Logo of Trend Micro
Use the Conformity Knowledge Base AI to help improve your Cloud Posture

Check for the Minimum Number of Container Instances

Trend Cloud One™ – Conformity is a continuous assurance tool that provides peace of mind for your cloud infrastructure, delivering over 1000 automated best practice checks.

Risk Level: Medium (should be achieved)

To minimize cold start latency and enhance performance, ensure that your Google Cloud Run services have a sufficient number of container instances configured.

Performance
efficiency

Due to their stateless nature, Cloud Run services can experience cold starts, which can impact latency. To minimize this, we strongly recommend setting a minimum number of service instances. Configuring a minimum number of instances for your Cloud Run services ensures faster response times and better reliability by keeping some instances warm and ready, reducing the latency caused by cold starts. This is important for production, critical workloads with consistent traffic or low-latency requirements.

Audit

To determine if your Cloud Run services are configured with a minimum number of container instances, perform the following operations:

Using GCP Console

01 Sign in to the Google Cloud Management Console.

02 Select the Google Cloud Platform (GCP) project that you want to examine from the console top navigation bar.

03 Navigate to Cloud Run console available at https://console.cloud.google.com/run/.

04 Select the SERVICES tab to view the Cloud Run services deployed for the selected GCP project.

05 Click on the name (link) of the service that you want to examine, listed in the Name column.

06 Select the REVISIONS tab, choose the active revision used by the selected service (the revision with the green check mark icon), select the CONTAINERS tab, and check the Revision min instances attribute value, listed under Autoscaling. If the Revision min instances attribute is not available in the Autoscaling section, the selected Cloud Run service does not have a minimum number of instances configured despite being critical or latency-sensitive, leading to potential cold start delays and degraded performance.

07 Repeat steps no. 5 and 6 for each Cloud Run service created for the selected GCP project.

08 Repeat steps no. 2 - 7 for each project deployed within your Google Cloud account.

Using GCP CLI

01 Run projects list command (Windows/macOS/Linux) with custom output filters to list the ID of each project available in your Google Cloud Platform (GCP) account: 

gcloud projects list
	--format="value(projectId)"

02 The command output should return the requested GCP project ID(s): 

cc-bigdata-project-123123
cc-iot-app-project-112233

03 Run services list command (Windows/macOS/Linux) with the ID of the GCP project that you want to examine as the identifier parameter and custom output filters to describe the name and the region of each Cloud Run service deployed within the selected project: 

gcloud run services list
	--project cc-bigdata-project-123123
	--format="(NAME,REGION)"

04 The command output should return the requested service names and the associated regions: 

NAME: cc-project5-service
REGION: us-central1

NAME: tm-stream-service
REGION: us-central1

NAME: tm-vertex-service
REGION: us-central1

05 Run services describe command (Windows/macOS/Linux) with the name of the Cloud Run service that you want to examine as the identifier parameter, to describe the minimum number of instances configured for the selected service: 

gcloud run services describe cc-project5-service
	--region=us-central1
	--format="json(spec.template.metadata.annotations.'autoscaling.knative.dev/minScale')"

06 The command output should return the minimum number of container instances configured: 

null

If services describe command output returns null, as shown in the example above, the selected Cloud Run service does not have a minimum number of instances configured. This can result in potential cold start delays and degraded performance, especially for critical or latency-sensitive services.

07 Repeat steps no. 5 and 6 for each Cloud Run service created for the selected GCP project.

08 Repeat steps no. 3 – 8 for each GCP project deployed in your Google Cloud account.

Remediation / Resolution

To ensure that your Cloud Run services have a sufficient number of warm instances configured by setting the minimum number of container instances, perform the following operations:

Using GCP Console

01 Sign in to the Google Cloud Management Console.

02 Select the Google Cloud Platform (GCP) project that you want to access from the console top navigation bar.

03 Navigate to Cloud Run console available at https://console.cloud.google.com/run/.

04 Select the SERVICES tab to access the Cloud Run services deployed for the selected GCP project.

05 Click on the name (link) of the service that you want to configure, listed in the Name column.

06 Choose EDIT & DEPLOY NEW REVISION, select the CONTAINER(S) tab, and enter the minimum number of service instances in the Minimum number of instances box. The minimum number of instances should be determined according to your workload's performance needs while staying within your organization's budget guidelines. Choose DEPLOY to apply the changes and deploy a new revision for the selected service.

07 Repeat steps no. 5 and 6 for each Cloud Run service that you want to configure, available within the selected project.

08 Repeat steps no. 2 – 7 for each project deployed in your Google Cloud account.

Using GCP CLI

01 Run services update command (Windows/macOS/Linux) with the name of the Cloud Run service that you want to configure as the identifier parameter, to set the minimum number of warm instances required by the selected service. The minimum number of instances should be determined according to your workload's performance needs while staying within your organization's budget guidelines. The number cannot exceed 1000: 

gcloud run services update cc-project5-service
	--region=us-central1
	--min-instances=3

02 The command output should return the build information available for the redeployed service: 

OK Deploying... Done.
	OK Creating Revision...
	OK Routing traffic...
Done.

Service [cc-project5-service] revision [cc-project5-service-00003-abc] has been deployed and is serving 100 percent of traffic.
Service URL: https://cc-project5-service-123456789012.us-central1.run.app

03 Repeat steps no. 1 and 2 for each Cloud Run service that you want to configure, available in the selected project.

04 Repeat steps no. 1 – 3 for each GCP project deployed in your Google Cloud account.

References

Publication date Nov 20, 2024

Related CloudRun rules