- NAME
-
- gcloud run jobs create - create a Cloud Run job
- SYNOPSIS
-
-
gcloud run jobs create
[JOB
]--image
=IMAGE
[--args
=[ARG
,…]] [--binary-authorization
=POLICY
] [--breakglass
=JUSTIFICATION
] [--command
=[COMMAND
,…]] [--cpu
=CPU
] [--key
=KEY
] [--labels
=[KEY
=VALUE
,…]] [--max-retries
=MAX_RETRIES
] [--memory
=MEMORY
] [--parallelism
=PARALLELISM
] [--region
=REGION
] [--service-account
=SERVICE_ACCOUNT
] [--set-cloudsql-instances
=[CLOUDSQL-INSTANCES
,…]] [--set-secrets
=[KEY
=SECRET_NAME
:SECRET_VERSION
,…]] [--task-timeout
=TASK_TIMEOUT
] [--tasks
=TASKS
; default=1] [--vpc-connector
=VPC_CONNECTOR
] [--vpc-egress
=VPC_EGRESS
] [--add-volume
=[KEY
=VALUE
,…]--clear-volumes
--remove-volume
=[VOLUME
,…]] [--add-volume-mount
=[volume
=NAME
,mount-path
=MOUNT_PATH
,…]--clear-volume-mounts
--remove-volume-mount
=[MOUNT_PATH
,…]] [--async
|--execute-now
--wait
] [--env-vars-file
=FILE_PATH
|--set-env-vars
=[KEY
=VALUE
,…]] [--network
=NETWORK
--network-tags
=[TAG
,…]--subnet
=SUBNET
] [GCLOUD_WIDE_FLAG …
]
-
- DESCRIPTION
- Creates a new Cloud Run job.
- EXAMPLES
-
To deploy a new job
my-data-transformation
on Cloud Run:gcloud run jobs create my-data-transformation --image=us-docker.pkg.dev/project/image
You may also omit the job name. Then a prompt will be displayed with a suggested default value:
gcloud run jobs create --image=us-docker.pkg.dev/project/image
- POSITIONAL ARGUMENTS
-
-
Job resource - Job to create. This represents a Cloud resource. (NOTE) Some
attributes are not given arguments in this group but can be set in other ways.
To set the
project
attribute:-
provide the argument
JOB
on the command line with a fully specified name; - specify the job name from an interactive prompt with a fully specified name;
-
provide the argument
--project
on the command line; -
set the property
core/project
.
- [
JOB
] -
ID of the Job or fully qualified identifier for the Job.
To set the
jobs
attribute:-
provide the argument
JOB
on the command line; - specify the job name from an interactive prompt.
-
provide the argument
-
provide the argument
-
Job resource - Job to create. This represents a Cloud resource. (NOTE) Some
attributes are not given arguments in this group but can be set in other ways.
- REQUIRED FLAGS
-
--image
=IMAGE
-
Name of the container image to deploy (e.g.
us-docker.pkg.dev/cloudrun/container/job:latest
).
- OPTIONAL FLAGS
-
--args
=[ARG
,…]- Comma-separated arguments passed to the command run by the container image. If not specified and no '--command' is provided, the container image's default Cmd is used. Otherwise, if not specified, no arguments are passed. To reset this field to its default, pass an empty string.
- Binary Authorization policy to check against. This must be set to "default".
--breakglass
=JUSTIFICATION
- Justification to bypass Binary Authorization policy constraints and allow the operation. See https://cloud.google.com/binary-authorization/docs/using-breakglass for more information. Next update or deploy command will automatically clear existing breakglass justification.
--command
=[COMMAND
,…]- Entrypoint for the container image. If not specified, the container image's default Entrypoint is run. To reset this field to its default, pass an empty string.
--cpu
=CPU
-
Set a CPU limit in Kubernetes cpu units.
Cloud Run supports values fractional values below 1, 1, 2, 4, and 8. Some CPU values requires a minimum Memory
--memory
value. --key
=KEY
- CMEK key reference to encrypt the container with.
--labels
=[KEY
=VALUE
,…]- List of label KEY=VALUE pairs to add.
--max-retries
=MAX_RETRIES
- Number of times a task is allowed to restart in case of failure before being failed permanently. This applies per-task, not per-job. If set to 0, tasks will only run once and never be retried on failure.
--memory
=MEMORY
- Set a memory limit. Ex: 1024Mi, 4Gi.
--parallelism
=PARALLELISM
- Number of tasks that may run concurrently. Must be less than or equal to the number of tasks. Set to 0 to unset.
--region
=REGION
- Region in which the resource can be found. Alternatively, set the property [run/region].
--service-account
=SERVICE_ACCOUNT
- the email address of an IAM service account associated with the revision of the service. The service account represents the identity of the running revision, and determines what permissions the revision has.
--set-cloudsql-instances
=[CLOUDSQL-INSTANCES
,…]- You can specify a name of a Cloud SQL instance if it's in the same project and region as your Cloud Run resource; otherwise specify <project>:<region>:<instance> for the instance.
--set-secrets
=[KEY
=SECRET_NAME
:SECRET_VERSION
,…]- Specify secrets to provide as environment variables. For example: '--set-secrets=ENV=mysecret:latest,OTHER_ENV=othersecret:1' will create an environment variable named ENV whose value is the latest version of secret 'mysecret' and an environment variable OTHER_ENV whose value is version of 1 of secret 'othersecret'.
