Close httplib2 connections.
create(parent, body=None, dryRun=None, x__xgafv=None)
Creates a new Service. Service creation will trigger a new deployment. Use GetService, and check service.status to determine if the Service is ready.
delete(name, apiVersion=None, dryRun=None, kind=None, propagationPolicy=None, x__xgafv=None)
Deletes the provided service. This will cause the Service to stop serving traffic and will delete all associated Revisions.
Gets information about a service.
getIamPolicy(resource, options_requestedPolicyVersion=None, x__xgafv=None)
Gets the IAM Access Control policy currently in effect for the given Cloud Run service. This result does not include any inherited policies.
Lists services for the given project and region. Results are sorted by creation time, descending.
replaceService(name, body=None, dryRun=None, x__xgafv=None)
Replaces a service. Only the spec and metadata labels and annotations are modifiable. After the Update request, Cloud Run will work to make the 'status' match the requested 'spec'. May provide metadata.resourceVersion to enforce update from last read for optimistic concurrency control.
setIamPolicy(resource, body=None, x__xgafv=None)
Sets the IAM Access control policy for the specified Service. Overwrites any existing policy.
testIamPermissions(resource, body=None, x__xgafv=None)
Returns permissions that a caller has on the specified Project. There are no permissions required for making this API call.
close()
Close httplib2 connections.
create(parent, body=None, dryRun=None, x__xgafv=None)
Creates a new Service. Service creation will trigger a new deployment. Use GetService, and check service.status to determine if the Service is ready. Args: parent: string, Required. The resource's parent. In Cloud Run, it may be one of the following: * `{project_id_or_number}` * `namespaces/{project_id_or_number}` * `namespaces/{project_id_or_number}/services` * `projects/{project_id_or_number}/locations/{region}` * `projects/{project_id_or_number}/regions/{region}` (required) body: object, The request body. The object takes the form of: { # Service acts as a top-level container that manages a set of Routes and Configurations which implement a network service. Service exists to provide a singular abstraction which can be access controlled, reasoned about, and which encapsulates software lifecycle decisions such as rollout policy and team resource ownership. Service acts only as an orchestrator of the underlying Routes and Configurations (much as a kubernetes Deployment orchestrates ReplicaSets). The Service's controller will track the statuses of its owned Configuration and Route, reflecting their statuses and conditions as its own. "apiVersion": "A String", # The API version for this call. It must be "serving.knative.dev/v1". "kind": "A String", # The kind of resource. It must be "Service". "metadata": { # google.cloud.run.meta.v1.ObjectMeta is metadata that all persisted resources must have, which includes all objects users must create. # Metadata associated with this Service, including name, namespace, labels, and annotations. In Cloud Run, annotations with 'run.googleapis.com/' and 'autoscaling.knative.dev' are restricted, and the accepted annotations will be different depending on the resource type. The following Cloud Run-specific annotations are accepted in Service.metadata.annotations. * `run.googleapis.com/binary-authorization-breakglass` * `run.googleapis.com/binary-authorization` * `run.googleapis.com/client-name` * `run.googleapis.com/custom-audiences` * `run.googleapis.com/default-url-disabled` * `run.googleapis.com/description` * `run.googleapis.com/gc-traffic-tags` * `run.googleapis.com/ingress` * `run.googleapis.com/ingress` sets the ingress settings for the Service. See [the ingress settings documentation](/run/docs/securing/ingress) for details on configuring ingress settings. * `run.googleapis.com/ingress-status` is output-only and contains the currently active ingress settings for the Service. `run.googleapis.com/ingress-status` may differ from `run.googleapis.com/ingress` while the system is processing a change to `run.googleapis.com/ingress` or if the system failed to process a change to `run.googleapis.com/ingress`. When the system has processed all changes successfully `run.googleapis.com/ingress-status` and `run.googleapis.com/ingress` are equal. "annotations": { # Unstructured key value map stored with a resource that may be set by external tools to store and retrieve arbitrary metadata. They are not queryable and should be preserved when modifying objects. In Cloud Run, annotations with 'run.googleapis.com/' and 'autoscaling.knative.dev' are restricted, and the accepted annotations will be different depending on the resource type. * `autoscaling.knative.dev/maxScale`: Revision. * `autoscaling.knative.dev/minScale`: Revision. * `run.googleapis.com/base-images`: Service, Revision. * `run.googleapis.com/binary-authorization-breakglass`: Service, Job, * `run.googleapis.com/binary-authorization`: Service, Job, Execution. * `run.googleapis.com/build-base-image`: Service. * `run.googleapis.com/build-enable-automatic-updates`: Service. * `run.googleapis.com/build-environment-variables`: Service. * `run.googleapis.com/build-function-target`: Service. * `run.googleapis.com/build-id`: Service. * `run.googleapis.com/build-image-uri`: Service. * `run.googleapis.com/build-name`: Service. * `run.googleapis.com/build-service-account`: Service. * `run.googleapis.com/build-source-location`: Service. * `run.googleapis.com/build-worker-pool`: Service. * `run.googleapis.com/client-name`: All resources. * `run.googleapis.com/cloudsql-instances`: Revision, Execution. * `run.googleapis.com/container-dependencies`: Revision . * `run.googleapis.com/cpu-throttling`: Revision. * `run.googleapis.com/custom-audiences`: Service. * `run.googleapis.com/default-url-disabled`: Service. * `run.googleapis.com/description`: Service. * `run.googleapis.com/encryption-key-shutdown-hours`: Revision * `run.googleapis.com/encryption-key`: Revision, Execution. * `run.googleapis.com/execution-environment`: Revision, Execution. * `run.googleapis.com/gc-traffic-tags`: Service. * `run.googleapis.com/health-check-disabled`: Revision. * `run.googleapis.com/ingress`: Service. * `run.googleapis.com/launch-stage`: Service, Job. * `run.googleapis.com/minScale`: Service * `run.googleapis.com/network-interfaces`: Revision, Execution. * `run.googleapis.com/post-key-revocation-action-type`: Revision. * `run.googleapis.com/secrets`: Revision, Execution. * `run.googleapis.com/secure-session-agent`: Revision. * `run.googleapis.com/sessionAffinity`: Revision. * `run.googleapis.com/startup-cpu-boost`: Revision. * `run.googleapis.com/vpc-access-connector`: Revision, Execution. * `run.googleapis.com/vpc-access-egress`: Revision, Execution. "a_key": "A String", }, "clusterName": "A String", # Not supported by Cloud Run "creationTimestamp": "A String", # UTC timestamp representing the server time when this object was created. "deletionGracePeriodSeconds": 42, # Not supported by Cloud Run "deletionTimestamp": "A String", # The read-only soft deletion timestamp for this resource. In Cloud Run, users are not able to set this field. Instead, they must call the corresponding Delete API. "finalizers": [ # Not supported by Cloud Run "A String", ], "generateName": "A String", # Not supported by Cloud Run "generation": 42, # A system-provided sequence number representing a specific generation of the desired state. "labels": { # Map of string keys and values that can be used to organize and categorize (scope and select) objects. May match selectors of replication controllers and routes. "a_key": "A String", }, "name": "A String", # Required. The name of the resource. Name is required when creating top-level resources (Service, Job), must be unique within a Cloud Run project/region, and cannot be changed once created. "namespace": "A String", # Required. Defines the space within each name must be unique within a Cloud Run region. In Cloud Run, it must be project ID or number. "ownerReferences": [ # Not supported by Cloud Run { # This is not supported or used by Cloud Run. "apiVersion": "A String", # This is not supported or used by Cloud Run. "blockOwnerDeletion": True or False, # This is not supported or used by Cloud Run. "controller": True or False, # This is not supported or used by Cloud Run. "kind": "A String", # This is not supported or used by Cloud Run. "name": "A String", # This is not supported or used by Cloud Run. "uid": "A String", # This is not supported or used by Cloud Run. }, ], "resourceVersion": "A String", # Opaque, system-generated value that represents the internal version of this object that can be used by clients to determine when objects have changed. May be used for optimistic concurrency, change detection, and the watch operation on a resource or set of resources. Clients must treat these values as opaque and passed unmodified back to the server or omit the value to disable conflict-detection. "selfLink": "A String", # URL representing this object. "uid": "A String", # Unique, system-generated identifier for this resource. }, "spec": { # ServiceSpec holds the desired state of the Route (from the client), which is used to manipulate the underlying Route and Configuration(s). # Holds the desired state of the Service (from the client). "template": { # RevisionTemplateSpec describes the data a revision should have when created from a template. # Holds the latest specification for the Revision to be stamped out. "metadata": { # google.cloud.run.meta.v1.ObjectMeta is metadata that all persisted resources must have, which includes all objects users must create. # Optional metadata for this Revision, including labels and annotations. Name will be generated by the Configuration. The following annotation keys set properties of the created revision: * `autoscaling.knative.dev/minScale` sets the minimum number of instances. * `autoscaling.knative.dev/maxScale` sets the maximum number of instances. * `run.googleapis.com/cloudsql-instances` sets Cloud SQL connections. Multiple values should be comma separated. * `run.googleapis.com/health-check-disabled`: if true, deploy-time startup probes will not run for this revision. * `run.googleapis.com/vpc-access-connector` sets a Serverless VPC Access connector. * `run.googleapis.com/vpc-access-egress` sets VPC egress. Supported values are `all-traffic`, `all` (deprecated), and `private-ranges-only`. `all-traffic` and `all` provide the same functionality. `all` is deprecated but will continue to be supported. Prefer `all-traffic`. "annotations": { # Unstructured key value map stored with a resource that may be set by external tools to store and retrieve arbitrary metadata. They are not queryable and should be preserved when modifying objects. In Cloud Run, annotations with 'run.googleapis.com/' and 'autoscaling.knative.dev' are restricted, and the accepted annotations will be different depending on the resource type. * `autoscaling.knative.dev/maxScale`: Revision. * `autoscaling.knative.dev/minScale`: Revision. * `run.googleapis.com/base-images`: Service, Revision. * `run.googleapis.com/binary-authorization-breakglass`: Service, Job, * `run.googleapis.com/binary-authorization`: Service, Job, Execution. * `run.googleapis.com/build-base-image`: Service. * `run.googleapis.com/build-enable-automatic-updates`: Service. * `run.googleapis.com/build-environment-variables`: Service. * `run.googleapis.com/build-function-target`: Service. * `run.googleapis.com/build-id`: Service. * `run.googleapis.com/build-image-uri`: Service. * `run.googleapis.com/build-name`: Service. * `run.googleapis.com/build-service-account`: Service. * `run.googleapis.com/build-source-location`: Service. * `run.googleapis.com/build-worker-pool`: Service. * `run.googleapis.com/client-name`: All resources. * `run.googleapis.com/cloudsql-instances`: Revision, Execution. * `run.googleapis.com/container-dependencies`: Revision . * `run.googleapis.com/cpu-throttling`: Revision. * `run.googleapis.com/custom-audiences`: Service. * `run.googleapis.com/default-url-disabled`: Service. * `run.googleapis.com/description`: Service. * `run.googleapis.com/encryption-key-shutdown-hours`: Revision * `run.googleapis.com/encryption-key`: Revision, Execution. * `run.googleapis.com/execution-environment`: Revision, Execution. * `run.googleapis.com/gc-traffic-tags`: Service. * `run.googleapis.com/health-check-disabled`: Revision. * `run.googleapis.com/ingress`: Service. * `run.googleapis.com/launch-stage`: Service, Job. * `run.googleapis.com/minScale`: Service * `run.googleapis.com/network-interfaces`: Revision, Execution. * `run.googleapis.com/post-key-revocation-action-type`: Revision. * `run.googleapis.com/secrets`: Revision, Execution. * `run.googleapis.com/secure-session-agent`: Revision. * `run.googleapis.com/sessionAffinity`: Revision. * `run.googleapis.com/startup-cpu-boost`: Revision. * `run.googleapis.com/vpc-access-connector`: Revision, Execution. * `run.googleapis.com/vpc-access-egress`: Revision, Execution. "a_key": "A String", }, "clusterName": "A String", # Not supported by Cloud Run "creationTimestamp": "A String", # UTC timestamp representing the server time when this object was created. "deletionGracePeriodSeconds": 42, # Not supported by Cloud Run "deletionTimestamp": "A String", # The read-only soft deletion timestamp for this resource. In Cloud Run, users are not able to set this field. Instead, they must call the corresponding Delete API. "finalizers": [ # Not supported by Cloud Run "A String", ], "generateName": "A String", # Not supported by Cloud Run "generation": 42, # A system-provided sequence number representing a specific generation of the desired state. "labels": { # Map of string keys and values that can be used to organize and categorize (scope and select) objects. May match selectors of replication controllers and routes. "a_key": "A String", }, "name": "A String", # Required. The name of the resource. Name is required when creating top-level resources (Service, Job), must be unique within a Cloud Run project/region, and cannot be changed once created. "namespace": "A String", # Required. Defines the space within each name must be unique within a Cloud Run region. In Cloud Run, it must be project ID or number. "ownerReferences": [ # Not supported by Cloud Run { # This is not supported or used by Cloud Run. "apiVersion": "A String", # This is not supported or used by Cloud Run. "blockOwnerDeletion": True or False, # This is not supported or used by Cloud Run. "controller": True or False, # This is not supported or used by Cloud Run. "kind": "A String", # This is not supported or used by Cloud Run. "name": "A String", # This is not supported or used by Cloud Run. "uid": "A String", # This is not supported or used by Cloud Run. }, ], "resourceVersion": "A String", # Opaque, system-generated value that represents the internal version of this object that can be used by clients to determine when objects have changed. May be used for optimistic concurrency, change detection, and the watch operation on a resource or set of resources. Clients must treat these values as opaque and passed unmodified back to the server or omit the value to disable conflict-detection. "selfLink": "A String", # URL representing this object. "uid": "A String", # Unique, system-generated identifier for this resource. }, "spec": { # RevisionSpec holds the desired state of the Revision (from the client). # RevisionSpec holds the desired state of the Revision (from the client). "containerConcurrency": 42, # ContainerConcurrency specifies the maximum allowed in-flight (concurrent) requests per container instance of the Revision. If not specified or 0, defaults to 80 when requested CPU >= 1 and defaults to 1 when requested CPU < 1. "containers": [ # Required. Containers holds the list which define the units of execution for this Revision. In the context of a Revision, we disallow a number of fields on this Container, including: name and lifecycle. { # A single application container. This specifies both the container to run, the command to run in the container and the arguments to supply to it. Note that additional arguments may be supplied by the system to the container at runtime. "args": [ # Arguments to the entrypoint. The docker image's CMD is used if this is not provided. Variable references are not supported in Cloud Run. "A String", ], "command": [ # Entrypoint array. Not executed within a shell. The docker image's ENTRYPOINT is used if this is not provided. Variable references are not supported in Cloud Run. "A String", ], "env": [ # List of environment variables to set in the container. EnvVar with duplicate names are generally allowed; if referencing a secret, the name must be unique for the container. For non-secret EnvVar names, the Container will only get the last-declared one. { # EnvVar represents an environment variable present in a Container. "name": "A String", # Required. Name of the environment variable. "value": "A String", # Value of the environment variable. Defaults to "". Variable references are not supported in Cloud Run. "valueFrom": { # EnvVarSource represents a source for the value of an EnvVar. # Source for the environment variable's value. Only supports secret_key_ref. Cannot be used if value is not empty. "configMapKeyRef": { # Not supported by Cloud Run. # Not supported by Cloud Run. Not supported in Cloud Run. "key": "A String", # Required. Not supported by Cloud Run. "localObjectReference": { # Not supported by Cloud Run. LocalObjectReference contains enough information to let you locate the referenced object inside the same namespace. # Not supported by Cloud Run. "name": "A String", # Name of the referent. }, "name": "A String", # Required. Not supported by Cloud Run. "optional": True or False, # Not supported by Cloud Run. }, "secretKeyRef": { # SecretKeySelector selects a key of a Secret. # Selects a key (version) of a secret in Secret Manager. "key": "A String", # Required. A Cloud Secret Manager secret version. Must be 'latest' for the latest version, an integer for a specific version, or a version alias. The key of the secret to select from. Must be a valid secret key. "localObjectReference": { # Not supported by Cloud Run. LocalObjectReference contains enough information to let you locate the referenced object inside the same namespace. # This field should not be used directly as it is meant to be inlined directly into the message. Use the "name" field instead. "name": "A String", # Name of the referent. }, "name": "A String", # The name of the secret in Cloud Secret Manager. By default, the secret is assumed to be in the same project. If the secret is in another project, you must define an alias. An alias definition has the form: :projects//secrets/. If multiple alias definitions are needed, they must be separated by commas. The alias definitions must be set on the run.googleapis.com/secrets annotation. The name of the secret in the pod's namespace to select from. "optional": True or False, # Specify whether the Secret or its key must be defined. }, }, }, ], "envFrom": [ # Not supported by Cloud Run. { # Not supported by Cloud Run. EnvFromSource represents the source of a set of ConfigMaps "configMapRef": { # Not supported by Cloud Run. ConfigMapEnvSource selects a ConfigMap to populate the environment variables with. The contents of the target ConfigMap's Data field will represent the key-value pairs as environment variables. # The ConfigMap to select from "localObjectReference": { # Not supported by Cloud Run. LocalObjectReference contains enough information to let you locate the referenced object inside the same namespace. # This field should not be used directly as it is meant to be inlined directly into the message. Use the "name" field instead. "name": "A String", # Name of the referent. }, "name": "A String", # The ConfigMap to select from. "optional": True or False, # Specify whether the ConfigMap must be defined. }, "prefix": "A String", # An optional identifier to prepend to each key in the ConfigMap. Must be a C_IDENTIFIER. "secretRef": { # Not supported by Cloud Run. SecretEnvSource selects a Secret to populate the environment variables with. The contents of the target Secret's Data field will represent the key-value pairs as environment variables. # The Secret to select from "localObjectReference": { # Not supported by Cloud Run. LocalObjectReference contains enough information to let you locate the referenced object inside the same namespace. # This field should not be used directly as it is meant to be inlined directly into the message. Use the "name" field instead. "name": "A String", # Name of the referent. }, "name": "A String", # The Secret to select from. "optional": True or False, # Specify whether the Secret must be defined }, }, ], "image": "A String", # Required. Name of the container