{"id":13528220,"url":"https://github.com/ahmetb/cloud-run-faq","last_synced_at":"2025-05-15T11:04:59.293Z","repository":{"id":37664511,"uuid":"181230982","full_name":"ahmetb/cloud-run-faq","owner":"ahmetb","description":"Unofficial FAQ and everything you've been wondering about Google Cloud Run.","archived":false,"fork":false,"pushed_at":"2022-02-25T17:24:46.000Z","size":581,"stargazers_count":2332,"open_issues_count":20,"forks_count":124,"subscribers_count":61,"default_branch":"master","last_synced_at":"2025-04-14T17:00:06.548Z","etag":null,"topics":["cloud-run","google-cloud-run"],"latest_commit_sha":null,"homepage":"https://cloud.run","language":"Shell","has_issues":true,"has_wiki":null,"has_pages":null,"mirror_url":null,"source_name":null,"license":"cc-by-4.0","status":null,"scm":"git","pull_requests_enabled":true,"icon_url":"https://github.com/ahmetb.png","metadata":{"files":{"readme":"README.md","changelog":null,"contributing":null,"funding":null,"license":"LICENSE","code_of_conduct":null,"threat_model":null,"audit":null,"citation":null,"codeowners":null,"security":null,"support":null}},"created_at":"2019-04-13T21:34:28.000Z","updated_at":"2025-04-04T22:57:17.000Z","dependencies_parsed_at":"2022-07-12T16:42:37.482Z","dependency_job_id":null,"html_url":"https://github.com/ahmetb/cloud-run-faq","commit_stats":null,"previous_names":[],"tags_count":0,"template":false,"template_full_name":null,"repository_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/ahmetb%2Fcloud-run-faq","tags_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/ahmetb%2Fcloud-run-faq/tags","releases_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/ahmetb%2Fcloud-run-faq/releases","manifests_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/ahmetb%2Fcloud-run-faq/manifests","owner_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/owners/ahmetb","download_url":"https://codeload.github.com/ahmetb/cloud-run-faq/tar.gz/refs/heads/master","host":{"name":"GitHub","url":"https://github.com","kind":"github","repositories_count":248923721,"owners_count":21183951,"icon_url":"https://github.com/github.png","version":null,"created_at":"2022-05-30T11:31:42.601Z","updated_at":"2022-07-04T15:15:14.044Z","host_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub","repositories_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories","repository_names_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repository_names","owners_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/owners"}},"keywords":["cloud-run","google-cloud-run"],"created_at":"2024-08-01T06:02:19.863Z","updated_at":"2025-04-14T17:00:21.600Z","avatar_url":"https://github.com/ahmetb.png","language":"Shell","funding_links":[],"categories":["Shell","Documentation"],"sub_categories":[],"readme":"# [Google Cloud Run][run] - FAQ\n\n\u003e ⚠️ Beware: This is a **community-maintained** informal knowledge base.\n\u003e\n\u003e * It **does not reflect** Google’s product roadmap. (Please don't ask when a\n\u003e   feature will ship)\n\u003e * Refer to the [**Cloud Run documentation**][docs] for the most up-to-date\n\u003e   information.\n\u003e\n\u003e **Googlers:** If you find this repo useful, you should recognize the work\n\u003e internally, as I actively fight for alternative forms of content like this.\n\n- **Is this repo useful?** Please **⭑Star** this repository and share the love.\n- **Curious about something?** Open an [issue], someone may be able to add it to\n  the FAQ.\n- **Contribute** if you learned something interesting about Cloud Run.\n- **Trouble using Cloud Run?** Ask a question [on Stack  Overflow][so].\n- **Check out** [awesome-cloudrun][awesome] for a curated list of Cloud Run\n  articles, tools and examples.\n- **Follow me** [on Twitter][twitter] as I frequently share Cloud Run news\n  and tips.\n\n[issue]: https://github.com/ahmetb/cloud-run-faq/issues\n[run]: https://cloud.google.com/run/?utm_campaign=CDR_ahm_aap-severless_cloud-run-faq_\u0026utm_source=external\u0026utm_medium=web\n[docs]: https://cloud.google.com/run/docs?utm_campaign=CDR_ahm_aap-severless_cloud-run-faq_\u0026utm_source=external\u0026utm_medium=web\n[so]: https://stackoverflow.com/questions/ask?tags=google-cloud-run\n[awesome]: https://github.com/steren/awesome-cloudrun\n[twitter]: https://twitter.com/ahmetb\n\n-----\n\n\u003c!--\n  ⚠️ DO NOT UPDATE THE TABLE OF CONTENTS MANUALLY ️️⚠️\n  run `npx markdown-toc -i README.md`.\n\n  Please stick to 80-character line wraps as much as you can.\n--\u003e\n\n\u003c!-- toc --\u003e\n\n- [Basics](#basics)\n  * [What is Cloud Run?](#what-is-cloud-run)\n  * [How is it different than App Engine Flexible?](#how-is-it-different-than-app-engine-flexible)\n  * [How is it different than Google Cloud Functions?](#how-is-it-different-than-google-cloud-functions)\n  * [How does it compare to AWS Fargate?](#how-does-it-compare-to-aws-fargate)\n  * [How does it compare to AWS Lambda Container Image support?](#how-does-it-compare-to-aws-lambda-container-image-support)\n  * [How does it compare to Azure Container Instances?](#how-does-it-compare-to-azure-container-instances)\n  * [What is \"Cloud Run for Anthos\"?](#what-is-cloud-run-for-anthos)\n  * [Is Cloud Run a \"hosted Knative\"?](#is-cloud-run-a-hosted-knative)\n- [Developing Applications](#developing-applications)\n  * [Which applications are suitable for Cloud Run?](#which-applications-are-suitable-for-cloud-run)\n  * [What if my application is doing background work outside of request processing?](#what-if-my-application-is-doing-background-work-outside-of-request-processing)\n  * [Which languages can I run on Cloud Run?](#which-languages-can-i-run-on-cloud-run)\n  * [Can I run my own system libraries and tools?](#can-i-run-my-own-system-libraries-and-tools)\n  * [Where do I get started to deploy a HTTP web server container?](#where-do-i-get-started-to-deploy-a-http-web-server-container)\n  * [How do I make my web application compatible with Cloud Run?](#how-do-i-make-my-web-application-compatible-with-cloud-run)\n  * [Can Cloud Run receive events?](#can-cloud-run-receive-events)\n  * [Is Cloud Run good for running static websites?](#is-cloud-run-good-for-running-static-websites)\n  * [How can I have cronjobs on Cloud Run?](#how-can-i-have-cronjobs-on-cloud-run)\n  * [Can I run a container only once on Cloud Run?](#can-i-run-a-container-only-once-on-cloud-run)\n  * [How to configure secrets for Cloud Run applications?](#how-to-configure-secrets-for-cloud-run-applications)\n  * [Can I mount storage volumes or disks on Cloud Run?](#can-i-mount-storage-volumes-or-disks-on-cloud-run)\n- [Deploying](#deploying)\n  * [How do I continuously deploy to Cloud Run?](#how-do-i-continuously-deploy-to-cloud-run)\n  * [Which container registries can I deploy from?](#which-container-registries-can-i-deploy-from)\n  * [How can I deploy from other GCR registries?](#how-can-i-deploy-from-other-gcr-registries)\n  * [How to do canary or blue/green deployments on Cloud Run?](#how-to-do-canary-or-bluegreen-deployments-on-cloud-run)\n  * [How can I specify Google credentials in Cloud Run applications?](#how-can-i-specify-google-credentials-in-cloud-run-applications)\n  * [Can I use `kubectl` to deploy to Cloud Run?](#can-i-use-kubectl-to-deploy-to-cloud-run)\n  * [Can I use Terraform to deploy to Cloud Run?](#can-i-use-terraform-to-deploy-to-cloud-run)\n- [Cold Starts](#cold-starts)\n  * [Does Cloud Run have cold starts?](#does-cloud-run-have-cold-starts)\n  * [When will my service scale to zero?](#when-will-my-service-scale-to-zero)\n  * [How do I minimize the cold start latencies?](#how-do-i-minimize-the-cold-start-latencies)\n  * [Do I get \"warmup requests\" like in App Engine?](#do-i-get-warmup-requests-like-in-app-engine)\n  * [How to keep a Cloud Run service “warm”?](#how-to-keep-a-cloud-run-service-warm)\n  * [How can I tell if a request was a “cold start”?](#how-can-i-tell-if-a-request-was-a-cold-start)\n- [Container Lifecycle](#container-lifecycle)\n  * [How does Cloud Run tell if my container is ready?](#how-does-cloud-run-tell-if-my-container-is-ready)\n  * [Does Cloud Run have readiness or liveness