--task-timeout
=TASK_TIMEOUT
- Set the maximum time (deadline) a job task attempt can run for. In the case of retries, this deadline applies to each attempt of a task. If the task attempt does not complete within this time, it will be killed. It is specified as a duration; for example, "10m5s" is ten minutes, and five seconds. If you don't specify a unit, seconds is assumed. For example, "10" is 10 seconds.
--tasks
=TASKS
; default=1- Number of tasks that must run to completion for the execution to be considered done.
--vpc-connector
=VPC_CONNECTOR
- Set a VPC connector for this resource.
--vpc-egress
=VPC_EGRESS
-
Specify which of the outbound traffic to send through Direct VPC egress or the
VPC connector for this resource. This resource must have Direct VPC egress
enabled or a VPC connector to set this flag.
VPC_EGRESS
must be one of:all
- (DEPRECATED) Sends all outbound traffic through Direct VPC egress or the VPC connector. Provides the same functionality as 'all-traffic'. Prefer to use 'all-traffic' instead.
all-traffic
- Sends all outbound traffic through Direct VPC egress or the VPC connector.
private-ranges-only
-
Default option. Sends outbound traffic to private IP addresses (RFC 1918 and
Private Google Access IPs) through Direct VPC egress or the VPC connector.
Traffic to other Cloud Run services might require additional configuration. See https://cloud.google.com/run/docs/securing/private-networking#send_requests_to_other_services_and_services for more information.
--add-volume
=[KEY
=VALUE
,…]-
Adds a volume to the Cloud Run resource. To add more than one volume, specify
this flag multiple times. Volumes must have a
name
andtype
key. Only certain values are supported fortype
. Depending on the provided type, other keys will be required. The following types are supported with the specified additional keys:cloud-storage
: A volume representing a Cloud Storage bucket. This volume type is mounted using Cloud Storage FUSE. See https://cloud.google.com/storage/docs/gcs-fuse for the details and limitations of this filesystem. Additional keys:- bucket: (required) the name of the bucket to use as the source of this volume
- readonly: (optional) A boolean. If true, this volume will be read-only from all mounts.
in-memory
: An ephemeral volume that stores data in the instance's memory. With this type of volume, data is not shared between instances and all data will be lost when the instance it is on is terminated. Additional keys:- size-limit: (optional) A quantity representing the maximum amount of memory allocated to this volume, such as "512Mi" or "3G". Data stored in an in-memory volume consumes the memory allocation of the container that wrote the data. If size-limit is not specified, the maximum size will be half the total memory limit of all containers.
nfs
: Represents a volume backed by an NFS server. Additional keys:- location: (required) The location of the NFS Server, in the form SERVER:/PATH
- readonly: (optional) A boolean. If true, this volume will be read-only from all mounts.
--clear-volumes
- Remove all existing volumes from the Cloud Run resource, including volumes mounted as secrets
--remove-volume
=[VOLUME
,…]- Removes volumes from the Cloud Run resource.
--add-volume-mount
=[volume
=NAME
,mount-path
=MOUNT_PATH
,…]-
Adds a mount to the current container. Must contain the keys
volume=NAME
andmount-path=/PATH
where NAME is the name of a volume on this resource and PATH is the path within the container's filesystem to mount this volume. --clear-volume-mounts
- Remove all existing mounts from the current container.
--remove-volume-mount
=[MOUNT_PATH
,…]- Removes the volume mounted at the specified path from the current container.
-
At most one of these can be specified:
--async
- Return immediately, without waiting for the operation in progress to complete.
-
--async cannot be used if executing the job after the update.
--execute-now
-
Execute the job immediately after the creation or update completes. gcloud exits
once the job has started unless the
--wait
flag is set. --wait
- Wait until the execution has completed running before exiting. If not set, gcloud exits successfully when the execution has started. Implies --execute-now.
-
At most one of these can be specified:
--env-vars-file
=FILE_PATH
-
Path to a local YAML file with definitions for all environment variables.
Example YAML content:
KEY_1: "value1" KEY_2: "value 2"
--set-env-vars
=[KEY
=VALUE
,…]- List of key-value pairs to set as environment variables.
-
Direct VPC egress setting flags group.
--network
=NETWORK
- The VPC network that the Cloud Run job will be able to send traffic to. If --subnet is also specified, subnet must be a subnetwork of the network specified by this --network flag. To clear existing VPC network settings, use --clear-network.
- Applies the given Compute Engine tags (comma separated) to the Cloud Run job. To clear existing tags, use --clear-network-tags.
--subnet
=SUBNET
-
The VPC subnetwork that the Cloud Run job will get IPs from. The subnetwork must
be
/26
or larger. If --network is also specified, subnet must be a subnetwork of the network specified by the --network flag. If --network is not specified, network will be looked up from this subnetwork. To clear existing VPC network settings, use --clear-network.
- GCLOUD WIDE FLAGS
-
These flags are available to all commands:
--access-token-file
,--account
,--billing-project
,--configuration
,--flags-file
,--flatten
,--format
,--help
,--impersonate-service-account
,--log-http
,--project
,--quiet
,--trace-token
,--user-output-enabled
,--verbosity
.Run
$ gcloud help
for details. - NOTES
-
These variants are also available:
gcloud alpha run jobs create
gcloud beta run jobs create
Except as otherwise noted, the content of this page is licensed under the Creative Commons Attribution 4.0 License, and code samples are licensed under the Apache 2.0 License. For details, see the Google Developers Site Policies. Java is a registered trademark of Oracle and/or its affiliates.
Last updated 2024-11-12 UTC.