image in Dockerhub, Google Artifact Registry, or Google Container Registry. If the host is not provided, Dockerhub is assumed. "imagePullPolicy": "A String", # Image pull policy. One of Always, Never, IfNotPresent. Defaults to Always if :latest tag is specified, or IfNotPresent otherwise. "livenessProbe": { # Probe describes a health check to be performed against a container to determine whether it is alive or ready to receive traffic. # Periodic probe of container liveness. Container will be restarted if the probe fails. "exec": { # Not supported by Cloud Run. ExecAction describes a "run in container" action. # Not supported by Cloud Run. "command": [ # Command is the command line to execute inside the container, the working directory for the command is root ('/') in the container's filesystem. The command is simply exec'd, it is not run inside a shell, so traditional shell instructions ('|', etc) won't work. To use a shell, you need to explicitly call out to that shell. Exit status of 0 is treated as live/healthy and non-zero is unhealthy. "A String", ], }, "failureThreshold": 42, # Minimum consecutive failures for the probe to be considered failed after having succeeded. Defaults to 3. Minimum value is 1. "grpc": { # GRPCAction describes an action involving a GRPC port. # GRPCAction specifies an action involving a GRPC port. "port": 42, # Port number of the gRPC service. Number must be in the range 1 to 65535. "service": "A String", # Service is the name of the service to place in the gRPC HealthCheckRequest. If this is not specified, the default behavior is defined by gRPC. }, "httpGet": { # HTTPGetAction describes an action based on HTTP Get requests. # HTTPGet specifies the http request to perform. "host": "A String", # Not supported by Cloud Run. "httpHeaders": [ # Custom headers to set in the request. HTTP allows repeated headers. { # HTTPHeader describes a custom header to be used in HTTP probes "name": "A String", # Required. The header field name "value": "A String", # The header field value }, ], "path": "A String", # Path to access on the HTTP server. "port": 42, # Port number to access on the container. Number must be in the range 1 to 65535. "scheme": "A String", # Not supported by Cloud Run. }, "initialDelaySeconds": 42, # Number of seconds after the container has started before the probe is initiated. Defaults to 0 seconds. Minimum value is 0. Maximum value for liveness probe is 3600. Maximum value for startup probe is 240. "periodSeconds": 42, # How often (in seconds) to perform the probe. Default to 10 seconds. Minimum value is 1. Maximum value for liveness probe is 3600. Maximum value for startup probe is 240. Must be greater or equal than timeout_seconds. "successThreshold": 42, # Minimum consecutive successes for the probe to be considered successful after having failed. Must be 1 if set. "tcpSocket": { # TCPSocketAction describes an action based on opening a socket # TCPSocket specifies an action involving a TCP port. "host": "A String", # Not supported by Cloud Run. "port": 42, # Port number to access on the container. Number must be in the range 1 to 65535. }, "timeoutSeconds": 42, # Number of seconds after which the probe times out. Defaults to 1 second. Minimum value is 1. Maximum value is 3600. Must be smaller than period_seconds; if period_seconds is not set, must be less or equal than 10. }, "name": "A String", # Name of the container specified as a DNS_LABEL (RFC 1123). "ports": [ # List of ports to expose from the container. Only a single port can be specified. The specified ports must be listening on all interfaces (0.0.0.0) within the container to be accessible. If omitted, a port number will be chosen and passed to the container through the PORT environment variable for the container to listen on. { # ContainerPort represents a network port in a single container. "containerPort": 42, # Port number the container listens on. If present, this must be a valid port number, 0 < x < 65536. If not present, it will default to port 8080. For more information, see https://cloud.google.com/run/docs/container-contract#port "name": "A String", # If specified, used to specify which protocol to use. Allowed values are "http1" and "h2c". "protocol": "A String", # Protocol for port. Must be "TCP". Defaults to "TCP". }, ], "readinessProbe": { # Probe describes a health check to be performed against a container to determine whether it is alive or ready to receive traffic. # Readiness probe to be used for health checks. Not supported by Cloud Run. "exec": { # Not supported by Cloud Run. ExecAction describes a "run in container" action. # Not supported by Cloud Run. "command": [ # Command is the command line to execute inside the container, the working directory for the command is root ('/') in the container's filesystem. The command is simply exec'd, it is not run inside a shell, so traditional shell instructions ('|', etc) won't work. To use a shell, you need to explicitly call out to that shell. Exit status of 0 is treated as live/healthy and non-zero is unhealthy. "A String", ], }, "failureThreshold": 42, # Minimum consecutive failures for the probe to be considered failed after having succeeded. Defaults to 3. Minimum value is 1. "grpc": { # GRPCAction describes an action involving a GRPC port. # GRPCAction specifies an action involving a GRPC port. "port": 42, # Port number of the gRPC service. Number must be in the range 1 to 65535. "service": "A String", # Service is the name of the service to place in the gRPC HealthCheckRequest. If this is not specified, the default behavior is defined by gRPC. }, "httpGet": { # HTTPGetAction describes an action based on HTTP Get requests. # HTTPGet specifies the http request to perform. "host": "A String", # Not supported by Cloud Run. "httpHeaders": [ # Custom headers to set in the request. HTTP allows repeated headers. { # HTTPHeader describes a custom header to be used in HTTP probes "name": "A String", # Required. The header field name "value": "A String", # The header field value }, ], "path": "A String", # Path to access on the HTTP server. "port": 42, # Port number to access on the container. Number must be in the range 1 to 65535. "scheme": "A String", # Not supported by Cloud Run. }, "initialDelaySeconds": 42, # Number of seconds after the container has started before the probe is initiated. Defaults to 0 seconds. Minimum value is 0. Maximum value for liveness probe is 3600. Maximum value for startup probe is 240. "periodSeconds": 42, # How often (in seconds) to perform the probe. Default to 10 seconds. Minimum value is 1. Maximum value for liveness probe is 3600. Maximum value for startup probe is 240. Must be greater or equal than timeout_seconds. "successThreshold": 42, # Minimum consecutive successes for the probe to be considered successful after having failed. Must be 1 if set. "tcpSocket": { # TCPSocketAction describes an action based on opening a socket # TCPSocket specifies an action involving a TCP port. "host": "A String", # Not supported by Cloud Run. "port": 42, # Port number to access on the container. Number must be in the range 1 to 65535. }, "timeoutSeconds": 42, # Number of seconds after which the probe times out. Defaults to 1 second. Minimum value is 1. Maximum value is 3600. Must be smaller than period_seconds; if period_seconds is not set, must be less or equal than 10. }, "resources": { # ResourceRequirements describes the compute resource requirements. # Compute Resources required by this container. "limits": { # Limits describes the maximum amount of compute resources allowed. Only 'cpu' and 'memory' keys are supported. * For supported 'cpu' values, go to https://cloud.google.com/run/docs/configuring/cpu. * For supported 'memory' values and syntax, go to https://cloud.google.com/run/docs/configuring/memory-limits "a_key": "A String", }, "requests": { # Requests describes the minimum amount of compute resources required. Only `cpu` and `memory` are supported. If Requests is omitted for a container, it defaults to Limits if that is explicitly specified, otherwise to an implementation-defined value. * For supported 'cpu' values, go to https://cloud.google.com/run/docs/configuring/cpu. * For supported 'memory' values and syntax, go to https://cloud.google.com/run/docs/configuring/memory-limits "a_key": "A String", }, }, "securityContext": { # Not supported by Cloud Run. SecurityContext holds security configuration that will be applied to a container. Some fields are present in both SecurityContext and PodSecurityContext. When both are set, the values in SecurityContext take precedence. # Not supported by Cloud Run. "runAsUser": 42, # The UID to run the entrypoint of the container process. Defaults to user specified in image metadata if unspecified. May also be set in PodSecurityContext. If set in both SecurityContext and PodSecurityContext, the value specified in SecurityContext takes precedence. }, "startupProbe": { # Probe describes a health check to be performed against a container to determine whether it is alive or ready to receive traffic. # Startup probe of application within the container. All other probes are disabled if a startup probe is provided, until it succeeds. Container will not receive traffic if the probe fails. If not provided, a default startup probe with TCP socket action is used. "exec": { # Not supported by Cloud Run. ExecAction describes a "run in container" action. # Not supported by Cloud Run. "command": [ # Command is the command line to execute inside the container, the working directory for the command is root ('/') in the container's filesystem. The command is simply exec'd, it is not run inside a shell, so traditional shell instructions ('|', etc) won't work. To use a shell, you need to explicitly call out to that shell. Exit status of 0 is treated as live/healthy and non-zero is unhealthy. "A String", ], }, "failureThreshold": 42, # Minimum consecutive failures for the probe to be considered failed after having succeeded. Defaults to 3. Minimum value is 1. "grpc": { # GRPCAction describes an action involving a GRPC port. # GRPCAction specifies an action involving a GRPC port. "port": 42, # Port number of the gRPC service. Number must be in the range 1 to 65535. "service": "A String", # Service is the name of the service to place in the gRPC HealthCheckRequest. If this is not specified, the default behavior is defined by gRPC. }, "httpGet": { # HTTPGetAction describes an action based on HTTP Get requests. # HTTPGet specifies the http request to perform. "host": "A String", # Not supported by Cloud Run. "httpHeaders": [ # Custom headers to set in the request. HTTP allows repeated headers. { # HTTPHeader describes a custom header to be used in HTTP probes "name": "A String", # Required. The header field name "value": "A String", # The header field value }, ], "path": "A String", # Path to access on the HTTP server. "port": 42, # Port number to access on the container. Number must be in the range 1 to 65535. "scheme": "A String", # Not supported by Cloud Run. }, "initialDelaySeconds": 42, # Number of seconds after the container has started before the probe is initiated. Defaults to 0 seconds. Minimum value is 0. Maximum value for liveness probe is 3600. Maximum value for startup probe is 240. "periodSeconds": 42, # How often (in seconds) to perform the probe. Default to 10 seconds. Minimum value is 1. Maximum value for liveness probe is 3600. Maximum value for startup probe is 240. Must be greater or equal than timeout_seconds. "successThreshold": 42, # Minimum consecutive successes for the probe to be considered successful after having failed. Must be 1 if set. "tcpSocket": { # TCPSocketAction describes an action based on opening a socket # TCPSocket specifies an action involving a TCP port. "host": "A String", # Not supported by Cloud Run. "port": 42, # Port number to access on the container. Number must be in the range 1 to 65535. }, "timeoutSeconds": 42, # Number of seconds after which the probe times out. Defaults to 1 second. Minimum value is 1. Maximum value is 3600. Must be smaller than period_seconds; if period_seconds is not set, must be less or equal than 10. }, "terminationMessagePath": "A String", # Path at which the file to which the container's termination message will be written is mounted into the container's filesystem. Message written is intended to be brief final status, such as an assertion failure message. Will be truncated by the node if greater than 4096 bytes. The total message length across all containers will be limited to 12kb. Defaults to /dev/termination-log. "terminationMessagePolicy": "A String", # Indicate how the termination message should be populated. File will use the contents of terminationMessagePath to populate the container status message on both success and failure. FallbackToLogsOnError will use the last chunk of container log output if the termination message file is empty and the container exited with an error. The log output is limited to 2048 bytes or 80 lines, whichever is smaller. Defaults to File. Cannot be updated. "volumeMounts": [ # Volume to mount into the container's filesystem. Only supports SecretVolumeSources. Pod volumes to mount into the container's filesystem. { # VolumeMount describes a mounting of a Volume within a container. "mountPath": "A String", # Required. Path within the container at which the volume should be mounted. Must not contain ':'. "name": "A String", # Required. The name of the volume. There must be a corresponding Volume with the same name. "readOnly": True or False, # Sets the mount to be read-only or read-write. Not used by Cloud Run. "subPath": "A String", # Path within the volume from which the container's volume should be mounted. Defaults to "" (volume's root). }, ], "workingDir": "A String", # Container's working directory. If not specified, the container runtime's default will be used, which might be configured in the container image. }, ], "enableServiceLinks": True or False, # Not supported by Cloud Run. "imagePullSecrets": [ # Not supported by Cloud Run. { # Not supported by Cloud Run. LocalObjectReference contains enough information to let you locate the referenced object inside the same namespace. "name": "A String", # Name of the referent. }, ], "nodeSelector": { # Optional. The Node Selector configuration. Map of selector key to a value which matches a node. "a_key": "A String", }, "runtimeClassName": "A String", # Runtime. Leave unset for default. "serviceAccountName": "A String", # Email address of the IAM service account associated with the revision of the service. The service account represents the identity of the running revision, and determines what permissions the revision has. If not provided, the revision will use the project's default service account. "timeoutSeconds": 42, # TimeoutSeconds holds the max duration the instance is allowed for responding to a request. Cloud Run: defaults to 300 seconds (5 minutes). Maximum allowed value is 3600 seconds (1 hour). "volumes": [ { # Volume represents a named volume in a container. "configMap": { # Not supported by Cloud Run. Adapts a ConfigMap into a volume. The contents of the target ConfigMap's Data field will be presented in a volume as files using the keys in the Data field as the file names, unless the items element is populated with specific mappings of keys to paths. # Not supported in Cloud Run. "defaultMode": 42, # (Optional) Integer representation of mode bits to use on created files by default. Must be a value between 01 and 0777 (octal). If 0 or not set, it will default to 0644. Directories within the path are not affected by this setting. Notes * Internally, a umask of 0222 will be applied to any non-zero value. * This is an integer representation of the mode bits. So, the octal integer value should look exactly as the chmod numeric notation with a leading zero. Some examples: for chmod 777 (a=rwx), set to 0777 (octal) or 511 (base-10). For chmod 640 (u=rw,g=r), set to 0640 (octal) or 416 (base-10). For chmod 755 (u=rwx,g=rx,o=rx), set to 0755 (octal) or 493 (base-10). * This might be in conflict with other options that affect the file mode, like fsGroup, and the result can be other mode bits set. "items": [ # (Optional) If unspecified, each key-value pair in the Data field of the referenced Secret will be projected into the volume as a file whose name is the key and content is the value. If specified, the listed keys will be projected into the specified paths, and unlisted keys will not be present. If a key is specified that is not present in the Secret, the volume setup will error unless it is marked optional. { # Maps a string key to a path within a volume. "key": "A String", # The Cloud Secret Manager secret version. Can be 'latest' for the latest value, or an integer or a secret alias for a specific version. The key to project. "mode": 42, # (Optional) Mode bits to use on this file, must be a value between 01 and 0777 (octal). If 0 or not set, the Volume's default mode will be used. Notes * Internally, a umask of 0222 will be applied to any non-zero value. * This is an integer representation of the mode bits. So, the octal integer value should look exactly as the chmod numeric notation with a leading zero. Some examples: for chmod 777 (a=rwx), set to 0777 (octal) or 511 (base-10). For chmod 640 (u=rw,g=r), set to 0640 (octal) or 416 (base-10). For chmod 755 (u=rwx,g=rx,o=rx), set to 0755 (octal) or 493 (base-10). * This might be in conflict with other options that affect the file mode, like fsGroup, and the result can be other mode bits set. "path": "A String", # The relative path of the file to map the key to. May not be an absolute path. May not contain the path element '..'. May not start with the string '..'. }, ], "name": "A String", # Name of the config. "optional": True or False, # (Optional) Specify whether the Secret or its keys must be defined. }, "csi": { # Storage volume source using the Container Storage Interface. # Volume specified by the Container Storage Interface driver "driver": "A String", # name of the CSI driver for the requested storage system. Cloud Run supports the following drivers: * gcsfuse.run.googleapis.com : Mount a Cloud Storage Bucket as a volume. "readOnly": True or False, # If true, mount the volume as read only. Defaults to false. "volumeAttributes": { # stores driver specific attributes. For Google Cloud Storage volumes, the following attributes are supported: * bucketName: the name of the Cloud Storage bucket to mount. The Cloud Run Service identity must have access to this bucket. "a_key": "A String", }, }, "emptyDir": { # In memory (tmpfs) ephemeral storage. It is ephemeral in the sense that when the sandbox is taken down, the data is destroyed with it (it does not persist across sandbox runs). # Ephemeral storage used as a shared volume. "medium": "A String", # The medium on which the data is stored. The default is "" which means to use the node's default medium. Must be an empty string (default) or Memory. More info: https://kubernetes.io/docs/concepts/storage/volumes#emptydir "sizeLimit": "A String", # Limit on the storage usable by this EmptyDir volume. The size limit is also applicable for memory medium. The maximum usage on memory medium EmptyDir would be the minimum value between the SizeLimit specified here and the sum of memory limits of all containers. The default is nil which means that the limit is undefined. More info: https://cloud.google.com/run/docs/configuring/in-memory-volumes#configure-volume. Info in Kubernetes: https://kubernetes.io/docs/concepts/storage/volumes/#emptydir }, "name": "A String", # Volume's name. In Cloud Run Fully Managed, the name 'cloudsql' is reserved. "nfs": { # Represents a persistent volume that will be mounted using NFS. This volume will be shared between all instances of the resource and data will not be deleted when the instance is shut down. "path": "A String", # Path that is exported by the NFS server. "readOnly": True or False, # If true, mount the NFS volume as read only. Defaults to false. "server": "A String", # Hostname or IP address of the NFS server. }, "secret": { # A volume representing a secret stored in Google Secret Manager. The secret's value will be presented as the content of a file whose name is defined in the item path. If no items are defined, the name of the file is the secret_name. The contents of the target Secret's Data field will be presented in a volume as files using the keys in the Data field as the file names. # The secret's value will be presented as the content of a file whose name is defined in the item path. If no items are defined, the name of the file is the secretName. "defaultMode": 42, # Integer representation of mode bits to use on created files by default. Must be a value between 01 and 0777 (octal). If 0 or not set, it will default to 0444. Directories within the path are not affected by this setting. Notes * Internally, a umask of 0222 will be applied to any non-zero value. * This is an integer representation of the mode bits. So, the octal integer value should look exactly as the chmod numeric notation with a leading zero. Some examples: for chmod 777 (a=rwx), set to 0777 (octal) or 511 (base-10). For chmod 640 (u=rw,g=r), set to 0640 (octal) or 416 (base-10). For chmod 755 (u=rwx,g=rx,o=rx), set to 0755 (octal) or 493 (base-10). * This might be in conflict with other options that affect the file mode, like fsGroup, and the result can be other mode bits set. "items": [ # A list of secret versions to mount in the volume. If no items are specified, the volume will expose a file with the same name as the secret name. The contents of the file will be the data in the latest version of the secret. If items are specified, the key will be used as the version to fetch from Cloud Secret Manager and the path will be the name of the file exposed in the volume. When items are defined, they must specify both a key and a path. { # Maps a string key to a path within a volume. "key": "A String", # The Cloud Secret Manager secret version. Can be 'latest' for the latest value, or an integer or a secret alias for a specific version. The key to project. "mode": 42, # (Optional) Mode bits to use on this file, must be a value between 01 and 0777 (octal). If 0 or not set, the Volume's default mode will be used. Notes * Internally, a umask of 0222 will be applied to any non-zero value. * This is an integer representation of the mode bits. So, the octal integer value should look exactly as the chmod numeric notation with a leading zero. Some examples: for chmod 777 (a=rwx), set to 0777 (octal) or 511 (base-10). For chmod 640 (u=rw,g=r), set to 0640 (octal) or 416 (base-10). For chmod 755 (u=rwx,g=rx,o=rx), set to 0755 (octal) or 493 (base-10). * This might be in conflict with other options that affect the file mode, like fsGroup, and the result can be other mode bits set. "path": "A String", # The relative path of the file to map the key to. May not be an absolute path. May not contain the path element '..'