- NAME
-
- gcloud beta run deploy - create or update a Cloud Run service
- SYNOPSIS
-
-
gcloud beta run deploy
[[SERVICE
]--namespace
=NAMESPACE
] [--[no-]allow-unauthenticated
] [--async
] [--breakglass
=JUSTIFICATION
] [--clear-vpc-connector
] [--concurrency
=CONCURRENCY
] [--container
=CONTAINER
] [--[no-]cpu-boost
] [--[no-]cpu-throttling
] [--[no-]default-url
] [--[no-]deploy-health-check
] [--description
=DESCRIPTION
] [--execution-environment
=EXECUTION_ENVIRONMENT
] [--gpu-type
=GPU_TYPE
] [--ingress
=INGRESS
; default="all"] [--[no-]invoker-iam-check
] [--max-instances
=MAX_INSTANCES
] [--mesh
=MESH
] [--min-instances
=MIN_INSTANCES
] [--region
=REGION
] [--remove-containers
=[CONTAINER
,…]] [--revision-suffix
=REVISION_SUFFIX
] [--service-account
=SERVICE_ACCOUNT
] [--service-min-instances
=SERVICE_MIN_INSTANCES
] [--[no-]session-affinity
] [--tag
=TAG
] [--timeout
=TIMEOUT
] [--no-traffic
] [--vpc-connector
=VPC_CONNECTOR
] [--vpc-egress
=VPC_EGRESS
] [--add-cloudsql-instances
=[CLOUDSQL-INSTANCES
,…] |--clear-cloudsql-instances
|--remove-cloudsql-instances
=[CLOUDSQL-INSTANCES
,…] |--set-cloudsql-instances
=[CLOUDSQL-INSTANCES
,…]] [--add-custom-audiences
=[CUSTOM-AUDIENCES
,…] |--clear-custom-audiences
|--remove-custom-audiences
=[CUSTOM-AUDIENCES
,…] |--set-custom-audiences
=[CUSTOM-AUDIENCES
,…]] [--add-volume
=[KEY
=VALUE
,…]--clear-volumes
--remove-volume
=[VOLUME
,…]] [--add-volume-mount
=[volume
=NAME
,mount-path
=MOUNT_PATH
,…]--args
=[ARG
,…]--[no-]automatic-updates
--clear-volume-mounts
--cpu
=CPU
--depends-on
=[CONTAINER
,…]--gpu
=GPU
--memory
=MEMORY
--port
=PORT
--remove-volume-mount
=[MOUNT_PATH
,…]--[no-]use-http2
--base-image
=BASE_IMAGE
|--clear-base-image
--build-env-vars-file
=FILE_PATH
|--clear-build-env-vars
|--set-build-env-vars
=[KEY
=VALUE
,…] |--remove-build-env-vars
=[KEY
,…]--update-build-env-vars
=[KEY
=VALUE
,…]--build-service-account
=BUILD_SERVICE_ACCOUNT
|--clear-build-service-account
--build-worker-pool
=BUILD_WORKER_POOL
|--clear-build-worker-pool
--clear-env-vars
|--env-vars-file
=FILE_PATH
|--set-env-vars
=[KEY
=VALUE
,…] |--remove-env-vars
=[KEY
,…]--update-env-vars
=[KEY
=VALUE
,…]--clear-secrets
|--set-secrets
=[KEY
=VALUE
,…] |--remove-secrets
=[KEY
,…]--update-secrets
=[KEY
=VALUE
,…]--command
=[COMMAND
,…] |--function
=FUNCTION
--image
=IMAGE
|--source
=SOURCE
] [--binary-authorization
=POLICY
|--clear-binary-authorization
] [--clear-config-maps
|--set-config-maps
=[KEY
=VALUE
,…] |--remove-config-maps
=[KEY
,…]--update-config-maps
=[KEY
=VALUE
,…]] [--clear-encryption-key-shutdown-hours
|--encryption-key-shutdown-hours
=ENCRYPTION_KEY_SHUTDOWN_HOURS
] [--clear-key
|--key
=KEY
] [--clear-labels
|--remove-labels
=[KEY
,…]--labels
=[KEY
=VALUE
,…] |--update-labels
=[KEY
=VALUE
,…]] [--clear-network
|--network
=NETWORK
--subnet
=SUBNET
--clear-network-tags
|--network-tags
=[TAG
,…]] [--clear-post-key-revocation-action-type
|--post-key-revocation-action-type
=POST_KEY_REVOCATION_ACTION_TYPE
] [GCLOUD_WIDE_FLAG …
]
-
- DESCRIPTION
-
(BETA)
Creates or updates a Cloud Run service. - EXAMPLES
-
To deploy a container to the service
my-backend
on Cloud Run:gcloud beta run deploy my-backend --image=us-docker.pkg.dev/project/image
You may also omit the service name. Then a prompt will be displayed with a suggested default value:
gcloud beta run deploy --image=us-docker.pkg.dev/project/image
To deploy to Cloud Run on Kubernetes Engine, you need to specify a cluster:
gcloud beta run deploy --image=us-docker.pkg.dev/project/image --cluster=my-cluster
- POSITIONAL ARGUMENTS
-
-
Service resource - Service to deploy to. The arguments in this group can be used
to specify the attributes of this resource.
