Index
ConfigMapEnvSource
(message)ConfigMapKeySelector
(message)ConfigMapVolumeSource
(message)Container
(message)ContainerPort
(message)EmptyDirVolumeSource
(message)EnvFromSource
(message)EnvVar
(message)EnvVarSource
(message)ExecAction
(message)GRPCAction
(message)HTTPGetAction
(message)HTTPHeader
(message)KeyToPath
(message)LocalObjectReference
(message)Probe
(message)ResourceRequirements
(message)SecretEnvSource
(message)SecretKeySelector
(message)SecretVolumeSource
(message)SecurityContext
(message)TCPSocketAction
(message)Volume
(message)VolumeMount
(message)
ConfigMapEnvSource
Not supported by Cloud Run.
ConfigMapEnvSource selects a ConfigMap to populate the environment variables with.
The contents of the target ConfigMap's Data field will represent the key-value pairs as environment variables.
Fields | |
---|---|
local_object_reference |
This field should not be used directly as it is meant to be inlined directly into the message. Use the "name" field instead. |
optional |
Specify whether the ConfigMap must be defined. |
name |
The ConfigMap to select from. |
ConfigMapKeySelector
Not supported by Cloud Run.
Fields | |
---|---|
local_object_reference |
Not supported by Cloud Run. |
key |
Required. Not supported by Cloud Run. |
optional |
Not supported by Cloud Run. |
name |
Required. Not supported by Cloud Run. |
ConfigMapVolumeSource
Not supported by Cloud Run.
Adapts a ConfigMap into a volume. The contents of the target ConfigMap's Data field will be presented in a volume as files using the keys in the Data field as the file names, unless the items element is populated with specific mappings of keys to paths.
Fields | |
---|---|
name |
Name of the config. |
items[] |
(Optional) If unspecified, each key-value pair in the Data field of the referenced Secret will be projected into the volume as a file whose name is the key and content is the value. If specified, the listed keys will be projected into the specified paths, and unlisted keys will not be present. If a key is specified that is not present in the Secret, the volume setup will error unless it is marked optional. |
default_mode |
(Optional) Integer representation of mode bits to use on created files by default. Must be a value between 01 and 0777 (octal). If 0 or not set, it will default to 0644. Directories within the path are not affected by this setting. Notes
|
optional |
(Optional) Specify whether the Secret or its keys must be defined. |
Container
A single application container. This specifies both the container to run, the command to run in the container and the arguments to supply to it. Note that additional arguments may be supplied by the system to the container at runtime.
Fields | |
---|---|
name |
Name of the container specified as a DNS_LABEL (RFC 1123). |
image |
Required. Name of the container image in Dockerhub, Google Artifact Registry, or Google Container Registry. If the host is not provided, Dockerhub is assumed. |
command[] |
Entrypoint array. Not executed within a shell. The docker image's ENTRYPOINT is used if this is not provided. Variable references are not supported in Cloud Run. |
args[] |
Arguments to the entrypoint. The docker image's CMD is used if this is not provided. Variable references are not supported in Cloud Run. |
env[] |
List of environment variables to set in the container. EnvVar with duplicate names are generally allowed; if referencing a secret, the name must be unique for the container. For non-secret EnvVar names, the Container will only get the last-declared one. |
resources |
Compute Resources required by this container. |
working_dir |
Container's working directory. If not specified, the container runtime's default will be used, which might be configured in the container image. |
ports[] |
List of ports to expose from the container. Only a single port can be specified. The specified ports must be listening on all interfaces (0.0.0.0) within the container to be accessible. If omitted, a port number will be chosen and passed to the container through the PORT environment variable for the container to listen on. |
env_from[] |
Not supported by Cloud Run. |
volume_mounts[] |
Volume to mount into the container's filesystem. Only supports SecretVolumeSources. Pod volumes to mount into the container's filesystem. |
liveness_probe |
Periodic probe of container liveness. Container will be restarted if the probe fails. |
readiness_probe |
Not supported by Cloud Run. |
startup_probe |
Startup probe of application within the container. All other probes are disabled if a startup probe is provided, until it succeeds. Container will not receive traffic if the probe fails. If not provided, a default startup probe with TCP socket action is used. |
termination_message_path |
Path at which the file to which the container's termination message will be written is mounted into the container's filesystem. Message written is intended to be brief final status, such as an assertion failure message. Will be truncated by the node if greater than 4096 bytes. The total message length across all containers will be limited to 12kb. Defaults to /dev/termination-log. |
termination_message_policy |
Indicate how the termination message should be populated. File will use the contents of terminationMessagePath to populate the container status message on both success and failure. FallbackToLogsOnError will use the last chunk of container log output if the termination message file is empty and the container exited with an error. The log output is limited to 2048 bytes or 80 lines, whichever is smaller. Defaults to File. Cannot be updated. |
image_pull_policy |
Image pull policy. One of Always, Never, IfNotPresent. Defaults to Always if :latest tag is specified, or IfNotPresent otherwise. |
security_context |
Not supported by Cloud Run. |
ContainerPort
ContainerPort represents a network port in a single container.
