├── .travis.yml ├── utmize.sh ├── LICENSE └── README.md /.travis.yml: -------------------------------------------------------------------------------- 1 | language: node_js 2 | install: npm install -g markdown-toc 3 | script: 4 | - markdown-toc -i README.md 5 | - test -z "$(git diff | tee /dev/stderr)" 6 | -------------------------------------------------------------------------------- /utmize.sh: -------------------------------------------------------------------------------- 1 | #!/bin/bash 2 | set -euo pipefail 3 | 4 | utm_query='utm_campaign=CDR_ahm_aap-severless_cloud-run-faq_\&utm_source=external\&utm_medium=web' 5 | sed -i'' -E "/utm_/!s/(https:\/\/cloud.google.com\\/[^)#\?]*)/\\1?${utm_query}/g" README.md 6 | 7 | -------------------------------------------------------------------------------- /LICENSE: -------------------------------------------------------------------------------- 1 | Attribution 4.0 International 2 | 3 | ======================================================================= 4 | 5 | Creative Commons Corporation ("Creative Commons") is not a law firm and 6 | does not provide legal services or legal advice. Distribution of 7 | Creative Commons public licenses does not create a lawyer-client or 8 | other relationship. Creative Commons makes its licenses and related 9 | information available on an "as-is" basis. Creative Commons gives no 10 | warranties regarding its licenses, any material licensed under their 11 | terms and conditions, or any related information. Creative Commons 12 | disclaims all liability for damages resulting from their use to the 13 | fullest extent possible. 14 | 15 | Using Creative Commons Public Licenses 16 | 17 | Creative Commons public licenses provide a standard set of terms and 18 | conditions that creators and other rights holders may use to share 19 | original works of authorship and other material subject to copyright 20 | and certain other rights specified in the public license below. The 21 | following considerations are for informational purposes only, are not 22 | exhaustive, and do not form part of our licenses. 23 | 24 | Considerations for licensors: Our public licenses are 25 | intended for use by those authorized to give the public 26 | permission to use material in ways otherwise restricted by 27 | copyright and certain other rights. Our licenses are 28 | irrevocable. Licensors should read and understand the terms 29 | and conditions of the license they choose before applying it. 30 | Licensors should also secure all rights necessary before 31 | applying our licenses so that the public can reuse the 32 | material as expected. Licensors should clearly mark any 33 | material not subject to the license. This includes other CC- 34 | licensed material, or material used under an exception or 35 | limitation to copyright. More considerations for licensors: 36 | wiki.creativecommons.org/Considerations_for_licensors 37 | 38 | Considerations for the public: By using one of our public 39 | licenses, a licensor grants the public permission to use the 40 | licensed material under specified terms and conditions. If 41 | the licensor's permission is not necessary for any reason--for 42 | example, because of any applicable exception or limitation to 43 | copyright--then that use is not regulated by the license. Our 44 | licenses grant only permissions under copyright and certain 45 | other rights that a licensor has authority to grant. Use of 46 | the licensed material may still be restricted for other 47 | reasons, including because others have copyright or other 48 | rights in the material. A licensor may make special requests, 49 | such as asking that all changes be marked or described. 50 | Although not required by our licenses, you are encouraged to 51 | respect those requests where reasonable. More_considerations 52 | for the public: 53 | wiki.creativecommons.org/Considerations_for_licensees 54 | 55 | ======================================================================= 56 | 57 | Creative Commons Attribution 4.0 International Public License 58 | 59 | By exercising the Licensed Rights (defined below), You accept and agree 60 | to be bound by the terms and conditions of this Creative Commons 61 | Attribution 4.0 International Public License ("Public License"). To the 62 | extent this Public License may be interpreted as a contract, You are 63 | granted the Licensed Rights in consideration of Your acceptance of 64 | these terms and conditions, and the Licensor grants You such rights in 65 | consideration of benefits the Licensor receives from making the 66 | Licensed Material available under these terms and conditions. 67 | 68 | 69 | Section 1 -- Definitions. 70 | 71 | a. Adapted Material means material subject to Copyright and Similar 72 | Rights that is derived from or based upon the Licensed Material 73 | and in which the Licensed Material is translated, altered, 74 | arranged, transformed, or otherwise modified in a manner requiring 75 | permission under the Copyright and Similar Rights held by the 76 | Licensor. For purposes of this Public License, where the Licensed 77 | Material is a musical work, performance, or sound recording, 78 | Adapted Material is always produced where the Licensed Material is 79 | synched in timed relation with a moving image. 80 | 81 | b. Adapter's License means the license You apply to Your Copyright 82 | and Similar Rights in Your contributions to Adapted Material in 83 | accordance with the terms and conditions of this Public License. 84 | 85 | c. Copyright and Similar Rights means copyright and/or similar rights 86 | closely related to copyright including, without limitation, 87 | performance, broadcast, sound recording, and Sui Generis Database 88 | Rights, without regard to how the rights are labeled or 89 | categorized. For purposes of this Public License, the rights 90 | specified in Section 2(b)(1)-(2) are not Copyright and Similar 91 | Rights. 92 | 93 | d. Effective Technological Measures means those measures that, in the 94 | absence of proper authority, may not be circumvented under laws 95 | fulfilling obligations under Article 11 of the WIPO Copyright 96 | Treaty adopted on December 20, 1996, and/or similar international 97 | agreements. 98 | 99 | e. Exceptions and Limitations means fair use, fair dealing, and/or 100 | any other exception or limitation to Copyright and Similar Rights 101 | that applies to Your use of the Licensed Material. 102 | 103 | f. Licensed Material means the artistic or literary work, database, 104 | or other material to which the Licensor applied this Public 105 | License. 106 | 107 | g. Licensed Rights means the rights granted to You subject to the 108 | terms and conditions of this Public License, which are limited to 109 | all Copyright and Similar Rights that apply to Your use of the 110 | Licensed Material and that the Licensor has authority to license. 111 | 112 | h. Licensor means the individual(s) or entity(ies) granting rights 113 | under this Public License. 114 | 115 | i. Share means to provide material to the public by any means or 116 | process that requires permission under the Licensed Rights, such 117 | as reproduction, public display, public performance, distribution, 118 | dissemination, communication, or importation, and to make material 119 | available to the public including in ways that members of the 120 | public may access the material from a place and at a time 121 | individually chosen by them. 122 | 123 | j. Sui Generis Database Rights means rights other than copyright 124 | resulting from Directive 96/9/EC of the European Parliament and of 125 | the Council of 11 March 1996 on the legal protection of databases, 126 | as amended and/or succeeded, as well as other essentially 127 | equivalent rights anywhere in the world. 128 | 129 | k. You means the individual or entity exercising the Licensed Rights 130 | under this Public License. Your has a corresponding meaning. 131 | 132 | 133 | Section 2 -- Scope. 134 | 135 | a. License grant. 136 | 137 | 1. Subject to the terms and conditions of this Public License, 138 | the Licensor hereby grants You a worldwide, royalty-free, 139 | non-sublicensable, non-exclusive, irrevocable license to 140 | exercise the Licensed Rights in the Licensed Material to: 141 | 142 | a. reproduce and Share the Licensed Material, in whole or 143 | in part; and 144 | 145 | b. produce, reproduce, and Share Adapted Material. 146 | 147 | 2. Exceptions and Limitations. For the avoidance of doubt, where 148 | Exceptions and Limitations apply to Your use, this Public 149 | License does not apply, and You do not need to comply with 150 | its terms and conditions. 151 | 152 | 3. Term. The term of this Public License is specified in Section 153 | 6(a). 154 | 155 | 4. Media and formats; technical modifications allowed. The 156 | Licensor authorizes You to exercise the Licensed Rights in 157 | all media and formats whether now known or hereafter created, 158 | and to make technical modifications necessary to do so. The 159 | Licensor waives and/or agrees not to assert any right or 160 | authority to forbid You from making technical modifications 161 | necessary to exercise the Licensed Rights, including 162 | technical modifications necessary to circumvent Effective 163 | Technological Measures. For purposes of this Public License, 164 | simply making modifications authorized by this Section 2(a) 165 | (4) never produces Adapted Material. 166 | 167 | 5. Downstream recipients. 168 | 169 | a. Offer from the Licensor -- Licensed Material. Every 170 | recipient of the Licensed Material automatically 171 | receives an offer from the Licensor to exercise the 172 | Licensed Rights under the terms and conditions of this 173 | Public License. 174 | 175 | b. No downstream restrictions. You may not offer or impose 176 | any additional or different terms or conditions on, or 177 | apply any Effective Technological Measures to, the 178 | Licensed Material if doing so restricts exercise of the 179 | Licensed Rights by any recipient of the Licensed 180 | Material. 181 | 182 | 6. No endorsement. Nothing in this Public License constitutes or 183 | may be construed as permission to assert or imply that You 184 | are, or that Your use of the Licensed Material is, connected 185 | with, or sponsored, endorsed, or granted official status by, 186 | the Licensor or others designated to receive attribution as 187 | provided in Section 3(a)(1)(A)(i). 188 | 189 | b. Other rights. 190 | 191 | 1. Moral rights, such as the right of integrity, are not 192 | licensed under this Public License, nor are publicity, 193 | privacy, and/or other similar personality rights; however, to 194 | the extent possible, the Licensor waives and/or agrees not to 195 | assert any such rights held by the Licensor to the limited 196 | extent necessary to allow You to exercise the Licensed 197 | Rights, but not otherwise. 