. May not start with the string '..'. }, ], "optional": True or False, # Not supported by Cloud Run. "secretName": "A String", # The name of the secret in Cloud Secret Manager. By default, the secret is assumed to be in the same project. If the secret is in another project, you must define an alias. An alias definition has the form: :projects//secrets/. If multiple alias definitions are needed, they must be separated by commas. The alias definitions must be set on the run.googleapis.com/secrets annotation. Name of the secret in the container's namespace to use. }, }, ], }, }, "traffic": [ # Specifies how to distribute traffic over a collection of Knative Revisions and Configurations to the Service's main URL. { # TrafficTarget holds a single entry of the routing table for a Route. "configurationName": "A String", # [Deprecated] Not supported in Cloud Run. It must be empty. "latestRevision": True or False, # Uses the "status.latestReadyRevisionName" of the Service to determine the traffic target. When it changes, traffic will automatically migrate from the prior "latest ready" revision to the new one. This field must be false if RevisionName is set. This field defaults to true otherwise. If the field is set to true on Status, this means that the Revision was resolved from the Service's latest ready revision. "percent": 42, # Percent specifies percent of the traffic to this Revision or Configuration. This defaults to zero if unspecified. "revisionName": "A String", # Points this traffic target to a specific Revision. This field is mutually exclusive with latest_revision. "tag": "A String", # Tag is used to expose a dedicated url for referencing this target exclusively. "url": "A String", # Output only. URL displays the URL for accessing tagged traffic targets. URL is displayed in status, and is disallowed on spec. URL must contain a scheme (e.g. https://) and a hostname, but may not contain anything else (e.g. basic auth, url path, etc.) }, ], }, "status": { # The current state of the Service. Output only. # Communicates the system-controlled state of the Service. "address": { # Information for connecting over HTTP(s). # Similar to url, information on where the service is available on HTTP. "url": "A String", }, "conditions": [ # Conditions communicate information about ongoing/complete reconciliation processes that bring the `spec` inline with the observed state of the world. Service-specific conditions include: * `ConfigurationsReady`: `True` when the underlying Configuration is ready. * `RoutesReady`: `True` when the underlying Route is ready. * `Ready`: `True` when all underlying resources are ready. { # Conditions show the status of reconciliation progress on a given resource. Most resource use a top-level condition type "Ready" or "Completed" to show overall status with other conditions to checkpoint each stage of reconciliation. Note that if metadata.Generation does not equal status.ObservedGeneration, the conditions shown may not be relevant for the current spec. "lastTransitionTime": "A String", # Optional. Last time the condition transitioned from one status to another. "message": "A String", # Optional. Human readable message indicating details about the current status. "reason": "A String", # Optional. One-word CamelCase reason for the condition's last transition. These are intended to be stable, unique values which the client may use to trigger error handling logic, whereas messages which may be changed later by the server. "severity": "A String", # Optional. How to interpret this condition. One of Error, Warning, or Info. Conditions of severity Info do not contribute to resource readiness. "status": "A String", # Status of the condition, one of True, False, Unknown. "type": "A String", # type is used to communicate the status of the reconciliation process. Types common to all resources include: * "Ready" or "Completed": True when the Resource is ready. }, ], "latestCreatedRevisionName": "A String", # Name of the last revision that was created from this Service's Configuration. It might not be ready yet, for that use LatestReadyRevisionName. "latestReadyRevisionName": "A String", # Name of the latest Revision from this Service's Configuration that has had its `Ready` condition become `True`. "observedGeneration": 42, # Returns the generation last seen by the system. Clients polling for completed reconciliation should poll until observedGeneration = metadata.generation and the Ready condition's status is True or False. "traffic": [ # Holds the configured traffic distribution. These entries will always contain RevisionName references. When ConfigurationName appears in the spec, this will hold the LatestReadyRevisionName that we last observed. { # TrafficTarget holds a single entry of the routing table for a Route. "configurationName": "A String", # [Deprecated] Not supported in Cloud Run. It must be empty. "latestRevision": True or False, # Uses the "status.latestReadyRevisionName" of the Service to determine the traffic target. When it changes, traffic will automatically migrate from the prior "latest ready" revision to the new one. This field must be false if RevisionName is set. This field defaults to true otherwise. If the field is set to true on Status, this means that the Revision was resolved from the Service's latest ready revision. "percent": 42, # Percent specifies percent of the traffic to this Revision or Configuration. This defaults to zero if unspecified. "revisionName": "A String", # Points this traffic target to a specific Revision. This field is mutually exclusive with latest_revision. "tag": "A String", # Tag is used to expose a dedicated url for referencing this target exclusively. "url": "A String", # Output only. URL displays the URL for accessing tagged traffic targets. URL is displayed in status, and is disallowed on spec. URL must contain a scheme (e.g. https://) and a hostname, but may not contain anything else (e.g. basic auth, url path, etc.) }, ], "url": "A String", # URL that will distribute traffic over the provided traffic targets. It generally has the form `https://{route-hash}-{project-hash}-{cluster-level-suffix}.a.run.app` }, } dryRun: string, Indicates that the server should validate the request and populate default values without persisting the request. Supported values: `all` x__xgafv: string, V1 error format. Allowed values 1 - v1 error format 2 - v2 error format Returns: An object of the form: { # Service acts as a top-level container that manages a set of Routes and Configurations which implement a network service. Service exists to provide a singular abstraction which can be access controlled, reasoned about, and which encapsulates software lifecycle decisions such as rollout policy and team resource ownership. Service acts only as an orchestrator of the underlying Routes and Configurations (much as a kubernetes Deployment orchestrates ReplicaSets). The Service's controller will track the statuses of its owned Configuration and Route, reflecting their statuses and conditions as its own. "apiVersion": "A String", # The API version for this call. It must be "serving.knative.dev/v1". "kind": "A String", # The kind of resource. It must be "Service". "metadata": { # google.cloud.run.meta.v1.ObjectMeta is metadata that all persisted resources must have, which includes all objects users must create. # Metadata associated with this Service, including name, namespace, labels, and annotations. In Cloud Run, annotations with 'run.googleapis.com/' and 'autoscaling.knative.dev' are restricted, and the accepted annotations will be different depending on the resource type. The following Cloud Run-specific annotations are accepted in Service.metadata.annotations. * `run.googleapis.com/binary-authorization-breakglass` * `run.googleapis.com/binary-authorization` * `run.googleapis.com/client-name` * `run.googleapis.com/custom-audiences` * `run.googleapis.com/default-url-disabled` * `run.googleapis.com/description` * `run.googleapis.com/gc-traffic-tags` * `run.googleapis.com/ingress` * `run.googleapis.com/ingress` sets the ingress settings for the Service. See [the ingress settings documentation](/run/docs/securing/ingress) for details on configuring ingress settings. * `run.googleapis.com/ingress-status` is output-only and contains the currently active ingress settings for the Service. `run.googleapis.com/ingress-status` may differ from `run.googleapis.com/ingress` while the system is processing a change to `run.googleapis.com/ingress` or if the system failed to process a change to `run.googleapis.com/ingress`. When the system has processed all changes successfully `run.googleapis.com/ingress-status` and `run.googleapis.com/ingress` are equal. "annotations": { # Unstructured key value map stored with a resource that may be set by external tools to store and retrieve arbitrary metadata. They are not queryable and should be preserved when modifying objects. In Cloud Run, annotations with 'run.googleapis.com/' and 'autoscaling.knative.dev' are restricted, and the accepted annotations will be different depending on the resource type. * `autoscaling.knative.dev/maxScale`: Revision. * `autoscaling.knative.dev/minScale`: Revision. * `run.googleapis.com/base-images`: Service, Revision. * `run.googleapis.com/binary-authorization-breakglass`: Service, Job, * `run.googleapis.com/binary-authorization`: Service, Job, Execution. * `run.googleapis.com/build-base-image`: Service. * `run.googleapis.com/build-enable-automatic-updates`: Service. * `run.googleapis.com/build-environment-variables`: Service. * `run.googleapis.com/build-function-target`: Service. * `run.googleapis.com/build-id`: Service. * `run.googleapis.com/build-image-uri`: Service. * `run.googleapis.com/build-name`: Service. * `run.googleapis.com/build-service-account`: Service. * `run.googleapis.com/build-source-location`: Service. * `run.googleapis.com/build-worker-pool`: Service. * `run.googleapis.com/client-name`: All resources. * `run.googleapis.com/cloudsql-instances`: Revision, Execution. * `run.googleapis.com/container-dependencies`: Revision . * `run.googleapis.com/cpu-throttling`: Revision. * `run.googleapis.com/custom-audiences`: Service. * `run.googleapis.com/default-url-disabled`: Service. * `run.googleapis.com/description`: Service. * `run.googleapis.com/encryption-key-shutdown-hours`: Revision * `run.googleapis.com/encryption-key`: Revision, Execution. * `run.googleapis.com/execution-environment`: Revision, Execution. * `run.googleapis.com/gc-traffic-tags`: Service. * `run.googleapis.com/health-check-disabled`: Revision. * `run.googleapis.com/ingress`: Service. * `run.googleapis.com/launch-stage`: Service, Job. * `run.googleapis.com/minScale`: Service * `run.googleapis.com/network-interfaces`: Revision, Execution. * `run.googleapis.com/post-key-revocation-action-type`: Revision. * `run.googleapis.com/secrets`: Revision, Execution. * `run.googleapis.com/secure-session-agent`: Revision. * `run.googleapis.com/sessionAffinity`: Revision. * `run.googleapis.com/startup-cpu-boost`: Revision. * `run.googleapis.com/vpc-access-connector`: Revision, Execution. * `run.googleapis.com/vpc-access-egress`: Revision, Execution. "a_key": "A String", }, "clusterName": "A String", # Not supported by Cloud Run "creationTimestamp": "A String", # UTC timestamp representing the server time when this object was created. "deletionGracePeriodSeconds": 42, # Not supported by Cloud Run "deletionTimestamp": "A String", # The read-only soft deletion timestamp for this resource. In Cloud Run, users are not able to set this field. Instead, they must call the corresponding Delete API. "finalizers": [ # Not supported by Cloud Run "A String", ], "generateName": "A String", # Not supported by Cloud Run "generation": 42, # A system-provided sequence number representing a specific generation of the desired state. "labels": { # Map of string keys and values that can be used to organize and categorize (scope and select) objects. May match selectors of replication controllers and routes. "a_key": "A String", }, "name": "A String", # Required. The name of the resource. Name is required when creating top-level resources (Service, Job), must be unique within a Cloud Run project/region, and cannot be changed once created. "namespace": "A String", # Required. Defines the space within each name must be unique within a Cloud Run region. In Cloud Run, it must be project ID or number. "ownerReferences": [ # Not supported by Cloud Run { # This is not supported or used by Cloud Run. "apiVersion": "A String", # This is not supported or used by Cloud Run. "blockOwnerDeletion": True or False, # This is not supported or used by Cloud Run. "controller": True or False, # This is not supported or used by Cloud Run. "kind": "A String", # This is not supported or used by Cloud Run. "name": "A String", # This is not supported or used by Cloud Run. "uid": "A String", # This is not supported or used by Cloud Run. }, ], "resourceVersion": "A String", # Opaque, system-generated value that represents the internal version of this object that can be used by clients to determine when objects have changed. May be used for optimistic concurrency, change detection, and the watch operation on a resource or set of resources. Clients must treat these values as opaque and passed unmodified back to the server or omit the value to disable conflict-detection. "selfLink": "A String", # URL representing this object. "uid": "A String", # Unique, system-generated identifier for this resource. }, "spec": { # ServiceSpec holds the desired state of the Route (from the client), which is used to manipulate the underlying Route and Configuration(s). # Holds the desired state of the Service (from the client). "template": { # RevisionTemplateSpec describes the data a revision should have when created from a template. # Holds the latest specification for the Revision to be stamped out. "metadata": { # google.cloud.run.meta.v1.ObjectMeta is metadata that all persisted resources must have, which includes all objects users must create. # Optional metadata for this Revision, including labels and annotations. Name will be generated by the Configuration. The following annotation keys set properties of the created revision: * `autoscaling.knative.dev/minScale` sets the minimum number of instances. * `autoscaling.knative.dev/maxScale` sets the maximum number of instances. * `run.googleapis.com/cloudsql-instances` sets Cloud SQL connections. Multiple values should be comma separated. * `run.googleapis.com/health-check-disabled`: if true, deploy-time startup probes will not run for this revision. * `run.googleapis.com/vpc-access-connector` sets a Serverless VPC Access connector. * `run.googleapis.com/vpc-access-egress` sets VPC egress. Supported values are `all-traffic`, `all` (deprecated), and `private-ranges-only`. `all-traffic` and `all` provide the same functionality. `all` is deprecated but will continue to be supported. Prefer `all-traffic`. "annotations": { # Unstructured key value map stored with a resource that may be set by external tools to store and retrieve arbitrary metadata. They are not queryable and should be preserved when modifying objects. In Cloud Run, annotations with 'run.googleapis.com/' and 'autoscaling.knative.dev' are restricted, and the accepted annotations will be different depending on the resource type. * `autoscaling.knative.dev/maxScale`: Revision. * `autoscaling.knative.dev/minScale`: Revision. * `run.googleapis.com/base-images`: Service, Revision. * `run.googleapis.com/binary-authorization-breakglass`: Service, Job, * `run.googleapis.com/binary-authorization`: Service, Job, Execution. * `run.googleapis.com/build-base-image`: Service. * `run.googleapis.com/build-enable-automatic-updates`: Service. * `run.googleapis.com/build-environment-variables`: Service. * `run.googleapis.com/build-function-target`: Service. * `run.googleapis.com/build-id`: Service. * `run.googleapis.com/build-image-uri`: Service. * `run.googleapis.com/build-name`: Service. * `run.googleapis.com/build-service-account`: Service. * `run.googleapis.com/build-source-location`: Service. * `run.googleapis.com/build-worker-pool`: Service. * `run.googleapis.com/client-name`: All resources. * `run.googleapis.com/cloudsql-instances`: Revision, Execution. * `run.googleapis.com/container-dependencies`: Revision . * `run.googleapis.com/cpu-throttling`: Revision. * `run.googleapis.com/custom-audiences`: Service. * `run.googleapis.com/default-url-disabled`: Service. * `run.googleapis.com/description`: Service. * `run.googleapis.com/encryption-key-shutdown-hours`: Revision * `run.googleapis.com/encryption-key`: Revision, Execution. * `run.googleapis.com/execution-environment`: Revision, Execution. * `run.googleapis.com/gc-traffic-tags`: Service. * `run.googleapis.com/health-check-disabled`: Revision. * `run.googleapis.com/ingress`: Service. * `run.googleapis.com/launch-stage`: Service, Job. * `run.googleapis.com/minScale`: Service * `run.googleapis.com/network-interfaces`: Revision, Execution. * `run.googleapis.com/post-key-revocation-action-type`: Revision. * `run.googleapis.com/secrets`: Revision, Execution. * `run.googleapis.com/secure-session-agent`: Revision. * `run.googleapis.com/sessionAffinity`: Revision. * `run.googleapis.com/startup-cpu-boost`: Revision. * `run.googleapis.com/vpc-access-connector`: Revision, Execution. * `run.googleapis.com/vpc-access-egress`: Revision, Execution. "a_key": "A String", }, "clusterName": "A String", # Not supported by Cloud Run "creationTimestamp": "A String", # UTC timestamp representing the server time when this object was created. "deletionGracePeriodSeconds": 42, # Not supported by Cloud Run "deletionTimestamp": "A String", # The read-only soft deletion timestamp for this resource. In Cloud Run, users are not able to set this field. Instead, they must call the corresponding Delete API. "finalizers": [ # Not supported by Cloud Run "A String", ], "generateName": "A String", # Not supported by Cloud Run "generation": 42, # A system-provided sequence number representing a specific generation of the desired state. "labels": { # Map of string keys and values that can be used to organize and categorize (scope and select) objects. May match selectors of replication controllers and routes. "a_key": "A String", }, "name": "A String", # Required. The name of the resource. Name is required when creating top-level resources (Service, Job), must be unique within a Cloud Run project/region, and cannot be changed once created. "namespace": "A String", # Required. Defines the space within each name must be unique within a Cloud Run region. In Cloud Run, it must be project ID or number. "ownerReferences": [ # Not supported by Cloud Run { # This is not supported or used by Cloud Run. "apiVersion": "A String", # This is not supported or used