Cloud Run — Serverless containers

Cloud Run runs stateless HTTP(S) containers on Google's managed Knative-based platform. You push a container image (Artifact Registry) and deploy a service — Cloud Run assigns a `*.run.app` URL with HTTPS, routing, IAM, autoscaling, and observability out of the box.

Autoscaling is request-driven: each instance handles up to N concurrent requests (default 80, configurable 1–1000). When current * concurrency is saturated, a new instance starts. Cold start = image pull + container boot + app readiness; typically 300ms–3s depending on image size and language.

Container contract: listen on $PORT (default 8080) over HTTP/1.1 or HTTP/2, respond within request timeout (default 5min, max 60min on 2nd gen), stateless between requests. Local filesystem is ephemeral in-memory tmpfs.

Pricing (Gen2): CPU-seconds only while a request is active (CPU throttled between requests unless CPU-always-on is enabled), memory-seconds per allocated GiB, $0.40 per million requests. A free tier covers small projects.

Identity: Cloud Run uses a service account — attach the minimal roles it needs (secretmanager.secretAccessor, cloudsql.client, etc.). Access to the service is controlled by IAM (public with allUsers OR private requiring identity tokens).

Limits to know: max 60min/request, max 32 GiB RAM, max 8 vCPU, max concurrent container instances per region (quota, bumpable). No local state — use Cloud SQL / Firestore / Memorystore / Cloud Storage.