- [
SERVICE
] -
ID of the service or fully qualified identifier for the service.
To set the
service
attribute:-
provide the argument
SERVICE
on the command line; - specify the service name from an interactive prompt.
-
provide the argument
--namespace
=NAMESPACE
-
Specific to Cloud Run for Anthos: Kubernetes namespace for the service.
To set the
namespace
attribute:-
provide the argument
SERVICE
on the command line with a fully specified name; - specify the service name from an interactive prompt with a fully specified name;
-
provide the argument
--namespace
on the command line; -
set the property
run/namespace
; - For Cloud Run on Kubernetes Engine, defaults to "default". Otherwise, defaults to project ID.;
-
provide the argument
project
on the command line; -
set the property
core/project
.
-
provide the argument
- [
-
Service resource - Service to deploy to. The arguments in this group can be used
to specify the attributes of this resource.
- FLAGS
-
--[no-]allow-unauthenticated
-
Whether to enable allowing unauthenticated access to the service. This may take
a few moments to take effect. Use
--allow-unauthenticated
to enable and--no-allow-unauthenticated
to disable. --async
- Return immediately, without waiting for the operation in progress to complete.
--breakglass
=JUSTIFICATION
- Justification to bypass Binary Authorization policy constraints and allow the operation. See https://cloud.google.com/binary-authorization/docs/using-breakglass for more information. Next update or deploy command will automatically clear existing breakglass justification.
--clear-vpc-connector
- Remove the VPC connector for this resource.
--concurrency
=CONCURRENCY
- Set the maximum number of concurrent requests allowed per container instance. Leave concurrency unspecified or provide the special value 'default' to receive the server default value.
--container
=CONTAINER
- Specifies a container by name. Flags following --container will apply to the specified container.
--[no-]cpu-boost
-
Whether to allocate extra CPU to containers on startup to reduce the perceived
latency of a cold start request. Enabled by default when unspecified on new
services. Use
--cpu-boost
to enable and--no-cpu-boost
to disable. --[no-]cpu-throttling
-
Whether to throttle the CPU when the container is not actively serving requests.
Use
--cpu-throttling
to enable and--no-cpu-throttling
to disable. --[no-]default-url
-
Toggles the default url for a run service. This is enabled by default if not
specified. Use
--default-url
to enable and--no-default-url
to disable. --[no-]deploy-health-check
-
Schedules a single instance of the Revision and waits for it to pass its startup
probe for the deployment to succeed. If disabled, the startup probe runs only
when the revision is first started via invocation or by setting min-instances.
This check is enabled by default when unspecified. Use
--deploy-health-check
to enable and--no-deploy-health-check
to disable. --description
=DESCRIPTION
- Provides an optional, human-readable description of the service.
--execution-environment
=EXECUTION_ENVIRONMENT
-
Selects the execution environment where the application will run.
EXECUTION_ENVIRONMENT
must be one of:gen1
- Run the application in a first generation execution environment.
gen2
- Run the application in a second generation execution environment.
--gpu-type
=GPU_TYPE
- The GPU type to use.
--ingress
=INGRESS
; default="all"-
Set the ingress traffic sources allowed to call the service. For Cloud Run the
--[no-]allow-unauthenticated
flag separately controls the identities allowed to call the service.INGRESS
must be one of:all
- Inbound requests from all sources are allowed.
internal
- For Cloud Run, only inbound requests from VPC networks in the same project or VPC Service Controls perimeter, as well as Pub/Sub subscriptions and Eventarc events in the same project or VPC Service Controls perimeter are allowed. All other requests are rejected. See https://cloud.google.com/run/docs/securing/ingress for full details on the definition of internal traffic for Cloud Run.
internal-and-cloud-load-balancing
- Only inbound requests from Google Cloud Load Balancing or a traffic source allowed by the internal option are allowed.