by Cloud Run. "blockOwnerDeletion": True or False, # This is not supported or used by Cloud Run. "controller": True or False, # This is not supported or used by Cloud Run. "kind": "A String", # This is not supported or used by Cloud Run. "name": "A String", # This is not supported or used by Cloud Run. "uid": "A String", # This is not supported or used by Cloud Run. }, ], "resourceVersion": "A String", # Opaque, system-generated value that represents the internal version of this object that can be used by clients to determine when objects have changed. May be used for optimistic concurrency, change detection, and the watch operation on a resource or set of resources. Clients must treat these values as opaque and passed unmodified back to the server or omit the value to disable conflict-detection. "selfLink": "A String", # URL representing this object. "uid": "A String", # Unique, system-generated identifier for this resource. }, "spec": { # RevisionSpec holds the desired state of the Revision (from the client). # RevisionSpec holds the desired state of the Revision (from the client). "containerConcurrency": 42, # ContainerConcurrency specifies the maximum allowed in-flight (concurrent) requests per container instance of the Revision. If not specified or 0, defaults to 80 when requested CPU >= 1 and defaults to 1 when requested CPU < 1. "containers": [ # Required. Containers holds the list which define the units of execution for this Revision. In the context of a Revision, we disallow a number of fields on this Container, including: name and lifecycle. { # A single application container. This specifies both the container to run, the command to run in the container and the arguments to supply to it. Note that additional arguments may be supplied by the system to the container at runtime. "args": [ # Arguments to the entrypoint. The docker image's CMD is used if this is not provided. Variable references are not supported in Cloud Run. "A String", ], "command": [ # Entrypoint array. Not executed within a shell. The docker image's ENTRYPOINT is used if this is not provided. Variable references are not supported in Cloud Run. "A String", ], "env": [ # List of environment variables to set in the container. EnvVar with duplicate names are generally allowed; if referencing a secret, the name must be unique for the container. For non-secret EnvVar names, the Container will only get the last-declared one. { # EnvVar represents an environment variable present in a Container. "name": "A String", # Required. Name of the environment variable. "value": "A String", # Value of the environment variable. Defaults to "". Variable references are not supported in Cloud Run. "valueFrom": { # EnvVarSource represents a source for the value of an EnvVar. # Source for the environment variable's value. Only supports secret_key_ref. Cannot be used if value is not empty. "configMapKeyRef": { # Not supported by Cloud Run. # Not supported by Cloud Run. Not supported in Cloud Run. "key": "A String", # Required. Not supported by Cloud Run. "localObjectReference": { # Not supported by Cloud Run. LocalObjectReference contains enough information to let you locate the referenced object inside the same namespace. # Not supported by Cloud Run. "name": "A String", # Name of the referent. }, "name": "A String", # Required. Not supported by Cloud Run. "optional": True or False, # Not supported by Cloud Run. }, "secretKeyRef": { # SecretKeySelector selects a key of a Secret. # Selects a key (version) of a secret in Secret Manager. "key": "A String", # Required. A Cloud Secret Manager secret version. Must be 'latest' for the latest version, an integer for a specific version, or a version alias. The key of the secret to select from. Must be a valid secret key. "localObjectReference": { # Not supported by Cloud Run. LocalObjectReference contains enough information to let you locate the referenced object inside the same namespace. # This field should not be used directly as it is meant to be inlined directly into the message. Use the "name" field instead. "name": "A String", # Name of the referent. }, "name": "A String", # The name of the secret in Cloud Secret Manager. By default, the secret is assumed to be in the same project. If the secret is in another project, you must define an alias. An alias definition has the form: :projects//secrets/. If multiple alias definitions are needed, they must be separated by commas. The alias definitions must be set on the run.googleapis.com/secrets annotation. The name of the secret in the pod's namespace to select from. "optional": True or False, # Specify whether the Secret or its key must be defined. }, }, }, ], "envFrom": [ # Not supported by Cloud Run. { # Not supported by Cloud Run. EnvFromSource represents the source of a set of ConfigMaps "configMapRef": { # Not supported by Cloud Run. ConfigMapEnvSource selects a ConfigMap to populate the environment variables with. The contents of the target ConfigMap's Data field will represent the key-value pairs as environment variables. # The ConfigMap to select from "localObjectReference": { # Not supported by Cloud Run. LocalObjectReference contains enough information to let you locate the referenced object inside the same namespace. # This field should not be used directly as it is meant to be inlined directly into the message. Use the "name" field instead. "name": "A String", # Name of the referent. }, "name": "A String", # The ConfigMap to select from. "optional": True or False, # Specify whether the ConfigMap must be defined. }, "prefix": "A String", # An optional identifier to prepend to each key in the ConfigMap. Must be a C_IDENTIFIER. "secretRef": { # Not supported by Cloud Run. SecretEnvSource selects a Secret to populate the environment variables with. The contents of the target Secret's Data field will represent the key-value pairs as environment variables. # The Secret to select from "localObjectReference": { # Not supported by Cloud Run. LocalObjectReference contains enough information to let you locate the referenced object inside the same namespace. # This field should not be used directly as it is meant to be inlined directly into the message. Use the "name" field instead. "name": "A String", # Name of the referent. }, "name": "A String", # The Secret to select from. "optional": True or False, # Specify whether the Secret must be defined }, }, ], "image": "A String", # Required. Name of the container image in Dockerhub, Google Artifact Registry, or Google Container Registry. If the host is not provided, Dockerhub is assumed. "imagePullPolicy": "A String", # Image pull policy. One of Always, Never, IfNotPresent. Defaults to Always if :latest tag is specified, or IfNotPresent otherwise. "livenessProbe": { # Probe describes a health check to be performed against a container to determine whether it is alive or ready to receive traffic. # Periodic probe of container liveness. Container will be restarted if the probe fails. "exec": { # Not supported by Cloud Run. ExecAction describes a "run in container" action. # Not supported by Cloud Run. "command": [ # Command is the command line to execute inside the container, the working directory for the command is root ('/') in the container's filesystem. The command is simply exec'd, it is not run inside a shell, so traditional shell instructions ('|', etc) won't work. To use a shell, you need to explicitly call out to that shell. Exit status of 0 is treated as live/healthy and non-zero is unhealthy. "A String", ], }, "failureThreshold": 42, # Minimum consecutive failures for the probe to be considered failed after having succeeded. Defaults to 3. Minimum value is 1. "grpc": { # GRPCAction describes an action involving a GRPC port. # GRPCAction specifies an action involving a GRPC port. "port": 42, # Port number of the gRPC service. Number must be in the range 1 to 65535. "service": "A String", # Service is the name of the service to place in the gRPC HealthCheckRequest. If this is not specified, the default behavior is defined by gRPC. }, "httpGet": { # HTTPGetAction describes an action based on HTTP Get requests. # HTTPGet specifies the http request to perform. "host": "A String", # Not supported by Cloud Run. "httpHeaders": [ # Custom headers to set in the request. HTTP allows repeated headers. { # HTTPHeader describes a custom header to be used in HTTP probes "name": "A String", # Required. The header field name "value": "A String", # The header field value }, ], "path": "A String", # Path to access on the HTTP server. "port": 42, # Port number to access on the container. Number must be in the range 1 to 65535. "scheme": "A String", # Not supported by Cloud Run. }, "initialDelaySeconds": 42, # Number of seconds after the container has started before the probe is initiated. Defaults to 0 seconds. Minimum value is 0. Maximum value for liveness probe is 3600. Maximum value for startup probe is 240. "periodSeconds": 42, # How often (in seconds) to perform the probe. Default to 10 seconds. Minimum value is 1. Maximum value for liveness probe is 3600. Maximum value for startup probe is 240. Must be greater or equal than timeout_seconds. "successThreshold": 42, # Minimum consecutive successes for the probe to be considered successful after having failed. Must be 1 if set. "tcpSocket": { # TCPSocketAction describes an action based on opening a socket # TCPSocket specifies an action involving a TCP port. "host": "A String", # Not supported by Cloud Run. "port": 42, # Port number to access on the container. Number must be in the range 1 to 65535. }, "timeoutSeconds": 42, # Number of seconds after which the probe times out. Defaults to 1 second. Minimum value is 1. Maximum value is 3600. Must be smaller than period_seconds; if period_seconds is not set, must be less or equal than 10. }, "name": "A String", # Name of the container specified as a DNS_LABEL (RFC 1123). "ports": [ # List of ports to expose from the container. Only a single port can be specified. The specified ports must be listening on all interfaces (0.0.0.0) within the container to be accessible. If omitted, a port number will be chosen and passed to the container through the PORT environment variable for the container to listen on. { # ContainerPort represents a network port in a single container. "containerPort": 42, # Port number the container listens on. If present, this must be a valid port number, 0 < x < 65536. If not present, it will default to port 8080. For more information, see https://cloud.google.com/run/docs/container-contract#port "name": "A String", # If specified, used to specify which protocol to use. Allowed values are "http1" and "h2c". "protocol": "A String", # Protocol for port. Must be "TCP". Defaults to "TCP". }, ], "readinessProbe": { # Probe describes a health check to be performed against a container to determine whether it is alive or ready to receive traffic. # Readiness probe to be used for health checks. Not supported by Cloud Run. "exec": { # Not supported by Cloud Run. ExecAction describes a "run in container" action. # Not supported by Cloud Run. "command": [ # Command is the command line to execute inside the container, the working directory for the command is root ('/') in the container's filesystem. The command is simply exec'd, it is not run inside a shell, so traditional shell instructions ('|', etc) won't work. To use a shell, you need to explicitly call out to that shell. Exit status of 0 is treated as live/healthy and non-zero is unhealthy. "A String", ], }, "failureThreshold": 42, # Minimum consecutive failures for the probe to be considered failed after having succeeded. Defaults to 3. Minimum value is 1. "grpc": { # GRPCAction describes an action involving a GRPC port. # GRPCAction specifies an action involving a GRPC port. "port": 42, # Port number of the gRPC service. Number must be in the range 1 to 65535. "service": "A String", # Service is the name of the service to place in the gRPC HealthCheckRequest. If this is not specified, the default behavior is defined by gRPC. }, "httpGet": { # HTTPGetAction describes an action based on HTTP Get requests. # HTTPGet specifies the http request to perform. "host": "A String", # Not supported by Cloud Run. "httpHeaders": [ # Custom headers to set in the request. HTTP allows repeated headers. { # HTTPHeader describes a custom header to be used in HTTP probes "name": "A String", # Required. The header field name "value": "A String", # The header field value }, ], "path": "A String", # Path to access on the HTTP server. "port": 42, # Port number to access on the container. Number must be in the range 1 to 65535. "scheme": "A String", # Not supported by Cloud Run. }, "initialDelaySeconds": 42, # Number of seconds after the container has started before the probe is initiated. Defaults to 0 seconds. Minimum value is 0. Maximum value for liveness probe is 3600. Maximum value for startup probe is 240. "periodSeconds": 42, # How often (in seconds) to perform the probe. Default to 10 seconds. Minimum value is 1. Maximum value for liveness probe is 3600. Maximum value for startup probe is 240. Must be greater or equal than timeout_seconds. "successThreshold": 42, # Minimum consecutive successes for the probe to be considered successful after having failed. Must be 1 if set. "tcpSocket": { # TCPSocketAction describes an action based on opening a socket # TCPSocket specifies an action involving a TCP port. "host": "A String", # Not supported by Cloud Run. "port": 42, # Port number to access on the container. Number must be in the range 1 to 65535. }, "timeoutSeconds": 42, # Number of seconds after which the probe times out. Defaults to 1 second. Minimum value is 1. Maximum value is 3600. Must be smaller than period_seconds; if period_seconds is not set, must be less or equal than 10. }, "resources": { # ResourceRequirements describes the compute resource requirements. # Compute Resources required by this container. "limits": { # Limits describes the maximum amount of compute resources allowed. Only 'cpu' and 'memory' keys are supported. * For supported 'cpu' values, go to https://cloud.google.com/run/docs/configuring/cpu. * For supported 'memory' values and syntax, go to https://cloud.google.com/run/docs/configuring/memory-limits "a_key": "A String", }, "requests": { # Requests describes the minimum amount of compute resources required. Only `cpu` and `memory` are supported. If Requests is omitted for a container, it defaults to Limits if that is explicitly specified, otherwise to an implementation-defined value. * For supported 'cpu' values, go to https://cloud.google.com/run/docs/configuring/cpu. * For supported 'memory' values and syntax, go to https://cloud.google.com/run/docs/configuring/memory-limits "a_key": "A String", }, }, "securityContext": { # Not supported by Cloud Run. SecurityContext holds security configuration that will be applied to a container. Some fields are present in both SecurityContext and PodSecurityContext. When both are set, the values in SecurityContext take precedence. # Not supported by Cloud Run. "runAsUser": 42, # The UID to run the entrypoint of the container process. Defaults to user specified in image metadata if unspecified. May also be set in PodSecurityContext. If set in both SecurityContext and PodSecurityContext, the value specified in SecurityContext takes precedence. }, "startupProbe": { # Probe describes a health check to be performed against a container to determine whether it is alive or ready to receive traffic. # Startup probe of application within the container. All other probes are disabled if a startup probe is provided, until it succeeds. Container will not receive traffic if the probe fails. If not provided, a default startup probe with TCP socket action is used. "exec": { # Not supported by Cloud Run. ExecAction describes a "run in container" action. # Not supported by Cloud Run. "command": [ # Command is the command line to execute inside the container, the working directory for the command is root ('/') in the container's filesystem. The command is simply exec'd, it is not run inside a shell, so traditional shell instructions ('|', etc) won't work. To use a shell, you need to explicitly call out to that shell. Exit status of 0 is treated as live/healthy and non-zero is unhealthy. "A String", ], }, "failureThreshold": 42, # Minimum consecutive failures for the probe to be considered failed after having succeeded. Defaults to 3. Minimum value is 1. "grpc": { # GRPCAction describes an action involving a GRPC port. # GRPCAction specifies an action involving a GRPC port. "port": 42, # Port number of the gRPC service. Number must be in the range 1 to 65535. "service": "A String", # Service is the name of the service to place in the gRPC HealthCheckRequest. If this is not specified, the default behavior is defined by gRPC. }, "httpGet": { # HTTPGetAction describes an action based on HTTP Get requests. # HTTPGet specifies the http request to perform. "host": "A String", # Not supported by Cloud Run. "httpHeaders": [ # Custom headers to set in the request. HTTP allows repeated headers. { # HTTPHeader describes a custom header to be used in HTTP probes "name": "A String", # Required. The header field name "value": "A String", # The header field value }, ], "path": "A String", # Path to access on the HTTP server. "port": 42, # Port number to access on the container. Number must be in the range 1 to 65535. "scheme": "A String", # Not supported by Cloud Run. }, "initialDelaySeconds": 42, # Number of seconds after the container has started before the probe is initiated. Defaults to 0 seconds. Minimum value is 0. Maximum value for liveness probe is 3600. Maximum value for startup probe is 240. "periodSeconds": 42, # How often (in seconds) to perform the probe. Default to 10 seconds. Minimum value is 1. Maximum value for liveness probe is 3600. Maximum value for startup probe is 240. Must be greater or equal than timeout_seconds. "successThreshold": 42, # Minimum consecutive successes for the probe to be considered successful after having failed. Must be 1 if set. "tcpSocket": { # TCPSocketAction describes an action based on opening a socket # TCPSocket specifies an action involving a TCP port. "host": "A String", # Not supported by Cloud Run. "port": 42, # Port number to access on the container. Number must be in the range 1 to 65535. }, "timeoutSeconds": 42, # Number of seconds after which the probe times out. Defaults to 1 second. Minimum value is 1. Maximum value is 3600. Must be smaller than period_seconds; if period_seconds is not set, must be less or equal than 10. }, "terminationMessagePath": "A String", # Path at which the file to which the container's termination message will be written is mounted into the container's filesystem. Message written is intended to be brief final status, such as an assertion failure message. Will be truncated by the node if greater than 4096 bytes. The total message length across all containers will be limited to 12kb. Defaults to /dev/termination-log. "terminationMessagePolicy": "A String", # Indicate how the termination message should be populated. File will use the contents of terminationMessagePath to populate the container status message on both success and failure. FallbackToLogsOnError will use the last chunk of container log output if the termination message file is empty and the container exited with an error. The log output is limited to 2048 bytes or 80 lines, whichever is smaller. Defaults to File. Cannot be updated. "volumeMounts": [ # Volume to mount into the container's filesystem. Only supports SecretVolumeSources. Pod volumes to mount into the container's filesystem. { # VolumeMount describes a mounting of a Volume within a container. "mountPath": "A String", # Required. Path within the container at which the volume should be mounted. Must not contain ':'. "name": "A String", # Required. The name of the volume. There must be a corresponding Volume with the same name. "readOnly": True or False, # Sets the mount to be read-only or read-write. Not used by Cloud Run. "subPath": "A String", # Path within the volume from which the container's volume should be mounted. Defaults to "" (volume's root). }, ], "workingDir": "A String", # Container's working directory. If not specified, the container runtime's default will be used, which might be configured in the container image. }, ], "enableServiceLinks": True or False, # Not supported by Cloud Run. "imagePullSecrets": [ # Not supported by Cloud Run. { # Not supported by Cloud Run. LocalObjectReference contains enough information to let you locate the referenced object inside the same namespace. "name": "A String", # Name of the referent. }, ], "nodeSelector": { # Optional. The Node Selector configuration. Map of selector key to a value which matches a node. "a_key": "A String", }, "runtimeClassName": "A String", # Runtime. Leave unset for default. "serviceAccountName": "A