Fields | |
---|---|
name |
If specified, used to specify which protocol to use. Allowed values are "http1" and "h2c". |
container_port |
Port number the container listens on. If present, this must be a valid port number, 0 < x < 65536. If not present, it will default to port 8080. For more information, see https://cloud.google.com/run/docs/container-contract#port |
protocol |
Protocol for port. Must be "TCP". Defaults to "TCP". |
EmptyDirVolumeSource
In memory (tmpfs) ephemeral storage. It is ephemeral in the sense that when the sandbox is taken down, the data is destroyed with it (it does not persist across sandbox runs).
Fields | |
---|---|
medium |
The medium on which the data is stored. The default is "" which means to use the node's default medium. Must be an empty string (default) or Memory. More info: https://kubernetes.io/docs/concepts/storage/volumes#emptydir |
size_limit |
Limit on the storage usable by this EmptyDir volume. The size limit is also applicable for memory medium. The maximum usage on memory medium EmptyDir would be the minimum value between the SizeLimit specified here and the sum of memory limits of all containers. The default is nil which means that the limit is undefined. More info: https://cloud.google.com/run/docs/configuring/in-memory-volumes#configure-volume. Info in Kubernetes: https://kubernetes.io/docs/concepts/storage/volumes/#emptydir |
EnvFromSource
Not supported by Cloud Run.
EnvFromSource represents the source of a set of ConfigMaps
Fields | |
---|---|
prefix |
An optional identifier to prepend to each key in the ConfigMap. Must be a C_IDENTIFIER. |
config_map_ref |
The ConfigMap to select from |
secret_ref |
The Secret to select from |
EnvVar
EnvVar represents an environment variable present in a Container.
Fields | |
---|---|
name |
Required. Name of the environment variable. Must be a C_IDENTIFIER. |
value |
Value of the environment variable. Defaults to "". Variable references are not supported in Cloud Run. |
value_from |
Source for the environment variable's value. Only supports secret_key_ref. Cannot be used if value is not empty. |
EnvVarSource
EnvVarSource represents a source for the value of an EnvVar.
Fields | |
---|---|
config_map_key_ref |
Not supported by Cloud Run. Not supported in Cloud Run. |
secret_key_ref |
Selects a key (version) of a secret in Secret Manager. |
ExecAction
Not supported by Cloud Run.
ExecAction describes a "run in container" action.
Fields | |
---|---|
command[] |
Command is the command line to execute inside the container, the working directory for the command is root ('/') in the container's filesystem. The command is simply exec'd, it is not run inside a shell, so traditional shell instructions ('|', etc) won't work. To use a shell, you need to explicitly call out to that shell. Exit status of 0 is treated as live/healthy and non-zero is unhealthy. |
GRPCAction
GRPCAction describes an action involving a GRPC port.
Fields | |
---|---|
port |
Port number of the gRPC service. Number must be in the range 1 to 65535. |
service |
Service is the name of the service to place in the gRPC HealthCheckRequest. If this is not specified, the default behavior is defined by gRPC. |
HTTPGetAction
HTTPGetAction describes an action based on HTTP Get requests.
Fields | |
---|---|
path |
Path to access on the HTTP server. |
host |
Not supported by Cloud Run. |
scheme |
Not supported by Cloud Run. |
http_headers[] |
Custom headers to set in the request. HTTP allows repeated headers. |
port |
Port number to access on the container. Number must be in the range 1 to 65535. |
HTTPHeader
HTTPHeader describes a custom header to be used in HTTP probes
Fields | |
---|---|
name |
Required. The header field name |
value |
The header field value |
KeyToPath
Maps a string key to a path within a volume.
Fields | |
---|---|
key |
The Cloud Secret Manager secret version. Can be 'latest' for the latest value, or an integer or a secret alias for a specific version. The key to project. |
path |
The relative path of the file to map the key to. May not be an absolute path. May not contain the path element '..'. May not start with the string '..'. |
mode |
(Optional) Mode bits to use on this file, must be a value between 01 and 0777 (octal). If 0 or not set, the Volume's default mode will be used. Notes
|
LocalObjectReference
Not supported by Cloud Run.
LocalObjectReference contains enough information to let you locate the referenced object inside the same namespace.
Fields | |
---|---|
name |
Name of the referent. |
Probe
Probe describes a health check to be performed against a container to determine whether it is alive or ready to receive traffic.