checks/probes?](#does-cloud-run-have-readiness-or-liveness-checksprobes)\n  * [What happens if my container exits/crashes?](#what-happens-if-my-container-exitscrashes)\n  * [What is the termination signal for Cloud Run services?](#what-is-the-termination-signal-for-cloud-run-services)\n- [Serving Traffic](#serving-traffic)\n  * [Which network protocols are supported on Cloud Run?](#which-network-protocols-are-supported-on-cloud-run)\n  * [Customizing port number on Cloud Run?](#customizing-port-number-on-cloud-run)\n  * [What's the maximum request execution time limit?](#whats-the-maximum-request-execution-time-limit)\n  * [Does my service get a domain name on Cloud Run?](#does-my-service-get-a-domain-name-on-cloud-run)\n  * [Are all Cloud Run services publicly accessible?](#are-all-cloud-run-services-publicly-accessible)\n  * [Can I run Cloud Run applications on a private IP?](#can-i-run-cloud-run-applications-on-a-private-ip)\n  * [How much additional latency does running on Cloud Run add?](#how-much-additional-latency-does-running-on-cloud-run-add)\n  * [Does my application get multiple requests concurrently?](#does-my-application-get-multiple-requests-concurrently)\n  * [What if my application can’t handle concurrent requests?](#what-if-my-application-cant-handle-concurrent-requests)\n  * [How do I find the right concurrency level for my application?](#how-do-i-find-the-right-concurrency-level-for-my-application)\n  * [Can I make request to a specific container instance?](#can-i-make-request-to-a-specific-container-instance)\n  * [Can I add Cloud Run services as backends to Cloud HTTP(S) Load Balancer?](#can-i-add-cloud-run-services-as-backends-to-cloud-https-load-balancer)\n  * [How does Cloud Run’s load balancing compare with Cloud Load Balancer (GCLB)](#how-does-cloud-runs-load-balancing-compare-with-cloud-load-balancer-gclb)\n  * [How can I configure CDN for Cloud Run services?](#how-can-i-configure-cdn-for-cloud-run-services)\n  * [Does Cloud Run offer SSL/TLS certificates (HTTPS)?](#does-cloud-run-offer-ssltls-certificates-https)\n  * [How can I use my own TLS certificates for Cloud Run?](#how-can-i-use-my-own-tls-certificates-for-cloud-run)\n  * [How can I redirect all HTTP traffic to HTTPS?](#how-can-i-redirect-all-http-traffic-to-https)\n  * [Is traffic between my app and Cloud Run’s load balancer encrypted?](#is-traffic-between-my-app-and-cloud-runs-load-balancer-encrypted)\n  * [Does Cloud Run support load balancing among multiple regions?](#does-cloud-run-support-load-balancing-among-multiple-regions)\n  * [Is HTTP/2 supported on Cloud Run?](#is-http2-supported-on-cloud-run)\n  * [Can my application server run on HTTP/2 protocol?](#can-my-application-server-run-on-http2-protocol)\n  * [Is gRPC supported on Cloud Run?](#is-grpc-supported-on-cloud-run)\n  * [How can I serve responses larger than 32MB with Cloud Run?](#how-can-i-serve-responses-larger-than-32mb-with-cloud-run)\n  * [Are WebSockets supported on Cloud Run?](#are-websockets-supported-on-cloud-run)\n- [Microservices](#microservices)\n  * [How do two Cloud Run services connect each other privately?](#how-do-two-cloud-run-services-connect-each-other-privately)\n  * [Does Cloud Run have DNS service discovery?](#does-cloud-run-have-dns-service-discovery)\n- [Autoscaling](#autoscaling)\n  * [Does my Cloud Run service scale to zero?](#does-my-cloud-run-service-scale-to-zero)\n  * [How can I limit the total number of instances for my application?](#how-can-i-limit-the-total-number-of-instances-for-my-application)\n  * [What’s the upper scaling limit for Cloud Run?](#whats-the-upper-scaling-limit-for-cloud-run)\n- [Runtime](#runtime)\n  * [Which operating system Cloud Run applications run on?](#which-operating-system-cloud-run-applications-run-on)\n  * [Can I use the local filesystem?](#can-i-use-the-local-filesystem)\n  * [Which system calls are supported?](#which-system-calls-are-supported)\n  * [Which executable ABIs are supported?](#which-executable-abis-are-supported)\n  * [Where can I find the \"instance ID\" of my container?](#where-can-i-find-the-instance-id-of-my-container)\n  * [How can I find the number of instances running?](#how-can-i-find-the-number-of-instances-running)\n  * [How can my service tell it is running on Cloud Run?](#how-can-my-service-tell-it-is-running-on-cloud-run)\n  * [Is there a way to get static IP for outbound requests?](#is-there-a-way-to-get-static-ip-for-outbound-requests)\n- [VPC Support](#vpc-support)\n  * [Can I place my Cloud Run application inside a VPC network?](#can-i-place-my-cloud-run-application-inside-a-vpc-network)\n  * [How to connect IPs in a VPC network from Cloud Run?](#how-to-connect-ips-in-a-vpc-network-from-cloud-run)\n  * [Are VPC Service Controls supported for Cloud Run?](#are-vpc-service-controls-supported-for-cloud-run)\n  * [Are \"Shared VPCs\" supported by VPC Access connector?](#are-shared-vpcs-supported-by-vpc-access-connector)\n- [Monitoring and Logging](#monitoring-and-logging)\n  * [Where do I write my application logs?](#where-do-i-write-my-application-logs)\n  * [How can I have structured logs?](#how-can-i-have-structured-logs)\n  * [Is Cloud Run integrated with Stackdriver APM?](#is-cloud-run-integrated-with-stackdriver-apm)\n  * [How can I do Tracing on Cloud Run?](#how-can-i-do-tracing-on-cloud-run)\n- [Pricing](#pricing)\n  * [Is there a “Free Tier”?](#is-there-a-free-tier)\n  * [When am I charged?](#when-am-i-charged)\n  * [How is billed time calculated?](#how-is-billed-time-calculated)\n  * [What do I pay for on Cloud Run?](#what-do-i-pay-for-on-cloud-run)\n\n\u003c!-- tocstop --\u003e\n\n-----\n\n## Basics\n\n### What is Cloud Run?\n\n[Cloud Run][run] is a service by Google Cloud Platform to run your stateless\nHTTP containers without worrying about provisioning machines, clusters or\nautoscaling.\n\nWith Cloud Run, you go from a \"container image\" to a fully managed web\napplication running on a domain name with TLS certificate that auto-scales with\nrequests in a single command. You only [pay](#pricing) while a request is\nhandled.\n\n### How is it different than App Engine Flexible?\n\n[GAE\nFlexible](https://cloud.google.com/appengine/docs/flexible/?utm_campaign=CDR_ahm_aap-severless_cloud-run-faq_\u0026utm_source=external\u0026utm_medium=web)\nand [Cloud Run][run] are very similar. They both accept container images as\ndeployment input, they both auto-scale, and manage the infrastructure your code\nruns on for you. However:\n\n* GAE Flexible is built on VMs, therefore is slower to deploy and scale.\n* GAE Flexible does not scale to zero, at least 1 instance must be running.\n* GAE Flexible billing has 1 minute granularity, Cloud Run in 0.1 second.\n\nRead more about [choosing a container option on\nGCP](https://cloud.google.com/container-options/?utm_campaign=CDR_ahm_aap-severless_cloud-run-faq_\u0026utm_source=external\u0026utm_medium=web).\n\n### How is it different than Google Cloud Functions?\n\n[GCF](https://cloud.google.com/functions?utm_campaign=CDR_ahm_aap-severless_cloud-run-faq_\u0026utm_source=external\u0026utm_medium=web) lets you deploy snippets of code\n(functions) written in a limited set of programming languages, to natively\nhandle HTTP requests or events from many GCP sources.\n\nCloud Run lets you deploy using any programming language, since it accepts\ncontainer images (more flexible, but also potentially more tedious to develop).\nIt also allows using any tool or system library from your application (see\n[here](#can-i-run-my-own-system-libraries-and-tools)) and GCF doesn’t let you\nuse such custom system executables.\n\nCloud Run can only receive HTTP requests or [Pub/Sub push events](https://cloud.google.com/pubsub/docs/push?utm_campaign=CDR_ahm_aap-severless_cloud-run-faq_\u0026utm_source=external\u0026utm_medium=web).\n(See [this tutorial](https://cloud.google.com/run/docs/tutorials/pubsub?utm_campaign=CDR_ahm_aap-severless_cloud-run-faq_\u0026utm_source=external\u0026utm_medium=web)).\n\nBoth services auto-scale your code, manage the infrastructure your code runs on\nand they both run on GCP’s serverless infrastructure.