198 | 199 | 2. Patent and trademark rights are not licensed under this 200 | Public License. 201 | 202 | 3. To the extent possible, the Licensor waives any right to 203 | collect royalties from You for the exercise of the Licensed 204 | Rights, whether directly or through a collecting society 205 | under any voluntary or waivable statutory or compulsory 206 | licensing scheme. In all other cases the Licensor expressly 207 | reserves any right to collect such royalties. 208 | 209 | 210 | Section 3 -- License Conditions. 211 | 212 | Your exercise of the Licensed Rights is expressly made subject to the 213 | following conditions. 214 | 215 | a. Attribution. 216 | 217 | 1. If You Share the Licensed Material (including in modified 218 | form), You must: 219 | 220 | a. retain the following if it is supplied by the Licensor 221 | with the Licensed Material: 222 | 223 | i. identification of the creator(s) of the Licensed 224 | Material and any others designated to receive 225 | attribution, in any reasonable manner requested by 226 | the Licensor (including by pseudonym if 227 | designated); 228 | 229 | ii. a copyright notice; 230 | 231 | iii. a notice that refers to this Public License; 232 | 233 | iv. a notice that refers to the disclaimer of 234 | warranties; 235 | 236 | v. a URI or hyperlink to the Licensed Material to the 237 | extent reasonably practicable; 238 | 239 | b. indicate if You modified the Licensed Material and 240 | retain an indication of any previous modifications; and 241 | 242 | c. indicate the Licensed Material is licensed under this 243 | Public License, and include the text of, or the URI or 244 | hyperlink to, this Public License. 245 | 246 | 2. You may satisfy the conditions in Section 3(a)(1) in any 247 | reasonable manner based on the medium, means, and context in 248 | which You Share the Licensed Material. For example, it may be 249 | reasonable to satisfy the conditions by providing a URI or 250 | hyperlink to a resource that includes the required 251 | information. 252 | 253 | 3. If requested by the Licensor, You must remove any of the 254 | information required by Section 3(a)(1)(A) to the extent 255 | reasonably practicable. 256 | 257 | 4. If You Share Adapted Material You produce, the Adapter's 258 | License You apply must not prevent recipients of the Adapted 259 | Material from complying with this Public License. 260 | 261 | 262 | Section 4 -- Sui Generis Database Rights. 263 | 264 | Where the Licensed Rights include Sui Generis Database Rights that 265 | apply to Your use of the Licensed Material: 266 | 267 | a. for the avoidance of doubt, Section 2(a)(1) grants You the right 268 | to extract, reuse, reproduce, and Share all or a substantial 269 | portion of the contents of the database; 270 | 271 | b. if You include all or a substantial portion of the database 272 | contents in a database in which You have Sui Generis Database 273 | Rights, then the database in which You have Sui Generis Database 274 | Rights (but not its individual contents) is Adapted Material; and 275 | 276 | c. You must comply with the conditions in Section 3(a) if You Share 277 | all or a substantial portion of the contents of the database. 278 | 279 | For the avoidance of doubt, this Section 4 supplements and does not 280 | replace Your obligations under this Public License where the Licensed 281 | Rights include other Copyright and Similar Rights. 282 | 283 | 284 | Section 5 -- Disclaimer of Warranties and Limitation of Liability. 285 | 286 | a. UNLESS OTHERWISE SEPARATELY UNDERTAKEN BY THE LICENSOR, TO THE 287 | EXTENT POSSIBLE, THE LICENSOR OFFERS THE LICENSED MATERIAL AS-IS 288 | AND AS-AVAILABLE, AND MAKES NO REPRESENTATIONS OR WARRANTIES OF 289 | ANY KIND CONCERNING THE LICENSED MATERIAL, WHETHER EXPRESS, 290 | IMPLIED, STATUTORY, OR OTHER. THIS INCLUDES, WITHOUT LIMITATION, 291 | WARRANTIES OF TITLE, MERCHANTABILITY, FITNESS FOR A PARTICULAR 292 | PURPOSE, NON-INFRINGEMENT, ABSENCE OF LATENT OR OTHER DEFECTS, 293 | ACCURACY, OR THE PRESENCE OR ABSENCE OF ERRORS, WHETHER OR NOT 294 | KNOWN OR DISCOVERABLE. WHERE DISCLAIMERS OF WARRANTIES ARE NOT 295 | ALLOWED IN FULL OR IN PART, THIS DISCLAIMER MAY NOT APPLY TO YOU. 296 | 297 | b. TO THE EXTENT POSSIBLE, IN NO EVENT WILL THE LICENSOR BE LIABLE 298 | TO YOU ON ANY LEGAL THEORY (INCLUDING, WITHOUT LIMITATION, 299 | NEGLIGENCE) OR OTHERWISE FOR ANY DIRECT, SPECIAL, INDIRECT, 300 | INCIDENTAL, CONSEQUENTIAL, PUNITIVE, EXEMPLARY, OR OTHER LOSSES, 301 | COSTS, EXPENSES, OR DAMAGES ARISING OUT OF THIS PUBLIC LICENSE OR 302 | USE OF THE LICENSED MATERIAL, EVEN IF THE LICENSOR HAS BEEN 303 | ADVISED OF THE POSSIBILITY OF SUCH LOSSES, COSTS, EXPENSES, OR 304 | DAMAGES. WHERE A LIMITATION OF LIABILITY IS NOT ALLOWED IN FULL OR 305 | IN PART, THIS LIMITATION MAY NOT APPLY TO YOU. 306 | 307 | c. The disclaimer of warranties and limitation of liability provided 308 | above shall be interpreted in a manner that, to the extent 309 | possible, most closely approximates an absolute disclaimer and 310 | waiver of all liability. 311 | 312 | 313 | Section 6 -- Term and Termination. 314 | 315 | a. This Public License applies for the term of the Copyright and 316 | Similar Rights licensed here. However, if You fail to comply with 317 | this Public License, then Your rights under this Public License 318 | terminate automatically. 319 | 320 | b. Where Your right to use the Licensed Material has terminated under 321 | Section 6(a), it reinstates: 322 | 323 | 1. automatically as of the date the violation is cured, provided 324 | it is cured within 30 days of Your discovery of the 325 | violation; or 326 | 327 | 2. upon express reinstatement by the Licensor. 328 | 329 | For the avoidance of doubt, this Section 6(b) does not affect any 330 | right the Licensor may have to seek remedies for Your violations 331 | of this Public License. 332 | 333 | c. For the avoidance of doubt, the Licensor may also offer the 334 | Licensed Material under separate terms or conditions or stop 335 | distributing the Licensed Material at any time; however, doing so 336 | will not terminate this Public License. 337 | 338 | d. Sections 1, 5, 6, 7, and 8 survive termination of this Public 339 | License. 340 | 341 | 342 | Section 7 -- Other Terms and Conditions. 343 | 344 | a. The Licensor shall not be bound by any additional or different 345 | terms or conditions communicated by You unless expressly agreed. 346 | 347 | b. Any arrangements, understandings, or agreements regarding the 348 | Licensed Material not stated herein are separate from and 349 | independent of the terms and conditions of this Public License. 350 | 351 | 352 | Section 8 -- Interpretation. 353 | 354 | a. For the avoidance of doubt, this Public License does not, and 355 | shall not be interpreted to, reduce, limit, restrict, or impose 356 | conditions on any use of the Licensed Material that could lawfully 357 | be made without permission under this Public License. 358 | 359 | b. To the extent possible, if any provision of this Public License is 360 | deemed unenforceable, it shall be automatically reformed to the 361 | minimum extent necessary to make it enforceable. If the provision 362 | cannot be reformed, it shall be severed from this Public License 363 | without affecting the enforceability of the remaining terms and 364 | conditions. 365 | 366 | c. No term or condition of this Public License will be waived and no 367 | failure to comply consented to unless expressly agreed to by the 368 | Licensor. 369 | 370 | d. Nothing in this Public License constitutes or may be interpreted 371 | as a limitation upon, or waiver of, any privileges and immunities 372 | that apply to the Licensor or You, including from the legal 373 | processes of any jurisdiction or authority. 374 | 375 | 376 | ======================================================================= 377 | 378 | Creative Commons is not a party to its public 379 | licenses. Notwithstanding, Creative Commons may elect to apply one of 380 | its public licenses to material it publishes and in those instances 381 | will be considered the “Licensor.” The text of the Creative Commons 382 | public licenses is dedicated to the public domain under the CC0 Public 383 | Domain Dedication. Except for the limited purpose of indicating that 384 | material is shared under a Creative Commons public license or as 385 | otherwise permitted by the Creative Commons policies published at 386 | creativecommons.org/policies, Creative Commons does not authorize the 387 | use of the trademark "Creative Commons" or any other trademark or logo 388 | of Creative Commons without its prior written consent including, 389 | without limitation, in connection with any unauthorized modifications 390 | to any of its public licenses or any other arrangements, 391 | understandings, or agreements concerning use of licensed material. For 392 | the avoidance of doubt, this paragraph does not form part of the 393 | public licenses. 394 | 395 | Creative Commons may be contacted at creativecommons.org. 396 | -------------------------------------------------------------------------------- /README.md: -------------------------------------------------------------------------------- 1 | # [Google Cloud Run][run] - FAQ 2 | 3 | > ⚠️ Beware: This is a **community-maintained** informal knowledge base. 4 | > 5 | > * It **does not reflect** Google’s product roadmap. (Please don't ask when a 6 | > feature will ship) 7 | > * Refer to the [**Cloud Run documentation**][docs] for the most up-to-date 8 | > information. 9 | > 10 | > **Googlers:** If you find this repo useful, you should recognize the work 11 | > internally, as I actively fight for alternative forms of content like this. 12 | 13 | - **Is this repo useful?** Please **⭑Star** this repository and share the love. 14 | - **Curious about something?** Open an [issue], someone may be able to add it to 15 | the FAQ. 16 | - **Contribute** if you learned something interesting about Cloud Run. 17 | - **Trouble using Cloud Run?** Ask a question [on Stack Overflow][so]. 18 | - **Check out** [awesome-cloudrun][awesome] for a curated list of Cloud Run 19 | articles, tools and examples. 