-level features are used, this field will be BETA on output. default_from_api: true enum_values: - 'UNIMPLEMENTED' - 'PRELAUNCH' - 'EARLY_ACCESS' - 'ALPHA' - 'BETA' - 'GA' - 'DEPRECATED' - name: 'binaryAuthorization' type: NestedObject description: | Settings for the Binary Authorization feature. properties: - name: 'breakglassJustification' type: String description: | If present, indicates to use Breakglass using this justification. If useDefault is False, then it must be empty. For more information on breakglass, see https://cloud.google.com/binary-authorization/docs/using-breakglass - name: 'useDefault' type: Boolean description: | If True, indicates to use the default project's binary authorization policy. If False, binary authorization will be disabled. conflicts: - policy - name: 'policy' type: String description: | The path to a binary authorization policy. Format: projects/{project}/platforms/cloudRun/{policy-name} conflicts: - use_default - name: 'customAudiences' type: Array description: | One or more custom audiences that you want this service to support. Specify each custom audience as the full URL in a string. The custom audiences are encoded in the token and used to authenticate requests. For more information, see https://cloud.google.com/run/docs/configuring/custom-audiences. item_type: type: String - name: 'scaling' type: NestedObject description: | Scaling settings that apply to the whole service properties: - name: 'minInstanceCount' type: Integer description: | Minimum number of instances for the service, to be divided among all revisions receiving traffic. - name: 'scalingMode' type: Enum description: | The [scaling mode](https://cloud.google.com/run/docs/reference/rest/v2/projects.locations.services#scalingmode) for the service. enum_values: - 'AUTOMATIC' - 'MANUAL' - name: 'manualInstanceCount' type: Integer description: | Total instance count for the service in manual scaling mode. This number of instances is divided among all revisions with specified traffic based on the percent of traffic they are receiving. - name: 'defaultUriDisabled' type: Boolean description: |- Disables public resolution of the default URI of this service. min_version: 'beta' - name: 'template' type: NestedObject description: | The template used to create revisions for this Service. required: true properties: - name: 'revision' type: String description: |- The unique name for the revision. If this field is omitted, it will be automatically generated based on the Service name. - name: 'labels' type: KeyValuePairs description: |- Unstructured key value map that can be used to organize and categorize objects. User-provided labels are shared with Google's billing system, so they can be used to filter, or break down billing charges by team, component, environment, state, etc. For more information, visit https://cloud.google.com/resource-manager/docs/creating-managing-labels or https://cloud.google.com/run/docs/configuring/labels. Cloud Run API v2 does not support labels with `run.googleapis.com`, `cloud.googleapis.com`, `serving.knative.dev`, or `autoscaling.knative.dev` namespaces, and they will be rejected. All system labels in v1 now have a corresponding field in v2 RevisionTemplate. - name: 'annotations' type: KeyValuePairs description: |- Unstructured key value map that may be set by external tools to store and arbitrary metadata. They are not queryable and should be preserved when modifying objects. Cloud Run API v2 does not support annotations with `run.googleapis.com`, `cloud.googleapis.com`, `serving.knative.dev`, or `autoscaling.knative.dev` namespaces, and they will be rejected. All system annotations in v1 now have a corresponding field in v2 RevisionTemplate. This field follows Kubernetes annotations' namespacing, limits, and rules. - name: 'scaling' type: NestedObject description: | Scaling settings for this Revision. default_from_api: true properties: - name: 'minInstanceCount' type: Integer description: |- Minimum number of serving instances that this resource should have. Defaults to 0. Must not be greater than maximum instance count. - name: 'maxInstanceCount' type: Integer description: |- Maximum number of serving instances that this resource should have. Must not be less than minimum instance count. If absent, Cloud Run will calculate a default value based on the project's available container instances quota in the region and specified instance size. - name: 'vpcAccess' type: NestedObject description: |- VPC Access configuration to use for this Task. For more information, visit https://cloud.google.com/run/docs/configuring/connecting-vpc. properties: - name: 'connector' type: String description: |- VPC Access connector name. Format: projects/{project}/locations/{location}/connectors/{connector}, where {project} can be project id or number. - name: 'egress' type: Enum description: |- Traffic VPC egress settings. default_from_api: true enum_values: - 'ALL_TRAFFIC' - 'PRIVATE_RANGES_ONLY' - name: 'networkInterfaces' type: Array description: |- Direct VPC egress settings. Currently only single network interface is supported. item_type: type: NestedObject properties: - name: 'network' type: String description: |- The VPC network that the Cloud Run resource will be able to send traffic to. At least one of network or subnetwork must be specified. If both network and subnetwork are specified, the given VPC subnetwork must belong to the given VPC network. If network is not specified, it will be looked up from the subnetwork. default_from_api: true - name: 'subnetwork' type: String description: |- The VPC subnetwork that the Cloud Run resource will get IPs from. At least one of network or subnetwork must be specified. If both network and subnetwork are specified, the given VPC subnetwork must belong to the given VPC network. If subnetwork is not specified, the subnetwork with the same name with the network will be used. default_from_api: true - name: 'tags' type: Array description: |- Network tags applied to this Cloud Run service. item_type: type: String - name: 'timeout' type: String description: |- Max allowed time for an instance to respond to a request. A duration in seconds with up to nine fractional digits, ending with 's'. Example: "3.5s". default_from_api: true validation: regex: '^[0-9]+(?:\.[0-9]{1,9})?s$' - name: 'serviceAccount' type: String description: |- Email address of the IAM service account associated with the revision of the service. The service account represents the identity of the running revision, and determines what permissions the revision has. If not provided, the revision will use the project's default service account. default_from_api: true - name: 'containers' type: Array description: |- Holds the containers that define the unit of execution for this Service. item_type: type: NestedObject properties: - name: 'name' type: String description: |- Name of the container specified as a DNS_LABEL. - name: 'image' type: String description: |- URL of the Container image in Google Container Registry or Google Artifact Registry. More info: https://kubernetes.io/docs/concepts/containers/images required: true - name: 'command' type: Array description: |- Entrypoint array. Not executed within a shell. The docker image's ENTRYPOINT is used if this is not provided. Variable references $(VAR_NAME) are expanded using the container's environment. If a variable cannot be resolved, the reference in the input string will be unchanged. The $(VAR_NAME) syntax can be escaped with a double $$, ie: $$(VAR_NAME). Escaped references will never be expanded, regardless of whether the variable exists or not. More info: https://kubernetes.io/docs/tasks/inject-data-application/define-command-argument-container/#running-a-command-in-a-shell item_type: type: String - name: 'args' type: Array description: |- Arguments to the entrypoint. The docker image's CMD is used if this is not provided. Variable references are not supported in Cloud Run. item_type: type: String - name: 'env' type: Array description: |- List of environment variables to set in the container. is_set: true item_type: type: NestedObject properties: - name: 'name' type: String description: |- Name of the environment variable. Must be a C_IDENTIFIER, and may not exceed 32768 characters. required: true - name: 'value' type: String # env is a set. # The env.value has value "" in Terraform state, but it has value nil in Terraform plan, # which causes the diffs for unchanged env. default_value: "" is to suppress the diffs. default_value: "" description: |- Literal value of the environment variable. Defaults to "" and the maximum allowed length is 32768 characters. Variable references are not supported in Cloud Run. # exactly_one_of: # - template.0.containers.0.env.0.value # - template.0.containers.0.env.0.valueSource - name: 'valueSource' type: NestedObject description: |- Source for the environment variable's value. # exactly_one_of: # - template.0.containers.0.env.0.value # - template.0.containers.0.env.0.valueSource properties: - name: 'secretKeyRef' type: NestedObject description: |- Selects a secret and a specific version from Cloud Secret Manager. properties: - name: 'secret' type: String description: |- The name of the secret in Cloud Secret Manager. Format: {secretName} if the secret is in the same project. projects/{project}/secrets/{secretName} if the secret is in a different project. required: true - name: 'version' type: String description: |- The Cloud Secret Manager secret version. Can be 'latest' for the latest value or an integer for a specific version. - name: 'resources' type: NestedObject description: |- Compute Resource requirements by this container. More info: https://kubernetes.io/docs/concepts/storage/persistent-volumes#resources default_from_api: true properties: - name: 'limits' type: KeyValuePairs description: |- Only memory, CPU, and nvidia.com/gpu are supported. Use key `cpu` for CPU limit, `memory` for memory limit, `nvidia.com/gpu` for gpu limit. Note: The only supported values for CPU are '1', '2', '4', and '8'. Setting 4 CPU requires at least 2Gi of memory. The values of the map is string form of the 'quantity' k8s type: https://github.com/kubernetes/kubernetes/blob/master/staging/src/k8s.io/apimachinery/pkg/api/resource/quantity.go default_from_api: true - name: 'cpuIdle' type: Boolean description: |- Determines whether CPU is only allocated during requests. True by default if the parent `resources` field is not set. However, if `resources` is set, this field must be explicitly set to true to preserve the default behavior. - name: 'startupCpuBoost' type: Boolean description: |- Determines whether CPU should be boosted on startup of a new container instance above the requested CPU threshold, this can help reduce cold-start latency. - name: 'ports' type: Array description: |- List of ports to expose from the container. Only a single port can be specified. The specified ports must be listening on all interfaces (0.0.0.0) within the container to be accessible. If omitted, a port number will be chosen and passed to the container through the PORT environment variable for the container to listen on default_from_api: true item_type: type: NestedObject properties: - name: 'name' type: String description: |- If specified, used to specify which protocol to use. Allowed values are "http1" and "h2c". default_from_api: true - name: 'containerPort' type: Integer description: |- Port number the container listens on. This must be a valid TCP port number, 0 < containerPort < 65536. max_size: 1 - name: 'volumeMounts' type: Array description: |- Volume to mount into the container's filesystem. item_type: type: NestedObject properties: - name: 'name' type: String description: |- This must match the Name of a Volume. required: true - name: 'mountPath' type: String description: |- Path within the container at which the volume should be mounted. Must not contain ':'. For Cloud SQL volumes, it can be left empty, or must otherwise be /cloudsql. All instances defined in the Volume will be available as /cloudsql/[instance]. For more information on Cloud SQL volumes, visit https://cloud.google.com/sql/docs/mysql/connect-run required: true - name: 'workingDir' type: String description: |- Container's working directory. If not specified, the container runtime's default will be used, which might be configured in the container image. - name: 'livenessProbe' type: NestedObject description: |- Periodic probe of container liveness. Container will be restarted if the probe fails. More info: https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle#container-probes properties: - name: 'initialDelaySeconds' type: Integer description: |- Number of seconds after the container has started before the probe is initiated. Defaults to 0 seconds. Minimum value is 0. Maximum value for liveness probe is 3600. Maximum value for startup probe is 240. More info: https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle#container-probes default_value: 0 - name: 'timeoutSeconds' type: Integer description: |- Number of seconds after which the probe times out. Defaults to 1 second. Minimum value is 1. Maximum value is 3600. Must be smaller than periodSeconds. More info: https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle#container-probes default_value: 1 - name: 'periodSeconds' type: Integer description: |- How often (in seconds) to perform the probe. Default to 10 seconds. Minimum value is 1. Maximum value for liveness probe is 3600. Maximum value for startup probe is 240. Must be greater or equal than timeoutSeconds default_value: 10 - name: 'failureThreshold' type: Integer description: |- Minimum consecutive failures for the probe to be considered failed after having succeeded. Defaults to 3. Minimum value is 1. default_value: 3 - name: 'httpGet' type: NestedObject description: |- HTTPGet specifies the http request to perform. send_empty_value: true allow_empty_object: true # exactly_one_of: # - template.0.containers.0.startupProbe.0.httpGet # - template.0.containers.0.startupProbe.0.tcpSocket # - template.0.containers.0.startupProbe.0.grpc properties: - name: 'path' type: String description: |- Path to access on the HTTP server. Defaults to '/'. default_value: "/" - name: 'port' type: Integer description: |- Port number to access on the container. Number must be in the range 1 to 65535. If not specified, defaults to the same value as container.ports[0].containerPort. default_from_api: true - name: 'httpHeaders' type: Array description: |- Custom headers to set in the request. HTTP allows repeated headers. item_type: type: NestedObject properties: - name: 'name' type: String description: |- The header field name required: true - name: 'value' type: String description: |- The header field value send_empty_value: true default_value: "" - name: 'grpc' type: NestedObject description: |- GRPC specifies an action involving a GRPC port. send_empty_value: true allow_empty_object: true properties: - name: 'port' type: Integer description: |- Port number to access on the container. Number must be in the range 1 to 65535. If not specified, defaults to the same value as container.ports[0].containerPort. default_from_api: true - name: 'service' type: String description: |- The name of the service to place in the gRPC HealthCheckRequest (see https://github.com/grpc/grpc/blob/master/doc/health-checking.md). If this is not specified, the default behavior is defined by gRPC. - name: 'tcpSocket' type: NestedObject description: TCPSocketAction