\n\nRead more about [choosing between GCP's serverless options](https://cloud.google.com/serverless-options/?utm_campaign=CDR_ahm_aap-severless_cloud-run-faq_\u0026utm_source=external\u0026utm_medium=web#header_3)\n\n### How does it compare to AWS Fargate?\n\n[AWS Fargate](https://aws.amazon.com/fargate/) and Cloud Run both let you run\ncontainers without managing the underlying infrastructure.\n\n- Fargate can run a wide range of container workloads, including but not limited\n  to HTTP servers, background or long running tasks.\n- Fargate requires an ECS cluster to run tasks on. This cluster doesn't expose\n  the underlying VM infrastructure to you. However, while using Fargate, you\n  still need to configure infrastructure aspects like VPCs, subnets, load\n  balancers, auto-scaling, health checks and service discovery.\n- Fargate also has a fairly more complex resource model than Cloud Run, it\n  doesn't allow request-based autoscaling, scale-to-zero, concurrency control,\n  and it exposes container instances and their lifecycle to you.\n\nCloud Run is a standalone compute platform, abstracting cluster management and\nfocusing on fast automatic scaling. Cloud Run supports running only HTTP\nservers, and therefore can do request-aware autoscaling, as well as\nscale-to-zero.\n\nThe pricing model is also different:\n\n- On Cloud Run, you only pay while a request is being handled.\n- On AWS Fargate, you pay for CPU/memory while containers are running, and since\n  Fargate doesn't support scale-to-zero, a service receiving no traffic will\n  still incur costs.\n\n### How does it compare to AWS Lambda Container Image support?\n\nAWS Lambda has recently added [support for running container\nimages](https://aws.amazon.com/blogs/aws/new-for-aws-lambda-container-image-support/).\n\nThese images still have to be either an AWS-provided runtime image (i.e. limited\nlanguage support) such as `public.ecr.aws/lambda/nodejs:12` or you have to\nprovide your own [Runtime\nAPI](https://docs.aws.amazon.com/lambda/latest/dg/runtimes-api.html)\nimplementation to be able to run arbitrary container images.\n\n- Cloud Run can run any container images that runs an HTTP server\n- AWS Lambda cannot run arbitrary container images. You have to either use an\n  AWS-provided image, or code your own Runtime API translation layer.\n- AWS Lambda doesn't support multiple requests handled by the same instance,\n  and each request is billed separately.\n- a single Cloud Run container instance can handle multiple requests\n  simultaneously and you aren't charged for them separately. (see: [When am I\n  charged?](#when-am-i-charged))\n\n### How does it compare to Azure Container Instances?\n\n[Azure Container\nInstances](https://azure.microsoft.com/en-us/services/container-instances/) and\nCloud Run both let you run containers without managing the underlying\ninfrastructure (VMs, clusters). Both ACI and Cloud Run give you a publicly\naccessible endpoint after deploying the application.\n\nCloud Run supports running only HTTP servers and offers auto-scaling, and scale\nto zero. ACI is\nfor long-running containers. Therefore, the pricing model is different. On Cloud\nRun, you only pay while a request is being handled.\n\n### What is \"Cloud Run for Anthos\"?\n\n[\"Cloud Run for Anthos\"][crogke] gives you the same Cloud Run experience on your\n[Kubernetes](https://kubernetes.io) clusters on [Anthos] (either on GCP with\n[GKE], or on-prem/other clouds). This gives you the freedom to choose where you\nwant to deploy your applications.\n\n\"Cloud Run\" and \"Cloud Run for Anthos\" are the same product, but running in\ndifferent places:\n\n* the same application format (container images)\n* the same deployment/management experience (`gcloud` or Cloud Console)\n* the same API ([Knative serving API][knative]).\n\nLook at [this diagram](https://twitter.com/ahmetb/status/1116041166359654400),\nor [**watch this video**](https://www.youtube.com/watch?v=RVdhyprptTQ) to decide\nhow to choose between the two.\n\n![](https://storage.googleapis.com/gweb-cloudblog-publish/images/developer_and_operator.0316026505360460.max-700x700.png)\n\nCloud Run for Anthos basically installs and manages a Knative installation (with\nsome additional GCP-specific components for monitoring etc) on your Kubernetes\ncluster so that you don’t have to worry about installing and managing Knative\nyourself.\n\n[knative]: https://www.knative.dev/\n[GKE]: https://cloud.google.com/kubernetes-engine/?utm_campaign=CDR_ahm_aap-severless_cloud-run-faq_\u0026utm_source=external\u0026utm_medium=web\n[Anthos]: https://cloud.google.com/anthos/?utm_campaign=CDR_ahm_aap-severless_cloud-run-faq_\u0026utm_source=external\u0026utm_medium=web\n\n### Is Cloud Run a \"hosted Knative\"?\n\nSort of.\n\nCloud Run implements most parts of the [Knative Serving\nAPI](https://knative.dev/docs/reference/api/serving-api/). However, the\nunderlying implementation of the functionality could differ from the open source\n[Knative][knative] implementation.\n\nWith [Cloud Run for Anthos](#what-is-cloud-run-on-anthos), you actually get a\nKnative installation (managed by Google) on your Kubernetes/[GKE] cluster\n\n## Developing Applications\n\n### Which applications are suitable for Cloud Run?\n\n[Cloud Run][run] is designed to run **stateless** request-driven containers.\n\nThis means you can deploy:\n\n* publicly accessible applications: web applications, APIs or webhooks\n* private microservices: internal microservices, data transformation, background\njobs, potentially triggered asynchronously by Pub/Sub events or Cloud Tasks.\n\nOther kinds of applications may not be fit for Cloud Run.\n\nIf your application is doing **processing while it’s not handling\nrequests** or storing in-memory state, it may not be suitable.\n\n### What if my application is doing background work outside of request processing?\n\nYour application’s CPU is **[significantly throttled][cpu]** nearly down to zero\nwhile it's not handling a request.\n\nTherefore, your application should limit CPU usage outside request processing to\na minimum. It might not be entirely possible since the programming language you\nuse might do _garbage collection_ or similar runtime tasks in the background.\n\n### Which languages can I run on Cloud Run?\n\nIf an application can be packaged into a container image that can run on Linux\n(x86-64), it can be executed on Cloud Run.\n\nWeb applications written in languages like Node.js, Python, Go, Java, Ruby, PHP,\nRust, Kotlin, Swift, C/C++, C# can work on Cloud Run. \n\n🍄 Users managed to run web servers written in x86 assembly, or [22-year old\nPython\n1.3](https://dev.to/di/ministry-of-silly-runtimes-vintage-python-on-cloud-run-3b9d)\non Cloud Run.\n\n### Can I run my own system libraries and tools?\n\nYes, see the section above. Since Cloud Run accepts container images as the\ndeployment unit, you can add arbitrary executables (like `grep`, `ffmpeg`,\n`imagemagick`) or system libraries (`.so`, `.dll`) to your container image and\nuse them in your application.\n\nSee [this tutorial](https://cloud.google.com/run/docs/tutorials/system-packages?utm_campaign=CDR_ahm_aap-severless_cloud-run-faq_\u0026utm_source=external\u0026utm_medium=web)\nusing Graphviz `dot` that generates PNG diagrams.\n\n### Where do I get started to deploy a HTTP web server container?\n\nSee [Cloud Run\nQuickstart](https://cloud.google.com/run/docs/quickstarts/build-and-deploy?utm_campaign=CDR_ahm_aap-severless_cloud-run-faq_\u0026utm_source=external\u0026utm_medium=web)\nwhich has sample applications written in many languages.\n\n### How do I make my web application compatible with Cloud Run?\n\nYour existing applications must listen on the `PORT` environment variable to\nwork on Cloud Run (see [container contract][container-contract]). This\nenvironment variable is given to your app by Cloud Run. It currently defaults to\n`8080` (but you should not rely on this) and you can [customize this port\nnumber](#customizing-port-number-on-cloud-run).\n\n### Can Cloud Run receive events?\n\nYes.\n\nCloud Run integrates securely with Pub/Sub push subscriptions:\n\n* Events are delivered via HTTP to the endpoint of your Cloud Run service.