This page lists known issues, limitations, and unsupported features in Cloud Run.
You can also check for existing issues or open new issues in the public issue trackers.
To troubleshoot common errors, see troubleshoot errors.
Known issues
The following are general known issues in Cloud Run.
Cloud Run job tasks might be spuriously marked as retried
In some situations, a task can be marked as having been retried, when in fact
the task succeeded on its first try. Until this issue is resolved, Google
recommends keeping the --max-retries parameter set to 3 or higher to avoid
spurious execution failures.
File descriptor limits
The maximum limit of file descriptors for Cloud Run first and second generation environments is 25000 per instance. This is a hard limit. If you exceed the limit your instance might run out of sockets.
Volume Mounts are incompatible with Config Connector
If you deploy your Cloud Run service or job with Config Connector, your volume mounts won't be persisted next time you deploy. You may also experience issues using Config Connector with services or jobs that have volume mounts already applied.
Execution environments known issues
The following are known issues for execution environments.
HOME environment variable is set to /home in first generation execution environment
The Cloud Run first generation execution environment sets the HOME
environment variable to /home. The second generation execution environment
sets the HOME variable to the value in /etc/passwd for the running user or
falls back to /home if the /etc/passwd doesn't exist or the user cannot be
found in /etc/passwd.
You can't mount secrets on /tmp in first generation execution environment
If you use first generation execution environment,
you cannot mount secrets on /tmp directly. However, you can mount secrets on any subdirectory of /tmp.
Networking known issues
The following are networking known issues.
Restricted subnet when accessing VPC network destinations
If you access any destination through a private IP, the destination cannot be
on the subnet 192.168.1.0/24. Using this subnet prevents any Cloud Run
services that use the second generation execution environment and any Cloud Run
jobs from communicating with the destination.
VPC network egress does not support IPv6
You cannot use IPv6 when sending traffic through Direct VPC egress or
Serverless VPC Access connectors. Note that IPv6 is supported
when accessing non-VPC endpoints while vpc-egress is set to
private-ranges-only.
IP addresses not clearly identified when in use by serverless
When using Direct VPC egress, IP addresses reserved by Cloud Run are identified as in use by "None" rather than by "Serverless" when viewing the IP addresses page in the Google Cloud console.
Sending and receiving requests known issues
The following are known issues related to sending and receiving requests.
Unsupported HTTP request methods
Requests with HTTP methods TRACE and CONNECT are not supported and therefore
are not received by services running on Cloud Run.
High request latency with custom domains when invoking from some regions
Requests to Cloud Run services using custom domains can
have a very high latency from some locations.
This issue is more pronounced for Cloud Run services
in asia-northeast1 and us-east4.
If you observe this issue, you can achieve greater performance with
Cloud Load Balancing using a
serverless NEG.
Sometimes a request might be sent to instances before startup probe results are known
A request sent to the service endpoint might be used to start a
Cloud Run instance, and that request can be assigned to the instance
before the startup probe results are known. If the probe passes, then the
request will begin to be processed by that instance at the receiveTimestamp
listed in the Cloud Run request log. If the probe fails, then failure
will be logged without ever entering the service's code.
Unsupported service and features
The following are not supported when using Cloud Run.
Google Cloud services
The following table lists services that are not yet supported by Cloud Run.
| Service | Notes |
|---|---|
| Web Security Scanner | |
| Container Threat Detection |
HTTP/2 Push
Cloud Run supports HTTP/2, but not HTTP/2 Server Push.
Using HTTP/2 behind a classic Application Load Balancer secured with Identity-Aware Proxy
Cloud Run services with HTTP/2 enabled behind a classic Application Load Balancer that are secured with IAP encounter an infinite redirect loop upon request. Google recommends using a global external Application Load Balancer when using an HTTP/2-enabled service secured with IAP. See load balancer modes for more details.
URL known issues
The following are URL known issues.
Reserved URL paths
It is not possible to use the following URL paths:
/eventlog- Paths starting with
/_ah/ - Some paths ending with
z. We recommend avoiding all paths that end inzto not collide with reserved paths.
Some encoded URL characters are decoded
Some encoded characters in URL of Cloud Run services are decoded by
Cloud Run before reaching the container instance. For example, %41 is
automatically decoded to A.