describes an action based on opening a socket properties: - name: 'port' type: Integer description: |- Port number to access on the container. Must be in the range 1 to 65535. If not specified, defaults to the exposed port of the container, which is the value of container.ports[0].containerPort. required: true - name: 'startupProbe' type: NestedObject description: |- Startup probe of application within the container. All other probes are disabled if a startup probe is provided, until it succeeds. Container will not be added to service endpoints if the probe fails. More info: https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle#container-probes default_from_api: true properties: - name: 'initialDelaySeconds' type: Integer description: |- Number of seconds after the container has started before the probe is initiated. Defaults to 0 seconds. Minimum value is 0. Maximum value for liveness probe is 3600. Maximum value for startup probe is 240. More info: https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle#container-probes default_value: 0 - name: 'timeoutSeconds' type: Integer description: |- Number of seconds after which the probe times out. Defaults to 1 second. Minimum value is 1. Maximum value is 3600. Must be smaller than periodSeconds. More info: https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle#container-probes default_value: 1 - name: 'periodSeconds' type: Integer description: |- How often (in seconds) to perform the probe. Default to 10 seconds. Minimum value is 1. Maximum value for liveness probe is 3600. Maximum value for startup probe is 240. Must be greater or equal than timeoutSeconds default_value: 10 - name: 'failureThreshold' type: Integer description: |- Minimum consecutive failures for the probe to be considered failed after having succeeded. Defaults to 3. Minimum value is 1. default_value: 3 - name: 'httpGet' type: NestedObject description: |- HTTPGet specifies the http request to perform. Exactly one of HTTPGet or TCPSocket must be specified. send_empty_value: true allow_empty_object: true properties: - name: 'path' type: String description: |- Path to access on the HTTP server. Defaults to '/'. default_value: "/" - name: 'port' type: Integer description: |- Port number to access on the container. Must be in the range 1 to 65535. If not specified, defaults to the same value as container.ports[0].containerPort. default_from_api: true - name: 'httpHeaders' type: Array description: |- Custom headers to set in the request. HTTP allows repeated headers. item_type: type: NestedObject properties: - name: 'name' type: String description: |- The header field name required: true - name: 'value' type: String description: |- The header field value send_empty_value: true default_value: "" - name: 'tcpSocket' type: NestedObject description: |- TCPSocket specifies an action involving a TCP port. Exactly one of HTTPGet or TCPSocket must be specified. send_empty_value: true allow_empty_object: true # exactly_one_of: # - template.0.containers.0.startupProbe.0.httpGet # - template.0.containers.0.startupProbe.0.tcpSocket # - template.0.containers.0.startupProbe.0.grpc properties: - name: 'port' type: Integer description: |- Port number to access on the container. Must be in the range 1 to 65535. If not specified, defaults to the same value as container.ports[0].containerPort. default_from_api: true - name: 'grpc' type: NestedObject description: |- GRPC specifies an action involving a GRPC port. send_empty_value: true allow_empty_object: true # exactly_one_of: # - template.0.containers.0.startupProbe.0.httpGet # - template.0.containers.0.startupProbe.0.tcpSocket # - template.0.containers.0.startupProbe.0.grpc properties: - name: 'port' type: Integer description: |- Port number to access on the container. Number must be in the range 1 to 65535. If not specified, defaults to the same value as container.ports[0].containerPort. default_from_api: true - name: 'service' type: String description: |- The name of the service to place in the gRPC HealthCheckRequest (see https://github.com/grpc/grpc/blob/master/doc/health-checking.md). If this is not specified, the default behavior is defined by gRPC. - name: 'dependsOn' type: Array description: |- Containers which should be started before this container. If specified the container will wait to start until all containers with the listed names are healthy. item_type: type: String - name: 'baseImageUri' type: String description: |- Base image for this container. If set, it indicates that the service is enrolled into automatic base image update. - name: 'buildInfo' type: NestedObject description: |- The build info of the container image. output: true properties: - name: 'functionTarget' type: String description: |- Entry point of the function when the image is a Cloud Run function. output: true - name: 'source_location' type: String description: |- Source code location of the image. output: true - name: 'volumes' type: Array description: |- A list of Volumes to make available to containers. item_type: type: NestedObject properties: - name: 'name' type: String description: |- Volume's name. required: true - name: 'secret' type: NestedObject