- JSON representation
- EnvVar
- EnvVarSource
- ConfigMapKeySelector
- SecretKeySelector
- ResourceRequirements
- ContainerPort
- EnvFromSource
- ConfigMapEnvSource
- SecretEnvSource
- VolumeMount
- Probe
- ExecAction
- HTTPGetAction
- HTTPHeader
- TCPSocketAction
- GRPCAction
- SecurityContext
A single application container. This specifies both the container to run, the command to run in the container and the arguments to supply to it. Note that additional arguments may be supplied by the system to the container at runtime.
JSON representation |
---|
{ "name": string, "image": string, "command": [ string ], "args": [ string ], "env": [ { object ( |
Fields | |
---|---|
name |
Name of the container specified as a DNS_LABEL (RFC 1123). |
image |
Required. Name of the container image in Dockerhub, Google Artifact Registry, or Google Container Registry. If the host is not provided, Dockerhub is assumed. |
command[] |
Entrypoint array. Not executed within a shell. The docker image's ENTRYPOINT is used if this is not provided. Variable references are not supported in Cloud Run. |
args[] |
Arguments to the entrypoint. The docker image's CMD is used if this is not provided. Variable references are not supported in Cloud Run. |
env[] |
List of environment variables to set in the container. EnvVar with duplicate names are generally allowed; if referencing a secret, the name must be unique for the container. For non-secret EnvVar names, the Container will only get the last-declared one. |
resources |
Compute Resources required by this container. |
workingDir |
Container's working directory. If not specified, the container runtime's default will be used, which might be configured in the container image. |
ports[] |
List of ports to expose from the container. Only a single port can be specified. The specified ports must be listening on all interfaces (0.0.0.0) within the container to be accessible. If omitted, a port number will be chosen and passed to the container through the PORT environment variable for the container to listen on. |
envFrom[] |
Not supported by Cloud Run. |
volumeMounts[] |
Volume to mount into the container's filesystem. Only supports SecretVolumeSources. Pod volumes to mount into the container's filesystem. |
livenessProbe |
Periodic probe of container liveness. Container will be restarted if the probe fails. |
readinessProbe |
Not supported by Cloud Run. |
startupProbe |
Startup probe of application within the container. All other probes are disabled if a startup probe is provided, until it succeeds. Container will not receive traffic if the probe fails. If not provided, a default startup probe with TCP socket action is used. |
terminationMessagePath |
Path at which the file to which the container's termination message will be written is mounted into the container's filesystem. Message written is intended to be brief final status, such as an assertion failure message. Will be truncated by the node if greater than 4096 bytes. The total message length across all containers will be limited to 12kb. Defaults to /dev/termination-log. |
terminationMessagePolicy |
Indicate how the termination message should be populated. File will use the contents of terminationMessagePath to populate the container status message on both success and failure. FallbackToLogsOnError will use the last chunk of container log output if the termination message file is empty and the container exited with an error. The log output is limited to 2048 bytes or 80 lines, whichever is smaller. Defaults to File. Cannot be updated. |
imagePullPolicy |
Image pull policy. One of Always, Never, IfNotPresent. Defaults to Always if :latest tag is specified, or IfNotPresent otherwise. |
securityContext |
Not supported by Cloud Run. |
EnvVar
EnvVar represents an environment variable present in a Container.
JSON representation |
---|
{
"name": string,
"value": string,
"valueFrom": {
object ( |
Fields | |
---|---|
name |
Required. Name of the environment variable. |
value |
Value of the environment variable. Defaults to "". Variable references are not supported in Cloud Run. |
valueFrom |
Source for the environment variable's value. Only supports secretKeyRef. Cannot be used if value is not empty. |
EnvVarSource
EnvVarSource represents a source for the value of an EnvVar.
JSON representation |
---|
{ "configMapKeyRef": { object ( |
Fields | |
---|---|
configMapKeyRef |
Not supported by Cloud Run. Not supported in Cloud Run. |
secretKeyRef |
Selects a key (version) of a secret in Secret Manager. |
ConfigMapKeySelector
Not supported by Cloud Run.
