Google Git
Sign in
third-party-mirror / terraform-provider-google-beta / 7018e2f3f116fdacfd66c03551fbf0c3db62170a / . / v5.18.0 / website / docs / r / cloud_run_service.html.markdown
blob: eb8702bd4f973000c2518da2a84c7b8469c017dc [file] [log] [blame]
---
# ----------------------------------------------------------------------------
#
# *** AUTO GENERATED CODE *** Type: MMv1 ***
#
# ----------------------------------------------------------------------------
#
# This file is automatically generated by Magic Modules and manual
# changes will be clobbered when the file is regenerated.
#
# Please read more about how to change this file in
# .github/CONTRIBUTING.md.
#
# ----------------------------------------------------------------------------
subcategory: "Cloud Run"
description: |-
A Cloud Run service has a unique endpoint and autoscales containers.
---
# google\_cloud\_run\_service
A Cloud Run service has a unique endpoint and autoscales containers.
To get more information about Service, see:
* [API documentation](https://cloud.google.com/run/docs/reference/rest/v1/namespaces.services)
* How-to Guides
* [Official Documentation](https://cloud.google.com/run/docs/)
~> **Warning:** We recommend using the `google_cloud_run_v2_service` resource which offers a better
developer experience and broader support of Cloud Run features.
## Example Usage - Cloud Run Service Basic
```hcl
resource "google_cloud_run_service" "default" {
name = "cloudrun-srv"
location = "us-central1"
template {
spec {
containers {
image = "us-docker.pkg.dev/cloudrun/container/hello"
}
}
}
traffic {
percent = 100
latest_revision = true
}
}
```
<div class = "oics-button" style="float: right; margin: 0 0 -15px">
<a href="https://console.cloud.google.com/cloudshell/open?cloudshell_git_repo=https%3A%2F%2Fgithub.com%2Fterraform-google-modules%2Fdocs-examples.git&cloudshell_working_dir=cloud_run_service_sql&cloudshell_image=gcr.io%2Fcloudshell-images%2Fcloudshell%3Alatest&open_in_editor=main.tf&cloudshell_print=.%2Fmotd&cloudshell_tutorial=.%2Ftutorial.md" target="_blank">
<img alt="Open in Cloud Shell" src="//gstatic.com/cloudssh/images/open-btn.svg" style="max-height: 44px; margin: 32px auto; max-width: 100%;">
</a>
</div>
## Example Usage - Cloud Run Service Sql
```hcl
resource "google_cloud_run_service" "default" {
name = "cloudrun-srv"
location = "us-central1"
template {
spec {
containers {
image = "us-docker.pkg.dev/cloudrun/container/hello"
}
}
metadata {
annotations = {
"autoscaling.knative.dev/maxScale" = "1000"
"run.googleapis.com/cloudsql-instances" = google_sql_database_instance.instance.connection_name
"run.googleapis.com/client-name" = "terraform"
}
}
}
autogenerate_revision_name = true
}
resource "google_sql_database_instance" "instance" {
name = "cloudrun-sql"
region = "us-east1"
database_version = "MYSQL_5_7"
settings {
tier = "db-f1-micro"
}
deletion_protection = "true"
}
```
## Example Usage - Cloud Run Service Noauth
```hcl
resource "google_cloud_run_service" "default" {
name = "cloudrun-srv"
location = "us-central1"
template {
spec {
containers {
image = "us-docker.pkg.dev/cloudrun/container/hello"
}
}
}
}
data "google_iam_policy" "noauth" {
binding {
role = "roles/run.invoker"
members = [
"allUsers",
]
}
}
resource "google_cloud_run_service_iam_policy" "noauth" {
location = google_cloud_run_service.default.location
project = google_cloud_run_service.default.project
service = google_cloud_run_service.default.name
policy_data = data.google_iam_policy.noauth.policy_data
}
```
## Example Usage - Cloud Run Service Probes
```hcl
resource "google_cloud_run_service" "default" {
name = "cloudrun-srv"
location = "us-central1"
template {
spec {
containers {
image = "us-docker.pkg.dev/cloudrun/container/hello"
startup_probe {
initial_delay_seconds = 0
timeout_seconds = 1
period_seconds = 3
failure_threshold = 1
tcp_socket {
port = 8080
}
}
liveness_probe {
http_get {
path = "/"
}
}
}
}
}
traffic {
percent = 100
latest_revision = true
}
lifecycle {
ignore_changes = [
metadata.0.annotations,
]
}
}
```
## Example Usage - Cloud Run Service Multicontainer
```hcl
resource "google_cloud_run_service" "default" {
name = "cloudrun-srv"
location = "us-central1"
provider = google-beta
metadata {
annotations = {
"run.googleapis.com/launch-stage" = "BETA"
}
}
template {
metadata {
annotations = {
"run.googleapis.com/container-dependencies" = jsonencode({hello-1 = ["hello-2"]})
}
}
spec {
containers {
name = "hello-1"
ports {
container_port = 8080
}
image = "us-docker.pkg.dev/cloudrun/container/hello"
volume_mounts {
name = "shared-volume"
mount_path = "/mnt/shared"
}
}
containers {
name = "hello-2"
image = "us-docker.pkg.dev/cloudrun/container/hello"
env {
name = "PORT"
value = "8081"
}
startup_probe {
http_get {
port = 8081
}
}
volume_mounts {
name = "shared-volume"
mount_path = "/mnt/shared"
}
}
volumes {
name = "shared-volume"
empty_dir {
medium = "Memory"
size_limit = "128Mi"
}
}
}
}
lifecycle {
ignore_changes = [
metadata[0].annotations["run.googleapis.com/launch-stage"],
]
}
}
```
## Argument Reference
The following arguments are supported:
* `name` -
(Required)
Name must be unique within a Google Cloud project and region.