description: |- Secret represents a secret that should populate this volume. More info: https://kubernetes.io/docs/concepts/storage/volumes#secret # exactly_one_of: # - template.0.volumes.0.secret # - template.0.volumes.0.cloudSqlInstance # - template.0.volumes.0.emptyDir properties: - name: 'secret' type: String description: |- The name of the secret in Cloud Secret Manager. Format: {secret} if the secret is in the same project. projects/{project}/secrets/{secret} if the secret is in a different project. required: true - name: 'defaultMode' type: Integer description: |- Integer representation of mode bits to use on created files by default. Must be a value between 0000 and 0777 (octal), defaulting to 0444. Directories within the path are not affected by this setting. - name: 'items' type: Array description: |- If unspecified, the volume will expose a file whose name is the secret, relative to VolumeMount.mount_path. If specified, the key will be used as the version to fetch from Cloud Secret Manager and the path will be the name of the file exposed in the volume. When items are defined, they must specify a path and a version. item_type: type: NestedObject properties: - name: 'path' type: String description: |- The relative path of the secret in the container. required: true - name: 'version' type: String description: |- The Cloud Secret Manager secret version. Can be 'latest' for the latest value or an integer for a specific version - name: 'mode' type: Integer description: |- Integer octal mode bits to use on this file, must be a value between 01 and 0777 (octal). If 0 or not set, the Volume's default mode will be used. - name: 'cloudSqlInstance' type: NestedObject description: |- For Cloud SQL volumes, contains the specific instances that should be mounted. Visit https://cloud.google.com/sql/docs/mysql/connect-run for more information on how to connect Cloud SQL and Cloud Run. # exactly_one_of: # - template.0.volumes.0.secret # - template.0.volumes.0.cloudSqlInstance # - template.0.volumes.0.emptyDir # - template.0.volumes.0.gcs properties: - name: 'instances' type: Array description: |- The Cloud SQL instance connection names, as can be found in https://console.cloud.google.com/sql/instances. Visit https://cloud.google.com/sql/docs/mysql/connect-run for more information on how to connect Cloud SQL and Cloud Run. Format: {project}:{location}:{instance} is_set: true item_type: type: String - name: 'emptyDir' type: NestedObject description: |- Ephemeral storage used as a shared volume. # exactly_one_of: # - template.0.volumes.0.secret # - template.0.volumes.0.cloudSqlInstance # - template.0.volumes.0.emptyDir # - template.0.volumes.0.gcs properties: - name: 'medium' type: Enum description: |- The different types of medium supported for EmptyDir. default_value: "MEMORY" enum_values: - 'MEMORY' - name: 'sizeLimit' type: String description: |- Limit on the storage usable by this EmptyDir volume. The size limit is also applicable for memory medium. The maximum usage on memory medium EmptyDir would be the minimum value between the SizeLimit specified here and the sum of memory limits of all containers in a pod. This field's values are of the 'Quantity' k8s type: https://kubernetes.io/docs/reference/kubernetes-api/common-definitions/quantity/. The default is nil which means that the limit is undefined. More info: https://kubernetes.io/docs/concepts/storage/volumes/#emptydir. - name: 'gcs' type: NestedObject description: |- Cloud Storage bucket mounted as a volume using GCSFuse. This feature is only supported in the gen2 execution environment. # exactly_one_of: # - template.0.volumes.0.secret # - template.0.volumes.0.cloudSqlInstance # - template.0.volumes.0.emptyDir # - template.0.volumes.0.gcs properties: - name: 'bucket' type: String description: GCS Bucket name required: true - name: 'readOnly' type: Boolean description: If true, mount the GCS bucket as read-only required: false - name: 'mountOptions' min_version: 'beta' type: Array description: | A list of flags to pass to the gcsfuse command for configuring this volume. Flags should be passed without leading dashes. item_type: type: String - name: 'nfs' type: NestedObject description: Represents an NFS mount. properties: - name: 'server' type: String description: Hostname or IP address of the NFS server required: true - name: 'path' type: String description: Path that is exported by the NFS server. required: true - name: 'readOnly' type: Boolean description: If true, mount the NFS volume as read only required: false - name: 'executionEnvironment' type: Enum description: |- The sandbox environment to host this Revision. enum_values: - 'EXECUTION_ENVIRONMENT_GEN1' - 'EXECUTION_ENVIRONMENT_GEN2' - name: 'encryptionKey' type: String description: |- A reference to a customer managed encryption key (CMEK) to use to encrypt this container image. For more information, go to https://cloud.google.com/run/docs/securing/using-cmek - name: 'maxInstanceRequestConcurrency' type: Integer description: |- Sets the maximum number of requests that each serving instance can receive. If not specified or 0, defaults to 80 when requested CPU >= 1 and defaults to 1 