--[no-]invoker-iam-check
-
Optionally disable invoker IAM checks. This feature is available by invitation
only. More info at https://cloud.google.com/run/docs/securing/managing-access#invoker_check.
Use
--invoker-iam-check
to enable and--no-invoker-iam-check
to disable. --max-instances
=MAX_INSTANCES
- The maximum number of container instances of the Service to run. Use 'default' to unset the limit and use the platform default.
--mesh
=MESH
- Enables Cloud Service Mesh using the specified mesh resource name. Mesh resource name must be in the format of projects/PROJECT/locations/global/meshes/MESH_NAME.
--min-instances
=MIN_INSTANCES
- The minimum number of container instances for this Revision of the Service to run or 'default' to remove any minimum.
--region
=REGION
- Region in which the resource can be found. Alternatively, set the property [run/region].
--remove-containers
=[CONTAINER
,…]- List of containers to remove.
--revision-suffix
=REVISION_SUFFIX
- Specify the suffix of the revision name. Revision names always start with the service name automatically. For example, specifying [--revision-suffix=v1] for a service named 'helloworld', would lead to a revision named 'helloworld-v1'. Set empty string to clear the suffix and resume server-assigned naming.
--service-account
=SERVICE_ACCOUNT
- the email address of an IAM service account associated with the revision of the service. The service account represents the identity of the running revision, and determines what permissions the revision has.
--service-min-instances
=SERVICE_MIN_INSTANCES
- The minimum number of container instances for this Service to run or 'default' to remove any minimum. These instances will be divided among all Revisions receiving a percentage of traffic.
--[no-]session-affinity
-
Whether to enable session affinity for connections to the service. Use
--session-affinity
to enable and--no-session-affinity
to disable. --tag
=TAG
- Traffic tag to assign to the newly created revision.
--timeout
=TIMEOUT
- Set the maximum request execution time (timeout). It is specified as a duration; for example, "10m5s" is ten minutes, and five seconds. If you don't specify a unit, seconds is assumed. For example, "10" is 10 seconds.
--no-traffic
-
True to avoid sending traffic to the revision being deployed. Setting this flag
assigns any traffic assigned to the LATEST revision to the specific revision
bound to LATEST before the deployment. The effect is that the revision being
deployed will not receive traffic.
After a deployment with this flag the LATEST revision will not receive traffic on future deployments. To restore sending traffic to the LATEST revision by default, run the
gcloud run services update-traffic
command with--to-latest
. --vpc-connector
=VPC_CONNECTOR
- Set a VPC connector for this resource.
--vpc-egress
=VPC_EGRESS
-
Specify which of the outbound traffic to send through Direct VPC egress or the
VPC connector for this resource. This resource must have Direct VPC egress
enabled or a VPC connector to set this flag.
VPC_EGRESS
must be one of:all
- (DEPRECATED) Sends all outbound traffic through Direct VPC egress or the VPC connector. Provides the same functionality as 'all-traffic'. Prefer to use 'all-traffic' instead.
all-traffic
- Sends all outbound traffic through Direct VPC egress or the VPC connector.
private-ranges-only
-
Default option. Sends outbound traffic to private IP addresses (RFC 1918 and
Private Google Access IPs) through Direct VPC egress or the VPC connector.
Traffic to other Cloud Run services might require additional configuration. See https://cloud.google.com/run/docs/securing/private-networking#send_requests_to_other_services_and_services for more information.
-
These flags modify the Cloud SQL instances this Service connects to. You can
specify a name of a Cloud SQL instance if it's in the same project and region as
your Cloud Run service; otherwise specify
<project>:<region>:<instance> for the instance.
At most one of these can be specified:
--add-cloudsql-instances
=[CLOUDSQL-INSTANCES
,…]- Append the given values to the current Cloud SQL instances.
--clear-cloudsql-instances
- Empty the current Cloud SQL instances.
--remove-cloudsql-instances
=[CLOUDSQL-INSTANCES
,…]- Remove the given values from the current Cloud SQL instances.
--set-cloudsql-instances
=[CLOUDSQL-INSTANCES
,…]- Completely replace the current Cloud SQL instances with the given values.
-
These flags modify the custom audiences that can be used in the audience field
of ID token for authenticated requests.
At most one of these can be specified:
--add-custom-audiences
=[CUSTOM-AUDIENCES
,…]- Append the given values to the current custom audiences.
--clear-custom-audiences
- Empty the current custom audiences.