Is required when creating resources. Name is primarily intended
for creation idempotence and configuration definition. Cannot be updated.
More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names
* `location` -
(Required)
The location of the cloud run instance. eg us-central1
<a name="nested_traffic"></a>The `traffic` block supports:
* `revision_name` -
(Optional)
RevisionName of a specific revision to which to send this portion of traffic.
* `percent` -
(Required)
Percent specifies percent of the traffic to this Revision or Configuration.
* `tag` -
(Optional)
Tag is optionally used to expose a dedicated url for referencing this target exclusively.
* `latest_revision` -
(Optional)
LatestRevision may be optionally provided to indicate that the latest ready
Revision of the Configuration should be used for this traffic target. When
provided LatestRevision must be true if RevisionName is empty; it must be
false when RevisionName is non-empty.
* `url` -
(Output)
URL displays the URL for accessing tagged traffic targets. URL is displayed in status,
and is disallowed on spec. URL must contain a scheme (e.g. http://) and a hostname,
but may not contain anything else (e.g. basic auth, url path, etc.)
<a name="nested_template"></a>The `template` block supports:
* `metadata` -
(Optional)
Optional metadata for this Revision, including labels and annotations.
Name will be generated by the Configuration. To set minimum instances
for this revision, use the "autoscaling.knative.dev/minScale" annotation
key. To set maximum instances for this revision, use the
"autoscaling.knative.dev/maxScale" annotation key. To set Cloud SQL
connections for the revision, use the "run.googleapis.com/cloudsql-instances"
annotation key.
Structure is [documented below](#nested_metadata).
* `spec` -
(Required)
RevisionSpec holds the desired state of the Revision (from the client).
Structure is [documented below](#nested_spec).
<a name="nested_metadata"></a>The `metadata` block supports:
* `labels` -
(Optional)
Map of string keys and values that can be used to organize and categorize
(scope and select) objects.
* `generation` -
(Output)
A sequence number representing a specific generation of the desired state.
* `resource_version` -
(Output)
An opaque value that represents the internal version of this object that
can be used by clients to determine when objects have changed. May be used
for optimistic concurrency, change detection, and the watch operation on a
resource or set of resources. They may only be valid for a
particular resource or set of resources.
* `self_link` -
(Output)
SelfLink is a URL representing this object.
* `uid` -
(Output)
UID is a unique id generated by the server on successful creation of a resource and is not
allowed to change on PUT operations.
* `namespace` -
(Optional)
In Cloud Run the namespace must be equal to either the
project ID or project number. It will default to the resource's project.
* `annotations` -
(Optional)
Annotations is a key value map stored with a resource that
may be set by external tools to store and retrieve arbitrary metadata. More
info: https://kubernetes.io/docs/concepts/overview/working-with-objects/annotations
**Note**: The Cloud Run API may add additional annotations that were not provided in your config.
If terraform plan shows a diff where a server-side annotation is added, you can add it to your config
or apply the lifecycle.ignore_changes rule to the metadata.0.annotations field.
Annotations with `run.googleapis.com/` and `autoscaling.knative.dev` are restricted. Use the following annotation
keys to configure features on a Revision template:
- `autoscaling.knative.dev/maxScale` sets the [maximum number of container
instances](https://cloud.google.com/sdk/gcloud/reference/run/deploy#--max-instances) of the Revision to run.