20 | - **Follow me** [on Twitter][twitter] as I frequently share Cloud Run news 21 | and tips. 22 | 23 | [issue]: https://github.com/ahmetb/cloud-run-faq/issues 24 | [run]: https://cloud.google.com/run/?utm_campaign=CDR_ahm_aap-severless_cloud-run-faq_&utm_source=external&utm_medium=web 25 | [docs]: https://cloud.google.com/run/docs?utm_campaign=CDR_ahm_aap-severless_cloud-run-faq_&utm_source=external&utm_medium=web 26 | [so]: https://stackoverflow.com/questions/ask?tags=google-cloud-run 27 | [awesome]: https://github.com/steren/awesome-cloudrun 28 | [twitter]: https://twitter.com/ahmetb 29 | 30 | ----- 31 | 32 | 38 | 39 | 40 | 41 | - [Basics](#basics) 42 | * [What is Cloud Run?](#what-is-cloud-run) 43 | * [How is it different than App Engine Flexible?](#how-is-it-different-than-app-engine-flexible) 44 | * [How is it different than Google Cloud Functions?](#how-is-it-different-than-google-cloud-functions) 45 | * [How does it compare to AWS Fargate?](#how-does-it-compare-to-aws-fargate) 46 | * [How does it compare to AWS Lambda Container Image support?](#how-does-it-compare-to-aws-lambda-container-image-support) 47 | * [How does it compare to Azure Container Instances?](#how-does-it-compare-to-azure-container-instances) 48 | * [What is "Cloud Run for Anthos"?](#what-is-cloud-run-for-anthos) 49 | * [Is Cloud Run a "hosted Knative"?](#is-cloud-run-a-hosted-knative) 50 | - [Developing Applications](#developing-applications) 51 | * [Which applications are suitable for Cloud Run?](#which-applications-are-suitable-for-cloud-run) 52 | * [What if my application is doing background work outside of request processing?](#what-if-my-application-is-doing-background-work-outside-of-request-processing) 53 | * [Which languages can I run on Cloud Run?](#which-languages-can-i-run-on-cloud-run) 54 | * [Can I run my own system libraries and tools?](#can-i-run-my-own-system-libraries-and-tools) 55 | * [Where do I get started to deploy a HTTP web server container?](#where-do-i-get-started-to-deploy-a-http-web-server-container) 56 | * [How do I make my web application compatible with Cloud Run?](#how-do-i-make-my-web-application-compatible-with-cloud-run) 57 | * [Can Cloud Run receive events?](#can-cloud-run-receive-events) 58 | * [Is Cloud Run good for running static websites?](#is-cloud-run-good-for-running-static-websites) 59 | * [How can I have cronjobs on Cloud Run?](#how-can-i-have-cronjobs-on-cloud-run) 60 | * [Can I run a container only once on Cloud Run?](#can-i-run-a-container-only-once-on-cloud-run) 61 | * [How to configure secrets for Cloud Run applications?](#how-to-configure-secrets-for-cloud-run-applications) 62 | * [Can I mount storage volumes or disks on Cloud Run?](#can-i-mount-storage-volumes-or-disks-on-cloud-run) 63 | - [Deploying](#deploying) 64 | * [How do I continuously deploy to Cloud Run?](#how-do-i-continuously-deploy-to-cloud-run) 65 | * [Which container registries can I deploy from?](#which-container-registries-can-i-deploy-from) 66 | * [How can I deploy from other GCR registries?](#how-can-i-deploy-from-other-gcr-registries) 67 | * [How to do canary or blue/green deployments on Cloud Run?](#how-to-do-canary-or-bluegreen-deployments-on-cloud-run) 68 | * [How can I specify Google credentials in Cloud Run applications?](#how-can-i-specify-google-credentials-in-cloud-run-applications) 69 | * [Can I use `kubectl` to deploy to Cloud Run?](#can-i-use-kubectl-to-deploy-to-cloud-run) 70 | * [Can I use Terraform to deploy to Cloud Run?](#can-i-use-terraform-to-deploy-to-cloud-run) 71 | - [Cold Starts](#cold-starts) 72 | * [Does Cloud Run have cold starts?](#does-cloud-run-have-cold-starts) 73 | * [When will my service scale to zero?](#when-will-my-service-scale-to-zero) 74 | * [How do I minimize the cold start latencies?](#how-do-i-minimize-the-cold-start-latencies) 75 | * [Do I get "warmup requests" like in App Engine?](#do-i-get-warmup-requests-like-in-app-engine) 76 | * [How to keep a Cloud Run service “warm”?](#how-to-keep-a-cloud-run-service-warm) 77 | * [How can I tell if a request was a “cold start”?](#how-can-i-tell-if-a-request-was-a-cold-start) 78 | - [Container Lifecycle](#container-lifecycle) 79 | * [How does Cloud Run tell if my container is ready?](#how-does-cloud-run-tell-if-my-container-is-ready) 80 | * [Does Cloud Run have readiness or liveness checks/probes?](#does-cloud-run-have-readiness-or-liveness-checksprobes) 81 | * [What happens if my container exits/crashes?](#what-happens-if-my-container-exitscrashes) 82 | * [What is the termination signal for Cloud Run services?](#what-is-the-termination-signal-for-cloud-run-services) 83 | - [Serving Traffic](#serving-traffic) 84 | * [Which network protocols are supported on Cloud Run?](#which-network-protocols-are-supported-on-cloud-run) 85 | * [Customizing port number on Cloud Run?](#customizing-port-number-on-cloud-run) 86 | * [What's the maximum request execution time limit?](#whats-the-maximum-request-execution-time-limit) 87 | * [Does my service get a domain name on Cloud Run?](#does-my-service-get-a-domain-name-on-cloud-run) 88 | * [Are all Cloud Run services publicly accessible?](#are-all-cloud-run-services-publicly-accessible) 89 | * [Can I run Cloud Run applications on a private IP?](#can-i-run-cloud-run-applications-on-a-private-ip) 90 | * [How much additional latency does running on Cloud Run add?](#how-much-additional-latency-does-running-on-cloud-run-add) 91 | * [Does my application get multiple requests concurrently?](#does-my-application-get-multiple-requests-concurrently) 92 | * [What if my application can’t handle concurrent requests?](#what-if-my-application-cant-handle-concurrent-requests) 93 | * [How do I find the right concurrency level for my application?](#how-do-i-find-the-right-concurrency-level-for-my-application) 94 | * [Can I make request to a specific container instance?](#can-i-make-request-to-a-specific-container-instance) 95 | * [Can I add Cloud Run services as backends to Cloud HTTP(S) Load Balancer?](#can-i-add-cloud-run-services-as-backends-to-cloud-https-load-balancer) 96 | * [How does Cloud Run’s load balancing compare with Cloud Load Balancer (GCLB)](#how-does-cloud-runs-load-balancing-compare-with-cloud-load-balancer-gclb) 97 | * [How can I configure CDN for Cloud Run services?](#how-can-i-configure-cdn-for-cloud-run-services) 98 | * [Does Cloud Run offer SSL/TLS certificates (HTTPS)?](#does-cloud-run-offer-ssltls-certificates-https) 99 | * [How can I use my own TLS certificates for Cloud Run?](#how-can-i-use-my-own-tls-certificates-for-cloud-run) 100 | * [How can I redirect all HTTP traffic to HTTPS?](#how-can-i-redirect-all-http-traffic-to-https) 101 | * [Is traffic between my app and Cloud Run’s load balancer encrypted?](#is-traffic-between-my-app-and-cloud-runs-load-balancer-encrypted) 102 | * [Does Cloud Run support load balancing among multiple regions?](#does-cloud-run-support-load-balancing-among-multiple-regions) 103 | * [Is HTTP/2 supported on Cloud Run?](#is-http2-supported-on-cloud-run) 104 | * [Can my application server run on HTTP/2 protocol?](#can-my-application-server-run-on-http2-protocol) 105 | * [Is gRPC supported on Cloud Run?](#is-grpc-supported-on-cloud-run) 106 | * [How can I serve responses larger than 32MB with Cloud Run?](#how-can-i-serve-responses-larger-than-32mb-with-cloud-run) 107 | * [Are WebSockets supported on Cloud Run?](#are-websockets-supported-on-cloud-run) 108 | - [Microservices](#microservices) 109 | * [How do two Cloud Run services connect each other privately?](#how-do-two-cloud-run-services-connect-each-other-privately) 110 | * [Does Cloud Run have DNS service discovery?](#does-cloud-run-have-dns-service-discovery) 111 | - [Autoscaling](#autoscaling) 112 | * [Does my Cloud Run service scale to zero?](#does-my-cloud-run-service-scale-to-zero) 113 | * [How can I limit the total number of instances for my application?](#how-can-i-limit-the-total-number-of-instances-for-my-application) 114 | * [What’s the upper scaling limit for Cloud Run?](#whats-the-upper-scaling-limit-for-cloud-run) 115 | - [Runtime](#runtime) 116 | * [Which operating system Cloud Run applications run on?](#which-operating-system-cloud-run-applications-run-on) 117 | * [Can I use the local filesystem?](#can-i-use-the-local-filesystem) 118 | * [Which system calls are supported?](#which-system-calls-are-supported) 119 | * [Which executable ABIs are supported?](#which-executable-abis-are-supported) 120 | * [Where can I find the "instance ID" of my container?](#where-can-i-find-the-instance-id-of-my-container) 121 | * [How can I find the number of instances running?](#how-can-i-find-the-number-of-instances-running) 122 | * [How can my service tell it is running on Cloud Run?](#how-can-my-service-tell-it-is-running-on-cloud-run) 123 | * [Is there a way to get static IP for outbound requests?](#is-there-a-way-to-get-static-ip-for-outbound-requests) 124 | - [VPC Support](#vpc-support) 125 | * [Can I place my Cloud Run application inside a VPC network?](#can-i-place-my-cloud-run-application-inside-a-vpc-network) 126 | * [How to connect IPs in a VPC network from Cloud Run?](#how-to-connect-ips-in-a-vpc-network-from-cloud-run) 127 | * [Are VPC Service Controls supported for Cloud Run?](#are-vpc-service-controls-supported-for-cloud-run) 128 | * [Are "Shared VPCs" supported by VPC Access connector?](#are-shared-vpcs-supported-by-vpc-access-connector) 129 | - [Monitoring and Logging](#monitoring-and-logging) 130 | * [Where do I write my application logs?](#where-do-i-write-my-application-logs) 131 | * [How can I have structured logs?](#how-can-i-have-structured-logs) 132 | * [Is Cloud Run integrated with Stackdriver APM?](#is-cloud-run-integrated-with-stackdriver-apm) 133 | * [How can I do Tracing on Cloud Run?](#how-can-i-do-tracing-on-cloud-run) 134 | - [Pricing](#pricing) 135 | * [Is there a “Free Tier”?](#is-there-a-free-tier) 136 | * [When am I charged?](#when-am-i-charged) 137 | * [How is billed time calculated?](#how-is-billed-time-calculated) 138 | * [What do I pay for on Cloud Run?](#what-do-i-pay-for-on-cloud-run) 139 | 140 | 141 | 142 | ----- 143 | 144 | ## Basics 145 | 146 | ### What is Cloud Run? 147 | 148 | [Cloud Run][run] is a service by Google Cloud Platform to run your stateless 149 | HTTP containers without worrying about provisioning machines, clusters or 150 | autoscaling. 151 | 152 | With Cloud Run, you go from a "container image" to a fully managed web 153 | application running on a domain name with TLS certificate that auto-scales with 154 | requests in a single command. You only [pay](#pricing) while a request is 155 | handled. 156 | 157 | ### How is it different than App Engine Flexible? 158 | 159 | [GAE 160 | Flexible](https://cloud.google.com/appengine/docs/flexible/?utm_campaign=CDR_ahm_aap-severless_cloud-run-faq_&utm_source=external&utm_medium=web) 161 | and [Cloud Run][run] are very similar. They both accept container images as 162 | deployment input, they both auto-scale, and manage the infrastructure your code 163 | runs on for you. However: 164 | 165 | * GAE Flexible is built on VMs, therefore is slower to deploy and scale. 