when requested CPU < 1. default_from_api: true - name: 'sessionAffinity' type: Boolean description: |- Enables session affinity. For more information, go to https://cloud.google.com/run/docs/configuring/session-affinity - name: 'serviceMesh' type: NestedObject description: |- Enables Cloud Service Mesh for this Revision. min_version: 'beta' properties: - name: 'mesh' type: String description: |- The Mesh resource name. For more information see https://cloud.google.com/service-mesh/docs/reference/network-services/rest/v1/projects.locations.meshes#resource:-mesh. - name: 'nodeSelector' type: NestedObject description: Node Selector describes the hardware requirements of the resources. properties: - name: 'accelerator' type: String description: The GPU to attach to an instance. See https://cloud.google.com/run/docs/configuring/services/gpu for configuring GPU. required: true - name: 'gpuZonalRedundancyDisabled' type: Boolean description: True if GPU zonal redundancy is disabled on this revision. - name: 'traffic' type: Array description: |- Specifies how to distribute traffic over a collection of Revisions belonging to the Service. If traffic is empty or not provided, defaults to 100% traffic to the latest Ready Revision. default_from_api: true item_type: type: NestedObject properties: - name: 'type' type: Enum description: | The allocation type for this traffic target. enum_values: - 'TRAFFIC_TARGET_ALLOCATION_TYPE_LATEST' - 'TRAFFIC_TARGET_ALLOCATION_TYPE_REVISION' - name: 'revision' type: String description: | Revision to which to send this portion of traffic, if traffic allocation is by revision. - name: 'percent' type: Integer description: | Specifies percent of the traffic to this Revision. This defaults to zero if unspecified. default_from_api: true - name: 'tag' type: String description: | Indicates a string to be part of the URI to exclusively reference this target. - name: 'invokerIamDisabled' type: Boolean description: | Disables IAM permission check for run.routes.invoke for callers of this service. For more information, visit https://cloud.google.com/run/docs/securing/managing-access#invoker_check. - name: 'observedGeneration' type: String description: | The generation of this Service currently serving traffic. See comments in reconciling for additional information on reconciliation process in Cloud Run. Please note that unlike v1, this is an int64 value. As with most Google APIs, its JSON representation will be a string instead of an integer. output: true - name: 'terminalCondition' type: NestedObject description: | The Condition of this Service, containing its readiness status, and detailed error information in case it did not reach a serving state. See comments in reconciling for additional information on reconciliation process in Cloud Run. output: true properties: - name: 'type' type: String description: |- type is used to communicate the status of the reconciliation process. See also: https://github.com/knative/serving/blob/main/docs/spec/errors.md#error-conditions-and-reporting Types common to all resources include: * "Ready": True when the Resource is ready. output: true - name: 'state' type: String description: |- State of the condition. output: true - name: 'message' type: String description: |- Human readable message indicating details about the current status. output: true - name: 'lastTransitionTime' type: Time description: |- Last time the condition transitioned from one status to another. output: true - name: 'severity' type: String description: |- How to interpret failures of this condition, one of Error, Warning, Info output: true - name: 'reason' type: String description: |- A common (service-level) reason for this condition. output: true - name: 'revisionReason' type: String description: |- A reason for the revision condition. output: true - name: 'executionReason' type: String description: |- A reason for the execution condition. output: true - name: 'conditions' type: Array description: |- The Conditions of all other associated sub-resources. They contain additional diagnostics information in case the Service does not reach its Serving state. See comments in reconciling for additional information on reconciliation process in Cloud Run. output: true item_type: type: NestedObject properties: - name: 'type' type: String description: |- type is used to communicate the status of the reconciliation process. See also: https://github.com/knative/serving/blob/main/docs/spec/errors.md#error-conditions-and-reporting Types common to all resources include: * "Ready": True when the Resource is ready. output: true - name: 'state' type: String description: |- State of the condition. output: true - name: 'message' type: String description: |- Human readable message indicating details about the current status. output: true - name: 'lastTransitionTime' type: Time description: |- Last time the condition transitioned from one status to another. A timestamp in RFC3339 UTC "Zulu" format, with nanosecond resolution and up to nine fractional digits. Examples: "2014-10-02T15:01:23Z" and "2014-10-02T15:01:23.045123456Z". output: true - name: 'severity' type: String description: |- How to