- `autoscaling.knative.dev/minScale` sets the [minimum number of container
instances](https://cloud.google.com/sdk/gcloud/reference/run/deploy#--min-instances) of the Revision to run.
- `run.googleapis.com/client-name` sets the client name calling the Cloud Run API.
- `run.googleapis.com/cloudsql-instances` sets the [Cloud SQL
instances](https://cloud.google.com/sdk/gcloud/reference/run/deploy#--add-cloudsql-instances) the Revision connects to.
- `run.googleapis.com/cpu-throttling` sets whether to throttle the CPU when the container is not actively serving
requests. See https://cloud.google.com/sdk/gcloud/reference/run/deploy#--[no-]cpu-throttling.
- `run.googleapis.com/encryption-key-shutdown-hours` sets the number of hours to wait before an automatic shutdown
server after CMEK key revocation is detected.
- `run.googleapis.com/encryption-key` sets the [CMEK key](https://cloud.google.com/run/docs/securing/using-cmek)
reference to encrypt the container with.
- `run.googleapis.com/execution-environment` sets the [execution
environment](https://cloud.google.com/sdk/gcloud/reference/run/deploy#--execution-environment)
where the application will run.
- `run.googleapis.com/post-key-revocation-action-type` sets the
[action type](https://cloud.google.com/sdk/gcloud/reference/run/deploy#--post-key-revocation-action-type)
after CMEK key revocation.
- `run.googleapis.com/secrets` sets a list of key-value pairs to set as
[secrets](https://cloud.google.com/run/docs/configuring/secrets#yaml).
- `run.googleapis.com/sessionAffinity` sets whether to enable
[session affinity](https://cloud.google.com/sdk/gcloud/reference/beta/run/deploy#--[no-]session-affinity)
for connections to the Revision.
- `run.googleapis.com/startup-cpu-boost` sets whether to allocate extra CPU to containers on startup.
See https://cloud.google.com/sdk/gcloud/reference/run/deploy#--[no-]cpu-boost.
- `run.googleapis.com/vpc-access-connector` sets a [VPC connector](https://cloud.google.com/run/docs/configuring/connecting-vpc#terraform_1)
for the Revision.
- `run.googleapis.com/vpc-access-egress` sets the outbound traffic to send through the VPC connector for this resource.
See https://cloud.google.com/sdk/gcloud/reference/run/deploy#--vpc-egress.
* `name` -
(Optional)
Name must be unique within a Google Cloud project and region.
Is required when creating resources. Name is primarily intended
for creation idempotence and configuration definition. Cannot be updated.
<a name="nested_spec"></a>The `spec` block supports:
* `containers` -
(Required)
Containers defines the unit of execution for this Revision.
Structure is [documented below](#nested_containers).
* `container_concurrency` -
(Optional)
ContainerConcurrency specifies the maximum allowed in-flight (concurrent)
requests per container of the Revision. Values are:
- `0` thread-safe, the system should manage the max concurrency. This is
the default value.
- `1` not-thread-safe. Single concurrency
- `2-N` thread-safe, max concurrency of N
* `timeout_seconds` -
(Optional)
TimeoutSeconds holds the max duration the instance is allowed for responding to a request.
* `service_account_name` -
(Optional)
Email address of the IAM service account associated with the revision of the
service. The service account represents the identity of the running revision,
and determines what permissions the revision has. If not provided, the revision
will use the project's default service account.
* `volumes` -
(Optional)
Volume represents a named volume in a container.
Structure is [documented below](#nested_volumes).
* `serving_state` -
(Output, Deprecated)
ServingState holds a value describing the state the resources
are in for this Revision.
It is expected
that the system will manipulate this based on routability and load.
~> **Warning:** `serving_state` is deprecated and will be removed in a future major release. This field is not supported by the Cloud Run API.
<a name="nested_containers"></a>The `containers` block supports:
* `name` -
(Optional)
Name of the container
* `working_dir` -
(Optional, Deprecated)
Container's working directory.
If not specified, the container runtime's default will be used, which
might be configured in the container image.
~> **Warning:** `working_dir` is deprecated and will be removed in a future major release. This field is not supported by the Cloud Run API.
* `args` -
(Optional)
Arguments to the entrypoint.
The docker image's CMD is used if this is not provided.
* `env_from` -
(Optional, Deprecated)
List of sources to populate environment variables in the container.