166 | * GAE Flexible does not scale to zero, at least 1 instance must be running. 167 | * GAE Flexible billing has 1 minute granularity, Cloud Run in 0.1 second. 168 | 169 | Read more about [choosing a container option on 170 | GCP](https://cloud.google.com/container-options/?utm_campaign=CDR_ahm_aap-severless_cloud-run-faq_&utm_source=external&utm_medium=web). 171 | 172 | ### How is it different than Google Cloud Functions? 173 | 174 | [GCF](https://cloud.google.com/functions?utm_campaign=CDR_ahm_aap-severless_cloud-run-faq_&utm_source=external&utm_medium=web) lets you deploy snippets of code 175 | (functions) written in a limited set of programming languages, to natively 176 | handle HTTP requests or events from many GCP sources. 177 | 178 | Cloud Run lets you deploy using any programming language, since it accepts 179 | container images (more flexible, but also potentially more tedious to develop). 180 | It also allows using any tool or system library from your application (see 181 | [here](#can-i-run-my-own-system-libraries-and-tools)) and GCF doesn’t let you 182 | use such custom system executables. 183 | 184 | Cloud Run can only receive HTTP requests or [Pub/Sub push events](https://cloud.google.com/pubsub/docs/push?utm_campaign=CDR_ahm_aap-severless_cloud-run-faq_&utm_source=external&utm_medium=web). 185 | (See [this tutorial](https://cloud.google.com/run/docs/tutorials/pubsub?utm_campaign=CDR_ahm_aap-severless_cloud-run-faq_&utm_source=external&utm_medium=web)). 186 | 187 | Both services auto-scale your code, manage the infrastructure your code runs on 188 | and they both run on GCP’s serverless infrastructure. 189 | 190 | Read more about [choosing between GCP's serverless options](https://cloud.google.com/serverless-options/?utm_campaign=CDR_ahm_aap-severless_cloud-run-faq_&utm_source=external&utm_medium=web#header_3) 191 | 192 | ### How does it compare to AWS Fargate? 193 | 194 | [AWS Fargate](https://aws.amazon.com/fargate/) and Cloud Run both let you run 195 | containers without managing the underlying infrastructure. 196 | 197 | - Fargate can run a wide range of container workloads, including but not limited 198 | to HTTP servers, background or long running tasks. 199 | - Fargate requires an ECS cluster to run tasks on. This cluster doesn't expose 200 | the underlying VM infrastructure to you. However, while using Fargate, you 201 | still need to configure infrastructure aspects like VPCs, subnets, load 202 | balancers, auto-scaling, health checks and service discovery. 203 | - Fargate also has a fairly more complex resource model than Cloud Run, it 204 | doesn't allow request-based autoscaling, scale-to-zero, concurrency control, 205 | and it exposes container instances and their lifecycle to you. 206 | 207 | Cloud Run is a standalone compute platform, abstracting cluster management and 208 | focusing on fast automatic scaling. Cloud Run supports running only HTTP 209 | servers, and therefore can do request-aware autoscaling, as well as 210 | scale-to-zero. 211 | 212 | The pricing model is also different: 213 | 214 | - On Cloud Run, you only pay while a request is being handled. 215 | - On AWS Fargate, you pay for CPU/memory while containers are running, and since 216 | Fargate doesn't support scale-to-zero, a service receiving no traffic will 217 | still incur costs. 218 | 219 | ### How does it compare to AWS Lambda Container Image support? 220 | 221 | AWS Lambda has recently added [support for running container 222 | images](https://aws.amazon.com/blogs/aws/new-for-aws-lambda-container-image-support/). 223 | 224 | These images still have to be either an AWS-provided runtime image (i.e. limited 225 | language support) such as `public.ecr.aws/lambda/nodejs:12` or you have to 226 | provide your own [Runtime 227 | API](https://docs.aws.amazon.com/lambda/latest/dg/runtimes-api.html) 228 | implementation to be able to run arbitrary container images. 229 | 230 | - Cloud Run can run any container images that runs an HTTP server 231 | - AWS Lambda cannot run arbitrary container images. You have to either use an 232 | AWS-provided image, or code your own Runtime API translation layer. 233 | - AWS Lambda doesn't support multiple requests handled by the same instance, 234 | and each request is billed separately. 235 | - a single Cloud Run container instance can handle multiple requests 236 | simultaneously and you aren't charged for them separately. (see: [When am I 237 | charged?](#when-am-i-charged)) 238 | 239 | ### How does it compare to Azure Container Instances? 240 | 241 | [Azure Container 242 | Instances](https://azure.microsoft.com/en-us/services/container-instances/) and 243 | Cloud Run both let you run containers without managing the underlying 244 | infrastructure (VMs, clusters). Both ACI and Cloud Run give you a publicly 245 | accessible endpoint after deploying the application. 246 | 247 | Cloud Run supports running only HTTP servers and offers auto-scaling, and scale 248 | to zero. ACI is 249 | for long-running containers. Therefore, the pricing model is different. On Cloud 250 | Run, you only pay while a request is being handled. 251 | 252 | ### What is "Cloud Run for Anthos"? 253 | 254 | ["Cloud Run for Anthos"][crogke] gives you the same Cloud Run experience on your 255 | [Kubernetes](https://kubernetes.io) clusters on [Anthos] (either on GCP with 256 | [GKE], or on-prem/other clouds). This gives you the freedom to choose where you 257 | want to deploy your applications. 258 | 259 | "Cloud Run" and "Cloud Run for Anthos" are the same product, but running in 260 | different places: 261 | 262 | * the same application format (container images) 263 | * the same deployment/management experience (`gcloud` or Cloud Console) 264 | * the same API ([Knative serving API][knative]). 265 | 266 | Look at [this diagram](https://twitter.com/ahmetb/status/1116041166359654400), 267 | or [**watch this video**](https://www.youtube.com/watch?v=RVdhyprptTQ) to decide 268 | how to choose between the two. 269 | 270 | ![](https://storage.googleapis.com/gweb-cloudblog-publish/images/developer_and_operator.0316026505360460.max-700x700.png) 271 | 272 | Cloud Run for Anthos basically installs and manages a Knative installation (with 273 | some additional GCP-specific components for monitoring etc) on your Kubernetes 274 | cluster so that you don’t have to worry about installing and managing Knative 275 | yourself. 276 | 277 | [knative]: https://www.knative.dev/ 278 | [GKE]: https://cloud.google.com/kubernetes-engine/?utm_campaign=CDR_ahm_aap-severless_cloud-run-faq_&utm_source=external&utm_medium=web 279 | [Anthos]: https://cloud.google.com/anthos/?utm_campaign=CDR_ahm_aap-severless_cloud-run-faq_&utm_source=external&utm_medium=web 280 | 281 | ### Is Cloud Run a "hosted Knative"? 282 | 283 | Sort of. 284 | 285 | Cloud Run implements most parts of the [Knative Serving 286 | API](https://www.knative.dev/docs/reference/serving-api/). However, the 287 | underlying implementation of the functionality could differ from the open source 288 | [Knative][knative] implementation. 289 | 290 | With [Cloud Run for Anthos](#what-is-cloud-run-on-anthos), you actually get a 291 | Knative installation (managed by Google) on your Kubernetes/[GKE] cluster 292 | 293 | ## Developing Applications 294 | 295 | ### Which applications are suitable for Cloud Run? 296 | 297 | [Cloud Run][run] is designed to run **stateless** request-driven containers. 298 | 299 | This means you can deploy: 300 | 301 | * publicly accessible applications: web applications, APIs or webhooks 302 | * private microservices: internal microservices, data transformation, background 303 | jobs, potentially triggered asynchronously by Pub/Sub events or Cloud Tasks. 304 | 305 | Other kinds of applications may not be fit for Cloud Run. 306 | 307 | If your application is doing **processing while it’s not handling 308 | requests** or storing in-memory state, it may not be suitable. 309 | 310 | ### What if my application is doing background work outside of request processing? 311 | 312 | Your application’s CPU is **[significantly throttled][cpu]** nearly down to zero 313 | while it's not handling a request. 314 | 315 | Therefore, your application should limit CPU usage outside request processing to 316 | a minimum. It might not be entirely possible since the programming language you 317 | use might do _garbage collection_ or similar runtime tasks in the background. 318 | 319 | ### Which languages can I run on Cloud Run? 320 | 321 | If an application can be packaged into a container image that can run on Linux 322 | (x86-64), it can be executed on Cloud Run. 323 | 324 | Web applications written in languages like Node.js, Python, Go, Java, Ruby, PHP, 325 | Rust, Kotlin, Swift, C/C++, C# can work on Cloud Run. 326 | 327 | 🍄 Users managed to run web servers written in x86 assembly, or [22-year old 328 | Python 329 | 1.3](https://dev.to/di/ministry-of-silly-runtimes-vintage-python-on-cloud-run-3b9d) 330 | on Cloud Run. 331 | 332 | ### Can I run my own system libraries and tools? 333 | 334 | Yes, see the section above. Since Cloud Run accepts container images as the 335 | deployment unit, you can add arbitrary executables (like `grep`, `ffmpeg`, 336 | `imagemagick`) or system libraries (`.so`, `.dll`) to your container image and 337 | use them in your application. 338 | 339 | See [this tutorial](https://cloud.google.com/run/docs/tutorials/system-packages?utm_campaign=CDR_ahm_aap-severless_cloud-run-faq_&utm_source=external&utm_medium=web) 340 | using Graphviz `dot` that generates PNG diagrams. 341 | 342 | ### Where do I get started to deploy a HTTP web server container? 343 | 344 | See [Cloud Run 345 | Quickstart](https://cloud.google.com/run/docs/quickstarts/build-and-deploy?utm_campaign=CDR_ahm_aap-severless_cloud-run-faq_&utm_source=external&utm_medium=web) 346 | which has sample applications written in many languages. 347 | 348 | ### How do I make my web application compatible with Cloud Run? 349 | 350 | Your existing applications must listen on the `PORT` environment variable to 351 | work on Cloud Run (see [container contract][container-contract]). This 352 | environment variable is given to your app by Cloud Run. It currently defaults to 353 | `8080` (but you should not rely on this) and you can [customize this port 354 | number](#customizing-port-number-on-cloud-run). 355 | 356 | ### Can Cloud Run receive events? 357 | 358 | Yes. 359 | 360 | Cloud Run integrates securely with Pub/Sub push subscriptions: 361 | 362 | * Events are delivered via HTTP to the endpoint of your Cloud Run service. 