String", # Email address of the IAM service account associated with the revision of the service. The service account represents the identity of the running revision, and determines what permissions the revision has. If not provided, the revision will use the project's default service account. "timeoutSeconds": 42, # TimeoutSeconds holds the max duration the instance is allowed for responding to a request. Cloud Run: defaults to 300 seconds (5 minutes). Maximum allowed value is 3600 seconds (1 hour). "volumes": [ { # Volume represents a named volume in a container. "configMap": { # Not supported by Cloud Run. Adapts a ConfigMap into a volume. The contents of the target ConfigMap's Data field will be presented in a volume as files using the keys in the Data field as the file names, unless the items element is populated with specific mappings of keys to paths. # Not supported in Cloud Run. "defaultMode": 42, # (Optional) Integer representation of mode bits to use on created files by default. Must be a value between 01 and 0777 (octal). If 0 or not set, it will default to 0644. Directories within the path are not affected by this setting. Notes * Internally, a umask of 0222 will be applied to any non-zero value. * This is an integer representation of the mode bits. So, the octal integer value should look exactly as the chmod numeric notation with a leading zero. Some examples: for chmod 777 (a=rwx), set to 0777 (octal) or 511 (base-10). For chmod 640 (u=rw,g=r), set to 0640 (octal) or 416 (base-10). For chmod 755 (u=rwx,g=rx,o=rx), set to 0755 (octal) or 493 (base-10). * This might be in conflict with other options that affect the file mode, like fsGroup, and the result can be other mode bits set. "items": [ # (Optional) If unspecified, each key-value pair in the Data field of the referenced Secret will be projected into the volume as a file whose name is the key and content is the value. If specified, the listed keys will be projected into the specified paths, and unlisted keys will not be present. If a key is specified that is not present in the Secret, the volume setup will error unless it is marked optional. { # Maps a string key to a path within a volume. "key": "A String", # The Cloud Secret Manager secret version. Can be 'latest' for the latest value, or an integer or a secret alias for a specific version. The key to project. "mode": 42, # (Optional) Mode bits to use on this file, must be a value between 01 and 0777 (octal). If 0 or not set, the Volume's default mode will be used. Notes * Internally, a umask of 0222 will be applied to any non-zero value. * This is an integer representation of the mode bits. So, the octal integer value should look exactly as the chmod numeric notation with a leading zero. Some examples: for chmod 777 (a=rwx), set to 0777 (octal) or 511 (base-10). For chmod 640 (u=rw,g=r), set to 0640 (octal) or 416 (base-10). For chmod 755 (u=rwx,g=rx,o=rx), set to 0755 (octal) or 493 (base-10). * This might be in conflict with other options that affect the file mode, like fsGroup, and the result can be other mode bits set. "path": "A String", # The relative path of the file to map the key to. May not be an absolute path. May not contain the path element '..'. May not start with the string '..'. }, ], "name": "A String", # Name of the config. "optional": True or False, # (Optional) Specify whether the Secret or its keys must be defined. }, "csi": { # Storage volume source using the Container Storage Interface. # Volume specified by the Container Storage Interface driver "driver": "A String", # name of the CSI driver for the requested storage system. Cloud Run supports the following drivers: * gcsfuse.run.googleapis.com : Mount a Cloud Storage Bucket as a volume. "readOnly": True or False, # If true, mount the volume as read only. Defaults to false. "volumeAttributes": { # stores driver specific attributes. For Google Cloud Storage volumes, the following attributes are supported: * bucketName: the name of the Cloud Storage bucket to mount. The Cloud Run Service identity must have access to this bucket. "a_key": "A String", }, }, "emptyDir": { # In memory (tmpfs) ephemeral storage. It is ephemeral in the sense that when the sandbox is taken down, the data is destroyed with it (it does not persist across sandbox runs). # Ephemeral storage used as a shared volume. "medium": "A String", # The medium on which the data is stored. The default is "" which means to use the node's default medium. Must be an empty string (default) or Memory. More info: https://kubernetes.io/docs/concepts/storage/volumes#emptydir "sizeLimit": "A String", # Limit on the storage usable by this EmptyDir volume. The size limit is also applicable for memory medium. The maximum usage on memory medium EmptyDir would be the minimum value between the SizeLimit specified here and the sum of memory limits of all containers. The default is nil which means that the limit is undefined. More info: https://cloud.google.com/run/docs/configuring/in-memory-volumes#configure-volume. Info in Kubernetes: https://kubernetes.io/docs/concepts/storage/volumes/#emptydir }, "name": "A String", # Volume's name. In Cloud Run Fully Managed, the name 'cloudsql' is reserved. "nfs": { # Represents a persistent volume that will be mounted using NFS. This volume will be shared between all instances of the resource and data will not be deleted when the instance is shut down. "path": "A String", # Path that is exported by the NFS server. "readOnly": True or False, # If true, mount the NFS volume as read only. Defaults to false. "server": "A String", # Hostname or IP address of the NFS server. }, "secret": { # A volume representing a secret stored in Google Secret Manager. The secret's value will be presented as the content of a file whose name is defined in the item path. If no items are defined, the name of the file is the secret_name. The contents of the target Secret's Data field will be presented in a volume as files using the keys in the Data field as the file names. # The secret's value will be presented as the content of a file whose name is defined in the item path. If no items are defined, the name of the file is the secretName. "defaultMode": 42, # Integer representation of mode bits to use on created files by default. Must be a value between 01 and 0777 (octal). If 0 or not set, it will default to 0444. Directories within the path are not affected by this setting. Notes * Internally, a umask of 0222 will be applied to any non-zero value. * This is an integer representation of the mode bits. So, the octal integer value should look exactly as the chmod numeric notation with a leading zero. Some examples: for chmod 777 (a=rwx), set to 0777 (octal) or 511 (base-10). For chmod 640 (u=rw,g=r), set to 0640 (octal) or 416 (base-10). For chmod 755 (u=rwx,g=rx,o=rx), set to 0755 (octal) or 493 (base-10). * This might be in conflict with other options that affect the file mode, like fsGroup, and the result can be other mode bits set. "items": [ # A list of secret versions to mount in the volume. If no items are specified, the volume will expose a file with the same name as the secret name. The contents of the file will be the data in the latest version of the secret. If items are specified, the key will be used as the version to fetch from Cloud Secret Manager and the path will be the name of the file exposed in the volume. When items are defined, they must specify both a key and a path. { # Maps a string key to a path within a volume. "key": "A String", # The Cloud Secret Manager secret version. Can be 'latest' for the latest value, or an integer or a secret alias for a specific version. The key to project. "mode": 42, # (Optional) Mode bits to use on this file, must be a value between 01 and 0777 (octal). If 0 or not set, the Volume's default mode will be used. Notes * Internally, a umask of 0222 will be applied to any non-zero value. * This is an integer representation of the mode bits. So, the octal integer value should look exactly as the chmod numeric notation with a leading zero. Some examples: for chmod 777 (a=rwx), set to 0777 (octal) or 511 (base-10). For chmod 640 (u=rw,g=r), set to 0640 (octal) or 416 (base-10). For chmod 755 (u=rwx,g=rx,o=rx), set to 0755 (octal) or 493 (base-10). * This might be in conflict with other options that affect the file mode, like fsGroup, and the result can be other mode bits set. "path": "A String", # The relative path of the file to map the key to. May not be an absolute path. May not contain the path element '..'. May not start with the string '..'. }, ], "optional": True or False, # Not supported by Cloud Run. "secretName": "A String", # The name of the secret in Cloud Secret Manager. By default, the secret is assumed to be in the same project. If the secret is in another project, you must define an alias. An alias definition has the form: :projects//secrets/. If multiple alias definitions are needed, they must be separated by commas. The alias definitions must be set on the run.googleapis.com/secrets annotation. Name of the secret in the container's namespace to use. }, }, ], }, }, "traffic": [ # Specifies how to distribute traffic over a collection of Knative Revisions and Configurations to the Service's main URL. { # TrafficTarget holds a single entry of the routing table for a Route. "configurationName": "A String", # [Deprecated] Not supported in Cloud Run. It must be empty. "latestRevision": True or False, # Uses the "status.latestReadyRevisionName" of the Service to determine the traffic target. When it changes, traffic will automatically migrate from the prior "latest ready" revision to the new one. This field must be false if RevisionName is set. This field defaults to true otherwise. If the field is set to true on Status, this means that the Revision was resolved from the Service's latest ready revision. "percent": 42, # Percent specifies percent of the traffic to this Revision or Configuration. This defaults to zero if unspecified. "revisionName": "A String", # Points this traffic target to a specific Revision. This field is mutually exclusive with latest_revision. "tag": "A String", # Tag is used to expose a dedicated url for referencing this target exclusively. "url": "A String", # Output only. URL displays the URL for accessing tagged traffic targets. URL is displayed in status, and is disallowed on spec. URL must contain a scheme (e.g. https://) and a hostname, but may not contain anything else (e.g. basic auth, url path, etc.) }, ], }, "status": { # The current state of the Service. Output only. # Communicates the system-controlled state of the Service. "address": { # Information for connecting over HTTP(s). # Similar to url, information on where the service is available on HTTP. "url": "A String", }, "conditions": [ # Conditions communicate information about ongoing/complete reconciliation processes that bring the `spec` inline with the observed state of the world. Service-specific conditions include: * `ConfigurationsReady`: `True` when the underlying Configuration is ready. * `RoutesReady`: `True` when the underlying Route is ready. * `Ready`: `True` when all underlying resources are ready. { # Conditions show the status of reconciliation progress on a given resource. Most resource use a top-level condition type "Ready" or "Completed" to show overall status with other conditions to checkpoint each stage of reconciliation. Note that if metadata.Generation does not equal status.ObservedGeneration, the conditions shown may not be relevant for the current spec. "lastTransitionTime": "A String", # Optional. Last time the condition transitioned from one status to another. "message": "A String", # Optional. Human readable message indicating details about the current status. "reason": "A String", # Optional. One-word CamelCase reason for the condition's last transition. These are intended to be stable, unique values which the client may use to trigger error handling logic, whereas messages which may be changed later by the server. "severity": "A String", # Optional. How to interpret this condition. One of Error, Warning, or Info. Conditions of severity Info do not contribute to resource readiness. "status": "A String", # Status of the condition, one of True, False, Unknown. "type": "A String", # type is used to communicate the status of the reconciliation process. Types common to all resources include: * "Ready" or "Completed": True when the Resource is ready. }, ], "latestCreatedRevisionName": "A String", # Name of the last revision that was created from this Service's Configuration. It might not be ready yet, for that use LatestReadyRevisionName. "latestReadyRevisionName": "A String", # Name of the latest Revision from this Service's Configuration that has had its `Ready` condition become `True`. "observedGeneration": 42, # Returns the generation last seen by the system. Clients polling for completed reconciliation should poll until observedGeneration = metadata.generation and the Ready condition's status is True or False. "traffic": [ # Holds the configured traffic distribution. These entries will always contain RevisionName references. When ConfigurationName appears in the spec, this will hold the LatestReadyRevisionName that we last observed. { # TrafficTarget holds a single entry of the routing table for a Route. "configurationName": "A String", # [Deprecated] Not supported in Cloud Run. It must be empty. "latestRevision": True or False, # Uses the "status.latestReadyRevisionName" of the Service to determine the traffic target. When it changes, traffic will automatically migrate from the prior "latest ready" revision to the new one. This field must be false if RevisionName is set. This field defaults to true otherwise. If the field is set to true on Status, this means that the Revision was resolved from the Service's latest ready revision. "percent": 42, # Percent specifies percent of the traffic to this Revision or Configuration. This defaults to zero if unspecified. "revisionName": "A String", # Points this traffic target to a specific Revision. This field is mutually exclusive with latest_revision. "tag": "A String", # Tag is used to expose a dedicated url for referencing this target exclusively. "url": "A String", # Output only. URL displays the URL for accessing tagged traffic targets. URL is displayed in status, and is disallowed on spec. URL must contain a scheme (e.g. https://) and a hostname, but may not contain anything else (e.g. basic auth, url path, etc.) }, ], "url": "A String", # URL that will distribute traffic over the provided traffic targets. It generally has the form `https://{route-hash}-{project-hash}-{cluster-level-suffix}.a.run.app` }, }
delete(name, apiVersion=None, dryRun=None, kind=None, propagationPolicy=None, x__xgafv=None)
Deletes the provided service. This will cause the Service to stop serving traffic and will delete all associated Revisions. Args: name: string, Required. The fully qualified name of the service to delete. It can be any of the following forms: * `namespaces/{project_id_or_number}/services/{service_name}` (only when the `endpoint` is regional) * `projects/{project_id_or_number}/locations/{region}/services/{service_name}` * `projects/{project_id_or_number}/regions/{region}/services/{service_name}` (required) apiVersion: string, Not supported, and ignored by Cloud Run. dryRun: string, Indicates that the server should validate the request and populate default values without persisting the request. Supported values: `all` kind: string, Not supported, and ignored by Cloud Run. propagationPolicy: string, Not supported, and ignored by Cloud Run. x__xgafv: string, V1 error format. Allowed values 1 - v1 error format 2 - v2 error format Returns: An object of the form: { # Status is a return value for calls that don't return other objects. "code": 42, # Suggested HTTP return code for this status, 0 if not set. "details": { # StatusDetails is a set of additional properties that MAY be set by the server to provide additional information about a response. The Reason field of a Status object defines what attributes will be set. Clients must ignore fields that do not match the defined type of each attribute, and should assume that any attribute may be empty, invalid, or under defined. # Extended data associated with the reason. Each reason may define its own extended details. This field is optional and the data returned is not guaranteed to conform to any schema except that defined by the reason type. "causes": [ # The Causes array includes more details associated with the StatusReason failure. Not all StatusReasons may provide detailed causes. { # StatusCause provides more information about an api.Status failure, including cases when multiple errors are encountered. "field": "A String", # The field of the resource that has caused this error, as named by its JSON serialization. May include dot and postfix notation for nested attributes. Arrays are zero-indexed. Fields may appear more than once in an array of causes due to fields having multiple errors. Examples: "name" - the field "name" on the current resource "items[0].name" - the field "name" on the first array entry in "items" "message": "A String", # A human-readable description of the cause of the error. This field may be presented as-is to a reader. "reason": "A String", # A machine-readable description of the cause of the error. If this value is empty there is no information available. }, ], "group": "A String", # The group attribute of the resource associated with the status StatusReason. "kind": "A String", # The kind attribute of the resource associated with the status StatusReason. On some operations may differ from the requested resource Kind. "name": "A String", # The name attribute of the resource associated with the status StatusReason (when there is a single name which can be described). "retryAfterSeconds": 42, # If specified, the time in seconds before the operation should be retried. Some errors may indicate the client must take an alternate action - for those errors this field may indicate how long to wait before taking the alternate action. "uid": "A String", # UID of the resource. (when there is a single resource which can be described). }, "message": "A String", # A human-readable description of the status of this operation. "metadata": { # Metadata for synthetic resources like List. In Cloud Run, all List Resources Responses will have a ListMeta instead of ObjectMeta. # Standard list metadata. "continue": "A String", # Continuation token is a value emitted when the count of items is larger than the user/system limit. To retrieve the next page of items, pass the value of `continue` as the next request's `page_token`. "resourceVersion": "A String", # Opaque string that identifies the server's internal version of this object. It can be used by clients to determine when objects have changed. If the message is passed back to the server, it must be left unmodified. "selfLink": "A String", # URL representing this object. }, "reason": "A String", # A machine-readable description of why this operation is in the "Failure" status. If this value is empty there is no information available. A Reason clarifies an HTTP status code but does not override it. "status": "A String", # Status of the operation. One of: "Success" or "Failure". }
get(name, x__xgafv=None)