\n* Pub/Sub automatically validates the ownership of the `*.run.app` Cloud Run\nURLs\n* You can leverage [Pub/Sub push authentication](https://cloud.google.com/pubsub/docs/push?utm_campaign=CDR_ahm_aap-severless_cloud-run-faq_\u0026utm_source=external\u0026utm_medium=web#setting_up_for_push_authentication)\nto securely and privately push events to Cloud Run services, without exposing\nthem publicly to the internet.\n\nMany GCP services like Google Cloud Storage are able to [send events to a \nPub/Sub topic](https://cloud.google.com/storage/docs/pubsub-notifications?utm_campaign=CDR_ahm_aap-severless_cloud-run-faq_\u0026utm_source=external\u0026utm_medium=web).\nYou can publish your own events to a Pub/Sub topic and push them to a Cloud\nRun service.\n\nFollow [this tutorial](https://cloud.google.com/run/docs/tutorials/pubsub?utm_campaign=CDR_ahm_aap-severless_cloud-run-faq_\u0026utm_source=external\u0026utm_medium=web) for\ninstructions about how to push Pub/Sub events to Cloud Run services.\n\nBesides Pub/Sub, Google Cloud Eventarc(in preview) allows you to trigger Cloud\nRun from events that originate from Cloud Storage, BigQuery, Firestore and more\nthan 60 other Google Cloud sources. See [this blog\npost](https://cloud.google.com/blog/products/serverless/build-event-driven-applications-in-cloud-run?utm_campaign=CDR_ahm_aap-severless_cloud-run-faq_\u0026utm_source=external\u0026utm_medium=web)\nfor detail.\n\n### Is Cloud Run good for running static websites?\n\nPotentially. Cloud Run has a generous [free tier][pricing] which can let you run\nyour websites for free. However, if you have a static HTML website, using\n[Firebase\nHosting](https://firebase.google.com/docs/hosting?utm_campaign=CDR_ahm_aap-severless_cloud-run-faq_\u0026utm_source=external\u0026utm_medium=web)\nor Google Cloud Storage buckets (behind Cloudflare for HTTPS+CDN) can also be\nsimilarly cheap or free.\n\n### How can I have cronjobs on Cloud Run?\n\nIf you need to invoke your Cloud Run applications periodically, use\n[Google Cloud Scheduler](https://cloud.google.com/scheduler/?utm_campaign=CDR_ahm_aap-severless_cloud-run-faq_\u0026utm_source=external\u0026utm_medium=web). It can make a\nrequest to your application’s specific URL at an interval you specify.\n\n### Can I run a container only once on Cloud Run?\n\nShort answer: No. Cloud Run is not designed for this purpose.\n\nSometimes you might have a container-based job (run-to-completion task) that\nmight seem suitable for Cloud Run. However, Cloud Run is designed for running\nserver apps (HTTP/gRPC etc).\n\nIf you want to execute run-to-completion containers on-demand or periodically\non Google Cloud Platform, you can [create a Compute Engine VM with a container](https://cloud.google.com/compute/docs/containers/deploying-containers?utm_campaign=CDR_ahm_aap-severless_cloud-run-faq_\u0026utm_source=external\u0026utm_medium=web).\n\n### How to configure secrets for Cloud Run applications?\n\nYou can use [Secret Manager](https://cloud.google.com/secret-manager/docs/?utm_campaign=CDR_ahm_aap-severless_cloud-run-faq_\u0026utm_source=external\u0026utm_medium=web) with\nCloud Run. Read how to write code and set permissions to access the secrets from\nyour Cloud Run app in the\n[documentation](https://cloud.google.com/secret-manager/docs/creating-and-accessing-secrets?utm_campaign=CDR_ahm_aap-severless_cloud-run-faq_\u0026utm_source=external\u0026utm_medium=web).\n\nAlternatively, if you'd like to store secrets in Cloud Storage (GCS) using Cloud\nKMS envelope encryption, check out the\n[Berglas](https://github.com/GoogleCloudPlatform/berglas) tool and library\n(Berglas also has support for Secret Manager).\n\n### Can I mount storage volumes or disks on Cloud Run?\n\nCloud Run currently doesn’t offer a way to bind mount additional storage volumes\n(like FUSE, or [persistent disks][pd]) on your filesystem. If you’re reading\ndata from Google Cloud Storage, instead of using solutions like `gcsfuse`, you\nshould use the supported Google Cloud Storage client libraries.\n\nHowever, Cloud Run **for Anthos** allows you to mount Kubernetes [Secrets] and\n[ConfigMaps], but **this is not yet fully supported**. See an example\n[here][sec-ex] about mounting [Secrets] to a Service running on GKE.\n\n[pd]: https://cloud.google.com/persistent-disk/?utm_campaign=CDR_ahm_aap-severless_cloud-run-faq_\u0026utm_source=external\u0026utm_medium=web\n[vols]: https://cloud.google.com/kubernetes-engine/docs/concepts/volumes?utm_campaign=CDR_ahm_aap-severless_cloud-run-faq_\u0026utm_source=external\u0026utm_medium=web\n[Secrets]: https://cloud.google.com/kubernetes-engine/docs/concepts/secret?utm_campaign=CDR_ahm_aap-severless_cloud-run-faq_\u0026utm_source=external\u0026utm_medium=web\n[ConfigMaps]: https://cloud.google.com/kubernetes-engine/docs/concepts/configmap?utm_campaign=CDR_ahm_aap-severless_cloud-run-faq_\u0026utm_source=external\u0026utm_medium=web\n[sec-ex]: https://knative.dev/docs/serving/samples/secrets-go/\n\n## Deploying\n\n### How do I continuously deploy to Cloud Run?\n\n- A lot of CI/CD tutorials at [awesome-cloudrun repo](https://github.com/steren/awesome-cloudrun#cicd)\n- Documentation: [Continuous Deployment using Google Cloud Build](https://cloud.google.com/cloud-build/docs/deploying-builds/deploy-cloud-run?utm_campaign=CDR_ahm_aap-severless_cloud-run-faq_\u0026utm_source=external\u0026utm_medium=web)\n- Blog: [Deploy using GitLab CI/CD](https://viggy28.dev/article/cloudrun-cicd/)\n\n_(If you know of articles about other CI/CD system integrations, add them here.)_\n\nFor other CI/CD systems, roughly the steps you should follow look like:\n\n1. Create a new service account with a JSON key.\n1. Give the service account [IAM permissions to deploy to Cloud Run](https://cloud.google.com/run/docs/reference/iam/roles?utm_campaign=CDR_ahm_aap-severless_cloud-run-faq_\u0026utm_source=external\u0026utm_medium=web).\n      * `roles/run.admin` to deploy applications\n      * `roles/iam.serviceAccountUser` on the service account that your app will use\n      \n1. Upload the JSON key to the CI/CD environment, and authenticate to `gcloud`\n   by calling:\n\n       gcloud auth activate-service-account --key-file=[KEY_JSON_FILE]\n\n1. Deploy the app by calling:\n\n       gcloud run deploy [MY_SERVICE] --image=[...] [...]\n\n[gcb]: https://cloud.google.com/cloud-build/?utm_campaign=CDR_ahm_aap-severless_cloud-run-faq_\u0026utm_source=external\u0026utm_medium=web\n\n### Which container registries can I deploy from?\n\nCloud Run currently only allows deploying images hosted on Google Container\nRegistry (`*.gcr.io/*`) and Cloud Artifact Registry (`*.pkg.dev/*`).\n\nDeploying from external registries like Docker Hub are currently not supported.\n\n### How can I deploy from other GCR registries?\n\nIf you're deploying from GCR registries on another GCP project:\n\n- public registries: should be deploying without additional configuration\n- private registries: need to give GCR access to service account used by Cloud\n  Run.\n\nTo give access, go to [IAM\u0026Admin](https://console.cloud.google.com/iam-admin/iam) on\nCloud Console, and find the email for \"Google Cloud Run Service Agent\". Then\nfollow [this\ndocument](https://cloud.google.com/container-registry/docs/access-control?utm_campaign=CDR_ahm_aap-severless_cloud-run-faq_\u0026utm_source=external\u0026utm_medium=web#granting_users_and_other_projects_access_to_a_registry)\nto give this service account GCR access on the other project.\n\n### How to do canary or blue/green deployments on Cloud Run?\n\nIf you updated your Cloud Run service, you probably realized it creates a new\n[revision](https://cloud.google.com/run/docs/managing/revisions?utm_campaign=CDR_ahm_aap-severless_cloud-run-faq_\u0026utm_source=external\u0026utm_medium=web) for every new\nconfiguration of your service.\n\nCloud Run allows you to [**split traffic** between multiple\nrevisions](https://cloud.google.com/run/docs/rollouts-rollbacks-traffic-migration?utm_campaign=CDR_ahm_aap-severless_cloud-run-faq_\u0026utm_source=external\u0026utm_medium=web),\nso you can do gradual rollouts such as canary deployments or blue/green\ndeployments.