363 | * Pub/Sub automatically validates the ownership of the `*.run.app` Cloud Run 364 | URLs 365 | * You can leverage [Pub/Sub push authentication](https://cloud.google.com/pubsub/docs/push?utm_campaign=CDR_ahm_aap-severless_cloud-run-faq_&utm_source=external&utm_medium=web#setting_up_for_push_authentication) 366 | to securely and privately push events to Cloud Run services, without exposing 367 | them publicly to the internet. 368 | 369 | Many GCP services like Google Cloud Storage are able to [send events to a 370 | Pub/Sub topic](https://cloud.google.com/storage/docs/pubsub-notifications?utm_campaign=CDR_ahm_aap-severless_cloud-run-faq_&utm_source=external&utm_medium=web). 371 | You can publish your own events to a Pub/Sub topic and push them to a Cloud 372 | Run service. 373 | 374 | Follow [this tutorial](https://cloud.google.com/run/docs/tutorials/pubsub?utm_campaign=CDR_ahm_aap-severless_cloud-run-faq_&utm_source=external&utm_medium=web) for 375 | instructions about how to push Pub/Sub events to Cloud Run services. 376 | 377 | Besides Pub/Sub, Google Cloud Eventarc(in preview) allows you to trigger Cloud 378 | Run from events that originate from Cloud Storage, BigQuery, Firestore and more 379 | than 60 other Google Cloud sources. See [this blog 380 | post](https://cloud.google.com/blog/products/serverless/build-event-driven-applications-in-cloud-run?utm_campaign=CDR_ahm_aap-severless_cloud-run-faq_&utm_source=external&utm_medium=web) 381 | for detail. 382 | 383 | ### Is Cloud Run good for running static websites? 384 | 385 | Potentially. Cloud Run has a generous [free tier][pricing] which can let you run 386 | your websites for free. However, if you have a static HTML website, using 387 | [Firebase 388 | Hosting](https://firebase.google.com/docs/hosting?utm_campaign=CDR_ahm_aap-severless_cloud-run-faq_&utm_source=external&utm_medium=web) 389 | or Google Cloud Storage buckets (behind Cloudflare for HTTPS+CDN) can also be 390 | similarly cheap or free. 391 | 392 | ### How can I have cronjobs on Cloud Run? 393 | 394 | If you need to invoke your Cloud Run applications periodically, use 395 | [Google Cloud Scheduler](https://cloud.google.com/scheduler/?utm_campaign=CDR_ahm_aap-severless_cloud-run-faq_&utm_source=external&utm_medium=web). It can make a 396 | request to your application’s specific URL at an interval you specify. 397 | 398 | ### Can I run a container only once on Cloud Run? 399 | 400 | Short answer: No. Cloud Run is not designed for this purpose. 401 | 402 | Sometimes you might have a container-based job (run-to-completion task) that 403 | might seem suitable for Cloud Run. However, Cloud Run is designed for running 404 | server apps (HTTP/gRPC etc). 405 | 406 | If you want to execute run-to-completion containers on-demand or periodically 407 | on Google Cloud Platform, you can [create a Compute Engine VM with a container](https://cloud.google.com/compute/docs/containers/deploying-containers?utm_campaign=CDR_ahm_aap-severless_cloud-run-faq_&utm_source=external&utm_medium=web). 408 | 409 | ### How to configure secrets for Cloud Run applications? 410 | 411 | You can use [Secret Manager](https://cloud.google.com/secret-manager/docs/?utm_campaign=CDR_ahm_aap-severless_cloud-run-faq_&utm_source=external&utm_medium=web) with 412 | Cloud Run. Read how to write code and set permissions to access the secrets from 413 | your Cloud Run app in the 414 | [documentation](https://cloud.google.com/secret-manager/docs/creating-and-accessing-secrets?utm_campaign=CDR_ahm_aap-severless_cloud-run-faq_&utm_source=external&utm_medium=web). 415 | 416 | Alternatively, if you'd like to store secrets in Cloud Storage (GCS) using Cloud 417 | KMS envelope encryption, check out the 418 | [Berglas](https://github.com/GoogleCloudPlatform/berglas) tool and library 419 | (Berglas also has support for Secret Manager). 420 | 421 | ### Can I mount storage volumes or disks on Cloud Run? 422 | 423 | Cloud Run currently doesn’t offer a way to bind mount additional storage volumes 424 | (like FUSE, or [persistent disks][pd]) on your filesystem. If you’re reading 425 | data from Google Cloud Storage, instead of using solutions like `gcsfuse`, you 426 | should use the supported Google Cloud Storage client libraries. 427 | 428 | However, Cloud Run **for Anthos** allows you to mount Kubernetes [Secrets] and 429 | [ConfigMaps], but **this is not yet fully supported**. See an example 430 | [here][sec-ex] about mounting [Secrets] to a Service running on GKE. 431 | 432 | [pd]: https://cloud.google.com/persistent-disk/?utm_campaign=CDR_ahm_aap-severless_cloud-run-faq_&utm_source=external&utm_medium=web 433 | [vols]: https://cloud.google.com/kubernetes-engine/docs/concepts/volumes?utm_campaign=CDR_ahm_aap-severless_cloud-run-faq_&utm_source=external&utm_medium=web 434 | [Secrets]: https://cloud.google.com/kubernetes-engine/docs/concepts/secret?utm_campaign=CDR_ahm_aap-severless_cloud-run-faq_&utm_source=external&utm_medium=web 435 | [ConfigMaps]: https://cloud.google.com/kubernetes-engine/docs/concepts/configmap?utm_campaign=CDR_ahm_aap-severless_cloud-run-faq_&utm_source=external&utm_medium=web 436 | [sec-ex]: https://knative.dev/docs/serving/samples/secrets-go/ 437 | 438 | ## Deploying 439 | 440 | ### How do I continuously deploy to Cloud Run? 441 | 442 | - A lot of CI/CD tutorials at [awesome-cloudrun repo](https://github.com/steren/awesome-cloudrun#cicd) 443 | - Documentation: [Continuous Deployment using Google Cloud Build](https://cloud.google.com/cloud-build/docs/deploying-builds/deploy-cloud-run?utm_campaign=CDR_ahm_aap-severless_cloud-run-faq_&utm_source=external&utm_medium=web) 444 | - Blog: [Deploy using GitLab CI/CD](https://viggy28.dev/article/cloudrun-cicd/) 445 | 446 | _(If you know of articles about other CI/CD system integrations, add them here.)_ 447 | 448 | For other CI/CD systems, roughly the steps you should follow look like: 449 | 450 | 1. Create a new service account with a JSON key. 451 | 1. Give the service account [IAM permissions to deploy to Cloud Run](https://cloud.google.com/run/docs/reference/iam/roles?utm_campaign=CDR_ahm_aap-severless_cloud-run-faq_&utm_source=external&utm_medium=web). 452 | * `roles/run.admin` to deploy applications 453 | * `roles/iam.serviceAccountUser` on the service account that your app will use 454 | 455 | 1. Upload the JSON key to the CI/CD environment, and authenticate to `gcloud` 456 | by calling: 457 | 458 | gcloud auth activate-service-account --key-file=[KEY_JSON_FILE] 459 | 460 | 1. Deploy the app by calling: 461 | 462 | gcloud run deploy [MY_SERVICE] --image=[...] [...] 463 | 464 | [gcb]: https://cloud.google.com/cloud-build/?utm_campaign=CDR_ahm_aap-severless_cloud-run-faq_&utm_source=external&utm_medium=web 465 | 466 | ### Which container registries can I deploy from? 467 | 468 | Cloud Run currently only allows deploying images hosted on Google Container 469 | Registry (`*.gcr.io/*`). 470 | 471 | ### How can I deploy from other GCR registries? 472 | 473 | If you're deploying from GCR registries on another GCP project: 474 | 475 | - public registries: should be deploying without additional configuration 476 | - private registries: need to give GCR access to service account used by Cloud 477 | Run. 478 | 479 | To give access, go to [IAM&Admin](https://console.cloud.google.com/iam-admin/iam) on 480 | Cloud Console, and find the email for "Google Cloud Run Service Agent". Then 481 | follow [this 482 | document](https://cloud.google.com/container-registry/docs/access-control?utm_campaign=CDR_ahm_aap-severless_cloud-run-faq_&utm_source=external&utm_medium=web#granting_users_and_other_projects_access_to_a_registry) 483 | to give this service account GCR access on the other project. 484 | 485 | ### How to do canary or blue/green deployments on Cloud Run? 486 | 487 | If you updated your Cloud Run service, you probably realized it creates a new 488 | [revision](https://cloud.google.com/run/docs/managing/revisions?utm_campaign=CDR_ahm_aap-severless_cloud-run-faq_&utm_source=external&utm_medium=web) for every new 489 | configuration of your service. 490 | 491 | Cloud Run allows you to [**split traffic** between multiple 492 | revisions](https://cloud.google.com/run/docs/rollouts-rollbacks-traffic-migration?utm_campaign=CDR_ahm_aap-severless_cloud-run-faq_&utm_source=external&utm_medium=web), 493 | so you can do gradual rollouts such as canary deployments or blue/green 494 | deployments. 495 | 496 | ### How can I specify Google credentials in Cloud Run applications? 497 | 498 | For applications running on Cloud Run, you don't need to deliver JSON keys for 499 | IAM Service Accounts, or set `GOOGLE_APPLICATION_CREDENTIALS` environment 500 | variable. 501 | 502 | Just specify the service account (`--service-account`) you want your application 503 | to use automatically while deploying the app. See [configuring service 504 | identity][ident]. 505 | 506 | [ident]: https://cloud.google.com/run/docs/securing/service-identity?utm_campaign=CDR_ahm_aap-severless_cloud-run-faq_&utm_source=external&utm_medium=web 507 | 508 | ### Can I use `kubectl` to deploy to Cloud Run? 509 | 510 | Cloud Run supports the [Knative][knative] Serving API. However, currently some 511 | parts of Kubernetes Discovery API required by `kubectl` are not yet offered on 512 | Cloud Run API. 513 | 514 | As a solution, you can write your [Knative `Service`][ksvc] resource as a .yaml 515 | file and use the following command to deploy to Cloud Run: 516 | 517 | ```sh 518 | gcloud run services replace --platform=managed 519 | ``` 520 | 521 | Since "Cloud Run for Anthos" runs [Knative][knative] natively, you can use 522 | `kubectl` to deploy [Knative `Service`s][ksvc] to your GKE cluster by writing YAML 523 | manifests and running `kubectl apply`. See Knative tutorials for more info. 524 | 525 | [kubeconfig]: https://kubernetes.io/docs/concepts/configuration/organize-cluster-access-kubeconfig/ 526 | [ksvc]: https://www.knative.dev/docs/reference/serving-api/#Service 527 | 528 | ### Can I use Terraform to deploy to Cloud Run? 529 | 530 | Yes. Terraform provides 531 | [resources](https://www.terraform.io/docs/providers/google/r/cloud_run_service.html) 532 | to define a Cloud Run deployment in Terraform. Also see [this blog 533 | post](https://www.sethvargo.com/configuring-cloud-run-with-terraform/) and 534 | [sample app](https://github.com/sethvargo/terraform-cloud-run-demo). 535 | 536 | ## Cold Starts 537 | 538 | ### Does Cloud Run have cold starts? 539 | 540 | Yes. If a Cloud Run service does not receive requests for a long time, it will 541 | take some time to start it again. This will add additional delay to the first 542 | request. 