This page shows how to mount a Cloud Storage bucket as a storage volume, using Cloud Run volume mounts.
Mounting the bucket as a volume in Cloud Run presents the bucket content as files in the container file system, which allows use of standard file system operations and libraries to access that file system.
Limitations
Cloud Run uses Cloud Storage FUSE for this volume mount. So there are a few things to keep in mind when mounting a Cloud Storage bucket as a volume:
- Cloud Storage FUSE does not provide concurrency control for multiple writes (file locking) to the same file. When multiple writes try to replace a file, the last write wins and all previous writes are lost.
- Cloud Storage FUSE is not a fully POSIX-compliant file system. For more details, refer to the Cloud Storage FUSE documentation.
Before you begin
You need a Cloud Storage bucket to mount as the volume.
IAM access controls for Cloud Storage buckets
The service identity of your Cloud Run service authenticates against an IAM protected Cloud Storage bucket.
Make sure that the configured service account has the necessary permissions for the file access.
Mount a Cloud Storage volume
You can mount multiple buckets at different mount paths. You can also mount a volume to more than one container using the same or different mount paths across containers.
If you are using multiple containers, first specify the volumes, then specify the volume mounts for each container.
Console
In the Google Cloud console, go to Cloud Run:
Click Create Service if you are configuring a new service you are deploying to. If you are configuring an existing service, click the service, then click Edit and deploy new revision.
If you are configuring a new service, fill out the initial service settings page as desired, then click Container(s), volumes, networking, security to expand the service configuration page.
Click the Volumes tab.
- Under Volumes:
- Click Add volume.
- In the Volume type drop-down, select Cloud Storage bucket as the volume type.
- In the Volume name field, enter the name you want to use for the volume.
- Browse and select the Cloud Storage bucket to be used for the volume, or, optionally, create a new bucket.
- If you want to make the bucket read-only, select the Read-only checkbox.
- Click Done.
- Click the Container tab.
- Click the Volume Mounts tab.
- Click Mount volume.
- Select the storage volume from the menu.
- Specify the path where you want to mount the volume.
- Click Done
- Under Volumes:
Click Create or Deploy.
Command line
Note: we show the gcloud beta run services update
command but you can also use the
the gcloud beta run deploy
command with the same parameters as shown.
To add a volume and mount it:
gcloud beta run services update SERVICE \ --execution-environment gen2 \ --add-volume name=VOLUME_NAME,type=cloud-storage,bucket=BUCKET_NAME \ --add-volume-mount volume=VOLUME_NAME,mount-path=MOUNT_PATH
Replace:
- SERVICE with the name of your service.
- MOUNT_PATH with the relative path where you are mounting the volume, for example,
/cache
. - VOLUME_NAME with any name you want for your volume. The VOLUME_NAME value is used to map the volume to the volume mount.
- BUCKET_NAME with the name of your Cloud Storage bucket.
To mount your volume as a read-only volume:
--add-volume=name=VOLUME_NAME,type=cloud-storage,bucket=BUCKET_NAME,readonly=true
If you are using multiple containers, first specify your volume(s), then specify the volume mount(s) for each container:
gcloud beta run services update SERVICE \ --add-volume name=VOLUME_NAME,type=cloud-storage,bucket=BUCKET_NAME \ --container CONTAINER_1 \ --add-volume-mount volume=VOLUME_NAME,mount-path=MOUNT_PATH \ --container CONTAINER_2 \ --add-volume-mount volume=VOLUME_NAME,mount-path=MOUNT_PATH2
YAML
You can download and view existing service configurations using the
gcloud run services describe --format export
command, which yields
cleaned results in YAML format.
You can then modify the fields described below and
upload the modified YAML using the gcloud run services replace
command.
Make sure you only modify fields as documented.
To view and download the configuration:
gcloud run services describe SERVICE --format export > service.yaml
Update as needed.
apiVersion: serving.knative.dev/v1 kind: Service metadata: name: SERVICE annotations: run.googleapis.com/launch-stage: BETA spec: template: metadata: annotations: run.googleapis.com/execution-environment: gen2 spec: containers: - image: IMAGE_URL volumeMounts: - name: VOLUME_NAME mountPath: MOUNT_PATH volumes: - name: VOLUME_NAME csi: driver: gcsfuse.run.googleapis.com readOnly: IS_READ_ONLY volumeAttributes: bucketName: BUCKET_NAME
Replace
- IMAGE_URL with a reference to the container image, for
example,
us-docker.pkg.dev/cloudrun/container/hello:latest
. If you use Artifact Registry, the repository REPO_NAME must already be created. The URL has the shapeLOCATION-docker.pkg.dev/PROJECT_ID/REPO_NAME/PATH:TAG
- MOUNT_PATH with the relative path where you are mounting the volume, for example,
/cache
. - VOLUME_NAME with any name you want for your volume. The VOLUME_NAME value is used to map the volume to the volume mount.
- IS_READ_ONLY with
True
to make the volume read-only, orFalse
to allow writes. - BUCKET_NAME with the name of the Cloud Storage bucket.
- IMAGE_URL with a reference to the container image, for
example,
Replace the service with its new configuration using the following command:
gcloud run services replace service.yaml
View Volume mounts settings
To view the current Volume mounts settings for your Cloud Run service:
Console
In the Google Cloud console, go to Cloud Run:
Click the service you are interested in to open the Service details page.
Click the Revisions tab.
In the details panel at the right, the Volume mounts setting is listed under the Volumes tab.
Command line
Use the following command:
gcloud run services describe SERVICE
Locate the Volume mounts setting in the returned configuration.