Gets information about a service. Args: name: string, Required. The fully qualified name of the service to retrieve. It can be any of the following forms: * `namespaces/{project_id_or_number}/services/{service_name}` (only when the `endpoint` is regional) * `projects/{project_id_or_number}/locations/{region}/services/{service_name}` * `projects/{project_id_or_number}/regions/{region}/services/{service_name}` (required) x__xgafv: string, V1 error format. Allowed values 1 - v1 error format 2 - v2 error format Returns: An object of the form: { # Service acts as a top-level container that manages a set of Routes and Configurations which implement a network service. Service exists to provide a singular abstraction which can be access controlled, reasoned about, and which encapsulates software lifecycle decisions such as rollout policy and team resource ownership. Service acts only as an orchestrator of the underlying Routes and Configurations (much as a kubernetes Deployment orchestrates ReplicaSets). The Service's controller will track the statuses of its owned Configuration and Route, reflecting their statuses and conditions as its own. "apiVersion": "A String", # The API version for this call. It must be "serving.knative.dev/v1". "kind": "A String", # The kind of resource. It must be "Service". "metadata": { # google.cloud.run.meta.v1.ObjectMeta is metadata that all persisted resources must have, which includes all objects users must create. # Metadata associated with this Service, including name, namespace, labels, and annotations. In Cloud Run, annotations with 'run.googleapis.com/' and 'autoscaling.knative.dev' are restricted, and the accepted annotations will be different depending on the resource type. The following Cloud Run-specific annotations are accepted in Service.metadata.annotations. * `run.googleapis.com/binary-authorization-breakglass` * `run.googleapis.com/binary-authorization` * `run.googleapis.com/client-name` * `run.googleapis.com/custom-audiences` * `run.googleapis.com/default-url-disabled` * `run.googleapis.com/description` * `run.googleapis.com/gc-traffic-tags` * `run.googleapis.com/ingress` * `run.googleapis.com/ingress` sets the ingress settings for the Service. See [the ingress settings documentation](/run/docs/securing/ingress) for details on configuring ingress settings. * `run.googleapis.com/ingress-status` is output-only and contains the currently active ingress settings for the Service. `run.googleapis.com/ingress-status` may differ from `run.googleapis.com/ingress` while the system is processing a change to `run.googleapis.com/ingress` or if the system failed to process a change to `run.googleapis.com/ingress`. When the system has processed all changes successfully `run.googleapis.com/ingress-status` and `run.googleapis.com/ingress` are equal. "annotations": { # Unstructured key value map stored with a resource that may be set by external tools to store and retrieve arbitrary metadata. They are not queryable and should be preserved when modifying objects. In Cloud Run, annotations with 'run.googleapis.com/' and 'autoscaling.knative.dev' are restricted, and the accepted annotations will be different depending on the resource type. * `autoscaling.knative.dev/maxScale`: Revision. * `autoscaling.knative.dev/minScale`: Revision. * `run.googleapis.com/base-images`: Service, Revision. * `run.googleapis.com/binary-authorization-breakglass`: Service, Job, * `run.googleapis.com/binary-authorization`: Service, Job, Execution. * `run.googleapis.com/build-base-image`: Service. * `run.googleapis.com/build-enable-automatic-updates`: Service. * `run.googleapis.com/build-environment-variables`: Service. * `run.googleapis.com/build-function-target`: Service. * `run.googleapis.com/build-id`: Service. * `run.googleapis.com/build-image-uri`: Service. * `run.googleapis.com/build-name`: Service. * `run.googleapis.com/build-service-account`: Service. * `run.googleapis.com/build-source-location`: Service. * `run.googleapis.com/build-worker-pool`: Service. * `run.googleapis.com/client-name`: All resources. * `run.googleapis.com/cloudsql-instances`: Revision, Execution. * `run.googleapis.com/container-dependencies`: Revision . * `run.googleapis.com/cpu-throttling`: Revision. * `run.googleapis.com/custom-audiences`: Service. * `run.googleapis.com/default-url-disabled`: Service. * `run.googleapis.com/description`: Service. * `run.googleapis.com/encryption-key-shutdown-hours`: Revision * `run.googleapis.com/encryption-key`: Revision, Execution. * `run.googleapis.com/execution-environment`: Revision, Execution. * `run.googleapis.com/gc-traffic-tags`: Service. * `run.googleapis.com/health-check-disabled`: Revision. * `run.googleapis.com/ingress`: Service. * `run.googleapis.com/launch-stage`: Service, Job. * `run.googleapis.com/minScale`: Service * `run.googleapis.com/network-interfaces`: Revision, Execution. * `run.googleapis.com/post-key-revocation-action-type`: Revision. * `run.googleapis.com/secrets`: Revision, Execution. * `run.googleapis.com/secure-session-agent`: Revision. * `run.googleapis.com/sessionAffinity`: Revision. * `run.googleapis.com/startup-cpu-boost`: Revision. * `run.googleapis.com/vpc-access-connector`: Revision, Execution. * `run.googleapis.com/vpc-access-egress`: Revision, Execution. "a_key": "A String", }, "clusterName": "A String", # Not supported by Cloud Run "creationTimestamp": "A String", # UTC timestamp representing the server time when this object was created. "deletionGracePeriodSeconds": 42, # Not supported by Cloud Run "deletionTimestamp": "A String", # The read-only soft deletion timestamp for this resource. In Cloud Run, users are not able to set this field. Instead, they must call the corresponding Delete API. "finalizers": [ # Not supported by Cloud Run "A String", ], "generateName": "A String", # Not supported by Cloud Run "generation": 42, # A system-provided sequence number representing a specific generation of the desired state. "labels": { # Map of string keys and values that can be used to organize and categorize (scope and select) objects. May match selectors of replication controllers and routes. "a_key": "A String", }, "name": "A String", # Required. The name of the resource. Name is required when creating top-level resources (Service, Job), must be unique within a Cloud Run project/region, and cannot be changed once created. "namespace": "A String", # Required. Defines the space within each name must be unique within a Cloud Run region. In Cloud Run, it must be project ID or number. "ownerReferences": [ # Not supported by Cloud Run { # This is not supported or used by Cloud Run. "apiVersion": "A String", # This is not supported or used by Cloud Run. "blockOwnerDeletion": True or False, # This is not supported or used by Cloud Run. "controller": True or False, # This is not supported or used by Cloud Run. "kind": "A String", # This is not supported or used by Cloud Run. "name": "A String", # This is not supported or used by Cloud Run. "uid": "A String", # This is not supported or used by Cloud Run. }, ], "resourceVersion": "A String", # Opaque, system-generated value that represents the internal version of this object that can be used by clients to determine when objects have changed. May be used for optimistic concurrency, change detection, and the watch operation on a resource or set of resources. Clients must treat these values as opaque and passed unmodified back to the server or omit the value to disable conflict-detection. "selfLink": "A String", # URL representing this object. "uid": "A String", # Unique, system-generated identifier for this resource. }, "spec": { # ServiceSpec holds the desired state of the Route (from the client), which is used to manipulate the underlying Route and Configuration(s). # Holds the desired state of the Service (from the client). "template": { # RevisionTemplateSpec describes the data a revision should have when created from a template. # Holds the latest specification for the Revision to be stamped out. "metadata": { # google.cloud.run.meta.v1.ObjectMeta is metadata that all persisted resources must have, which includes all objects users must create. # Optional metadata for this Revision, including labels and annotations. Name will be generated by the Configuration. The following annotation keys set properties of the created revision: * `autoscaling.knative.dev/minScale` sets the minimum number of instances. * `autoscaling.knative.dev/maxScale` sets the maximum number of instances. * `run.googleapis.com/cloudsql-instances` sets Cloud SQL connections. Multiple values should be comma separated. * `run.googleapis.com/health-check-disabled`: if true, deploy-time startup probes will not run for this revision. * `run.googleapis.com/vpc-access-connector` sets a Serverless VPC Access connector. * `run.googleapis.com/vpc-access-egress` sets VPC egress. Supported values are `all-traffic`, `all` (deprecated), and `private-ranges-only`. `all-traffic` and `all` provide the same functionality. `all` is deprecated but will continue to be supported. Prefer `all-traffic`. "annotations": { # Unstructured key value map stored with a resource that may be set by external tools to store and retrieve arbitrary metadata. They are not queryable and should be preserved when modifying objects. In Cloud Run, annotations with 'run.googleapis.com/' and 'autoscaling.knative.dev' are restricted, and the accepted annotations will be different depending on the resource type. * `autoscaling.knative.dev/maxScale`: Revision. * `autoscaling.knative.dev/minScale`: Revision. * `run.googleapis.com/base-images`: Service, Revision. * `run.googleapis.com/binary-authorization-breakglass`: Service, Job, * `run.googleapis.com/binary-authorization`: Service, Job, Execution. * `run.googleapis.com/build-base-image`: Service. * `run.googleapis.com/build-enable-automatic-updates`: Service. * `run.googleapis.com/build-environment-variables`: Service. * `run.googleapis.com/build-function-target`: Service. * `run.googleapis.com/build-id`: Service. * `run.googleapis.com/build-image-uri`: Service. * `run.googleapis.com/build-name`: Service. * `run.googleapis.com/build-service-account`: Service. * `run.googleapis.com/build-source-location`: Service. * `run.googleapis.com/build-worker-pool`: Service. * `run.googleapis.com/client-name`: All resources. * `run.googleapis.com/cloudsql-instances`: Revision, Execution. * `run.googleapis.com/container-dependencies`: Revision . * `run.googleapis.com/cpu-throttling`: Revision. * `run.googleapis.com/custom-audiences`: Service. * `run.googleapis.com/default-url-disabled`: Service. * `run.googleapis.com/description`: Service. * `run.googleapis.com/encryption-key-shutdown-hours`: Revision * `run.googleapis.com/encryption-key`: Revision, Execution. * `run.googleapis.com/execution-environment`: Revision, Execution. * `run.googleapis.com/gc-traffic-tags`: Service. * `run.googleapis.com/health-check-disabled`: Revision. * `run.googleapis.com/ingress`: Service. * `run.googleapis.com/launch-stage`: Service, Job. * `run.googleapis.com/minScale`: Service * `run.googleapis.com/network-interfaces`: Revision, Execution. * `run.googleapis.com/post-key-revocation-action-type`: Revision. * `run.googleapis.com/secrets`: Revision, Execution. * `run.googleapis.com/secure-session-agent`: Revision. * `run.googleapis.com/sessionAffinity`: Revision. * `run.googleapis.com/startup-cpu-boost`: Revision. * `run.googleapis.com/vpc-access-connector`: Revision, Execution. * `run.googleapis.com/vpc-access-egress`: Revision, Execution. "a_key": "A String", }, "clusterName": "A String", # Not supported by Cloud Run "creationTimestamp": "A String", # UTC timestamp representing the server time when this object was created. "deletionGracePeriodSeconds": 42, # Not supported by Cloud Run "deletionTimestamp": "A String", # The read-only soft deletion timestamp for this resource. In Cloud Run, users are not able to set this field. Instead, they must call the corresponding Delete API. "finalizers": [ # Not supported by Cloud Run "A String", ], "generateName": "A String", # Not supported by Cloud Run "generation": 42, # A system-provided sequence number representing a specific generation of the desired state. "labels": { # Map of string keys and values that can be used to organize and categorize (scope and select) objects. May match selectors of replication controllers and routes. "a_key": "A String", }, "name": "A String", # Required. The name of the resource. Name is required when creating top-level resources (Service, Job), must be unique within a Cloud Run project/region, and cannot be changed once created. "namespace": "A String", # Required. Defines the space within each name must be unique within a Cloud Run region. In Cloud Run, it must be project ID or number. "ownerReferences": [ # Not supported by Cloud Run { # This is not supported or used by Cloud Run. "apiVersion": "A String", # This is not supported or used by Cloud Run. "blockOwnerDeletion": True or False, # This is not supported or used by Cloud Run. "controller": True or False, # This is not supported or used by Cloud Run. "kind": "A String", # This is not supported or used by Cloud Run. "name": "A String", # This is not supported or used by Cloud Run. "uid": "A String", # This is not supported or used by Cloud Run. }, ], "resourceVersion": "A String", # Opaque, system-generated value that represents the internal version of this object that can be used by clients to determine when objects have changed. May be used for optimistic concurrency, change detection, and the watch operation on a resource or set of resources. Clients must treat these values as opaque and passed unmodified back to the server or omit the value to disable conflict-detection. "selfLink": "A String", # URL representing this object. "uid": "A String", # Unique, system-generated identifier for this resource. }, "spec": { # RevisionSpec holds the desired state of the Revision (from the client). # RevisionSpec holds the desired state of the Revision (from the client). "containerConcurrency": 42, # ContainerConcurrency specifies the maximum allowed in-flight (concurrent) requests per container instance of the Revision. If not specified or 0, defaults to 80 when requested CPU >= 1 and defaults to 1 when requested CPU < 1. "containers": [ # Required. Containers holds the list which define the units of execution for this Revision. In the context of a Revision, we disallow a number of fields on this Container, including: name and lifecycle. { # A single application container. This specifies both the container to run, the command to run in the container and the arguments to supply to it. Note that additional arguments may be supplied by the system to the container at runtime. "args": [ # Arguments to the entrypoint. The docker image's CMD is used if this is not provided. Variable references are not supported in Cloud Run. "A String", ], "command": [ # Entrypoint array. Not executed within a shell. The docker image's ENTRYPOINT is used if this is not provided. Variable references are not supported in Cloud Run. "A String", ], "env": [ # List of environment variables to set in the container. EnvVar with duplicate names are generally allowed; if referencing a secret, the name must be unique for the container. For non-secret EnvVar names, the Container will only get the last-declared one. { # EnvVar represents an environment variable present in a Container. "name": "A String", # Required. Name of the environment variable. "value": "A String", # Value of the environment variable. Defaults to "". Variable references are not supported in Cloud Run. "valueFrom": { # EnvVarSource represents a source for the value of an EnvVar. # Source for the environment variable's value. Only supports secret_key_ref. Cannot be used if value is not empty. "configMapKeyRef": { # Not supported by Cloud Run. # Not supported by Cloud Run. Not supported in Cloud Run. "key": "A String", # Required. Not supported by Cloud Run. "localObjectReference": { # Not supported by Cloud Run. LocalObjectReference contains enough information to let you locate the referenced object inside the same namespace. # Not supported by Cloud Run. "name": "A String", # Name of the referent. }, "name": "A String", # Required. Not supported by Cloud Run. "optional": True or False, # Not supported by Cloud Run. }, "secretKeyRef": { # SecretKeySelector selects a key of a Secret. # Selects a key (version) of a secret in Secret Manager. "key": "A String", # Required. A Cloud Secret Manager secret version. Must be 'latest' for the latest version, an integer for a specific version, or a version alias. The key of the secret to select from. Must be a valid secret key. "localObjectReference": { # Not supported by Cloud Run. LocalObjectReference contains enough information to let you locate the referenced object inside the same namespace. # This field should not be used directly as it is meant to be inlined directly into the message. Use the "name" field instead. "name": "A String", # Name of the referent. }, "name": "A String", # The name of the secret in Cloud Secret Manager. By default, the secret is assumed to be in the same project. If the secret is in another project, you must define an alias. An alias definition has the form: :projects//secrets/. If multiple alias definitions are needed, they must be separated by commas. The alias definitions must be set on the run.googleapis.com/secrets annotation. The name of the secret in the pod's namespace to select from. "optional": True or False, # Specify whether the Secret or its key must be defined. }, }, }, ], "envFrom": [ # Not supported by Cloud Run. { # Not supported by Cloud Run. EnvFromSource represents the source of a set of ConfigMaps "configMapRef": { # Not supported by Cloud Run. ConfigMapEnvSource selects a ConfigMap to populate the environment variables with. The contents of the target ConfigMap's Data field will represent the key-value pairs as environment variables. # The ConfigMap to select from "localObjectReference": { # Not supported by Cloud Run. LocalObjectReference contains enough information to let you locate the referenced object inside the same namespace. # This field should not be used directly as it is meant to be inlined directly into the message. Use the "name" field instead. "name": "A String", # Name of the referent. }, "name": "A String", # The ConfigMap to select from. "optional": True or False, # Specify whether the ConfigMap must be defined. }, "prefix": "A String", # An optional identifier to prepend to each key in the ConfigMap. Must be a C_IDENTIFIER. "secretRef": { # Not supported by Cloud Run. SecretEnvSource selects a Secret to populate the environment variables with. The contents of the target Secret's Data field will represent the key-value pairs as environment variables. # The Secret to select from "localObjectReference": { # Not supported by Cloud Run. LocalObjectReference contains enough information to let you locate the referenced object inside the same namespace. # This field should not be used directly as it is meant to be inlined directly into the message. Use the "name" field instead. "name": "A String", # Name of the referent. }, "name": "A String", # The Secret to select from. "optional": True or False, # Specify whether the Secret must be defined }, }, ], "image": "A String", # Required. Name of the container image in Dockerhub, Google Artifact Registry, or Google Container Registry. If the host is not provided, Dockerhub is assumed. "imagePullPolicy": "A String", # Image pull policy. One of Always, Never, IfNotPresent. Defaults to Always if :latest tag is specified, or IfNotPresent otherwise. "livenessProbe": { # Probe describes a health check to be performed against a container to determine whether it is alive or ready to receive traffic. # Periodic probe of container liveness. Container will be restarted if the probe fails. "exec": { # Not supported by Cloud Run. ExecAction describes a "run in container" action. # Not supported by Cloud Run. "command": [ # Command is the command line to execute inside the container, the working directory for the command is root ('/') in the container's filesystem. The command is simply exec'd, it is not run inside a shell, so traditional shell instructions ('|', etc) won't work. To use a shell, you need to explicitly call out to that shell. Exit status of 0 is treated as live/healthy and non-zero is unhealthy. "A String", ], }, "failureThreshold": 42, # Minimum consecutive failures for the probe to be considered failed after having succeeded. Defaults to 3. Minimum value is 1. "grpc": { # GRPCAction describes an action involving a GRPC port. # GRPCAction specifies an action involving a GRPC port. "port": 42, # Port number of the gRPC service. Number must be in the range 1 to 65535. "service": "A String", # Service is the name of the service to place in the gRPC HealthCheckRequest. If this is not specified, the default behavior is defined by gRPC. }, "httpGet": { # HTTPGetAction describes an action based on HTTP Get requests. # HTTPGet specifies the http request to perform. "host": "A String", # Not supported by Cloud Run. "httpHeaders": [ # Custom headers to set in the request. HTTP allows repeated headers. { # HTTPHeader describes a custom header to be used in HTTP probes "name": "A String", # Required. The header field name "value": "A String", # The header field value }, ], "path": "A String", # Path to access on the HTTP server. "port": 42, # Port number to access on the container. Number must be in the range 1 to 65535. "scheme": "A String", # Not supported by Cloud Run. }, "initialDelaySeconds": 42, # Number of seconds after the container has started before the probe is initiated. Defaults to 0 seconds. Minimum value is 0. Maximum value for liveness probe is 3600. Maximum value for startup probe is 240. "periodSeconds": 42, # How often (in seconds) to perform the probe. Default to 10 seconds. Minimum value is 1. Maximum value for liveness probe is 3600. Maximum value for startup probe is 240. Must be greater or equal than timeout_seconds. "successThreshold": 42, # Minimum consecutive successes for the probe to be considered successful after having failed. Must be 1 if set. "tcpSocket": { # TCPSocketAction describes an action based on opening a socket # TCPSocket specifies an action involving a TCP port. "host": "A String", # Not supported by Cloud Run. "port": 42, # Port number to access on the container. Number must be in the