543 | 544 | Cold start latency depends on [many 545 | factors](https://cloud.google.com/run/docs/tips?utm_campaign=CDR_ahm_aap-severless_cloud-run-faq_&utm_source=external&utm_medium=web#optimizing_performance), however 546 | it is independent of the image size. 547 | 548 | ### When will my service scale to zero? 549 | 550 | Cloud Run does not provide any guarantees on how long it will keep a container 551 | instance "warm". It depends on factors like capacity and Google’s implementation 552 | details. See: [How to keep a service 553 | "warm"?](#how-to-keep-a-cloud-run-service-warm). 554 | 555 | ### How do I minimize the cold start latencies? 556 | 557 | Cloud Run allows you to have a [specified number of warm instances][min-ins]. 558 | These instances are billed differently, but they stick around to prevent 559 | cold starts. 560 | 561 | See [performance optimization 562 | tips](https://cloud.google.com/run/docs/tips?utm_campaign=CDR_ahm_aap-severless_cloud-run-faq_&utm_source=external&utm_medium=web#starting_services_quickly), 563 | basically: 564 | 565 | - minimize the number and size of the dependencies that your app loads 566 | - keep your app’s "time to listen for requests" startup time short 567 | - prevent your application process from crashing 568 | 569 | The size of your container image has almost no impact on cold starts. 570 | 571 | [min-ins]: https://cloud.google.com/run/docs/configuring/min-instances?utm_campaign=CDR_ahm_aap-severless_cloud-run-faq_&utm_source=external&utm_medium=web#starting_services_quickly 572 | 573 | ### Do I get "warmup requests" like in App Engine? 574 | 575 | Cloud Run does not have the notion of [App Engine warmup 576 | requests](https://cloud.google.com/appengine/docs/standard/python/configuring-warmup-requests?utm_campaign=CDR_ahm_aap-severless_cloud-run-faq_&utm_source=external&utm_medium=web). 577 | You can perform initialization of your application (such as loading data) until 578 | you start listening on the port number. 579 | 580 | Note that delaying the listening on the port number causes longer _cold starts_, 581 | so consider [lazily 582 | computing/fetching](https://cloud.google.com/run/docs/tips?utm_campaign=CDR_ahm_aap-severless_cloud-run-faq_&utm_source=external&utm_medium=web#performing_lazy_initialization_of_global_variables) 583 | the data you need to reduce cold start latencies. 584 | 585 | ### How to keep a Cloud Run service “warm”? 586 | 587 | Cloud Run now allows you to [keep a number of warm 588 | instances][min-ins]. Also called "minimum instances", Cloud Run keeps these 589 | container instances running so they're ready to serve requests. 590 | 591 | Such warm containers are [billed differently][pricing], however keeping a 592 | single 256 MB RAM / 1 vCPU container warm for a month costs around $8, which 593 | is still cheaper than the cheapest VM option (f1-micro). 594 | 595 | These warm containers still get their CPU throttled to ~0% when they are not 596 | processing requests. 597 | 598 | You can also work around "cold starts" by periodically making requests to your 599 | Cloud Run service which can help prevent the container instances from scaling to 600 | zero. For this, use [Google Cloud 601 | Scheduler](https://cloud.google.com/scheduler?utm_campaign=CDR_ahm_aap-severless_cloud-run-faq_&utm_source=external&utm_medium=web) 602 | to make requests every few minutes. 603 | 604 | ### How can I tell if a request was a “cold start”? 605 | 606 | Cloud Run does not mark request logs with information about whether they caused 607 | a cold start or not. However you can implement this yourself using a global 608 | variable. 609 | 610 | ## Container Lifecycle 611 | 612 | ### How does Cloud Run tell if my container is ready? 613 | 614 | Cloud Run starts sending traffic to your application once you start listening 615 | on the port number (given to you via `PORT` environment variable). 616 | 617 | ### Does Cloud Run have readiness or liveness checks/probes? 618 | 619 | Cloud Run does not offer user-configurable liveness checks or probes like 620 | Kubernetes, as explained in previous question, the moment your server starts 621 | listening on the port number, you indicate that your application is ready to 622 | receive traffic. 623 | 624 | ### What happens if my container exits/crashes? 625 | 626 | If the entrypoint process of a container exits, the container is stopped. A 627 | crashed container triggers [cold start](#cold-starts) while the container is 628 | restarted. Avoid exiting/crashing your server process by handling exceptions. 629 | See [development tips](https://cloud.google.com/run/docs/tips?utm_campaign=CDR_ahm_aap-severless_cloud-run-faq_&utm_source=external&utm_medium=web#reporting_errors). 630 | 631 | ### What is the termination signal for Cloud Run services? 632 | 633 | Currently, Cloud Run terminates containers while [scaling to 634 | zero](#does-my-cloud-run-service-scale-to-zero) with unix signal 15 (`SIGTERM`). 635 | `SIGTERM` is trappable (capturable) by applications. If handled, CPU is allocated 636 | for 10s max. 637 | 638 | 639 | ## Serving Traffic 640 | 641 | ### Which network protocols are supported on Cloud Run? 642 | 643 | Cloud Run only supports HTTP/1.x and HTTP/2 (including gRPC) over TLS. Other 644 | TCP and UDP based protocols are not supported. This means, you can't run your 645 | arbitrary TCP based application, or a Redis/Memcached server on Cloud Run. 646 | 647 | Also see: [HTTP/2](#is-http2-supported-on-cloud-run), 648 | [gRPC](#is-grpc-supported-on-cloud-run) 649 | 650 | ### Customizing port number on Cloud Run? 651 | 652 | Cloud Run now allows you to [customize which port 653 | number](https://cloud.google.com/run/docs/configuring/containers?utm_campaign=CDR_ahm_aap-severless_cloud-run-faq_&utm_source=external&utm_medium=web#configure-port) 654 | your application serves traffic on. This is for applications that cannot 655 | change the server port by reading the `PORT` environment variable passed by 656 | Cloud Run. (Upon customizing, `PORT` value will have the specified value.) 657 | 658 | ### What's the maximum request execution time limit? 659 | 660 | Currently, a request times out after **15 minutes**. See [limits][lim]. 661 | (60-minute request timeouts are currently in preview.) 662 | 663 | ### Does my service get a domain name on Cloud Run? 664 | 665 | Yes, every Cloud Run service gets a `*.run.app` domain name for free. You can 666 | also use [your domain names][custom-domains]. 667 | 668 | [custom-domains]: https://cloud.google.com/run/docs/mapping-custom-domains?utm_campaign=CDR_ahm_aap-severless_cloud-run-faq_&utm_source=external&utm_medium=web 669 | 670 | ### Are all Cloud Run services publicly accessible? 671 | 672 | No. Cloud Run allows services to be either **publicly accessible** to anyone on 673 | the Internet, or **private services** that require [authentication] via a 674 | JWT (identity token). 675 | 676 | [authentication]: https://cloud.google.com/run/docs/securing/authenticating?utm_campaign=CDR_ahm_aap-severless_cloud-run-faq_&utm_source=external&utm_medium=web 677 | 678 | ### Can I run Cloud Run applications on a private IP? 679 | 680 | Currently no. Cloud Run applications always have a `*.run.app` public hostname 681 | and they cannot be placed inside a VPC (Virtual Private Cloud) network. 682 | 683 | If any other private service (e.g. GCE VMs, GKE) needs to call your Cloud Run 684 | application, they need to use this public hostname. However, despite you’re 685 | making requests to public IP from a GCE VM in the same region (or possibly on 686 | cross-region if you're on GCP Premium network tier), the traffic won’t leave 687 | Google’s own network. 688 | 689 | ### How much additional latency does running on Cloud Run add? 690 | 691 | > TODO(ahmetb): Write this section. Ideally we should link to some blog posts 692 | > doing an analysis of this. 693 | 694 | ### Does my application get multiple requests concurrently? 695 | 696 | Contrary to most serverless products, Cloud Run is able to send multiple 697 | requests to be handled 698 | [simultaneously](https://cloud.google.com/run/docs/about-concurrency?utm_campaign=CDR_ahm_aap-severless_cloud-run-faq_&utm_source=external&utm_medium=web) to 699 | your container instances. 700 | 701 | Each container instance on Cloud Run is (currently) allowed to handle [up to 702 | 250][lim] concurrent requests. This is also the default value. 703 | 704 | ### What if my application can’t handle concurrent requests? 705 | 706 | If your application cannot handle this number, you 707 | can configure this number while deploying your service in `gcloud` or Cloud 708 | Console. 709 | 710 | Most of the popular programming languages can process multiple requests at the 711 | same time thanks to multi-threading. But some languages may need additional 712 | components to do concurrent requests (e.g. PHP with 713 | [Apache](https://hub.docker.com/_/php), or Python with 714 | [gunicorn](https://github.com/knative/docs/blob/7c4ff1c98e072b3c61649f35e6cafb11b00c6ab0/docs/serving/samples/hello-world/helloworld-python/Dockerfile#L11)). 715 | 716 | [lim]: https://cloud.google.com/run/quotas?utm_campaign=CDR_ahm_aap-severless_cloud-run-faq_&utm_source=external&utm_medium=web 717 | 718 | ### How do I find the right concurrency level for my application? 719 | 720 | Each application and language can process different levels of simultaneously 721 | without having them time out. That's why Cloud Run allows you to 722 | [configure](https://cloud.google.com/run/docs/about-concurrency?utm_campaign=CDR_ahm_aap-severless_cloud-run-faq_&utm_source=external&utm_medium=web) concurrency 723 | per service. 724 | 725 | You should do "load testing" to find out where your application should stop 726 | handling additional request and additional instances should be created. Read 727 | [Tuning concurrency](https://cloud.google.com/run/docs/tips?utm_campaign=CDR_ahm_aap-severless_cloud-run-faq_&utm_source=external&utm_medium=web#using_concurrency) 728 | for more. 729 | 730 | ### Can I make request to a specific container instance? 731 | 732 | No, Cloud Run does not offer a "sticky session" primitive. All requests are 733 | load balanced between available container instances. 734 | 735 | ### Can I add Cloud Run services as backends to Cloud HTTP(S) Load Balancer? 736 | 737 | **UPDATE (July 10, 2020):** Yes, [this is now in **beta**][neg]. 738 | 739 | You need to [add serverless network endpoint groups][neg-setup] behind a [Cloud 740 | HTTP(S) Load Balancer (GCLB)][https-lb] to achieve this. The "serverless NEG" concepts 741 | allows Cloud Run services to be added behind a load balancer, just like a VM 742 | or GCS bucket. 