All invalid keys will be reported as an event when the container is starting.
When a key exists in multiple sources, the value associated with the last source will
take precedence. Values defined by an Env with a duplicate key will take
precedence.
Structure is [documented below](#nested_env_from).
~> **Warning:** `env_from` is deprecated and will be removed in a future major release. This field is not supported by the Cloud Run API.
* `image` -
(Required)
Docker image name. This is most often a reference to a container located
in the container registry, such as gcr.io/cloudrun/hello
* `command` -
(Optional)
Entrypoint array. Not executed within a shell.
The docker image's ENTRYPOINT is used if this is not provided.
* `env` -
(Optional)
List of environment variables to set in the container.
Structure is [documented below](#nested_env).
* `ports` -
(Optional)
List of open ports in the container.
Structure is [documented below](#nested_ports).
* `resources` -
(Optional)
Compute Resources required by this container. Used to set values such as max memory
Structure is [documented below](#nested_resources).
* `volume_mounts` -
(Optional)
Volume to mount into the container's filesystem.
Only supports SecretVolumeSources.
Structure is [documented below](#nested_volume_mounts).
* `startup_probe` -
(Optional)
Startup probe of application within the container.
All other probes are disabled if a startup probe is provided, until it
succeeds. Container will not be added to service endpoints if the probe fails.
Structure is [documented below](#nested_startup_probe).
* `liveness_probe` -
(Optional)
Periodic probe of container liveness. Container will be restarted if the probe fails.
Structure is [documented below](#nested_liveness_probe).
<a name="nested_env_from"></a>The `env_from` block supports:
* `prefix` -
(Optional)
An optional identifier to prepend to each key in the ConfigMap.
* `config_map_ref` -
(Optional)
The ConfigMap to select from.
Structure is [documented below](#nested_config_map_ref).
* `secret_ref` -
(Optional)
The Secret to select from.
Structure is [documented below](#nested_secret_ref).
<a name="nested_config_map_ref"></a>The `config_map_ref` block supports:
* `optional` -
(Optional)
Specify whether the ConfigMap must be defined
* `local_object_reference` -
(Optional)
The ConfigMap to select from.
Structure is [documented below](#nested_local_object_reference).
<a name="nested_local_object_reference"></a>The `local_object_reference` block supports:
* `name` -
(Required)
Name of the referent.
<a name="nested_secret_ref"></a>The `secret_ref` block supports:
* `local_object_reference` -
(Optional)
The Secret to select from.
Structure is [documented below](#nested_local_object_reference).
* `optional` -
(Optional)
Specify whether the Secret must be defined
<a name="nested_local_object_reference"></a>The `local_object_reference` block supports:
* `name` -
(Required)
Name of the referent.
<a name="nested_env"></a>The `env` block supports:
* `name` -
(Optional)
Name of the environment variable.
* `value` -
(Optional)
Defaults to "".
* `value_from` -
(Optional)
Source for the environment variable's value. Only supports secret_key_ref.
Structure is [documented below](#nested_value_from).
<a name="nested_value_from"></a>The `value_from` block supports:
* `secret_key_ref` -
(Required)
Selects a key (version) of a secret in Secret Manager.
Structure is [documented below](#nested_secret_key_ref).
<a name="nested_secret_key_ref"></a>The `secret_key_ref` block supports:
* `key` -
(Required)
A Cloud Secret Manager secret version. Must be 'latest' for the latest
version or an integer for a specific version.
* `name` -
(Required)
The name of the secret in Cloud Secret Manager. By default, the secret is assumed to be in the same project.
If the secret is in another project, you must define an alias.
An alias definition has the form: :projects/{project-id|project-number}/secrets/.
If multiple alias definitions are needed, they must be separated by commas.
The alias definitions must be set on the run.googleapis.com/secrets annotation.
<a name="nested_ports"></a>The `ports` block supports:
* `name` -
(Optional)
If specified, used to specify which protocol to use. Allowed values are "http1" (HTTP/1) and "h2c" (HTTP/2 end-to-end). Defaults to "http1".
* `protocol` -
(Optional)
Protocol for port. Must be "TCP". Defaults to "TCP".
* `container_port` -
(Optional)
Port number the container listens on. This must be a valid port number (between 1 and 65535). Defaults to "8080".
<a name="nested_resources"></a>The `resources` block supports:
* `limits` -
(Optional)
Limits describes the maximum amount of compute resources allowed.
