Choosing a Knative serving platform

This page provides details to help you choose your Knative serving platform. Knative serving gives you the flexibility to run services on a fully managed environment or on GKE Enterprise. If you're already using GKE Enterprise, Knative serving can easily deploy into your GKE Enterprise GKE cluster or on-premises workloads. Plus, you can easily switch from Cloud Run to Knative serving or vice versa; all without changing your application code.

One way to visualize the differences in platform at a high-level architectural view:

image

Cloud Run

The Cloud Run platform allows you to deploy stateless containers without having to worry about the underlying infrastructure. Your workloads are automatically scaled out or in to zero depending on the traffic to your app. You only pay when your app is running, billed to the nearest 100 milliseconds.

Knative serving

Knative serving abstracts away complex Kubernetes concepts, allowing developers to easily leverage the benefits of Kubernetes and serverless together. It provides access to custom machine types, additional networking support, and Cloud Accelerators. It allows you to run your workloads on-premises or on Google Cloud.

Comparison table

The follow table shows some key differences between the platforms:

Cloud Run Knative serving
Pricing Pay-per-use Included as part of either Google Kubernetes Engine or GKE Enterprise.
Machine types Limited CPU and Memory. Standard or custom machine types on GKE Enterprise, including GPUs.
Autoscaling Up to 1,000 container instances by default, can be increased via a Quota increase. Limited by the capacity of your GKE Enterprise GKE cluster.
Identity and policy Manage the identities that are allowed to invoke each service (or allow unauthenticated invocations). Publish services to the internet or make them available to cluster or VPC network only.
Networking Access to VPC / Compute Engine network via Serverless VPC Access. Services are not part of the Istio service mesh. Access to VPC / Compute Engine network. Services participate in the Istio service mesh.
URLs Automatic service URLs and SSL certificates. Custom domains only with manual SSL certificates.
Container isolation Strict container isolation based on gVisor sandbox. Default Kubernetes container isolation.
Execution environments Fully managed on Google infrastructure. GKE Enterprise on Google Cloud
GKE Enterprise deployed on VMware (on-premises).