Fields | |
---|---|
initial_delay_seconds |
Number of seconds after the container has started before the probe is initiated. Defaults to 0 seconds. Minimum value is 0. Maximum value for liveness probe is 3600. Maximum value for startup probe is 240. |
timeout_seconds |
Number of seconds after which the probe times out. Defaults to 1 second. Minimum value is 1. Maximum value is 3600. Must be smaller than period_seconds; if period_seconds is not set, must be less or equal than 10. |
period_seconds |
How often (in seconds) to perform the probe. Default to 10 seconds. Minimum value is 1. Maximum value for liveness probe is 3600. Maximum value for startup probe is 240. Must be greater or equal than timeout_seconds. |
success_threshold |
Minimum consecutive successes for the probe to be considered successful after having failed. Must be 1 if set. |
failure_threshold |
Minimum consecutive failures for the probe to be considered failed after having succeeded. Defaults to 3. Minimum value is 1. |
exec |
Not supported by Cloud Run. |
http_get |
HTTPGet specifies the http request to perform. |
tcp_socket |
TCPSocket specifies an action involving a TCP port. |
grpc |
GRPCAction specifies an action involving a GRPC port. |
ResourceRequirements
ResourceRequirements describes the compute resource requirements.
Fields | |
---|---|
limits |
Limits describes the maximum amount of compute resources allowed. Only 'cpu' and 'memory' keys are supported. * For supported 'cpu' values, go to https://cloud.google.com/run/docs/configuring/cpu. * For supported 'memory' values and syntax, go to https://cloud.google.com/run/docs/configuring/memory-limits |
requests |
Requests describes the minimum amount of compute resources required. Only |
SecretEnvSource
Not supported by Cloud Run.
SecretEnvSource selects a Secret to populate the environment variables with.
The contents of the target Secret's Data field will represent the key-value pairs as environment variables.
Fields | |
---|---|
local_object_reference |
This field should not be used directly as it is meant to be inlined directly into the message. Use the "name" field instead. |
optional |
Specify whether the Secret must be defined |
name |
The Secret to select from. |
SecretKeySelector
SecretKeySelector selects a key of a Secret.
Fields | |
---|---|
local_object_reference |
This field should not be used directly as it is meant to be inlined directly into the message. Use the "name" field instead. |
key |
Required. A Cloud Secret Manager secret version. Must be 'latest' for the latest version, an integer for a specific version, or a version alias. The key of the secret to select from. Must be a valid secret key. |
optional |
Specify whether the Secret or its key must be defined. |
name |
The name of the secret in Cloud Secret Manager. By default, the secret is assumed to be in the same project. If the secret is in another project, you must define an alias. An alias definition has the form: The name of the secret in the pod's namespace to select from. |
SecretVolumeSource
A volume representing a secret stored in Google Secret Manager.
The secret's value will be presented as the content of a file whose name is defined in the item path. If no items are defined, the name of the file is the secret_name.
The contents of the target Secret's Data field will be presented in a volume as files using the keys in the Data field as the file names.
Fields | |
---|---|
secret_name |
The name of the secret in Cloud Secret Manager. By default, the secret is assumed to be in the same project. If the secret is in another project, you must define an alias. An alias definition has the form: Name of the secret in the container's namespace to use. |
items[] |
A list of secret versions to mount in the volume. If no items are specified, the volume will expose a file with the same name as the secret name. The contents of the file will be the data in the latest version of the secret. If items are specified, the key will be used as the version to fetch from Cloud Secret Manager and the path will be the name of the file exposed in the volume. When items are defined, they must specify both a key and a path. |
default_mode |
Integer representation of mode bits to use on created files by default. Must be a value between 01 and 0777 (octal). If 0 or not set, it will default to 0444. Directories within the path are not affected by this setting. Notes
|
optional |
Not supported by Cloud Run. |
SecurityContext
Not supported by Cloud Run.
SecurityContext holds security configuration that will be applied to a container. Some fields are present in both SecurityContext and PodSecurityContext. When both are set, the values in SecurityContext take precedence.
Fields | |
---|---|
run_as_user |
The UID to run the entrypoint of the container process. Defaults to user specified in image metadata if unspecified. May also be set in PodSecurityContext. If set in both SecurityContext and PodSecurityContext, the value specified in SecurityContext takes precedence. |
TCPSocketAction
TCPSocketAction describes an action based on opening a socket
Fields | |
---|---|
port |
Port number to access on the container. Number must be in the range 1 to 65535. |
host |
Not supported by Cloud Run. |
Volume
Volume represents a named volume in a container.
Fields | |
---|---|
name |
Volume's name. In Cloud Run Fully Managed, the name 'cloudsql' is reserved. |
secret |
The secret's value will be presented as the content of a file whose name is defined in the item path. If no items are defined, the name of the file is the secretName. |
config_map |
Not supported in Cloud Run. |
empty_dir |
Ephemeral storage used as a shared volume. |
VolumeMount
VolumeMount describes a mounting of a Volume within a container.
Fields | |
---|---|
name |
Required. The name of the volume. There must be a corresponding Volume with the same name. |
read_only |
Only true is accepted for Secret Volumes. Defaults to true for Secrets Volumes. |
mount_path |
Required. Path within the container at which the volume should be mounted. Must not contain ':'. |
sub_path |
Path within the volume from which the container's volume should be mounted. Defaults to "" (volume's root). |