The values of the map is string form of the 'quantity' k8s type:
https://github.com/kubernetes/kubernetes/blob/master/staging/src/k8s.io/apimachinery/pkg/api/resource/quantity.go
* `requests` -
(Optional)
Requests describes the minimum amount of compute resources required.
If Requests is omitted for a container, it defaults to Limits if that is
explicitly specified, otherwise to an implementation-defined value.
The values of the map is string form of the 'quantity' k8s type:
https://github.com/kubernetes/kubernetes/blob/master/staging/src/k8s.io/apimachinery/pkg/api/resource/quantity.go
<a name="nested_volume_mounts"></a>The `volume_mounts` block supports:
* `mount_path` -
(Required)
Path within the container at which the volume should be mounted. Must
not contain ':'.
* `name` -
(Required)
This must match the Name of a Volume.
<a name="nested_startup_probe"></a>The `startup_probe` block supports:
* `initial_delay_seconds` -
(Optional)
Number of seconds after the container has started before the probe is
initiated.
Defaults to 0 seconds. Minimum value is 0. Maximum value is 240.
* `timeout_seconds` -
(Optional)
Number of seconds after which the probe times out.
Defaults to 1 second. Minimum value is 1. Maximum value is 3600.
Must be smaller than periodSeconds.
* `period_seconds` -
(Optional)
How often (in seconds) to perform the probe.
Default to 10 seconds. Minimum value is 1. Maximum value is 240.
* `failure_threshold` -
(Optional)
Minimum consecutive failures for the probe to be considered failed after
having succeeded. Defaults to 3. Minimum value is 1.
* `tcp_socket` -
(Optional)
TcpSocket specifies an action involving a TCP port.
Structure is [documented below](#nested_tcp_socket).
* `http_get` -
(Optional)
HttpGet specifies the http request to perform.
Structure is [documented below](#nested_http_get).
* `grpc` -
(Optional)
GRPC specifies an action involving a GRPC port.
Structure is [documented below](#nested_grpc).
<a name="nested_tcp_socket"></a>The `tcp_socket` block supports:
* `port` -
(Optional)
Port number to access on the container. Number must be in the range 1 to 65535.
If not specified, defaults to the same value as container.ports[0].containerPort.
<a name="nested_http_get"></a>The `http_get` block supports:
* `path` -
(Optional)
Path to access on the HTTP server. If set, it should not be empty string.
* `port` -
(Optional)
Port number to access on the container. Number must be in the range 1 to 65535.
If not specified, defaults to the same value as container.ports[0].containerPort.
* `http_headers` -
(Optional)
Custom headers to set in the request. HTTP allows repeated headers.
Structure is [documented below](#nested_http_headers).
<a name="nested_http_headers"></a>The `http_headers` block supports:
* `name` -
(Required)
The header field name.
* `value` -
(Optional)
The header field value.
<a name="nested_grpc"></a>The `grpc` block supports:
* `port` -
(Optional)
Port number to access on the container. Number must be in the range 1 to 65535.
If not specified, defaults to the same value as container.ports[0].containerPort.
* `service` -
(Optional)
The name of the service to place in the gRPC HealthCheckRequest
(see https://github.com/grpc/grpc/blob/master/doc/health-checking.md).
If this is not specified, the default behavior is defined by gRPC.
<a name="nested_liveness_probe"></a>The `liveness_probe` block supports:
* `initial_delay_seconds` -
(Optional)
Number of seconds after the container has started before the probe is
initiated.
Defaults to 0 seconds. Minimum value is 0. Maximum value is 3600.
* `timeout_seconds` -
(Optional)
Number of seconds after which the probe times out.
Defaults to 1 second. Minimum value is 1. Maximum value is 3600.
Must be smaller than period_seconds.
* `period_seconds` -
(Optional)
How often (in seconds) to perform the probe.
Default to 10 seconds. Minimum value is 1. Maximum value is 3600.
* `failure_threshold` -
(Optional)
Minimum consecutive failures for the probe to be considered failed after
having succeeded. Defaults to 3. Minimum value is 1.
* `http_get` -
(Optional)
HttpGet specifies the http request to perform.
Structure is [documented below](#nested_http_get).
* `grpc` -
(Optional)
GRPC specifies an action involving a GRPC port.
Structure is [documented below](#nested_grpc).
<a name="nested_http_get"></a>The `http_get` block supports:
* `path` -
(Optional)
Path to access on the HTTP server. If set, it should not be empty string.
* `port` -
(Optional)
Port number to access on the container. Number must be in the range 1 to 65535.
If not specified, defaults to the same value as container.ports[0].containerPort.