--remove-custom-audiences
=[CUSTOM-AUDIENCES
,…]- Remove the given values from the current custom audiences.
--set-custom-audiences
=[CUSTOM-AUDIENCES
,…]- Completely replace the current custom audiences with the given values.
--add-volume
=[KEY
=VALUE
,…]-
Adds a volume to the Cloud Run resource. To add more than one volume, specify
this flag multiple times. Volumes must have a
name
andtype
key. Only certain values are supported fortype
. Depending on the provided type, other keys will be required. The following types are supported with the specified additional keys:cloud-storage
: A volume representing a Cloud Storage bucket. This volume type is mounted using Cloud Storage FUSE. See https://cloud.google.com/storage/docs/gcs-fuse for the details and limitations of this filesystem. Additional keys:- bucket: (required) the name of the bucket to use as the source of this volume
- readonly: (optional) A boolean. If true, this volume will be read-only from all mounts.
in-memory
: An ephemeral volume that stores data in the instance's memory. With this type of volume, data is not shared between instances and all data will be lost when the instance it is on is terminated. Additional keys:- size-limit: (optional) A quantity representing the maximum amount of memory allocated to this volume, such as "512Mi" or "3G". Data stored in an in-memory volume consumes the memory allocation of the container that wrote the data. If size-limit is not specified, the maximum size will be half the total memory limit of all containers.
nfs
: Represents a volume backed by an NFS server. Additional keys:- location: (required) The location of the NFS Server, in the form SERVER:/PATH
- readonly: (optional) A boolean. If true, this volume will be read-only from all mounts.
--clear-volumes
- Remove all existing volumes from the Cloud Run resource, including volumes mounted as secrets
--remove-volume
=[VOLUME
,…]- Removes volumes from the Cloud Run resource.
The following flags apply to a single container. If the --container flag is specified these flags may only be specified after a --container flag. Otherwise they will apply to the primary ingress container.
--add-volume-mount
=[volume
=NAME
,mount-path
=MOUNT_PATH
,…]-
Adds a mount to the current container. Must contain the keys
volume=NAME
andmount-path=/PATH
where NAME is the name of a volume on this resource and PATH is the path within the container's filesystem to mount this volume.--args
=[ARG
,…]- Comma-separated arguments passed to the command run by the container image. If not specified and no '--command' is provided, the container image's default Cmd is used. Otherwise, if not specified, no arguments are passed. To reset this field to its default, pass an empty string.
--[no-]automatic-updates
-
Indicates whether automatic base image updates should be enabled for an image
built from source. Use
--automatic-updates
to enable and--no-automatic-updates
to disable. --clear-volume-mounts
- Remove all existing mounts from the current container.
--cpu
=CPU
-
Set a CPU limit in Kubernetes cpu units.
Cloud Run supports values fractional values below 1, 1, 2, 4, and 8. Some CPU values requires a minimum Memory
--memory
value. --depends-on
=[CONTAINER
,…]- List of container dependencies to add to the current container.
--gpu
=GPU
-
Cloud Run supports values 0 or 1. 1 gpu also requires a minimum 4
--cpu
value 1 gpu also requires a minimum 8Gi--memory
value. --memory
=MEMORY
- Set a memory limit. Ex: 1024Mi, 4Gi.
--port
=PORT
- Container port to receive requests at. Also sets the $PORT environment variable. Must be a number between 1 and 65535, inclusive. To unset this field, pass the special value "default". If updating an existing service with a TCP startup probe pointing to the previous container port, this will also update the probe port.
--remove-volume-mount
=[MOUNT_PATH
,…]- Removes the volume mounted at the specified path from the current container.
--[no-]use-http2
-
Whether to use HTTP/2 for connections to the service. Use
--use-http2
to enable and--no-use-http2
to disable. -
At most one of these can be specified:
--base-image
=BASE_IMAGE
- Specifies the base image to be used for automatic base image updates. When deploying from source using the Google Cloud buildpacks, this flag will also override the base image used for the application image. See https://cloud.google.com/run/docs/deploying-source-code for more details.
--clear-base-image
- Opts out of automatic base image updates.
-
At most one of these can be specified:
--build-env-vars-file
=FILE_PATH
-
Path to a local YAML file with definitions for all build environment variables.
All existing build environment variables will be removed before the new build
environment variables are added. Example YAML content:
KEY_1: "value1" KEY_2: "value 2"
--clear-build-env-vars
- Remove all build environment variables.