743 | 744 | [https-lb]: https://cloud.google.com/load-balancing/docs/https/?utm_campaign=CDR_ahm_aap-severless_cloud-run-faq_&utm_source=external&utm_medium=web 745 | [neg]: https://cloud.google.com/load-balancing/docs/negs/serverless-neg-concepts?utm_campaign=CDR_ahm_aap-severless_cloud-run-faq_&utm_source=external&utm_medium=web 746 | [neg-setup]: https://cloud.google.com/load-balancing/docs/negs/setting-up-serverless-negs?utm_campaign=CDR_ahm_aap-severless_cloud-run-faq_&utm_source=external&utm_medium=web 747 | 748 | ### How does Cloud Run’s load balancing compare with Cloud Load Balancer (GCLB) 749 | 750 | Cloud Run applications [can be added][neg-setup] behind a [Cloud HTTP(s) load 751 | balancer (GCLB)][https-lb]. However you might wonder, aren't Cloud Run endpoints 752 | already _load-balanced_? Yes, they are. 753 | 754 | However, GCLB offers a wide variety of options that you might need, such as: 755 | 756 | - Support for configuring GCLB products like Cloud CDN and Cloud Armor (Cloud IAP is not yet supported) 757 | - Routing to multiple backends (VM, GCS bucket, Run/GCF apps) on a single domain 758 | - Bringing your own certificates 759 | - Having a static IP (IPv4 or IPv6) for your domains 760 | 761 | ### How can I configure CDN for Cloud Run services? 762 | 763 | Yes, see previous question. With [Cloud HTTP(S) Load Balancer (GCLB)][https-lb] integration, 764 | you need to add the Cloud Run service as a NEG to the load balancer. 765 | 766 | You can also have CDN from other services if you don't want to use Cloud HTTP(S) Load Balancer: 767 | 768 | - [Firebase Hosting](https://firebase.google.com/docs/hosting/) by: 769 | - responding to requests with a [`Cache-Control` 770 | header](https://firebase.google.com/docs/hosting/manage-cache#set_cache-control), 771 | and 772 | - configuring a [rewrite configuration in 773 | `firebase.json`](https://firebase.google.com/docs/hosting/cloud-run#direct_requests_to_container) 774 | of your Firebase app. 775 | 776 | > **WARNING:** If you are using [Cloudflare](https://cloudflare.com/) with proxying 777 | > capabilities, [follow the guide here](https://cloud.google.com/run/docs/mapping-custom-domains?utm_campaign=CDR_ahm_aap-severless_cloud-run-faq_&utm_source=external&utm_medium=web). 778 | 779 | ### Does Cloud Run offer SSL/TLS certificates (HTTPS)? 780 | 781 | Yes. If you’re using the domain name provided by Cloud Run (`*.run.app`), your 782 | application is immediately ready to serve on `https://` protocol because Google 783 | has a wildcard TLS certificate for 784 | [`*.a.run.app`](https://crt.sh/?id=4260085120). 785 | 786 | If you’re using your own [custom domain] name, Cloud Run provisions a TLS 787 | certificate for your domain name. This may take ~15 minutes to provision and 788 | serve traffic on `https://`. Cloud Run uses its own certificate authority named 789 | Google Trust Services to provision a certificate for your domain 790 | ([example](https://crt.sh/?id=4221640439)). 791 | 792 | [custom domain]: https://cloud.google.com/run/docs/mapping-custom-domains?utm_campaign=CDR_ahm_aap-severless_cloud-run-faq_&utm_source=external&utm_medium=web 793 | 794 | ### How can I use my own TLS certificates for Cloud Run? 795 | 796 | When you use custom domain mapping feature of Cloud Run, it will provision a TLS 797 | certificate for your domain. However, if you want to use custom features, check 798 | out the [Cloud HTTP(S) Load Balancer (GCLB) integration][setup-neg]. 799 | 800 | ### How can I redirect all HTTP traffic to HTTPS? 801 | 802 | This is built in and required. To make Cloud Run secure by default, Cloud Run 803 | services will only be accessible via HTTPS. 804 | 805 | Any HTTP requests are automatically returned an HTTP 302 response pointing to 806 | the HTTPS version of the current URL. This was rolled out as a change in the 807 | beta service in August 2019. 808 | 809 | ### Is traffic between my app and Cloud Run’s load balancer encrypted? 810 | 811 | Since your app serves traffic on `PORT` (by default 8080) unencrypted, you might 812 | think the connection between Cloud Run’s load-balanced endpoint and your 813 | application is unencrypted. 814 | 815 | However, the transit between Google’s frontend/load balancer and your Cloud Run 816 | container instance is encrypted. Google terminates TLS/HTTPS connections before 817 | they reach your application, so that you don’t have to handle TLS yourself. 818 | 819 | ### Does Cloud Run support load balancing among multiple regions? 820 | 821 | Not natively. Cloud Run services are regional. But it's possible to do it 822 | yourself. 823 | 824 | Using the [Cloud Load Balancer (GCLB)][setup-neg] integration, deploying your 825 | service to multiple regions and adding them behind the load balancer, the 826 | clients connecting to the load balancer IP/domain will be routed to the Cloud 827 | Run service **closest** Cloud Run service to the client. 828 | 829 | Read [documentation](https://cloud.google.com/run/docs/multiple-regions?utm_campaign=CDR_ahm_aap-severless_cloud-run-faq_&utm_source=external&utm_medium=web) 830 | or [my article](https://ahmet.im/blog/cloud-run-multi-region/) or 831 | [with Terraform](https://ahmet.im/blog/cloud-run-multi-region-terraform/). 832 | 833 | ### Is HTTP/2 supported on Cloud Run? 834 | 835 | Yes. Cloud Run’s gateway will upgrade any HTTP/1 server you write to HTTP/2. If 836 | you query your application with `https://`, you should be seeing HTTP/2 protocol 837 | used between the client and Cloud Run service: 838 | 839 | ```text 840 | $ curl --http2 https:// 841 | ... 842 | < HTTP/2 200 843 | ... 844 | ``` 845 | 846 | ### Can my application server run on HTTP/2 protocol? 847 | 848 | HTTP/2 to the container is currently only supported for gRPC services. 849 | 850 | Cloud Run requires your application to serve on an **unencrypted** endpoint 851 | and HTTP/2 by default requires TLS. 852 | 853 | If your server supports HTTP/2 upgrade via the `h2c` (unencrypted HTTP/2) 854 | protocol, it will safely fall-back to HTTP/1.1. 855 | 856 | If you develop an HTTP/2 **only** server, Cloud Run will 857 | not currently be able to route requests to it, as Cloud Run does include prior knowledge 858 | headers by default. 859 | 860 | ### Is gRPC supported on Cloud Run? 861 | 862 | Yes. Cloud Run (fully managed) can 863 | [now](https://cloud.google.com/blog/products/serverless/cloud-run-gets-websockets-http-2-and-grpc-bidirectional-streams?utm_campaign=CDR_ahm_aap-severless_cloud-run-faq_&utm_source=external&utm_medium=web) 864 | run [gRPC](https://grpc.io/) services, including all RPC types (unary, 865 | server-streaming, client-streaming and bidirectional). 866 | 867 | [crogke]: https://cloud.google.com/run/docs/gke/setup?utm_campaign=CDR_ahm_aap-severless_cloud-run-faq_&utm_source=external&utm_medium=web 868 | 869 | ### How can I serve responses larger than 32MB with Cloud Run? 870 | 871 | Cloud Run can stream responses that are larger than 32MB using HTTP chunked 872 | encoding. Add the HTTP header `Transfer-Encoding: chunked` to your response 873 | if you know it will be larger than 32MB. 874 | 875 | ### Are WebSockets supported on Cloud Run? 876 | 877 | [WebSockets](https://en.wikipedia.org/wiki/WebSocket) are 878 | [now](https://cloud.google.com/blog/products/serverless/cloud-run-gets-websockets-http-2-and-grpc-bidirectional-streams?utm_campaign=CDR_ahm_aap-severless_cloud-run-faq_&utm_source=external&utm_medium=web) 879 | supported on Cloud Run. [Read 880 | documentation](https://cloud.google.com/run/docs/triggering/websockets?utm_campaign=CDR_ahm_aap-severless_cloud-run-faq_&utm_source=external&utm_medium=web). 881 | 882 | Running WebSockets also works on [Cloud Run for Anthos][crogke]. 883 | 884 | ## Microservices 885 | 886 | ### How do two Cloud Run services connect each other privately? 887 | 888 | To make requests to Cloud Run applications privately, you need to obtain an 889 | identity token, and add it to the `Authorization` header of the outbound request 890 | of the target service. You can find [documentation and examples 891 | here](https://cloud.google.com/run/docs/authenticating/service-to-service?utm_campaign=CDR_ahm_aap-severless_cloud-run-faq_&utm_source=external&utm_medium=web). 892 | 893 | For Cloud Run service A (running with service account `SA1`) to be able to 894 | connect to private Cloud Run service B, you need to: 895 | 896 | 1. Update IAM permissions of service B to give `SA1` Cloud Run Invoker role 897 | (`roles/run.invoker`). 898 | 899 | 2. Obtain an identity token (JWT) from metadata service: 900 | 901 | ```sh 902 | curl -H "metadata-flavor: Google" \ 903 | http://metadata/instance/service-accounts/default/identity?audience=URL 904 | ``` 905 | where `URL` is the URL of service B (i.e. `https://*.run.app`). 906 | 907 | 3. Add header `Authorization: Bearer ` where `` is the response 908 | obtained in the previous command. 909 | 910 | ### Does Cloud Run have DNS service discovery? 911 | 912 | If you're using Kubernetes or similar systems, you might be used to calling 913 | another service directly by name (e.g. `http://hello/`). However, Cloud Run does 914 | not support this yet. Therefore you must use the full (`*.run.app`) URL. 915 | 916 | Alternatively, you can try out the [runsd 917 | project](https://github.com/ahmetb/runsd), which is my prototype Cloud Run 918 | DNS Service Discovery + automatic authentication implementation. 919 | 920 | ## Autoscaling 921 | 922 | ### Does my Cloud Run service scale to zero? 923 | 924 | Yes. When your service is not receiving requests, you are not paying for 925 | anything. 926 | 927 | Therefore, after not receiving any requests for a while, the first request may 928 | observe [cold start](#cold-starts) latency. 929 | 930 | ### How can I limit the total number of instances for my application? 931 | 932 | By setting the `Maximum number of instances` parameter when deploying a new revision. 933 | 934 | ### What’s the upper scaling limit for Cloud Run? 935 | 936 | Each Cloud Run service can scale by default [up to 1000 container instances][lim], a limit that 937 | can be increase via a quota request. Each container instance can handle [up to 250 simultaneous 938 | requests][lim]. 939 | 940 | ## Runtime 941 | 942 | ### Which operating system Cloud Run applications run on? 943 | 944 | Linux. 945 | 946 | However, since you bring your own container image, you get to decide 947 | your system libraries like libs (e.g. musl libc in alpine, or glibc in debian 948 | based images). 949 | 950 | Your applications run on [gVisor](https://gvisor.dev/docs/) which only supports 951 | Linux (currently). 952 | 953 | ### Can I use the local filesystem? 954 | 955 | Yes, **however** files written to the local filesystem **count towards available 956 | memory** and may cause container instance to go out-of-memory and crash. 