* `http_headers` -
(Optional)
Custom headers to set in the request. HTTP allows repeated headers.
Structure is [documented below](#nested_http_headers).
<a name="nested_http_headers"></a>The `http_headers` block supports:
* `name` -
(Required)
The header field name.
* `value` -
(Optional)
The header field value.
<a name="nested_grpc"></a>The `grpc` block supports:
* `port` -
(Optional)
Port number to access on the container. Number must be in the range 1 to 65535.
If not specified, defaults to the same value as container.ports[0].containerPort.
* `service` -
(Optional)
The name of the service to place in the gRPC HealthCheckRequest
(see https://github.com/grpc/grpc/blob/master/doc/health-checking.md).
If this is not specified, the default behavior is defined by gRPC.
<a name="nested_volumes"></a>The `volumes` block supports:
* `name` -
(Required)
Volume's name.
* `secret` -
(Optional)
The secret's value will be presented as the content of a file whose
name is defined in the item path. If no items are defined, the name of
the file is the secret_name.
Structure is [documented below](#nested_secret).
* `empty_dir` -
(Optional, [Beta](https://terraform.io/docs/providers/google/guides/provider_versions.html))
Ephemeral storage which can be backed by real disks (HD, SSD), network storage or memory (i.e. tmpfs). For now only in memory (tmpfs) is supported. It is ephemeral in the sense that when the sandbox is taken down, the data is destroyed with it (it does not persist across sandbox runs).
Structure is [documented below](#nested_empty_dir).
* `csi` -
(Optional, [Beta](https://terraform.io/docs/providers/google/guides/provider_versions.html))
A filesystem specified by the Container Storage Interface (CSI).
Structure is [documented below](#nested_csi).
<a name="nested_secret"></a>The `secret` block supports:
* `secret_name` -
(Required)
The name of the secret in Cloud Secret Manager. By default, the secret
is assumed to be in the same project.
If the secret is in another project, you must define an alias.
An alias definition has the form:
{alias}:projects/{project-id|project-number}/secrets/{secret-name}.
If multiple alias definitions are needed, they must be separated by
commas.
The alias definitions must be set on the run.googleapis.com/secrets
annotation.
* `default_mode` -
(Optional)
Mode bits to use on created files by default. Must be a value between 0000
and 0777. Defaults to 0644. Directories within the path are not affected by
this setting. This might be in conflict with other options that affect the
file mode, like fsGroup, and the result can be other mode bits set.
* `items` -
(Optional)
If unspecified, the volume will expose a file whose name is the
secret_name.
If specified, the key will be used as the version to fetch from Cloud
Secret Manager and the path will be the name of the file exposed in the
volume. When items are defined, they must specify a key and a path.
Structure is [documented below](#nested_items).
<a name="nested_items"></a>The `items` block supports:
* `key` -
(Required)
The Cloud Secret Manager secret version.
Can be 'latest' for the latest value or an integer for a specific version.
* `path` -
(Required)
The relative path of the file to map the key to.
May not be an absolute path.
May not contain the path element '..'.
May not start with the string '..'.
* `mode` -
(Optional)
Mode bits to use on this file, must be a value between 0000 and 0777. If
not specified, the volume defaultMode will be used. This might be in
conflict with other options that affect the file mode, like fsGroup, and
the result can be other mode bits set.
<a name="nested_empty_dir"></a>The `empty_dir` block supports:
* `medium` -
(Optional)
The medium on which the data is stored. The default is "" which means to use the node's default medium. Must be an empty string (default) or Memory.
* `size_limit` -
(Optional)
Limit on the storage usable by this EmptyDir volume. The size limit is also applicable for memory medium. The maximum usage on memory medium EmptyDir would be the minimum value between the SizeLimit specified here and the sum of memory limits of all containers in a pod. This field's values are of the 'Quantity' k8s type: https://kubernetes.io/docs/reference/kubernetes-api/common-definitions/quantity/. The default is nil which means that the limit is undefined. More info: https://kubernetes.io/docs/concepts/storage/volumes/#emptydir.
<a name="nested_csi"></a>The `csi` block supports:
* `driver` -
(Required)
Unique name representing the type of file system to be created. Cloud Run supports the following values:
* gcsfuse.run.googleapis.com: Mount a Google Cloud Storage bucket using GCSFuse. This driver requires the
run.googleapis.com/execution-environment annotation to be set to "gen2" and
run.googleapis.com/launch-stage set to "BETA" or "ALPHA".
* `read_only` -
(Optional)
If true, all mounts created from this volume will be read-only.