JSON representation |
---|
{
"localObjectReference": {
object ( |
Fields | |
---|---|
localObjectReference |
Not supported by Cloud Run. |
key |
Required. Not supported by Cloud Run. |
optional |
Not supported by Cloud Run. |
name |
Required. Not supported by Cloud Run. |
SecretKeySelector
SecretKeySelector selects a key of a Secret.
JSON representation |
---|
{
"localObjectReference": {
object ( |
Fields | |
---|---|
localObjectReference |
This field should not be used directly as it is meant to be inlined directly into the message. Use the "name" field instead. |
key |
Required. A Cloud Secret Manager secret version. Must be 'latest' for the latest version, an integer for a specific version, or a version alias. The key of the secret to select from. Must be a valid secret key. |
optional |
Specify whether the Secret or its key must be defined. |
name |
The name of the secret in Cloud Secret Manager. By default, the secret is assumed to be in the same project. If the secret is in another project, you must define an alias. An alias definition has the form: The name of the secret in the pod's namespace to select from. |
ResourceRequirements
ResourceRequirements describes the compute resource requirements.
JSON representation |
---|
{ "limits": { string: string, ... }, "requests": { string: string, ... } } |
Fields | |
---|---|
limits |
Limits describes the maximum amount of compute resources allowed. Only 'cpu' and 'memory' keys are supported. * For supported 'cpu' values, go to https://cloud.google.com/run/docs/configuring/cpu. * For supported 'memory' values and syntax, go to https://cloud.google.com/run/docs/configuring/memory-limits An object containing a list of |
requests |
Requests describes the minimum amount of compute resources required. Only An object containing a list of |
ContainerPort
ContainerPort represents a network port in a single container.
JSON representation |
---|
{ "name": string, "containerPort": integer, "protocol": string } |
Fields | |
---|---|
name |
If specified, used to specify which protocol to use. Allowed values are "http1" and "h2c". |
containerPort |
Port number the container listens on. If present, this must be a valid port number, 0 < x < 65536. If not present, it will default to port 8080. For more information, see https://cloud.google.com/run/docs/container-contract#port |
protocol |
Protocol for port. Must be "TCP". Defaults to "TCP". |
EnvFromSource
Not supported by Cloud Run.
EnvFromSource represents the source of a set of ConfigMaps
JSON representation |
---|
{ "prefix": string, "configMapRef": { object ( |
Fields | |
---|---|
prefix |
An optional identifier to prepend to each key in the ConfigMap. Must be a C_IDENTIFIER. |
configMapRef |
The ConfigMap to select from |
secretRef |
The Secret to select from |
ConfigMapEnvSource
Not supported by Cloud Run.
ConfigMapEnvSource selects a ConfigMap to populate the environment variables with.
The contents of the target ConfigMap's Data field will represent the key-value pairs as environment variables.
JSON representation |
---|
{
"localObjectReference": {
object ( |
Fields | |
---|---|
localObjectReference |
This field should not be used directly as it is meant to be inlined directly into the message. Use the "name" field instead. |
optional |
Specify whether the ConfigMap must be defined. |
name |
The ConfigMap to select from. |
SecretEnvSource
Not supported by Cloud Run.
SecretEnvSource selects a Secret to populate the environment variables with.
The contents of the target Secret's Data field will represent the key-value pairs as environment variables.
JSON representation |
---|
{
"localObjectReference": {
object ( |
Fields | |
---|---|
localObjectReference |
This field should not be used directly as it is meant to be inlined directly into the message. Use the "name" field instead. |
optional |
Specify whether the Secret must be defined |
name |
The Secret to select from. |
VolumeMount
VolumeMount describes a mounting of a Volume within a container.
JSON representation |
---|
{ "name": string, "readOnly": boolean, "mountPath": string, "subPath": string } |
Fields | |
---|---|
name |
Required. The name of the volume. There must be a corresponding Volume with the same name. |
readOnly |
Sets the mount to be read-only or read-write. Not used by Cloud Run. |
mountPath |
Required. Path within the container at which the volume should be mounted. Must not contain ':'. |
subPath |
Path within the volume from which the container's volume should be mounted. Defaults to "" (volume's root). |
Probe
Probe describes a health check to be performed against a container to determine whether it is alive or ready to receive traffic.