\n\n### How can I specify Google credentials in Cloud Run applications?\n\nFor applications running on Cloud Run, you don't need to deliver JSON keys for\nIAM Service Accounts, or set `GOOGLE_APPLICATION_CREDENTIALS` environment\nvariable.\n\nJust specify the service account (`--service-account`) you want your application\nto use automatically while deploying the app. See [configuring service\nidentity][ident].\n\n[ident]: https://cloud.google.com/run/docs/securing/service-identity?utm_campaign=CDR_ahm_aap-severless_cloud-run-faq_\u0026utm_source=external\u0026utm_medium=web\n\n### Can I use `kubectl` to deploy to Cloud Run?\n\nCloud Run supports the [Knative][knative] Serving API. However, currently some\nparts of Kubernetes Discovery API required by `kubectl` are not yet offered on\nCloud Run API.\n\nAs a solution, you can write your [Knative `Service`][ksvc] resource as a .yaml\nfile and use the following command to deploy to Cloud Run:\n\n```sh\ngcloud run services replace --platform=managed \u003cfile.yaml\u003e\n```\n\nSince \"Cloud Run for Anthos\" runs [Knative][knative] natively, you can use\n`kubectl` to deploy [Knative `Service`s][ksvc] to your GKE cluster by writing YAML\nmanifests and running `kubectl apply`. See Knative tutorials for more info.\n\n[kubeconfig]: https://kubernetes.io/docs/concepts/configuration/organize-cluster-access-kubeconfig/\n[ksvc]: https://www.knative.dev/docs/reference/serving-api/#Service\n\n### Can I use Terraform to deploy to Cloud Run?\n\nYes. Terraform provides\n[resources](https://registry.terraform.io/providers/hashicorp/google/latest/docs/resources/cloud_run_service)\nto define a Cloud Run deployment in Terraform. Also see [this blog\npost](https://www.sethvargo.com/configuring-cloud-run-with-terraform/) and\n[sample app](https://github.com/sethvargo/terraform-cloud-run-demo).\n\n## Cold Starts\n\n### Does Cloud Run have cold starts?\n\nYes. If a Cloud Run service does not receive requests for a long time, it will\ntake some time to start it again. This will add additional delay to the first\nrequest.\n\nCold start latency depends on [many\nfactors](https://cloud.google.com/run/docs/tips?utm_campaign=CDR_ahm_aap-severless_cloud-run-faq_\u0026utm_source=external\u0026utm_medium=web#optimizing_performance), however\nit is independent of the image size.\n\n### When will my service scale to zero?\n\nCloud Run does not provide any guarantees on how long it will keep a container\ninstance \"warm\". It depends on factors like capacity and Google’s implementation\ndetails. See: [How to keep a service\n\"warm\"?](#how-to-keep-a-cloud-run-service-warm).\n\n### How do I minimize the cold start latencies?\n\nCloud Run allows you to have a [specified number of warm instances][min-ins].\nThese instances are billed differently, but they stick around to prevent\ncold starts.\n\nSee [performance optimization\ntips](https://cloud.google.com/run/docs/tips?utm_campaign=CDR_ahm_aap-severless_cloud-run-faq_\u0026utm_source=external\u0026utm_medium=web#starting_services_quickly),\nbasically:\n\n- minimize the number and size of the dependencies that your app loads\n- keep your app’s \"time to listen for requests\" startup time short\n- prevent your application process from crashing\n\nThe size of your container image has almost no impact on cold starts.\n\n[min-ins]: https://cloud.google.com/run/docs/configuring/min-instances?utm_campaign=CDR_ahm_aap-severless_cloud-run-faq_\u0026utm_source=external\u0026utm_medium=web#starting_services_quickly\n\n### Do I get \"warmup requests\" like in App Engine?\n\nCloud Run does not have the notion of [App Engine warmup\nrequests](https://cloud.google.com/appengine/docs/standard/python/configuring-warmup-requests?utm_campaign=CDR_ahm_aap-severless_cloud-run-faq_\u0026utm_source=external\u0026utm_medium=web).\nYou can perform initialization of your application (such as loading data) until\nyou start listening on the port number.\n\nNote that delaying the listening on the port number causes longer _cold starts_,\nso consider [lazily\ncomputing/fetching](https://cloud.google.com/run/docs/tips?utm_campaign=CDR_ahm_aap-severless_cloud-run-faq_\u0026utm_source=external\u0026utm_medium=web#performing_lazy_initialization_of_global_variables)\nthe data you need to reduce cold start latencies.\n\n### How to keep a Cloud Run service “warm”?\n\nCloud Run now allows you to [keep a number of warm\ninstances][min-ins]. Also called \"minimum instances\", Cloud Run keeps these\ncontainer instances running so they're ready to serve requests.\n\nSuch warm containers are [billed differently][pricing], however keeping a\nsingle 256 MB RAM / 1 vCPU container warm for a month costs around $8, which\nis still cheaper than the cheapest VM option (f1-micro).\n\nThese warm containers still get their CPU throttled to ~0% when they are not\nprocessing requests.\n\nYou can also work around \"cold starts\" by periodically making requests to your\nCloud Run service which can help prevent the container instances from scaling to\nzero. For this, use [Google Cloud\nScheduler](https://cloud.google.com/scheduler?utm_campaign=CDR_ahm_aap-severless_cloud-run-faq_\u0026utm_source=external\u0026utm_medium=web)\nto make requests every few minutes.\n\n### How can I tell if a request was a “cold start”?\n\nCloud Run does not mark request logs with information about whether they caused\na cold start or not. However you can implement this yourself using a global\nvariable.\n\n## Container Lifecycle\n\n### How does Cloud Run tell if my container is ready?\n\nCloud Run starts sending traffic to your application once you start listening\non the port number (given to you via `PORT` environment variable).\n\n### Does Cloud Run have readiness or liveness checks/probes?\n\nCloud Run does not offer user-configurable liveness checks or probes like\nKubernetes, as explained in previous question, the moment your server starts\nlistening on the port number, you indicate that your application is ready to\nreceive traffic.\n\n### What happens if my container exits/crashes?\n\nIf the entrypoint process of a container exits, the container is stopped. A\ncrashed container triggers [cold start](#cold-starts) while the container is\nrestarted. Avoid exiting/crashing your server process by handling exceptions.\nSee [development tips](https://cloud.google.com/run/docs/tips?utm_campaign=CDR_ahm_aap-severless_cloud-run-faq_\u0026utm_source=external\u0026utm_medium=web#reporting_errors).\n\n### What is the termination signal for Cloud Run services?\n\nCurrently, Cloud Run terminates containers while [scaling to\nzero](#does-my-cloud-run-service-scale-to-zero) with unix signal 15 (`SIGTERM`).\n`SIGTERM` is trappable (capturable) by applications. If handled, CPU is allocated \nfor 10s max.\n\n\n## Serving Traffic\n\n### Which network protocols are supported on Cloud Run?\n\nCloud Run only supports HTTP/1.x and HTTP/2 (including gRPC) over TLS. Other\nTCP and UDP based protocols are not supported. This means, you can't run your\narbitrary TCP based application, or a Redis/Memcached server on Cloud Run.\n\nAlso see: [HTTP/2](#is-http2-supported-on-cloud-run),\n[gRPC](#is-grpc-supported-on-cloud-run)\n\n### Customizing port number on Cloud Run?\n\nCloud Run now allows you to [customize which port\nnumber](https://cloud.google.com/run/docs/configuring/containers?utm_campaign=CDR_ahm_aap-severless_cloud-run-faq_\u0026utm_source=external\u0026utm_medium=web#configure-port)\nyour application serves traffic on. This is for applications that cannot\nchange the server port by reading the `PORT` environment variable passed by\nCloud Run. (Upon customizing, `PORT` value will have the specified value.)\n\n### What's the maximum request execution time limit?\n\nBy default 5 minutes or up to 60 minutes, if configured. See [limits][lim].\n\n### Does my service get a domain name on Cloud Run?\n\nYes, every Cloud Run service gets a `*.run.app` domain name for free. You can\nalso use [your domain names][custom-domains].\n\n[custom-domains]: https://cloud.google.com/run/docs/mapping-custom-domains?utm_campaign=CDR_ahm_aap-severless_cloud-run-faq_\u0026utm_source=external\u0026utm_medium=web\n\n### Are all Cloud Run services publicly accessible?