interpret failures of this condition, one of Error, Warning, Info output: true - name: 'reason' type: String description: |- A common (service-level) reason for this condition. output: true - name: 'revisionReason' type: String description: |- A reason for the revision condition. output: true - name: 'executionReason' type: String description: |- A reason for the execution condition. output: true - name: 'latestReadyRevision' type: String description: | Name of the latest revision that is serving traffic. See comments in reconciling for additional information on reconciliation process in Cloud Run. output: true - name: 'latestCreatedRevision' type: String description: | Name of the last created revision. See comments in reconciling for additional information on reconciliation process in Cloud Run. output: true - name: 'trafficStatuses' type: Array description: |- Detailed status information for corresponding traffic targets. See comments in reconciling for additional information on reconciliation process in Cloud Run. output: true item_type: type: NestedObject properties: - name: 'type' type: String description: |- The allocation type for this traffic target. output: true - name: 'revision' type: String description: |- Revision to which this traffic is sent. output: true - name: 'percent' type: Integer description: |- Specifies percent of the traffic to this Revision. output: true - name: 'tag' type: String description: |- Indicates the string used in the URI to exclusively reference this target. output: true - name: 'uri' type: String description: |- Displays the target URI. output: true - name: 'uri' type: String description: | The main URI in which this Service is serving traffic. output: true - name: 'urls' type: Array item_type: type: String description: |- All URLs serving traffic for this Service. output: true - name: 'buildConfig' type: NestedObject description: |- Configuration for building a Cloud Run function. properties: - name: 'name' type: String description: |- The Cloud Build name of the latest successful deployment of the function. output: true - name: 'sourceLocation' type: String description: |- The Cloud Storage bucket URI where the function source code is located. - name: 'functionTarget' type: String description: |- The name of the function (as defined in source code) that will be executed. Defaults to the resource name suffix, if not specified. For backward compatibility, if function with given name is not found, then the system will try to use function named "function". - name: 'imageUri' type: String description: |- Artifact Registry URI to store the built image. - name: 'baseImage' type: String description: |- The base image used to build the function. - name: 'enableAutomaticUpdates' type: Boolean description: |- Sets whether the function will receive automatic base image updates. - name: 'workerPool' type: String description: |- Name of the Cloud Build Custom Worker Pool that should be used to build the Cloud Run function. The format of this field is `projects/{project}/locations/{region}/workerPools/{workerPool}` where {project} and {region} are the project id and region respectively where the worker pool is defined and {workerPool} is the short name of the worker pool. - name: 'environmentVariables' type: KeyValuePairs description: |- User-provided build-time environment variables for the function. - name: 'serviceAccount' type: String description: |- Service account to be used for building the container. The format of this field is `projects/{projectId}/serviceAccounts/{serviceAccountEmail}`. - name: 'reconciling' type: Boolean description: | Returns true if the Service is currently being acted upon by the system to bring it into the desired state. When a new Service is created, or an existing one is updated, Cloud Run will asynchronously perform all necessary steps to bring the Service to the desired serving state. This process is called reconciliation. While reconciliation is in process, observedGeneration, latest_ready_revison, trafficStatuses, and uri will have transient values that might mismatch the intended state: Once reconciliation is over (and this field is false), there are two possible outcomes: reconciliation succeeded and the serving state matches the Service, or there was an error, and reconciliation failed. This state can be found in terminalCondition.state. If reconciliation succeeded, the following fields will match: traffic and trafficStatuses, observedGeneration and generation, latestReadyRevision and latestCreatedRevision. If reconciliation failed, trafficStatuses, observedGeneration, and latestReadyRevision will have the state of the last serving revision, or empty for newly created Services. Additional information on the failure can be found in terminalCondition and conditions. output: true - name: 'etag' type: String description: | A system-generated fingerprint for this version of the resource. May be used to detect modification conflict during updates. output: true - name: 'iapEnabled' type: Boolean description: | Used to enable/disable IAP for the service. min_version: 'beta'

mmv1/products/cloudrunv2/Service.yaml (1,184 lines of code) (raw):