range 1 to 65535. }, "timeoutSeconds": 42, # Number of seconds after which the probe times out. Defaults to 1 second. Minimum value is 1. Maximum value is 3600. Must be smaller than period_seconds; if period_seconds is not set, must be less or equal than 10. }, "name": "A String", # Name of the container specified as a DNS_LABEL (RFC 1123). "ports": [ # List of ports to expose from the container. Only a single port can be specified. The specified ports must be listening on all interfaces (0.0.0.0) within the container to be accessible. If omitted, a port number will be chosen and passed to the container through the PORT environment variable for the container to listen on. { # ContainerPort represents a network port in a single container. "containerPort": 42, # Port number the container listens on. If present, this must be a valid port number, 0 < x < 65536. If not present, it will default to port 8080. For more information, see https://cloud.google.com/run/docs/container-contract#port "name": "A String", # If specified, used to specify which protocol to use. Allowed values are "http1" and "h2c". "protocol": "A String", # Protocol for port. Must be "TCP". Defaults to "TCP". }, ], "readinessProbe": { # Probe describes a health check to be performed against a container to determine whether it is alive or ready to receive traffic. # Readiness probe to be used for health checks. Not supported by Cloud Run. "exec": { # Not supported by Cloud Run. ExecAction describes a "run in container" action. # Not supported by Cloud Run. "command": [ # Command is the command line to execute inside the container, the working directory for the command is root ('/') in the container's filesystem. The command is simply exec'd, it is not run inside a shell, so traditional shell instructions ('|', etc) won't work. To use a shell, you need to explicitly call out to that shell. Exit status of 0 is treated as live/healthy and non-zero is unhealthy. "A String", ], }, "failureThreshold": 42, # Minimum consecutive failures for the probe to be considered failed after having succeeded. Defaults to 3. Minimum value is 1. "grpc": { # GRPCAction describes an action involving a GRPC port. # GRPCAction specifies an action involving a GRPC port. "port": 42, # Port number of the gRPC service. Number must be in the range 1 to 65535. "service": "A String", # Service is the name of the service to place in the gRPC HealthCheckRequest. If this is not specified, the default behavior is defined by gRPC. }, "httpGet": { # HTTPGetAction describes an action based on HTTP Get requests. # HTTPGet specifies the http request to perform. "host": "A String", # Not supported by Cloud Run. "httpHeaders": [ # Custom headers to set in the request. HTTP allows repeated headers. { # HTTPHeader describes a custom header to be used in HTTP probes "name": "A String", # Required. The header field name "value": "A String", # The header field value }, ], "path": "A String", # Path to access on the HTTP server. "port": 42, # Port number to access on the container. Number must be in the range 1 to 65535. "scheme": "A String", # Not supported by Cloud Run. }, "initialDelaySeconds": 42, # Number of seconds after the container has started before the probe is initiated. Defaults to 0 seconds. Minimum value is 0. Maximum value for liveness probe is 3600. Maximum value for startup probe is 240. "periodSeconds": 42, # How often (in seconds) to perform the probe. Default to 10 seconds. Minimum value is 1. Maximum value for liveness probe is 3600. Maximum value for startup probe is 240. Must be greater or equal than timeout_seconds. "successThreshold": 42, # Minimum consecutive successes for the probe to be considered successful after having failed. Must be 1 if set. "tcpSocket": { # TCPSocketAction describes an action based on opening a socket # TCPSocket specifies an action involving a TCP port. "host": "A String", # Not supported by Cloud Run. "port": 42, # Port number to access on the container. Number must be in the range 1 to 65535. }, "timeoutSeconds": 42, # Number of seconds after which the probe times out. Defaults to 1 second. Minimum value is 1. Maximum value is 3600. Must be smaller than period_seconds; if period_seconds is not set, must be less or equal than 10. }, "resources": { # ResourceRequirements describes the compute resource requirements. # Compute Resources required by this container. "limits": { # Limits describes the maximum amount of compute resources allowed. Only 'cpu' and 'memory' keys are supported. * For supported 'cpu' values, go to https://cloud.google.com/run/docs/configuring/cpu. * For supported 'memory' values and syntax, go to https://cloud.google.com/run/docs/configuring/memory-limits "a_key": "A String", }, "requests": { # Requests describes the minimum amount of compute resources required. Only `cpu` and `memory` are supported. If Requests is omitted for a container, it defaults to Limits if that is explicitly specified, otherwise to an implementation-defined value. * For supported 'cpu' values, go to https://cloud.google.com/run/docs/configuring/cpu. * For supported 'memory' values and syntax, go to https://cloud.google.com/run/docs/configuring/memory-limits "a_key": "A String", }, }, "securityContext": { # Not supported by Cloud Run. SecurityContext holds security configuration that will be applied to a container. Some fields are present in both SecurityContext and PodSecurityContext. When both are set, the values in SecurityContext take precedence. # Not supported by Cloud Run. "runAsUser": 42, # The UID to run the entrypoint of the container process. Defaults to user specified in image metadata if unspecified. May also be set in PodSecurityContext. If set in both SecurityContext and PodSecurityContext, the value specified in SecurityContext takes precedence. }, "startupProbe": { # Probe describes a health check to be performed against a container to determine whether it is alive or ready to receive traffic. # Startup probe of application within the container. All other probes are disabled if a startup probe is provided, until it succeeds. Container will not receive traffic if the probe fails. If not provided, a default startup probe with TCP socket action is used. "exec": { # Not supported by Cloud Run. ExecAction describes a "run in container" action. # Not supported by Cloud Run. "command": [ # Command is the command line to execute inside the container, the working directory for the command is root ('/') in the container's filesystem. The command is simply exec'd, it is not run inside a shell, so traditional shell instructions ('|', etc) won't work. To use a shell, you need to explicitly call out to that shell. Exit status of 0 is treated as live/healthy and non-zero is unhealthy. "A String", ], }, "failureThreshold": 42, # Minimum consecutive failures for the probe to be considered failed after having succeeded. Defaults to 3. Minimum value is 1. "grpc": { # GRPCAction describes an action involving a GRPC port. # GRPCAction specifies an action involving a GRPC port. "port": 42, # Port number of the gRPC service. Number must be in the range 1 to 65535. "service": "A String", # Service is the name of the service to place in the gRPC HealthCheckRequest. If this is not specified, the default behavior is defined by gRPC. }, "httpGet": { # HTTPGetAction describes an action based on HTTP Get requests. # HTTPGet specifies the http request to perform. "host": "A String", # Not supported by Cloud Run. "httpHeaders": [ # Custom headers to set in the request. HTTP allows repeated headers. { # HTTPHeader describes a custom header to be used in HTTP probes "name": "A String", # Required. The header field name "value": "A String", # The header field value }, ], "path": "A String", # Path to access on the HTTP server. "port": 42, # Port number to access on the container. Number must be in the range 1 to 65535. "scheme": "A String", # Not supported by Cloud Run. }, "initialDelaySeconds": 42, # Number of seconds after the container has started before the probe is initiated. Defaults to 0 seconds. Minimum value is 0. Maximum value for liveness probe is 3600. Maximum value for startup probe is 240. "periodSeconds": 42, # How often (in seconds) to perform the probe. Default to 10 seconds. Minimum value is 1. Maximum value for liveness probe is 3600. Maximum value for startup probe is 240. Must be greater or equal than timeout_seconds. "successThreshold": 42, # Minimum consecutive successes for the probe to be considered successful after having failed. Must be 1 if set. "tcpSocket": { # TCPSocketAction describes an action based on opening a socket # TCPSocket specifies an action involving a TCP port. "host": "A String", # Not supported by Cloud Run. "port": 42, # Port number to access on the container. Number must be in the range 1 to 65535. }, "timeoutSeconds": 42, # Number of seconds after which the probe times out. Defaults to 1 second. Minimum value is 1. Maximum value is 3600. Must be smaller than period_seconds; if period_seconds is not set, must be less or equal than 10. }, "terminationMessagePath": "A String", # Path at which the file to which the container's termination message will be written is mounted into the container's filesystem. Message written is intended to be brief final status, such as an assertion failure message. Will be truncated by the node if greater than 4096 bytes. The total message length across all containers will be limited to 12kb. Defaults to /dev/termination-log. "terminationMessagePolicy": "A String", # Indicate how the termination message should be populated. File will use the contents of terminationMessagePath to populate the container status message on both success and failure. FallbackToLogsOnError will use the last chunk of container log output if the termination message file is empty and the container exited with an error. The log output is limited to 2048 bytes or 80 lines, whichever is smaller. Defaults to File. Cannot be updated. "volumeMounts": [ # Volume to mount into the container's filesystem. Only supports SecretVolumeSources. Pod volumes to mount into the container's filesystem. { # VolumeMount describes a mounting of a Volume within a container. "mountPath": "A String", # Required. Path within the container at which the volume should be mounted. Must not contain ':'. "name": "A String", # Required. The name of the volume. There must be a corresponding Volume with the same name. "readOnly": True or False, # Sets the mount to be read-only or read-write. Not used by Cloud Run. "subPath": "A String", # Path within the volume from which the container's volume should be mounted. Defaults to "" (volume's root). }, ], "workingDir": "A String", # Container's working directory. If not specified, the container runtime's default will be used, which might be configured in the container image. }, ], "enableServiceLinks": True or False, # Not supported by Cloud Run. "imagePullSecrets": [ # Not supported by Cloud Run. { # Not supported by Cloud Run. LocalObjectReference contains enough information to let you locate the referenced object inside the same namespace. "name": "A String", # Name of the referent. }, ], "nodeSelector": { # Optional. The Node Selector configuration. Map of selector key to a value which matches a node. "a_key": "A String", }, "runtimeClassName": "A String", # Runtime. Leave unset for default. "serviceAccountName": "A String", # Email address of the IAM service account associated with the revision of the service. The service account represents the identity of the running revision, and determines what permissions the revision has. If not provided, the revision will use the project's default service account. "timeoutSeconds": 42, # TimeoutSeconds holds the max duration the instance is allowed for responding to a request. Cloud Run: defaults to 300 seconds (5 minutes). Maximum allowed value is 3600 seconds (1 hour). "volumes": [ { # Volume represents a named volume in a container. "configMap": { # Not supported by Cloud Run. Adapts a ConfigMap into a volume. The contents of the target ConfigMap's Data field will be presented in a volume as files using the keys in the Data field as the file names, unless the items element is populated with specific mappings of keys to paths. # Not supported in Cloud Run. "defaultMode": 42, # (Optional) Integer representation of mode bits to use on created files by default. Must be a value between 01 and 0777 (octal). If 0 or not set, it will default to 0644. Directories within the path are not affected by this setting. Notes * Internally, a umask of 0222 will be applied to any non-zero value. * This is an integer representation of the mode bits. So, the octal integer value should look exactly as the chmod numeric notation with a leading zero. Some examples: for chmod 777 (a=rwx), set to 0777 (octal) or 511 (base-10). For chmod 640 (u=rw,g=r), set to 0640 (octal) or 416 (base-10). For chmod 755 (u=rwx,g=rx,o=rx), set to 0755 (octal) or 493 (base-10). * This might be in conflict with other options that affect the file mode, like fsGroup, and the result can be other mode bits set. "items": [ # (Optional) If unspecified, each key-value pair in the Data field of the referenced Secret will be projected into the volume as a file whose name is the key and content is the value. If specified, the listed keys will be projected into the specified paths, and unlisted keys will not be present. If a key is specified that is not present in the Secret, the volume setup will error unless it is marked optional. { # Maps a string key to a path within a volume. "key": "A String", # The Cloud Secret Manager secret version. Can be 'latest' for the latest value, or an integer or a secret alias for a specific version. The key to project. "mode": 42, # (Optional) Mode bits to use on this file, must be a value between 01 and 0777 (octal). If 0 or not set, the Volume's default mode will be used. Notes * Internally, a umask of 0222 will be applied to any non-zero value. * This is an integer representation of the mode bits. So, the octal integer value should look exactly as the chmod numeric notation with a leading zero. Some examples: for chmod 777 (a=rwx), set to 0777 (octal) or 511 (base-10). For chmod 640 (u=rw,g=r), set to 0640 (octal) or 416 (base-10). For chmod 755 (u=rwx,g=rx,o=rx), set to 0755 (octal) or 493 (base-10). * This might be in conflict with other options that affect the file mode, like fsGroup, and the result can be other mode bits set. "path": "A String", # The relative path of the file to map the key to. May not be an absolute path. May not contain the path element '..'. May not start with the string '..'. }, ], "name": "A String", # Name of the config. "optional": True or False, # (Optional) Specify whether the Secret or its keys must be defined. }, "csi": { # Storage volume source using the Container Storage Interface. # Volume specified by the Container Storage Interface driver "driver": "A String", # name of the CSI driver for the requested storage system. Cloud Run supports the following drivers: * gcsfuse.run.googleapis.com : Mount a Cloud Storage Bucket as a volume. "readOnly": True or False, # If true, mount the volume as read only. Defaults to false. "volumeAttributes": { # stores driver specific attributes. For Google Cloud Storage volumes, the following attributes are supported: * bucketName: the name of the Cloud Storage bucket to mount. The Cloud Run Service identity must have access to this bucket. "a_key": "A String", }, }, "emptyDir": { # In memory (tmpfs) ephemeral storage. It is ephemeral in the sense that when the sandbox is taken down, the data is destroyed with it (it does not persist across sandbox runs). # Ephemeral storage used as a shared volume. "medium": "A String", # The medium on which the data is stored. The default is "" which means to use the node's default medium. Must be an empty string (default) or Memory. More info: https://kubernetes.io/docs/concepts/storage/volumes#emptydir "sizeLimit": "A String", # Limit on the storage usable by this EmptyDir volume. The size limit is also applicable for memory medium. The maximum usage on memory medium EmptyDir would be the minimum value between the SizeLimit specified here and the sum of memory limits of all containers. The default is nil which means that the limit is undefined. More info: https://cloud.google.com/run/docs/configuring/in-memory-volumes#configure-volume. Info in Kubernetes: https://kubernetes.io/docs/concepts/storage/volumes/#emptydir }, "name": "A String", # Volume's name. In Cloud Run Fully Managed, the name 'cloudsql' is reserved. "nfs": { # Represents a persistent volume that will be mounted using NFS. This volume will be shared between all instances of the resource and data will not be deleted when the instance is shut down. "path": "A String", # Path that is exported by the NFS server. "readOnly": True or False, # If true, mount the NFS volume as read only. Defaults to false. "server": "A String", # Hostname or IP address of the NFS server. }, "secret": { # A volume representing a secret stored in Google Secret Manager. The secret's value will be presented as the content of a file whose name is defined in the item path. If no items are defined, the name of the file is the secret_name. The contents of the target Secret's Data field will be presented in a volume as files using the keys in the Data field as the file names. # The secret's value will be presented as the content of a file whose name is defined in the item path. If no items are defined, the name of the file is the secretName. "defaultMode": 42, # Integer representation of mode bits to use on created files by default. Must be a value between 01 and 0777 (octal). If 0 or not set, it will default to 0444. Directories within the path are not affected by this setting. Notes * Internally, a umask of 0222 will be applied to any non-zero value. * This is an integer representation of the mode bits. So, the octal integer value should look exactly as the chmod numeric notation with a leading zero. Some examples: for chmod 777 (a=rwx), set to 0777 (octal) or 511 (base-10). For chmod 640 (u=rw,g=r), set to 0640 (octal) or 416 (base-10). For chmod 755 (u=rwx,g=rx,o=rx), set to 0755 (octal) or 493 (base-10). * This might be in conflict with other options that affect the file mode, like fsGroup, and the result can be other mode bits set. "items": [ # A list of secret versions to mount in the volume. If no items are specified, the volume will expose a file with the same name as the secret name. The contents of the file will be the data in the latest version of the secret. If items are specified, the key will be used as the version to fetch from Cloud Secret Manager and the path will be the name of the file exposed in the volume. When items are defined, they must specify both a key and a path. { # Maps a string key to a path within a volume. "key": "A String", # The Cloud Secret Manager secret version. Can be 'latest' for the latest value, or an integer or a secret alias for a specific version. The key to project. "mode": 42, # (Optional) Mode bits to use on this file, must be a value between 01 and 0777 (octal). If 0 or not set, the Volume's default mode will be used. Notes * Internally, a umask of 0222 will be applied to any non-zero value. * This is an integer representation of the mode bits. So, the octal integer value should look exactly as the chmod numeric notation with a leading zero. Some examples: for chmod 777 (a=rwx), set to 0777 (octal) or 511 (base-10). For chmod 640 (u=rw,g=r), set to 0640 (octal) or 416 (base-10). For chmod 755 (u=rwx,g=rx,o=rx), set to 0755 (octal) or 493 (base-10). * This might be in conflict with other options that affect the file mode, like fsGroup, and the result can be other mode bits set. "path": "A String", # The relative path of the file to map the key to. May not be an absolute path. May not contain the path element '..'. May not start with the string '..'