\n\nNo. Cloud Run allows services to be either **publicly accessible** to anyone on\nthe Internet, or **private services** that require [authentication] via a\nJWT (identity token).\n\n[authentication]: https://cloud.google.com/run/docs/securing/authenticating?utm_campaign=CDR_ahm_aap-severless_cloud-run-faq_\u0026utm_source=external\u0026utm_medium=web\n\n### Can I run Cloud Run applications on a private IP?\n\nCurrently no. Cloud Run applications always have a `*.run.app` public hostname\nand they cannot be placed inside a VPC (Virtual Private Cloud) network.\n\nIf any other private service (e.g. GCE VMs, GKE) needs to call your Cloud Run\napplication, they need to use this public hostname.\n\nWith [ingress settings](https://cloud.google.com/run/docs/securing/ingress?utm_campaign=CDR_ahm_aap-severless_cloud-run-faq_\u0026utm_source=external\u0026utm_medium=web) on\nCloud Run, you can allow your app to be accesible only from the VPC (e.g. VMs or\nclusters) or VPC+Cloud Load Balancer –but it still does not give you a private\nIP.  You can still combine this with IAM to restrict the outside world but still\nauthenticate and authorize other apps running the VPC network.\n\n### How much additional latency does running on Cloud Run add?\n\n\u003e TODO(ahmetb): Write this section. Ideally we should link to some blog posts\n\u003e doing an analysis of this.\n\n### Does my application get multiple requests concurrently?\n\nContrary to most serverless products, Cloud Run is able to send multiple\nrequests to be handled\n[simultaneously](https://cloud.google.com/run/docs/about-concurrency?utm_campaign=CDR_ahm_aap-severless_cloud-run-faq_\u0026utm_source=external\u0026utm_medium=web) to\nyour container instances.\n\nEach container instance on Cloud Run is (currently) allowed to handle [up to\n1000][lim] concurrent requests. The [default](https://cloud.google.com/run/docs/about-concurrency#concurrency_values) is 80.\n\n### What if my application can’t handle concurrent requests?\n\nIf your application cannot handle this number, you\ncan configure this number while deploying your service in `gcloud` or Cloud\nConsole.\n\nMost of the popular programming languages can process multiple requests at the\nsame time thanks to multi-threading. But some languages may need additional\ncomponents to do concurrent requests (e.g. PHP with\n[Apache](https://hub.docker.com/_/php), or Python with\n[gunicorn](https://github.com/knative/docs/blob/7c4ff1c98e072b3c61649f35e6cafb11b00c6ab0/docs/serving/samples/hello-world/helloworld-python/Dockerfile#L11)).\n\n[lim]: https://cloud.google.com/run/quotas?utm_campaign=CDR_ahm_aap-severless_cloud-run-faq_\u0026utm_source=external\u0026utm_medium=web\n\n### How do I find the right concurrency level for my application?\n\nEach application and language can process different levels of simultaneously\nwithout having them time out. That's why Cloud Run allows you to\n[configure](https://cloud.google.com/run/docs/about-concurrency?utm_campaign=CDR_ahm_aap-severless_cloud-run-faq_\u0026utm_source=external\u0026utm_medium=web) concurrency\nper service.\n\nYou should do \"load testing\" to find out where your application should stop\nhandling additional request and additional instances should be created. Read\n[Tuning concurrency](https://cloud.google.com/run/docs/tips?utm_campaign=CDR_ahm_aap-severless_cloud-run-faq_\u0026utm_source=external\u0026utm_medium=web#using_concurrency)\nfor more.\n\n### Can I make request to a specific container instance?\n\nNo, Cloud Run does not offer a \"sticky session\" primitive. All requests are\nload balanced between available container instances.\n\n### Can I add Cloud Run services as backends to Cloud HTTP(S) Load Balancer?\n\n**UPDATE (July 10, 2020):** Yes, [this is now in **beta**][neg].\n\nYou need to [add serverless network endpoint groups][neg-setup] behind a [Cloud\nHTTP(S) Load Balancer (GCLB)][https-lb] to achieve this. The \"serverless NEG\" concepts\nallows Cloud Run services to be added behind a load balancer, just like a VM\nor GCS bucket.\n\n[https-lb]: https://cloud.google.com/load-balancing/docs/https/?utm_campaign=CDR_ahm_aap-severless_cloud-run-faq_\u0026utm_source=external\u0026utm_medium=web\n[neg]: https://cloud.google.com/load-balancing/docs/negs/serverless-neg-concepts?utm_campaign=CDR_ahm_aap-severless_cloud-run-faq_\u0026utm_source=external\u0026utm_medium=web\n[neg-setup]: https://cloud.google.com/load-balancing/docs/negs/setting-up-serverless-negs?utm_campaign=CDR_ahm_aap-severless_cloud-run-faq_\u0026utm_source=external\u0026utm_medium=web\n\n### How does Cloud Run’s load balancing compare with Cloud Load Balancer (GCLB)\n\nCloud Run applications [can be added][neg-setup] behind a [Cloud HTTP(s) load\nbalancer (GCLB)][https-lb]. However you might wonder, aren't Cloud Run endpoints\nalready _load-balanced_? Yes, they are.\n\nHowever, GCLB offers a wide variety of options that you might need, such as:\n\n- Support for configuring GCLB products like Cloud CDN, Cloud Armor and Cloud IAP\n- Routing to multiple backends (VM, GCS bucket, Run/GCF apps) on a single domain\n- Bringing your own certificates\n- Having a static IP (IPv4 or IPv6) for your domains\n\n### How can I configure CDN for Cloud Run services?\n\nYes, see previous question. With  [Cloud HTTP(S) Load Balancer (GCLB)][https-lb] integration,\nyou need to add the Cloud Run service as a NEG to the load balancer.\n\nYou can also have CDN from other services if you don't want to use Cloud HTTP(S) Load Balancer:\n\n- [Firebase Hosting](https://firebase.google.com/docs/hosting/) by:\n  - responding to requests with a [`Cache-Control`\n    header](https://firebase.google.com/docs/hosting/manage-cache#set_cache-control),\n    and\n  - configuring a [rewrite configuration in\n    `firebase.json`](https://firebase.google.com/docs/hosting/cloud-run#direct_requests_to_container)\n    of your Firebase app.\n\n\u003e **WARNING:** If you are using [Cloudflare](https://cloudflare.com/) with proxying\n\u003e capabilities, [follow the guide here](https://cloud.google.com/run/docs/mapping-custom-domains?utm_campaign=CDR_ahm_aap-severless_cloud-run-faq_\u0026utm_source=external\u0026utm_medium=web).\n\n### Does Cloud Run offer SSL/TLS certificates (HTTPS)?\n\nYes. If you’re using the domain name provided by Cloud Run (`*.run.app`), your\napplication is immediately ready to serve on `https://` protocol because Google\nhas a wildcard TLS certificate for\n[`*.a.run.app`](https://crt.sh/?id=4260085120).\n\nIf you’re using your own [custom domain] name, Cloud Run provisions a TLS\ncertificate for your domain name. This may take ~15 minutes to provision and\nserve traffic on `https://`. Cloud Run uses its own certificate authority named\nGoogle Trust Services or [Let’s Encrypt](https://letsencrypt.org/) to provision\na certificate for your domain ([example](https://crt.sh/?id=4221640439)).\n\n[custom domain]: https://cloud.google.com/run/docs/mapping-custom-domains?utm_campaign=CDR_ahm_aap-severless_cloud-run-faq_\u0026utm_source=external\u0026utm_medium=web\n\n### How can I use my own TLS certificates for Cloud Run?\n\nWhen you use custom domain mapping feature of Cloud Run, it will provision a TLS\ncertificate for your domain. However, if you want to use custom features, check\nout the [Cloud HTTP(S) Load Balancer (GCLB) integration][setup-neg].\n\n### How can I redirect all HTTP traffic to HTTPS?\n\nThis is built in and required. To make Cloud Run secure by default, Cloud Run\nservices will only be accessible via HTTPS.\n\nAny HTTP requests are automatically returned an HTTP 302 response pointing to\nthe HTTPS version of the current URL. This was rolled out as a change in the\nbeta service in August 2019.\n\n### Is traffic between my app and Cloud Run’s load balancer encrypted?\n\nSince your app serves traffic on `PORT` (by default 8080) unencrypted, you might\nthink the connection between Cloud Run’s load-balanced endpoint and your\napplication is unencrypted.