JSON representation |
---|
{ "initialDelaySeconds": integer, "timeoutSeconds": integer, "periodSeconds": integer, "successThreshold": integer, "failureThreshold": integer, "exec": { object ( |
Fields | |
---|---|
initialDelaySeconds |
Number of seconds after the container has started before the probe is initiated. Defaults to 0 seconds. Minimum value is 0. Maximum value for liveness probe is 3600. Maximum value for startup probe is 240. |
timeoutSeconds |
Number of seconds after which the probe times out. Defaults to 1 second. Minimum value is 1. Maximum value is 3600. Must be smaller than periodSeconds; if periodSeconds is not set, must be less or equal than 10. |
periodSeconds |
How often (in seconds) to perform the probe. Default to 10 seconds. Minimum value is 1. Maximum value for liveness probe is 3600. Maximum value for startup probe is 240. Must be greater or equal than timeoutSeconds. |
successThreshold |
Minimum consecutive successes for the probe to be considered successful after having failed. Must be 1 if set. |
failureThreshold |
Minimum consecutive failures for the probe to be considered failed after having succeeded. Defaults to 3. Minimum value is 1. |
exec |
Not supported by Cloud Run. |
httpGet |
HTTPGet specifies the http request to perform. |
tcpSocket |
TCPSocket specifies an action involving a TCP port. |
grpc |
GRPCAction specifies an action involving a GRPC port. |
ExecAction
Not supported by Cloud Run.
ExecAction describes a "run in container" action.
JSON representation |
---|
{ "command": [ string ] } |
Fields | |
---|---|
command[] |
Command is the command line to execute inside the container, the working directory for the command is root ('/') in the container's filesystem. The command is simply exec'd, it is not run inside a shell, so traditional shell instructions ('|', etc) won't work. To use a shell, you need to explicitly call out to that shell. Exit status of 0 is treated as live/healthy and non-zero is unhealthy. |
HTTPGetAction
HTTPGetAction describes an action based on HTTP Get requests.
JSON representation |
---|
{
"path": string,
"host": string,
"scheme": string,
"httpHeaders": [
{
object ( |
Fields | |
---|---|
path |
Path to access on the HTTP server. |
host |
Not supported by Cloud Run. |
scheme |
Not supported by Cloud Run. |
httpHeaders[] |
Custom headers to set in the request. HTTP allows repeated headers. |
port |
Port number to access on the container. Number must be in the range 1 to 65535. |
HTTPHeader
HTTPHeader describes a custom header to be used in HTTP probes
JSON representation |
---|
{ "name": string, "value": string } |
Fields | |
---|---|
name |
Required. The header field name |
value |
The header field value |
TCPSocketAction
TCPSocketAction describes an action based on opening a socket
JSON representation |
---|
{ "port": integer, "host": string } |
Fields | |
---|---|
port |
Port number to access on the container. Number must be in the range 1 to 65535. |
host |
Not supported by Cloud Run. |
GRPCAction
GRPCAction describes an action involving a GRPC port.
JSON representation |
---|
{ "port": integer, "service": string } |
Fields | |
---|---|
port |
Port number of the gRPC service. Number must be in the range 1 to 65535. |
service |
Service is the name of the service to place in the gRPC HealthCheckRequest. If this is not specified, the default behavior is defined by gRPC. |
SecurityContext
Not supported by Cloud Run.
SecurityContext holds security configuration that will be applied to a container. Some fields are present in both SecurityContext and PodSecurityContext. When both are set, the values in SecurityContext take precedence.
JSON representation |
---|
{ "runAsUser": integer } |
Fields | |
---|---|
runAsUser |
The UID to run the entrypoint of the container process. Defaults to user specified in image metadata if unspecified. May also be set in PodSecurityContext. If set in both SecurityContext and PodSecurityContext, the value specified in SecurityContext takes precedence. |