957 | 958 | Therefore, writing files to local filesystem are discouraged, with the exception 959 | of [`/var/log/*` path for logging](https://cloud.google.com/run/docs/logging?utm_campaign=CDR_ahm_aap-severless_cloud-run-faq_&utm_source=external&utm_medium=web). 960 | 961 | ### Which system calls are supported? 962 | 963 | Cloud Run applications run on [gVisor](https://gvisor.dev) container sandbox, 964 | which executes Linux kernel system calls made by your application in userspace. 965 | 966 | gVisor does not implement all system calls (see 967 | [here](https://gvisor.dev/docs/user_guide/compatibility/amd64/)). If your app 968 | has such a system call (**quite rare**), it will not work on Cloud Run. Such an 969 | event [is logged](https://cloud.google.com/run/docs/troubleshooting?utm_campaign=CDR_ahm_aap-severless_cloud-run-faq_&utm_source=external&utm_medium=web#sandbox) and 970 | you can [use 971 | `strace`](https://cloud.google.com/run/docs/troubleshooting/tracing-system-calls?utm_campaign=CDR_ahm_aap-severless_cloud-run-faq_&utm_source=external&utm_medium=web) 972 | to determine when the system call was made in your app. 973 | 974 | ### Which executable ABIs are supported? 975 | 976 | Applications compiled for 64-bit Linux are supported. To be precise, ELF 977 | executables compiled to [x84-64](https://en.wikipedia.org/wiki/X86-64). See 978 | [Container Contract][container-contract]. 979 | 980 | [container-contract]: https://cloud.google.com/run/docs/reference/container-contract?utm_campaign=CDR_ahm_aap-severless_cloud-run-faq_&utm_source=external&utm_medium=web 981 | [cpu]: https://cloud.google.com/run/docs/reference/container-contract?utm_campaign=CDR_ahm_aap-severless_cloud-run-faq_&utm_source=external&utm_medium=web#cpu 982 | 983 | 984 | ### Where can I find the "instance ID" of my container? 985 | 986 | The [logs][logging] collected from a container instance specify the unique 987 | instance ID of the container when the logs are viewed on Stackdriver Logging. 988 | This instance ID is not made available to the application. 989 | 990 | To identify your container instance while it’s running, generate a random UUID 991 | during the startup of your process and store it in a variable. 992 | 993 | ### How can I find the number of instances running? 994 | 995 | You can't see the number of instances running at a time on Cloud Run. 996 | 997 | However, you can use the **Billable container instance time** metric on Cloud 998 | Run service dashboard to infer this information. 999 | 1000 | Ideally you should not care about "instant value" of number of instances in a 1001 | serverless world, since your applications autoscale based on traffic patterns 1002 | better and you only pay while a request is being handled (not the idle instance 1003 | time). 1004 | 1005 | ### How can my service tell it is running on Cloud Run? 1006 | 1007 | Cloud Run provides some [environment variables][container-contract] standard in 1008 | [Knative][knative]. Ideally you should explicitly deploy your app with an 1009 | environment variable indicating it is running on Cloud Run. 1010 | 1011 | You can also access [instance 1012 | metadata](https://cloud.google.com/appengine/docs/standard/java/accessing-instance-metadata?utm_campaign=CDR_ahm_aap-severless_cloud-run-faq_&utm_source=external&utm_medium=web) 1013 | endpoints like 1014 | `http://metadata.google.internal/computeMetadata/v1/project/project-id` to 1015 | determine if you are on Cloud Run. However, this will not distinguish "Cloud 1016 | Run" vs "Cloud Run for Anthos" as the metadata service is available on GKE nodes 1017 | as well. 1018 | 1019 | ### Is there a way to get static IP for outbound requests? 1020 | 1021 | Yes. If you need to connect to an external API or database that requires IP 1022 | address whitelisting, you can configure a static egress IP address for your 1023 | Cloud Run service. 1024 | 1025 | This involves configuring a Cloud Router and Cloud NAT 1026 | for a VPC network and using VPC connector with your Cloud Run service. 1027 | Read [documentation](https://cloud.google.com/run/docs/configuring/connecting-vpc?utm_campaign=CDR_ahm_aap-severless_cloud-run-faq_&utm_source=external&utm_medium=web#egress) 1028 | and [follow setup guide](https://cloud.google.com/run/docs/configuring/static-outbound-ip?utm_campaign=CDR_ahm_aap-severless_cloud-run-faq_&utm_source=external&utm_medium=web). 1029 | 1030 | ## VPC Support 1031 | 1032 | ### Can I place my Cloud Run application inside a VPC network? 1033 | 1034 | Cloud Run **can connect to** private IPs in VPC networks ([see 1035 | below](#how-to-connect-ips-in-a-vpc-network-from-cloud-run)). 1036 | 1037 | However, you currently cannot place a Cloud Run app into a VPC so it can have a 1038 | private IP address to be accessible from only within the VPC (see 1039 | [here](#can-i-run-cloud-run-applications-on-a-private-ip)). 1040 | 1041 | ### How to connect IPs in a VPC network from Cloud Run? 1042 | 1043 | Cloud Run **now has [support][vpc-doc]** for "Serverless VPC Access". This 1044 | feature allows Cloud Run applications to be able to connect private IPs in the 1045 | VPC (but not the other way). 1046 | 1047 | This way your Cloud Run applications can connect to private VPC IP addresses 1048 | running: 1049 | 1050 | - GCE VMs 1051 | - Cloud SQL instances 1052 | - Cloud Memorystore instances 1053 | - Kubernetes Pods/Services (on GKE public or private clusters) 1054 | - Internal Load Balancers 1055 | 1056 | To learn more [read my blog post 1057 | here](https://ahmet.im/blog/cloud-run-vpc-to-kubernetes/) or [refer to the 1058 | official 1059 | documentation][vpc-doc]. 1060 | 1061 | [vpc-doc]: https://cloud.google.com/run/docs/configuring/connecting-vpc?utm_campaign=CDR_ahm_aap-severless_cloud-run-faq_&utm_source=external&utm_medium=web 1062 | 1063 | ### Are VPC Service Controls supported for Cloud Run? 1064 | 1065 | [VPC-SC](https://cloud.google.com/vpc-service-controls?utm_campaign=CDR_ahm_aap-severless_cloud-run-faq_&utm_source=external&utm_medium=web) 1066 | allows you to define which endpoints your applications can connect to (to 1067 | prevent exfiltration risks). 1068 | 1069 | You can use [Cloud Run with VPC service controls][vpc-sc] (currently in preview). 1070 | 1071 | [vpc-sc]:https://cloud.google.com/run/docs/securing/using-vpc-service-controls?utm_campaign=CDR_ahm_aap-severless_cloud-run-faq_&utm_source=external&utm_medium=web 1072 | 1073 | ### Are "Shared VPCs" supported by VPC Access connector? 1074 | 1075 | [In Beta 1076 | Stage](https://cloud.google.com/vpc/docs/configure-serverless-vpc-access?utm_campaign=CDR_ahm_aap-severless_cloud-run-faq_&utm_source=external&utm_medium=web#shared-vpc). 1077 | 1078 | ## Monitoring and Logging 1079 | 1080 | ### Where do I write my application logs? 1081 | 1082 | Anything your application writes to standard output (stdout) or standard error 1083 | (stderr) is collected as logs by Cloud Run. 1084 | 1085 | Some existing apps might not be complying with that (e.g. nginx writes logs to 1086 | `/var/log/nginx/error.log`). Therefore any files written under `/var/log/*` are 1087 | also aggregated. [Learn more here.][logging] 1088 | 1089 | [logging]: https://cloud.google.com/run/docs/logging?utm_campaign=CDR_ahm_aap-severless_cloud-run-faq_&utm_source=external&utm_medium=web#special-fields 1090 | 1091 | ### How can I have structured logs? 1092 | 1093 | All your log lines must be JSON objects with fields [recognized by Stackdriver 1094 | Logging](https://cloud.google.com/logging/docs/agent/configuration?utm_campaign=CDR_ahm_aap-severless_cloud-run-faq_&utm_source=external&utm_medium=web#special-fields), 1095 | such as `timestamp`, `severity`, `message`. 1096 | 1097 | ### Is Cloud Run integrated with Stackdriver APM? 1098 | 1099 | Yes. See [this 1100 | document](https://cloud.google.com/run/docs/monitoring?utm_campaign=CDR_ahm_aap-severless_cloud-run-faq_&utm_source=external&utm_medium=web) 1101 | on how to view various metrics about your Cloud Run container instances. 1102 | 1103 | ### How can I do Tracing on Cloud Run? 1104 | 1105 | Cloud Run supports tracing out of the box. If you go to "Tracing" section 1106 | on Cloud Console, you will see the traces are being collected at 1107 | a predefined sampling rate for your requests. 1108 | 1109 | If you want to correlate logs to requests, or create additional trace spans, you 1110 | can use the `x-cloud-trace-context` header provided to each request with 1111 | OpenTelemetry or OpenCensus libraries. 1112 | 1113 | ## Pricing 1114 | 1115 | [Cloud Run Pricing documentation][pricing] has the most up-to-date 1116 | information. 1117 | 1118 | [pricing]: https://cloud.google.com/run/pricing?utm_campaign=CDR_ahm_aap-severless_cloud-run-faq_&utm_source=external&utm_medium=web 1119 | 1120 | ### Is there a “Free Tier”? 1121 | 1122 | Yes! See [Pricing documentation][pricing]. 1123 | 1124 | ### When am I charged? 1125 | 1126 | You only pay **while a request is being handled** on your container instance. 1127 | 1128 | This means an application that is not getting traffic is **free of charge**. 1129 | See the next question. 1130 | 1131 | ### How is billed time calculated? 1132 | 1133 | Based on "time serving requests" on each instance. If your service handles 1134 | multiple requests simultaneously, you do not pay for the CPU/memory time during 1135 | the overlap separately (per-request costs still apply). (This is 1136 | a cost saver, compared to Cloud Functions.) 1137 | 1138 | Each billable timeslice is **rounded up** to the nearest **100 1139 | milliseconds**. 1140 | 1141 | Read how the [billable 1142 | time](https://cloud.google.com/run/pricing?utm_campaign=CDR_ahm_aap-severless_cloud-run-faq_&utm_source=external&utm_medium=web#billable_time) 1143 | is calculated, it is basically like this: 1144 | 1145 | ```text 1146 | request1 response1 1147 | | request2 ʌ response2 1148 | | | | ʌ 1149 | v........|......./ | 1150 | | | 1151 | v.............../ 1152 | 1153 | |-----FREE-----|----------BILLED----------|----FREE... 1154 | ``` 1155 | 1156 | ### What do I pay for on Cloud Run? 1157 | 1158 | You are paying for CPU, memory and the traffic sent to the client from your 1159 | application (egress traffic). 1160 | 1161 | ----- 1162 | 1163 | This is not an official Google project or roadmap. Refer to the [Cloud Run 1164 | documentation][docs] for the authoritative information. This project is 1165 | [licensed](./LICENSE) under Creative common Attribution 4.0 International (CC BY 1166 | 4.0) license. 1167 | 1168 | > **Your question not answered here?** Open an [issue] and see if we can answer. 1169 | --------------------------------------------------------------------------------