* `volume_attributes` -
(Optional)
Driver-specific attributes. The following options are supported for available drivers:
* gcsfuse.run.googleapis.com
* bucketName: The name of the Cloud Storage Bucket that backs this volume. The Cloud Run Service identity must have access to this bucket.
- - -
* `traffic` -
(Optional)
Traffic specifies how to distribute traffic over a collection of Knative Revisions
and Configurations
Structure is [documented below](#nested_traffic).
* `template` -
(Optional)
template holds the latest specification for the Revision to
be stamped out. The template references the container image, and may also
include labels and annotations that should be attached to the Revision.
To correlate a Revision, and/or to force a Revision to be created when the
spec doesn't otherwise change, a nonce label may be provided in the
template metadata. For more details, see:
https://github.com/knative/serving/blob/main/docs/client-conventions.md#associate-modifications-with-revisions
Cloud Run does not currently support referencing a build that is
responsible for materializing the container image from source.
Structure is [documented below](#nested_template).
* `metadata` -
(Optional)
Metadata associated with this Service, including name, namespace, labels,
and annotations.
Structure is [documented below](#nested_metadata).
* `project` - (Optional) The ID of the project in which the resource belongs.
If it is not provided, the provider project is used.
* `autogenerate_revision_name` - (Optional) If set to `true`, the revision name (template.metadata.name) will be omitted and
autogenerated by Cloud Run. This cannot be set to `true` while `template.metadata.name`
is also set.
(For legacy support, if `template.metadata.name` is unset in state while
this field is set to false, the revision name will still autogenerate.)
<a name="nested_metadata"></a>The `metadata` block supports:
* `labels` -
(Optional)
Map of string keys and values that can be used to organize and categorize
(scope and select) objects. May match selectors of replication controllers
and routes.
**Note**: This field is non-authoritative, and will only manage the labels present in your configuration.
Please refer to the field `effective_labels` for all of the labels present on the resource.
* `generation` -
(Output)
A sequence number representing a specific generation of the desired state.
* `resource_version` -
(Output)
An opaque value that represents the internal version of this object that
can be used by clients to determine when objects have changed. May be used
for optimistic concurrency, change detection, and the watch operation on a
resource or set of resources. They may only be valid for a
particular resource or set of resources.
* `self_link` -
(Output)
SelfLink is a URL representing this object.
* `uid` -
(Output)
UID is a unique id generated by the server on successful creation of a resource and is not
allowed to change on PUT operations.
* `namespace` -
(Optional)
In Cloud Run the namespace must be equal to either the
project ID or project number.
* `annotations` -
(Optional)
Annotations is a key value map stored with a resource that
may be set by external tools to store and retrieve arbitrary metadata. More
info: https://kubernetes.io/docs/concepts/overview/working-with-objects/annotations
**Note**: The Cloud Run API may add additional annotations that were not provided in your config.
If terraform plan shows a diff where a server-side annotation is added, you can add it to your config
or apply the lifecycle.ignore_changes rule to the metadata.0.annotations field.
Annotations with `run.googleapis.com/` and `autoscaling.knative.dev` are restricted. Use the following annotation
keys to configure features on a Service:
- `run.googleapis.com/binary-authorization-breakglass` sets the [Binary Authorization breakglass](https://cloud.google.com/sdk/gcloud/reference/run/deploy#--breakglass).
- `run.googleapis.com/binary-authorization` sets the [Binary Authorization](https://cloud.google.com/sdk/gcloud/reference/run/deploy#--binary-authorization).
- `run.googleapis.com/client-name` sets the client name calling the Cloud Run API.
- `run.googleapis.com/custom-audiences` sets the [custom audiences](https://cloud.google.com/sdk/gcloud/reference/alpha/run/deploy#--add-custom-audiences)
that can be used in the audience field of ID token for authenticated requests.
- `run.googleapis.com/description` sets a user defined description for the Service.
- `run.googleapis.com/ingress` sets the [ingress settings](https://cloud.google.com/sdk/gcloud/reference/run/deploy#--ingress)
for the Service. For example, `"run.googleapis.com/ingress" = "all"`.
- `run.googleapis.com/launch-stage` sets the [launch stage](https://cloud.google.com/run/docs/troubleshooting#launch-stage-validation)
when a preview feature is used. For example, `"run.googleapis.com/launch-stage": "BETA"`
**Note**: This field is non-authoritative, and will only manage the annotations present in your configuration.
Please refer to the field `effective_annotations` for all of the annotations present on the resource.