--set-build-env-vars
=[KEY
=VALUE
,…]- List of key-value pairs to set as build environment variables. All existing build environment variables will be removed first.
-
Only --update-build-env-vars and --remove-build-env-vars can be used together.
If both are specified, --remove-build-env-vars will be applied first.
--remove-build-env-vars
=[KEY
,…]- List of build environment variables to be removed.
--update-build-env-vars
=[KEY
=VALUE
,…]- List of key-value pairs to set as build environment variables.
-
At most one of these can be specified:
--build-service-account
=BUILD_SERVICE_ACCOUNT
- Specifies the service account to use to execute the build. Applies only to source deploy builds using the Build API.
--clear-build-service-account
- Clears the Cloud Build service account field.
-
At most one of these can be specified:
--build-worker-pool
=BUILD_WORKER_POOL
-
Name of the Cloud Build Custom Worker Pool that should be used to build the
function. The format of this field is
projects/${PROJECT}/locations/${LOCATION}/workerPools/${WORKERPOOL}
where ${PROJECT} is the project id and ${LOCATION} is the location where the worker pool is defined and ${WORKERPOOL} is the short name of the worker pool. --clear-build-worker-pool
- Clears the Cloud Build Custom Worker Pool field.
-
At most one of these can be specified:
--clear-env-vars
- Remove all environment variables.
--env-vars-file
=FILE_PATH
-
Path to a local YAML file with definitions for all environment variables. All
existing environment variables will be removed before the new environment
variables are added. Example YAML content:
KEY_1: "value1" KEY_2: "value 2"
--set-env-vars
=[KEY
=VALUE
,…]- List of key-value pairs to set as environment variables. All existing environment variables will be removed first.
-
Only --update-env-vars and --remove-env-vars can be used together. If both are
specified, --remove-env-vars will be applied first.
--remove-env-vars
=[KEY
,…]- List of environment variables to be removed.
--update-env-vars
=[KEY
=VALUE
,…]- List of key-value pairs to set as environment variables.
-
Specify secrets to mount or provide as environment variables. Keys starting with
a forward slash '/' are mount paths. All other keys correspond to environment
variables. Values should be in the form SECRET_NAME:SECRET_VERSION. For example:
'--update-secrets=/secrets/api/key=mysecret:latest,ENV=othersecret:1' will mount
a volume at '/secrets/api' containing a file 'key' with the latest version of
secret 'mysecret'. An environment variable named ENV will also be created whose
value is version 1 of secret 'othersecret'.
At most one of these can be specified:
--clear-secrets
- Remove all secrets.
--set-secrets
=[KEY
=VALUE
,…]- List of key-value pairs to set as secrets. All existing secrets will be removed first.
-
Only --update-secrets and --remove-secrets can be used together. If both are
specified, --remove-secrets will be applied first.
--remove-secrets
=[KEY
,…]- List of secrets to be removed.
--update-secrets
=[KEY
=VALUE
,…]- List of key-value pairs to set as secrets.
-
At most one of these can be specified:
--command
=[COMMAND
,…]- Entrypoint for the container image. If not specified, the container image's default Entrypoint is run. To reset this field to its default, pass an empty string.
--function
=FUNCTION
- Specifies that the deployed object is a function. If a value is provided, that value is used as the entrypoint.
-
At most one of these can be specified:
--image
=IMAGE
-
Name of the container image to deploy (e.g.
us-docker.pkg.dev/cloudrun/container/hello:latest
). --source
=SOURCE
-
The location of the source to build. If a Dockerfile is present in the source
code directory, it will be built using that Dockerfile, otherwise it will use
Google Cloud buildpacks. See https://cloud.google.com/run/docs/deploying-source-code
for more details. The location can be a directory on a local disk or a gzipped
archive file (.tar.gz) in Google Cloud Storage. If the source is a local
directory, this command skips the files specified in the
--ignore-file
. If--ignore-file
is not specified, use.gcloudignore
file. If a.gcloudignore
file is absent and a.gitignore
file is present in the local source directory, gcloud will use a generated Git-compatible.gcloudignore
file that respects your .gitignored files. The global.gitignore
is not respected. For more information on.gcloudignore
, seegcloud topic gcloudignore
.
-
At most one of these can be specified:
- Binary Authorization policy to check against. This must be set to "default".
- Remove any previously set Binary Authorization policy.
