Volume

Stay organized with collections Save and categorize content based on your preferences.

Volume represents a named volume in a container.

JSON representation
{
  "name": string,
  "secret": {
    object (SecretVolumeSource)
  },
  "configMap": {
    object (ConfigMapVolumeSource)
  }
}
Fields
name

string

Volume's name. In Cloud Run Fully Managed, the name 'cloudsql' is reserved.

secret

object (SecretVolumeSource)

The secret's value will be presented as the content of a file whose name is defined in the item path. If no items are defined, the name of the file is the secretName.

configMap

object (ConfigMapVolumeSource)

Not supported in Cloud Run.

SecretVolumeSource

A volume representing a secret stored in Google Secret Manager.

The secret's value will be presented as the content of a file whose name is defined in the item path. If no items are defined, the name of the file is the secretName.

The contents of the target Secret's Data field will be presented in a volume as files using the keys in the Data field as the file names.

JSON representation
{
  "secretName": string,
  "items": [
    {
      object (KeyToPath)
    }
  ],
  "defaultMode": integer,
  "optional": boolean
}
Fields
secretName

string

The name of the secret in Cloud Secret Manager. By default, the secret is assumed to be in the same project. If the secret is in another project, you must define an alias. An alias definition has the form: :projects/<project-id|project-number>/secrets/. If multiple alias definitions are needed, they must be separated by commas. The alias definitions must be set on the run.googleapis.com/secrets annotation.

Name of the secret in the container's namespace to use.

items[]

object (KeyToPath)

A list of secret versions to mount in the volume.

If no items are specified, the volume will expose a file with the same name as the secret name. The contents of the file will be the data in the latest version of the secret. If items are specified, the key will be used as the version to fetch from Cloud Secret Manager and the path will be the name of the file exposed in the volume. When items are defined, they must specify both a key and a path.

defaultMode

integer

Integer representation of mode bits to use on created files by default. Must be a value between 01 and 0777 (octal). If 0 or not set, it will default to 0444. Directories within the path are not affected by this setting.

Notes

  • Internally, a umask of 0222 will be applied to any non-zero value.
  • This is an integer representation of the mode bits. So, the octal integer value should look exactly as the chmod numeric notation with a leading zero. Some examples: for chmod 777 (a=rwx), set to 0777 (octal) or 511 (base-10). For chmod 640 (u=rw,g=r), set to 0640 (octal) or 416 (base-10). For chmod 755 (u=rwx,g=rx,o=rx), set to 0755 (octal) or 493 (base-10).
  • This might be in conflict with other options that affect the file mode, like fsGroup, and the result can be other mode bits set.
optional

boolean

Not supported by Cloud Run.

KeyToPath

Maps a string key to a path within a volume.

JSON representation
{
  "key": string,
  "path": string,
  "mode": integer
}
Fields
key

string

The Cloud Secret Manager secret version. Can be 'latest' for the latest value or an integer for a specific version.

The key to project.

path

string

The relative path of the file to map the key to. May not be an absolute path. May not contain the path element '..'. May not start with the string '..'.

mode

integer

(Optional)

Mode bits to use on this file, must be a value between 01 and 0777 (octal). If 0 or not set, the Volume's default mode will be used.

Notes

  • Internally, a umask of 0222 will be applied to any non-zero value.
  • This is an integer representation of the mode bits. So, the octal integer value should look exactly as the chmod numeric notation with a leading zero. Some examples: for chmod 777 (a=rwx), set to 0777 (octal) or 511 (base-10). For chmod 640 (u=rw,g=r), set to 0640 (octal) or 416 (base-10). For chmod 755 (u=rwx,g=rx,o=rx), set to 0755 (octal) or 493 (base-10).
  • This might be in conflict with other options that affect the file mode, like fsGroup, and the result can be other mode bits set.

ConfigMapVolumeSource

Not supported by Cloud Run.

Adapts a ConfigMap into a volume. The contents of the target ConfigMap's Data field will be presented in a volume as files using the keys in the Data field as the file names, unless the items element is populated with specific mappings of keys to paths.

JSON representation
{
  "name": string,
  "items": [
    {
      object (KeyToPath)
    }
  ],
  "defaultMode": integer,
  "optional": boolean
}
Fields
name

string

Name of the config.

items[]

object (KeyToPath)

(Optional)

If unspecified, each key-value pair in the Data field of the referenced Secret will be projected into the volume as a file whose name is the key and content is the value. If specified, the listed keys will be projected into the specified paths, and unlisted keys will not be present. If a key is specified that is not present in the Secret, the volume setup will error unless it is marked optional.

defaultMode

integer

(Optional)

Integer representation of mode bits to use on created files by default. Must be a value between 01 and 0777 (octal). If 0 or not set, it will default to 0644. Directories within the path are not affected by this setting.

Notes

  • Internally, a umask of 0222 will be applied to any non-zero value.
  • This is an integer representation of the mode bits. So, the octal integer value should look exactly as the chmod numeric notation with a leading zero. Some examples: for chmod 777 (a=rwx), set to 0777 (octal) or 511 (base-10). For chmod 640 (u=rw,g=r), set to 0640 (octal) or 416 (base-10). For chmod 755 (u=rwx,g=rx,o=rx), set to 0755 (octal) or 493 (base-10).
  • This might be in conflict with other options that affect the file mode, like fsGroup, and the result can be other mode bits set.
optional

boolean

(Optional)

Specify whether the Secret or its keys must be defined.