\n\nHowever, the transit between Google’s frontend/load balancer and your Cloud Run\ncontainer instance is encrypted. Google terminates TLS/HTTPS connections before\nthey reach your application, so that you don’t have to handle TLS yourself.\n\n### Does Cloud Run support load balancing among multiple regions?\n\nNot natively. Cloud Run services are regional. But it's possible to do it\nyourself.\n\nUsing the [Cloud Load Balancer (GCLB)][setup-neg] integration, deploying your\nservice to multiple regions and adding them behind the load balancer, the\nclients connecting to the load balancer IP/domain will be routed to the Cloud\nRun service **closest** to the client.\n\nRead [documentation](https://cloud.google.com/run/docs/multiple-regions?utm_campaign=CDR_ahm_aap-severless_cloud-run-faq_\u0026utm_source=external\u0026utm_medium=web)\nor [my article](https://ahmet.im/blog/cloud-run-multi-region/) or\n[with Terraform](https://ahmet.im/blog/cloud-run-multi-region-terraform/).\n\n### Is HTTP/2 supported on Cloud Run?\n\nYes. Cloud Run’s gateway will upgrade any HTTP/1 server you write to HTTP/2. If\nyou query your application with `https://`, you should be seeing HTTP/2 protocol\nused between the client and Cloud Run service:\n\n```text\n$ curl --http2 https://\u003curl\u003e\n...\n\u003c HTTP/2 200\n...\n```\n\n### Can my application server run on HTTP/2 protocol?\n\nHTTP/2 to the container is currently only supported for gRPC services.\n\nCloud Run requires your application to serve on an **unencrypted** endpoint\nand HTTP/2 by default requires TLS.\n\nIf your server supports HTTP/2 upgrade via the `h2c` (unencrypted HTTP/2)\nprotocol, it will safely fall-back to HTTP/1.1.\n\nIf you develop an HTTP/2 **only** server, Cloud Run will\nnot currently be able to route requests to it, as Cloud Run does include prior knowledge\nheaders by default.\n\n### Is gRPC supported on Cloud Run?\n\nYes. Cloud Run (fully managed) can\n[now](https://cloud.google.com/blog/products/serverless/cloud-run-gets-websockets-http-2-and-grpc-bidirectional-streams?utm_campaign=CDR_ahm_aap-severless_cloud-run-faq_\u0026utm_source=external\u0026utm_medium=web)\nrun [gRPC](https://grpc.io/) services, including all RPC types (unary,\nserver-streaming, client-streaming and bidirectional).\n\n[crogke]: https://cloud.google.com/run/docs/gke/setup?utm_campaign=CDR_ahm_aap-severless_cloud-run-faq_\u0026utm_source=external\u0026utm_medium=web\n\n### How can I serve responses larger than 32MB with Cloud Run?\n\nCloud Run can stream responses that are larger than 32MB using HTTP chunked\nencoding. Add the HTTP header `Transfer-Encoding: chunked` to your response\nif you know it will be larger than 32MB.\n\n### Are WebSockets supported on Cloud Run?\n\n[WebSockets](https://en.wikipedia.org/wiki/WebSocket) are\n[now](https://cloud.google.com/blog/products/serverless/cloud-run-gets-websockets-http-2-and-grpc-bidirectional-streams?utm_campaign=CDR_ahm_aap-severless_cloud-run-faq_\u0026utm_source=external\u0026utm_medium=web)\nsupported on Cloud Run. [Read\ndocumentation](https://cloud.google.com/run/docs/triggering/websockets?utm_campaign=CDR_ahm_aap-severless_cloud-run-faq_\u0026utm_source=external\u0026utm_medium=web).\n\nSince WebSockets requests are typically long-running, they will keep billing\nthe container, and therefore can be more expensive. WebSockets requests are\nalso subject to \"request timeout\" limits (i.e. they don't stay open forever).\n\n## Microservices\n\n### How do two Cloud Run services connect each other privately?\n\nTo make requests to Cloud Run applications privately, you need to obtain an\nidentity token, and add it to the `Authorization` header of the outbound request\nof the target service. You can find [documentation and examples\nhere](https://cloud.google.com/run/docs/authenticating/service-to-service?utm_campaign=CDR_ahm_aap-severless_cloud-run-faq_\u0026utm_source=external\u0026utm_medium=web).\n\nFor Cloud Run service A (running with service account `SA1`) to be able to\nconnect to private Cloud Run service B, you need to:\n\n1. Update IAM permissions of service B to give `SA1` Cloud Run Invoker role\n   (`roles/run.invoker`).\n\n2. Obtain an identity token (JWT) from metadata service:\n\n    ```sh\n    curl -H \"metadata-flavor: Google\" \\\n      http://metadata/instance/service-accounts/default/identity?audience=URL\n    ```\n    where `URL` is the URL of service B (i.e. `https://*.run.app`).\n\n3. Add header `Authorization: Bearer \u003cTOKEN\u003e` where `\u003cTOKEN\u003e` is the response\n   obtained in the previous command.\n\n### Does Cloud Run have DNS service discovery?\n\nIf you're using Kubernetes or similar systems, you might be used to calling\nanother service directly by name (e.g. `http://hello/`). However, Cloud Run does\nnot support this yet. Therefore you must use the full (`*.run.app`) URL.\n\nAlternatively, you can try out the [runsd\nproject](https://github.com/ahmetb/runsd), which is my prototype Cloud Run\nDNS Service Discovery + automatic authentication implementation.\n\n## Autoscaling\n\n### Does my Cloud Run service scale to zero?\n\nYes. When your service is not receiving requests, you are not paying for\nanything.\n\nTherefore, after not receiving any requests for a while, the first request may\nobserve [cold start](#cold-starts) latency.\n\n### How can I limit the total number of instances for my application?\n\nBy setting the `Maximum number of instances` parameter when deploying a new revision.\n\n### What’s the upper scaling limit for Cloud Run?\n\nEach Cloud Run service can scale by default [up to 1000 container instances][lim], a limit that\ncan be increase via a quota request. Each container instance can handle [up to 250 simultaneous\nrequests][lim].\n\n## Runtime\n\n### Which operating system Cloud Run applications run on?\n\nLinux.\n\nHowever, since you bring your own container image, you get to decide\nyour system libraries like libs (e.g. musl libc in alpine, or glibc in debian\nbased images).\n\nYour applications run on [gVisor](https://gvisor.dev/docs/) which only supports\nLinux (currently).\n\n### Can I use the local filesystem?\n\nYes, **however** files written to the local filesystem **count towards available\nmemory** and may cause container instance to go out-of-memory and crash.\n\nTherefore, writing files to local filesystem are discouraged, with the exception\nof [`/var/log/*` path for logging](https://cloud.google.com/run/docs/logging?utm_campaign=CDR_ahm_aap-severless_cloud-run-faq_\u0026utm_source=external\u0026utm_medium=web).\n\n### Which system calls are supported?\n\nCloud Run applications run on [gVisor](https://gvisor.dev) container sandbox,\nwhich executes Linux kernel system calls made by your application in userspace.\n\ngVisor does not implement all system calls (see\n[here](https://gvisor.dev/docs/user_guide/compatibility/amd64/)). If your app\nhas such a system call (**quite rare**), it will not work on Cloud Run. Such an\nevent [is logged](https://cloud.google.com/run/docs/troubleshooting?utm_campaign=CDR_ahm_aap-severless_cloud-run-faq_\u0026utm_source=external\u0026utm_medium=web#sandbox) and\nyou can [use\n`strace`](https://cloud.google.com/run/docs/troubleshooting/tracing-system-calls?utm_campaign=CDR_ahm_aap-severless_cloud-run-faq_\u0026utm_source=external\u0026utm_medium=web)\nto determine when the system call was made in your app.\n\n### Which executable ABIs are supported?\n\nApplications compiled for 64-bit Linux are supported. To be precise, ELF\nexecutables compiled to [x84-64](https://en.wikipedia.org/wiki/X86-64). See\n[Container Contract][container-contract].\n\n[container-contract]: https://cloud.google.com/run/docs/reference/container-contract?utm_campaign=CDR_ahm_aap-severless_cloud-run-faq_\u0026utm_source=external\u0026utm_medium=web\n[cpu]: https://cloud.google.com/run/docs/reference/container-contract?utm_campaign=CDR_ahm_aap-severless_cloud-run-faq_\u0026utm_source=external\u0026utm_medium=web#cpu\n\n\n### Where can I find the \"instance ID\" of my container?\n\nThe [logs][logging] collected from a container instance specify the unique\ninstance ID of the container when the logs are viewed on Stackdriver Logging.