Volume

Volume represents a named volume in a container.

JSON representation
{
  "name": string,
  "secret": {
    object (SecretVolumeSource)
  },
  "configMap": {
    object (ConfigMapVolumeSource)
  },
  "emptyDir": {
    object (EmptyDirVolumeSource)
  },
  "nfs": {
    object (NFSVolumeSource)
  },
  "csi": {
    object (CSIVolumeSource)
  }
}
Fields
name

string

Volume's name. In Cloud Run Fully Managed, the name 'cloudsql' is reserved.

secret

object (SecretVolumeSource)

The secret's value will be presented as the content of a file whose name is defined in the item path. If no items are defined, the name of the file is the secretName.

configMap

object (ConfigMapVolumeSource)

Not supported in Cloud Run.

emptyDir

object (EmptyDirVolumeSource)

Ephemeral storage used as a shared volume.

nfs

object (NFSVolumeSource)

csi

object (CSIVolumeSource)

Volume specified by the Container Storage Interface driver

SecretVolumeSource

A volume representing a secret stored in Google Secret Manager.

The secret's value will be presented as the content of a file whose name is defined in the item path. If no items are defined, the name of the file is the secretName.

The contents of the target Secret's Data field will be presented in a volume as files using the keys in the Data field as the file names.

JSON representation
{
  "secretName": string,
  "items": [
    {
      object (KeyToPath)
    }
  ],
  "defaultMode": integer,
  "optional": boolean
}
Fields
secretName

string

The name of the secret in Cloud Secret Manager. By default, the secret is assumed to be in the same project. If the secret is in another project, you must define an alias. An alias definition has the form: :projects/<project-id|project-number>/secrets/. If multiple alias definitions are needed, they must be separated by commas. The alias definitions must be set on the run.googleapis.com/secrets annotation.

Name of the secret in the container's namespace to use.

items[]

object (KeyToPath)

A list of secret versions to mount in the volume.

If no items are specified, the volume will expose a file with the same name as the secret name. The contents of the file will be the data in the latest version of the secret. If items are specified, the key will be used as the version to fetch from Cloud Secret Manager and the path will be the name of the file exposed in the volume. When items are defined, they must specify both a key and a path.

defaultMode

integer

Integer representation of mode bits to use on created files by default. Must be a value between 01 and 0777 (octal). If 0 or not set, it will default to 0444. Directories within the path are not affected by this setting.

Notes

  • Internally, a umask of 0222 will be applied to any non-zero value.
  • This is an integer representation of the mode bits. So, the octal integer value should look exactly as the chmod numeric notation with a leading zero. Some examples: for chmod 777 (a=rwx), set to 0777 (octal) or 511 (base-10). For chmod 640 (u=rw,g=r), set to 0640 (octal) or 416 (base-10). For chmod 755 (u=rwx,g=rx,o=rx), set to 0755 (octal) or 493 (base-10).
  • This might be in conflict with other options that affect the file mode, like fsGroup, and the result can be other mode bits set.
optional

boolean

Not supported by Cloud Run.

KeyToPath

Maps a string key to a path within a volume.

JSON representation
{
  "key": string,
  "path": string,
  "mode": integer
}
Fields
key

string

The Cloud Secret Manager secret version. Can be 'latest' for the latest value, or an integer or a secret alias for a specific version.

The key to project.

path

string

The relative path of the file to map the key to. May not be an absolute path. May not contain the path element '..'. May not start with the string '..'.

mode

integer

(Optional)

Mode bits to use on this file, must be a value between 01 and 0777 (octal). If 0 or not set, the Volume's default mode will be used.

Notes

  • Internally, a umask of 0222 will be applied to any non-zero value.
  • This is an integer representation of the mode bits. So, the octal integer value should look exactly as the chmod numeric notation with a leading zero. Some examples: for chmod 777 (a=rwx), set to 0777 (octal) or 511 (base-10). For chmod 640 (u=rw,g=r), set to 0640 (octal) or 416 (base-10). For chmod 755 (u=rwx,g=rx,o=rx), set to 0755 (octal) or 493 (base-10).
  • This might be in conflict with other options that affect the file mode, like fsGroup, and the result can be other mode bits set.

