Cloud Run - Configure HTTPS and HTTP2

Question

I set up a Cloud Run instance with gRPC and HTTP2. It works well. But, I'd like to open a new port externally and route that traffic to gRPC over HTTPS.

This is the current YAML for the container:

      - image: asia.gcr.io/assets-320007/server5c2b87a8444cb42e566e130a907015df7dd841b4
        ports:
        - name: h2c
          containerPort: 5000
        resources:
          limits:
            cpu: 1000m
            memory: 512Mi

I cannot add new ports because if I do, I get:

spec.template.spec.containers[0].ports should contain 0 or 1 port (field: spec.template.spec.containers[0].ports)

Also, the YAML doesn't specify a forwarding port. It seems to be just assuming that you would only ever set up one port which automatically routes to the one open port on the Docker container. Is that true?

Note: it would be really nice if the YAML came with reference documentation or a schema. That way we could tell what all the possible permutations could be.

Answer 1

Yes, you can only expose one port for a Cloud Run service.

I also find this a curious limitation.

I'm deploying services that use gRPC and expose Prometheus metrics and have been able to multiplex both HTTP/2 and HTTP/1 services in a single port but it requires additional work and is inconsistent with the conceptually underlying Kubernetes.

An excellent feature of GCP is comprehensive and current documentation. Here's Cloud Run Service.

NOTE Found using [APIs Explorer] (https://developers.google.com/apis-explorer) and then finding the Cloud Run Admin API

There are some differences between these knative types and the similar Kubernetes types. One approach I've used is to deploy a known-good service using e.g. gcloud and then corroborate the YAML produced by the service.

For example... top of my head... container ports can't have arbitrary names but must be .... http1 (see link).