\nThis instance ID is not made available to the application.\n\nTo identify your container instance while it’s running, generate a random UUID\nduring the startup of your process and store it in a variable.\n\n### How can I find the number of instances running?\n\nYou can't see the number of instances running at a time on Cloud Run.\n\nHowever, you can use the **Billable container instance time** metric on Cloud\nRun service dashboard to infer this information.\n\nIdeally you should not care about \"instant value\" of number of instances in a\nserverless world, since your applications autoscale based on traffic patterns\nbetter and you only pay while a request is being handled (not the idle instance\ntime).\n\n### How can my service tell it is running on Cloud Run?\n\nCloud Run provides some [environment variables][container-contract] standard in\n[Knative][knative]. Ideally you should explicitly deploy your app with an\nenvironment variable indicating it is running on Cloud Run.\n\nYou can also access [instance\nmetadata](https://cloud.google.com/appengine/docs/standard/java/accessing-instance-metadata?utm_campaign=CDR_ahm_aap-severless_cloud-run-faq_\u0026utm_source=external\u0026utm_medium=web)\nendpoints like\n`http://metadata.google.internal/computeMetadata/v1/project/project-id` to\ndetermine if you are on Cloud Run. However, this will not distinguish \"Cloud\nRun\" vs \"Cloud Run for Anthos\" as the metadata service is available on GKE nodes\nas well.\n\n### Is there a way to get static IP for outbound requests?\n\nYes. If you need to connect to an external API or database that requires IP\naddress whitelisting, you can configure a static egress IP address for your\nCloud Run service.\n\nThis involves configuring a Cloud Router and Cloud NAT\nfor a VPC network and using VPC connector with your Cloud Run service.\nRead [documentation](https://cloud.google.com/run/docs/configuring/connecting-vpc?utm_campaign=CDR_ahm_aap-severless_cloud-run-faq_\u0026utm_source=external\u0026utm_medium=web#egress)\nand [follow setup guide](https://cloud.google.com/run/docs/configuring/static-outbound-ip?utm_campaign=CDR_ahm_aap-severless_cloud-run-faq_\u0026utm_source=external\u0026utm_medium=web).\n\n## VPC Support\n\n### Can I place my Cloud Run application inside a VPC network?\n\nCloud Run **can connect to** private IPs in VPC networks ([see\nbelow](#how-to-connect-ips-in-a-vpc-network-from-cloud-run)).\n\nHowever, you currently cannot place a Cloud Run app into a VPC so it can have a\nprivate IP address to be accessible from only within the VPC (see\n[here](#can-i-run-cloud-run-applications-on-a-private-ip)).\n\n### How to connect IPs in a VPC network from Cloud Run?\n\nCloud Run **now has [support][vpc-doc]** for \"Serverless VPC Access\". This\nfeature allows Cloud Run applications to be able to connect private IPs in the\nVPC (but not the other way).\n\nThis way your Cloud Run applications can connect to private VPC IP addresses\nrunning:\n\n- GCE VMs\n- Cloud SQL instances\n- Cloud Memorystore instances\n- Kubernetes Pods/Services (on GKE public or private clusters)\n- Internal Load Balancers\n\nTo learn more [read my blog post\nhere](https://ahmet.im/blog/cloud-run-vpc-to-kubernetes/) or [refer to the\nofficial\ndocumentation][vpc-doc].\n\n[vpc-doc]: https://cloud.google.com/run/docs/configuring/connecting-vpc?utm_campaign=CDR_ahm_aap-severless_cloud-run-faq_\u0026utm_source=external\u0026utm_medium=web\n\n### Are VPC Service Controls supported for Cloud Run?\n\n[VPC-SC](https://cloud.google.com/vpc-service-controls?utm_campaign=CDR_ahm_aap-severless_cloud-run-faq_\u0026utm_source=external\u0026utm_medium=web)\nallows you to define which endpoints your applications can connect to (to\nprevent exfiltration risks).\n\nYou can use [Cloud Run with VPC service controls][vpc-sc] (currently in preview).\n\n[vpc-sc]:https://cloud.google.com/run/docs/securing/using-vpc-service-controls?utm_campaign=CDR_ahm_aap-severless_cloud-run-faq_\u0026utm_source=external\u0026utm_medium=web\n\n### Are \"Shared VPCs\" supported by VPC Access connector?\n\n[In Beta\nStage](https://cloud.google.com/vpc/docs/configure-serverless-vpc-access?utm_campaign=CDR_ahm_aap-severless_cloud-run-faq_\u0026utm_source=external\u0026utm_medium=web#shared-vpc).\n\n## Monitoring and Logging\n\n### Where do I write my application logs?\n\nAnything your application writes to standard output (stdout) or standard error\n(stderr) is collected as logs by Cloud Run.\n\nSome existing apps might not be complying with that (e.g. nginx writes logs to\n`/var/log/nginx/error.log`). Therefore any files written under `/var/log/*` are\nalso aggregated. [Learn more here.][logging]\n\n[logging]: https://cloud.google.com/run/docs/logging?utm_campaign=CDR_ahm_aap-severless_cloud-run-faq_\u0026utm_source=external\u0026utm_medium=web#special-fields\n\n### How can I have structured logs?\n\nAll your log lines must be JSON objects with fields [recognized by Stackdriver\nLogging](https://cloud.google.com/logging/docs/agent/configuration?utm_campaign=CDR_ahm_aap-severless_cloud-run-faq_\u0026utm_source=external\u0026utm_medium=web#special-fields),\nsuch as `timestamp`, `severity`, `message`.\n\n### Is Cloud Run integrated with Stackdriver APM?\n\nYes. See [this\ndocument](https://cloud.google.com/run/docs/monitoring?utm_campaign=CDR_ahm_aap-severless_cloud-run-faq_\u0026utm_source=external\u0026utm_medium=web)\non how to view various metrics about your Cloud Run container instances.\n\n### How can I do Tracing on Cloud Run?\n\nCloud Run supports tracing out of the box. If you go to \"Tracing\" section\non Cloud Console, you will see the traces are being collected at\na predefined sampling rate for your requests.\n\nIf you want to correlate logs to requests, or create additional trace spans, you\ncan use the `x-cloud-trace-context` header provided to each request with\nOpenTelemetry or OpenCensus libraries.\n\n## Pricing\n\n[Cloud Run Pricing documentation][pricing] has the most up-to-date\ninformation.\n\n[pricing]: https://cloud.google.com/run/pricing?utm_campaign=CDR_ahm_aap-severless_cloud-run-faq_\u0026utm_source=external\u0026utm_medium=web\n\n### Is there a “Free Tier”?\n\nYes! See [Pricing documentation][pricing].\n\n### When am I charged?\n\nYou only pay **while a request is being handled** on your container instance.\n\nThis means an application that is not getting traffic is **free of charge**.\nSee the next question.\n\n### How is billed time calculated?\n\nBased on \"time serving requests\" on each instance. If your service handles\nmultiple requests simultaneously, you do not pay for the CPU/memory time during\nthe overlap separately (per-request costs still apply). (This is\na cost saver, compared to Cloud Functions.)\n\nEach billable timeslice is **rounded up** to the nearest **100\nmilliseconds**.\n\nRead how the [billable\ntime](https://cloud.google.com/run/pricing?utm_campaign=CDR_ahm_aap-severless_cloud-run-faq_\u0026utm_source=external\u0026utm_medium=web#billable_time)\nis calculated, it is basically like this:\n\n```text\n          request1            response1\n                |   request2     ʌ      response2\n                |        |       |       ʌ\n                v........|......./       |\n                         |               |\n                         v.............../\n\n|-----FREE-----|----------BILLED----------|----FREE...\n```\n\n### What do I pay for on Cloud Run?\n\nYou are paying for CPU, memory and the traffic sent to the client from your\napplication (egress traffic).\n\n-----\n\nThis is not an official Google project or roadmap. Refer to the [Cloud Run\ndocumentation][docs] for the authoritative information. This project is\n[licensed](./LICENSE) under Creative common Attribution 4.0 International (CC BY\n4.0) license.\n\n\u003e **Your question not answered here?** Open an [issue] and see if we can answer.\n","project_url":"https://awesome.ecosyste.ms/api/v1/projects/github.com%2Fahmetb%2Fcloud-run-faq","html_url":"https://awesome.ecosyste.ms/projects/github.com%2Fahmetb%2Fcloud-run-faq","lists_url":"https://awesome.ecosyste.ms/api/v1/projects/github.com%2Fahmetb%2Fcloud-run-faq/lists"}