ConfigMapVolumeSource

Not supported by Cloud Run.

Adapts a ConfigMap into a volume. The contents of the target ConfigMap's Data field will be presented in a volume as files using the keys in the Data field as the file names, unless the items element is populated with specific mappings of keys to paths.

JSON representation
{
  "name": string,
  "items": [
    {
      object (KeyToPath)
    }
  ],
  "defaultMode": integer,
  "optional": boolean
}
Fields
name

string

Name of the config.

items[]

object (KeyToPath)

(Optional)

If unspecified, each key-value pair in the Data field of the referenced Secret will be projected into the volume as a file whose name is the key and content is the value. If specified, the listed keys will be projected into the specified paths, and unlisted keys will not be present. If a key is specified that is not present in the Secret, the volume setup will error unless it is marked optional.

defaultMode

integer

(Optional)

Integer representation of mode bits to use on created files by default. Must be a value between 01 and 0777 (octal). If 0 or not set, it will default to 0644. Directories within the path are not affected by this setting.

Notes

  • Internally, a umask of 0222 will be applied to any non-zero value.
  • This is an integer representation of the mode bits. So, the octal integer value should look exactly as the chmod numeric notation with a leading zero. Some examples: for chmod 777 (a=rwx), set to 0777 (octal) or 511 (base-10). For chmod 640 (u=rw,g=r), set to 0640 (octal) or 416 (base-10). For chmod 755 (u=rwx,g=rx,o=rx), set to 0755 (octal) or 493 (base-10).
  • This might be in conflict with other options that affect the file mode, like fsGroup, and the result can be other mode bits set.
optional

boolean

(Optional)

Specify whether the Secret or its keys must be defined.

EmptyDirVolumeSource

In memory (tmpfs) ephemeral storage. It is ephemeral in the sense that when the sandbox is taken down, the data is destroyed with it (it does not persist across sandbox runs).

JSON representation
{
  "medium": string,
  "sizeLimit": string
}
Fields
medium

string

The medium on which the data is stored. The default is "" which means to use the node's default medium. Must be an empty string (default) or Memory. More info: https://kubernetes.io/docs/concepts/storage/volumes#emptydir

sizeLimit

string

Limit on the storage usable by this EmptyDir volume. The size limit is also applicable for memory medium. The maximum usage on memory medium EmptyDir would be the minimum value between the SizeLimit specified here and the sum of memory limits of all containers. The default is nil which means that the limit is undefined. More info: https://cloud.google.com/run/docs/configuring/in-memory-volumes#configure-volume. Info in Kubernetes: https://kubernetes.io/docs/concepts/storage/volumes/#emptydir

NFSVolumeSource

Represents a persistent volume that will be mounted using NFS.

This volume will be shared between all instances of the resource and data will not be deleted when the instance is shut down.

JSON representation
{
  "server": string,
  "path": string,
  "readOnly": boolean
}
Fields
server

string

Hostname or IP address of the NFS server.

path

string

Path that is exported by the NFS server.

readOnly

boolean

If true, mount the NFS volume as read only. Defaults to false.

CSIVolumeSource

Storage volume source using the Container Storage Interface.

JSON representation
{
  "driver": string,
  "readOnly": boolean,
  "volumeAttributes": {
    string: string,
    ...
  }
}
Fields
driver

string

name of the CSI driver for the requested storage system.

Cloud Run supports the following drivers: * gcsfuse.run.googleapis.com : Mount a Cloud Storage Bucket as a volume.

readOnly

boolean

If true, mount the volume as read only. Defaults to false.

volumeAttributes

map (key: string, value: string)

stores driver specific attributes.

For Google Cloud Storage volumes, the following attributes are supported: * bucketName: the name of the Cloud Storage bucket to mount. The Cloud Run Service identity must have access to this bucket.

An object containing a list of "key": value pairs. Example: { "name": "wrench", "mass": "1.3kg", "count": "3" }.