-
Specify config map to mount or provide as environment variables. Keys starting
with a forward slash '/' are mount paths. All other keys correspond to
environment variables. The values associated with each of these should be in the
form CONFIG_MAP_NAME:KEY_IN_CONFIG_MAP; you may omit the key within the config
map to specify a mount of all keys within the config map. For example:
'--update-config-maps=/my/path=myconfig,ENV=otherconfig:key.json' will create a
volume with config map 'myconfig' and mount that volume at '/my/path'. Because
no config map key was specified, all keys in 'myconfig' will be included. An
environment variable named ENV will also be created whose value is the value of
'key.json' in 'otherconfig. Not supported on the fully managed version of Cloud
Run.
At most one of these can be specified:
--clear-config-maps
- Remove all config-maps.
--set-config-maps
=[KEY
=VALUE
,…]- List of key-value pairs to set as config-maps. All existing config-maps will be removed first.
-
Only --update-config-maps and --remove-config-maps can be used together. If both
are specified, --remove-config-maps will be applied first.
--remove-config-maps
=[KEY
,…]- List of config-maps to be removed.
--update-config-maps
=[KEY
=VALUE
,…]- List of key-value pairs to set as config-maps.
-
At most one of these can be specified:
--clear-encryption-key-shutdown-hours
- Remove any previously set CMEK key shutdown hours setting.
--encryption-key-shutdown-hours
=ENCRYPTION_KEY_SHUTDOWN_HOURS
- The number of hours to wait before an automatic shutdown server after CMEK key revocation is detected.
-
At most one of these can be specified:
--clear-key
- Remove any previously set CMEK key reference.
--key
=KEY
- CMEK key reference to encrypt the container with.
-
At most one of these can be specified:
--clear-labels
-
Remove all labels. If
--update-labels
is also specified then--clear-labels
is applied first.For example, to remove all labels:
gcloud beta run deploy --clear-labels
To remove all existing labels and create two new labels,
andfoo
:baz
gcloud beta run deploy --clear-labels --update-labels foo=bar,baz=qux
--remove-labels
=[KEY
,…]-
List of label keys to remove. If a label does not exist it is silently ignored.
If
--update-labels
is also specified then--update-labels
is applied first.
-
At most one of these can be specified:
--labels
=[KEY
=VALUE
,…]-
List of label KEY=VALUE pairs to add.
An alias to --update-labels.
--update-labels
=[KEY
=VALUE
,…]- List of label KEY=VALUE pairs to update. If a label exists, its value is modified. Otherwise, a new label is created.
-
At most one of these can be specified:
--clear-network
- Disconnect this Cloud Run service from the VPC network it is connected to.
-
Direct VPC egress setting flags group.
--network
=NETWORK
- The VPC network that the Cloud Run service will be able to send traffic to. If --subnet is also specified, subnet must be a subnetwork of the network specified by this --network flag. To clear existing VPC network settings, use --clear-network.
--subnet
=SUBNET
-
The VPC subnetwork that the Cloud Run service will get IPs from. The subnetwork
must be
/26
or larger. If --network is also specified, subnet must be a subnetwork of the network specified by the --network flag. If --network is not specified, network will be looked up from this subnetwork. To clear existing VPC network settings, use --clear-network. -
At most one of these can be specified:
- Clears all existing Compute Engine tags from the Cloud Run service.
- Applies the given Compute Engine tags (comma separated) to the Cloud Run service. To clear existing tags, use --clear-network-tags.
-
At most one of these can be specified:
--clear-post-key-revocation-action-type
- Remove any previously set post CMEK key revocation action type.
--post-key-revocation-action-type
=POST_KEY_REVOCATION_ACTION_TYPE
-
Action type after CMEK key revocation.
POST_KEY_REVOCATION_ACTION_TYPE
must be one of:prevent-new
- No new instances will be started after CMEK key revocation.
shut-down
- No new instances will be started and the existing instances will be shut down after CMEK key revocation.
- GCLOUD WIDE FLAGS
-
These flags are available to all commands:
--access-token-file
,--account
,--billing-project
,--configuration
,--flags-file
,--flatten
,--format
,--help
,--impersonate-service-account
,--log-http
,--project
,--quiet
,--trace-token
,--user-output-enabled
,--verbosity
.Run
$ gcloud help
for details. - NOTES
-
This command is currently in beta and might change without notice. These
variants are also available:
gcloud run deploy
gcloud alpha run deploy
Except as otherwise noted, the content of this page is licensed under the Creative Commons Attribution 4.0 License, and code samples are licensed under the Apache 2.0 License. For details, see the Google Developers Site Policies. Java is a registered trademark of Oracle and/or its affiliates.
Last updated 2024-10-22 UTC.