* `terraform_labels` -
(Output)
The combination of labels configured directly on the resource
and default labels configured on the provider.
* `effective_labels` -
(Output)
All of labels (key/value pairs) present on the resource in GCP, including the labels configured through Terraform, other clients and services.
* `effective_annotations` -
(Output)
All of annotations (key/value pairs) present on the resource in GCP, including the annotations configured through Terraform, other clients and services.
## Attributes Reference
In addition to the arguments listed above, the following computed attributes are exported:
* `id` - an identifier for the resource with format `locations/{{location}}/namespaces/{{project}}/services/{{name}}`
* `status` -
The current status of the Service.
Structure is [documented below](#nested_status).
<a name="nested_status"></a>The `status` block contains:
* `conditions` -
(Output)
Array of observed Service Conditions, indicating the current ready state of the service.
Structure is [documented below](#nested_conditions).
* `url` -
(Output)
From RouteStatus. URL holds the url that will distribute traffic over the provided traffic
targets. It generally has the form
https://{route-hash}-{project-hash}-{cluster-level-suffix}.a.run.app
* `observed_generation` -
(Output)
ObservedGeneration is the 'Generation' of the Route that was last processed by the
controller.
Clients polling for completed reconciliation should poll until observedGeneration =
metadata.generation and the Ready condition's status is True or False.
* `latest_created_revision_name` -
(Output)
From ConfigurationStatus. LatestCreatedRevisionName is the last revision that was created
from this Service's Configuration. It might not be ready yet, for that use
LatestReadyRevisionName.
* `latest_ready_revision_name` -
(Output)
From ConfigurationStatus. LatestReadyRevisionName holds the name of the latest Revision
stamped out from this Service's Configuration that has had its "Ready" condition become
"True".
* `traffic` -
(Output)
Traffic specifies how to distribute traffic over a collection of Knative Revisions
and Configurations
Structure is [documented below](#nested_traffic).
<a name="nested_conditions"></a>The `conditions` block contains:
* `message` -
(Output)
Human readable message indicating details about the current status.
* `status` -
(Output)
Status of the condition, one of True, False, Unknown.
* `reason` -
(Output)
One-word CamelCase reason for the condition's current status.
* `type` -
(Output)
Type of domain mapping condition.
<a name="nested_traffic"></a>The `traffic` block contains:
* `revision_name` -
(Output)
RevisionName of a specific revision to which to send this portion of traffic.
* `percent` -
(Output)
Percent specifies percent of the traffic to this Revision or Configuration.
* `tag` -
(Output)
Tag is optionally used to expose a dedicated url for referencing this target exclusively.
* `latest_revision` -
(Output)
LatestRevision may be optionally provided to indicate that the latest ready
Revision of the Configuration should be used for this traffic target. When
provided LatestRevision must be true if RevisionName is empty; it must be
false when RevisionName is non-empty.
* `url` -
(Output)
URL displays the URL for accessing tagged traffic targets. URL is displayed in status,
and is disallowed on spec. URL must contain a scheme (e.g. http://) and a hostname,
but may not contain anything else (e.g. basic auth, url path, etc.)
## Timeouts
This resource provides the following
[Timeouts](https://developer.hashicorp.com/terraform/plugin/sdkv2/resources/retries-and-customizable-timeouts) configuration options:
- `create` - Default is 20 minutes.
- `update` - Default is 20 minutes.
- `delete` - Default is 20 minutes.
## Import
Service can be imported using any of these accepted formats:
* `locations/{{location}}/namespaces/{{project}}/services/{{name}}`
* `{{location}}/{{project}}/{{name}}`
* `{{location}}/{{name}}`
In Terraform v1.5.0 and later, use an [`import` block](https://developer.hashicorp.com/terraform/language/import) to import Service using one of the formats above. For example:
```tf
import {
id = "locations/{{location}}/namespaces/{{project}}/services/{{name}}"
to = google_cloud_run_service.default
}
```
When using the [`terraform import` command](https://developer.hashicorp.com/terraform/cli/commands/import), Service can be imported using one of the formats above. For example:
```
$ terraform import google_cloud_run_service.default locations/{{location}}/namespaces/{{project}}/services/{{name}}
$ terraform import google_cloud_run_service.default {{location}}/{{project}}/{{name}}
$ terraform import google_cloud_run_service.default {{location}}/{{name}}
```
## User Project Overrides
This resource supports [User Project Overrides](https://registry.terraform.io/providers/hashicorp/google/latest/docs/guides/provider_reference#user_project_override).