. }, ], "optional": True or False, # Not supported by Cloud Run. "secretName": "A String", # The name of the secret in Cloud Secret Manager. By default, the secret is assumed to be in the same project. If the secret is in another project, you must define an alias. An alias definition has the form: :projects//secrets/. If multiple alias definitions are needed, they must be separated by commas. The alias definitions must be set on the run.googleapis.com/secrets annotation. Name of the secret in the container's namespace to use. }, }, ], }, }, "traffic": [ # Specifies how to distribute traffic over a collection of Knative Revisions and Configurations to the Service's main URL. { # TrafficTarget holds a single entry of the routing table for a Route. "configurationName": "A String", # [Deprecated] Not supported in Cloud Run. It must be empty. "latestRevision": True or False, # Uses the "status.latestReadyRevisionName" of the Service to determine the traffic target. When it changes, traffic will automatically migrate from the prior "latest ready" revision to the new one. This field must be false if RevisionName is set. This field defaults to true otherwise. If the field is set to true on Status, this means that the Revision was resolved from the Service's latest ready revision. "percent": 42, # Percent specifies percent of the traffic to this Revision or Configuration. This defaults to zero if unspecified. "revisionName": "A String", # Points this traffic target to a specific Revision. This field is mutually exclusive with latest_revision. "tag": "A String", # Tag is used to expose a dedicated url for referencing this target exclusively. "url": "A String", # Output only. URL displays the URL for accessing tagged traffic targets. URL is displayed in status, and is disallowed on spec. URL must contain a scheme (e.g. https://) and a hostname, but may not contain anything else (e.g. basic auth, url path, etc.) }, ], }, "status": { # The current state of the Service. Output only. # Communicates the system-controlled state of the Service. "address": { # Information for connecting over HTTP(s). # Similar to url, information on where the service is available on HTTP. "url": "A String", }, "conditions": [ # Conditions communicate information about ongoing/complete reconciliation processes that bring the `spec` inline with the observed state of the world. Service-specific conditions include: * `ConfigurationsReady`: `True` when the underlying Configuration is ready. * `RoutesReady`: `True` when the underlying Route is ready. * `Ready`: `True` when all underlying resources are ready. { # Conditions show the status of reconciliation progress on a given resource. Most resource use a top-level condition type "Ready" or "Completed" to show overall status with other conditions to checkpoint each stage of reconciliation. Note that if metadata.Generation does not equal status.ObservedGeneration, the conditions shown may not be relevant for the current spec. "lastTransitionTime": "A String", # Optional. Last time the condition transitioned from one status to another. "message": "A String", # Optional. Human readable message indicating details about the current status. "reason": "A String", # Optional. One-word CamelCase reason for the condition's last transition. These are intended to be stable, unique values which the client may use to trigger error handling logic, whereas messages which may be changed later by the server. "severity": "A String", # Optional. How to interpret this condition. One of Error, Warning, or Info. Conditions of severity Info do not contribute to resource readiness. "status": "A String", # Status of the condition, one of True, False, Unknown. "type": "A String", # type is used to communicate the status of the reconciliation process. Types common to all resources include: * "Ready" or "Completed": True when the Resource is ready. }, ], "latestCreatedRevisionName": "A String", # Name of the last revision that was created from this Service's Configuration. It might not be ready yet, for that use LatestReadyRevisionName. "latestReadyRevisionName": "A String", # Name of the latest Revision from this Service's Configuration that has had its `Ready` condition become `True`. "observedGeneration": 42, # Returns the generation last seen by the system. Clients polling for completed reconciliation should poll until observedGeneration = metadata.generation and the Ready condition's status is True or False. "traffic": [ # Holds the configured traffic distribution. These entries will always contain RevisionName references. When ConfigurationName appears in the spec, this will hold the LatestReadyRevisionName that we last observed. { # TrafficTarget holds a single entry of the routing table for a Route. "configurationName": "A String", # [Deprecated] Not supported in Cloud Run. It must be empty. "latestRevision": True or False, # Uses the "status.latestReadyRevisionName" of the Service to determine the traffic target. When it changes, traffic will automatically migrate from the prior "latest ready" revision to the new one. This field must be false if RevisionName is set. This field defaults to true otherwise. If the field is set to true on Status, this means that the Revision was resolved from the Service's latest ready revision. "percent": 42, # Percent specifies percent of the traffic to this Revision or Configuration. This defaults to zero if unspecified. "revisionName": "A String", # Points this traffic target to a specific Revision. This field is mutually exclusive with latest_revision. "tag": "A String", # Tag is used to expose a dedicated url for referencing this target exclusively. "url": "A String", # Output only. URL displays the URL for accessing tagged traffic targets. URL is displayed in status, and is disallowed on spec. URL must contain a scheme (e.g. https://) and a hostname, but may not contain anything else (e.g. basic auth, url path, etc.) }, ], "url": "A String", # URL that will distribute traffic over the provided traffic targets. It generally has the form `https://{route-hash}-{project-hash}-{cluster-level-suffix}.a.run.app` }, }
getIamPolicy(resource, options_requestedPolicyVersion=None, x__xgafv=None)
Gets the IAM Access Control policy currently in effect for the given Cloud Run service. This result does not include any inherited policies. Args: resource: string, REQUIRED: The resource for which the policy is being requested. See [Resource names](https://cloud.google.com/apis/design/resource_names) for the appropriate value for this field. (required) options_requestedPolicyVersion: integer, Optional. The maximum policy version that will be used to format the policy. Valid values are 0, 1, and 3. Requests specifying an invalid value will be rejected. Requests for policies with any conditional role bindings must specify version 3. Policies with no conditional role bindings may specify any valid value or leave the field unset. The policy in the response might use the policy version that you specified, or it might use a lower policy version. For example, if you specify version 3, but the policy has no conditional role bindings, the response uses version 1. To learn which resources support conditions in their IAM policies, see the [IAM documentation](https://cloud.google.com/iam/help/conditions/resource-policies). x__xgafv: string, V1 error format. Allowed values 1 - v1 error format 2 - v2 error format Returns: An object of the form: { # An Identity and Access Management (IAM) policy, which specifies access controls for Google Cloud resources. A `Policy` is a collection of `bindings`. A `binding` binds one or more `members`, or principals, to a single `role`. Principals can be user accounts, service accounts, Google groups, and domains (such as G Suite). A `role` is a named list of permissions; each `role` can be an IAM predefined role or a user-created custom role. For some types of Google Cloud resources, a `binding` can also specify a `condition`, which is a logical expression that allows access to a resource only if the expression evaluates to `true`. A condition can add constraints based on attributes of the request, the resource, or both. To learn which resources support conditions in their IAM policies, see the [IAM documentation](https://cloud.google.com/iam/help/conditions/resource-policies). **JSON example:** ``` { "bindings": [ { "role": "roles/resourcemanager.organizationAdmin", "members": [ "user:mike@example.com", "group:admins@example.com", "domain:google.com", "serviceAccount:my-project-id@appspot.gserviceaccount.com" ] }, { "role": "roles/resourcemanager.organizationViewer", "members": [ "user:eve@example.com" ], "condition": { "title": "expirable access", "description": "Does not grant access after Sep 2020", "expression": "request.time < timestamp('2020-10-01T00:00:00.000Z')", } } ], "etag": "BwWWja0YfJA=", "version": 3 } ``` **YAML example:** ``` bindings: - members: - user:mike@example.com - group:admins@example.com - domain:google.com - serviceAccount:my-project-id@appspot.gserviceaccount.com role: roles/resourcemanager.organizationAdmin - members: - user:eve@example.com role: roles/resourcemanager.organizationViewer condition: title: expirable access description: Does not grant access after Sep 2020 expression: request.time < timestamp('2020-10-01T00:00:00.000Z') etag: BwWWja0YfJA= version: 3 ``` For a description of IAM and its features, see the [IAM documentation](https://cloud.google.com/iam/docs/). "auditConfigs": [ # Specifies cloud audit logging configuration for this policy. { # Specifies the audit configuration for a service. The configuration determines which permission types are logged, and what identities, if any, are exempted from logging. An AuditConfig must have one or more AuditLogConfigs. If there are AuditConfigs for both `allServices` and a specific service, the union of the two AuditConfigs is used for that service: the log_types specified in each AuditConfig are enabled, and the exempted_members in each AuditLogConfig are exempted. Example Policy with multiple AuditConfigs: { "audit_configs": [ { "service": "allServices", "audit_log_configs": [ { "log_type": "DATA_READ", "exempted_members": [ "user:jose@example.com" ] }, { "log_type": "DATA_WRITE" }, { "log_type": "ADMIN_READ" } ] }, { "service": "sampleservice.googleapis.com", "audit_log_configs": [ { "log_type": "DATA_READ" }, { "log_type": "DATA_WRITE", "exempted_members": [ "user:aliya@example.com" ] } ] } ] } For sampleservice, this policy enables DATA_READ, DATA_WRITE and ADMIN_READ logging. It also exempts `jose@example.com` from DATA_READ logging, and `aliya@example.com` from DATA_WRITE logging. "auditLogConfigs": [ # The configuration for logging of each type of permission. { # Provides the configuration for logging a type of permissions. Example: { "audit_log_configs": [ { "log_type": "DATA_READ", "exempted_members": [ "user:jose@example.com" ] }, { "log_type": "DATA_WRITE" } ] } This enables 'DATA_READ' and 'DATA_WRITE' logging, while exempting jose@example.com from DATA_READ logging. "exemptedMembers": [ # Specifies the identities that do not cause logging for this type of permission. Follows the same format of Binding.members. "A String", ], "logType": "A String", # The log type that this config enables. }, ], "service": "A String", # Specifies a service that will be enabled for audit logging. For example, `storage.googleapis.com`, `cloudsql.googleapis.com`. `allServices` is a special value that covers all services. }, ], "bindings": [ # Associates a list of `members`, or principals, with a `role`. Optionally, may specify a `condition` that determines how and when the `bindings` are applied. Each of the `bindings` must contain at least one principal. The `bindings` in a `Policy` can refer to up to 1,500 principals; up to 250 of these principals can be Google groups. Each occurrence of a principal counts towards these limits. For example, if the `bindings` grant 50 different roles to `user:alice@example.com`, and not to any other principal, then you can add another 1,450 principals to the `bindings` in the `Policy`. { # Associates `members`, or principals, with a `role`. "condition": { # Represents a textual expression in the Common Expression Language (CEL) syntax. CEL is a C-like expression language. The syntax and semantics of CEL are documented at https://github.com/google/cel-spec. Example (Comparison): title: "Summary size limit" description: "Determines if a summary is less than 100 chars" expression: "document.summary.size() < 100" Example (Equality): title: "Requestor is owner" description: "Determines if requestor is the document owner" expression: "document.owner == request.auth.claims.email" Example (Logic): title: "Public documents" description: "Determine whether the document should be publicly visible" expression: "document.type != 'private' && document.type != 'internal'" Example (Data Manipulation): title: "Notification string" description: "Create a notification string with a timestamp." expression: "'New message received at ' + string(document.create_time)" The exact variables and functions that may be referenced within an expression are determined by the service that evaluates it. See the service documentation for additional information. # The condition that is associated with this binding. If the condition evaluates to `true`, then this binding applies to the current request. If the condition evaluates to `false`, then this binding does not apply to the current request. However, a different role binding might grant the same role to one or more of the principals in this binding. To learn which resources support conditions in their IAM policies, see the [IAM documentation](https://cloud.google.com/iam/help/conditions/resource-policies). "description": "A String", # Optional. Description of the expression. This is a longer text which describes the expression, e.g. when hovered over it in a UI. "expression": "A String", # Textual representation of an expression in Common Expression Language syntax. "location": "A String", # Optional. String indicating the location of the expression for error reporting, e.g. a file name and a position in the file. "title": "A String", # Optional. Title for the expression, i.e. a short string describing its purpose. This can be used e.g. in UIs which allow to enter the expression. }, "members": [ # Specifies the principals requesting access for a Google Cloud resource. `members` can have the following values: * `allUsers`: A special identifier that represents anyone who is on the internet; with or without a Google account. * `allAuthenticatedUsers`: A special identifier that represents anyone who is authenticated with a Google account or a service account. Does not include identities that come from external identity providers (IdPs) through identity federation. * `user:{emailid}`: An email address that represents a specific Google account. For example, `alice@example.com` . * `serviceAccount:{emailid}`: An email address that represents a Google service account. For example, `my-other-app@appspot.gserviceaccount.com`. * `serviceAccount:{projectid}.svc.id.goog[{namespace}/{kubernetes-sa}]`: An identifier for a [Kubernetes service account](https://cloud.google.com/kubernetes-engine/docs/how-to/kubernetes-service-accounts). For example, `my-project.svc.id.goog[my-namespace/my-kubernetes-sa]`. * `group:{emailid}`: An email address that represents a Google group. For example, `admins@example.com`. * `domain:{domain}`: The G Suite domain (primary) that represents all the users of that domain. For example, `google.com` or `example.com`. * `principal://iam.googleapis.com/locations/global/workforcePools/{pool_id}/subject/{subject_attribute_value}`: A single identity in a workforce identity pool. * `principalSet://iam.googleapis.com/locations/global/workforcePools/{pool_id}/group/{group_id}`: All workforce identities in a group. * `principalSet://iam.googleapis.com/locations/global/workforcePools/{pool_id}/attribute.{attribute_name}/{attribute_value}`: All workforce identities with a specific attribute value. * `principalSet://iam.googleapis.com/locations/global/workforcePools/{pool_id}/*`: All identities in a workforce identity pool. * `principal://iam.googleapis.com/projects/{project_number}/locations/global/workloadIdentityPools/{pool_id}/subject/{subject_attribute_value}`: A single identity in a workload identity pool. * `principalSet://iam.googleapis.com/projects/{project_number}/locations/global/workloadIdentityPools/{pool_id}/group/{group_id}`: A workload identity pool group. * `principalSet://iam.googleapis.com/projects/{project_number}/locations/global/workloadIdentityPools/{pool_id}/attribute.{attribute_name}/{attribute_value}`: All identities in a workload identity pool with a certain attribute. * `principalSet://iam.googleapis.com/projects/{project_number}/locations/global/workloadIdentityPools/{pool_id}/*`: All identities in a workload identity pool. * `deleted:user:{emailid}?uid={uniqueid}`: An email address (plus unique identifier) representing a user that has been recently deleted. For example, `alice@example.com?uid=123456789012345678901`. If the user is recovered, this value reverts to `user:{emailid}` and the recovered user retains the role in the binding. * `deleted:serviceAccount:{emailid}?uid={uniqueid}`: An email address (plus unique identifier) representing a service account that has been recently deleted. For example, `my-other-app@appspot.gserviceaccount.com?uid=123456789012345678901`. If the service account is undeleted, this value reverts to `serviceAccount:{emailid}` and the undeleted service account retains the role in the binding. * `deleted:group:{emailid}?uid={uniqueid}`: An email address (plus unique identifier) representing a Google group that has been recently deleted. For example, `admins@example.com?uid=123456789012345678901`. If the group is recovered, this value reverts to `group:{emailid}` and the recovered group retains the role in the binding. * `deleted:principal://iam.googleapis.com/locations/global/workforcePools/{pool_id}/subject/{subject_attribute_value}`: Deleted single identity in a workforce identity pool. For example, `deleted:principal://iam.googleapis.com/locations/global/workforcePools/my-pool-id/subject/my-subject-attribute-value`. "A String", ], "role": "A String", # Role that is assigned to the list of `members`, or principals. For example, `roles/viewer`, `roles/editor`, or `roles/owner`. For an overview of the IAM roles and permissions, see the [IAM documentation](https://cloud.google.com/iam/docs/roles-overview). For a list of the available pre-defined roles, see [here](https://cloud.google.com/iam/docs/understanding-roles). }, ], "etag": "A String", # `etag` is used for optimistic concurrency control as a way to help prevent simultaneous updates of a policy from overwriting each other. It is strongly suggested that systems make use of the `etag` in the read-modify-write cycle to perform policy updates in order to avoid race conditions: An `etag` is returned in the response to `getIamPolicy`, and systems are expected to put that etag in the request to `setIamPolicy` to ensure that their change will be applied to the same version of the policy. **Important:** If you use IAM Conditions, you must include the `etag` field whenever you call `setIamPolicy`. If you omit this field, then IAM allows you to overwrite a version `3` policy with a version `1` policy, and all of the conditions in the version `3` policy are lost. "version": 42, # Specifies the format of the policy. Valid values are `0`, `1`, and `3`. Requests that specify an invalid value are rejected. Any operation that affects conditional role bindings must specify version `3`. This requirement applies to the following operations: * Getting a policy that includes a conditional role binding * Adding a conditional role binding to a policy * Changing a conditional role binding in a policy * Removing any role binding, with or without a condition, from a policy that includes conditions **Important:** If you use IAM Conditions, you must include the `etag` field whenever you call `setIamPolicy`. If you omit this field, then IAM allows you to overwrite a version `3` policy with a version `1` policy, and all of the conditions in the version `3` policy are lost. If a policy does not include any conditions, operations on that policy may specify any valid version or leave the field unset. To learn which resources support conditions in their IAM policies, see the [IAM documentation](https://cloud.google.com/iam/help/conditions/resource-policies). }
list(parent, continue=None, fieldSelector=None, includeUninitialized=None, labelSelector=None, limit=None, resourceVersion=None, watch=None, x__xgafv=None)
Lists services for the given project and region. Results are sorted by creation time, descending. Args: parent: string, Required. The parent from where the resources should be listed. In Cloud Run, it may be one of the following: * `{project_id_or_number}` * `namespaces/{project_id_or_number}` * `namespaces/{project_id_or_number}/services` * `projects/{project_id_or_number}/locations/{region}` * `projects/{project_id_or_number}/regions/{region}` (required) continue: string, Encoded string to continue paging. fieldSelector: string, Not supported, and ignored by Cloud Run. includeUninitialized: boolean, Not supported, and ignored by Cloud Run. labelSelector: string, Allows to filter resources based on a label. Supported operations are =, !=, exists, in, and notIn. limit: integer, The maximum number of records that should be returned. resourceVersion: string, Not supported, and ignored by Cloud Run. watch: boolean, Not supported, and ignored by Cloud Run. x__xgafv: string, V1 error format. Allowed values 1 - v1 error format 2 - v2 error format Returns: An object of the form: { # A list of Service resources. "apiVersion": "A String", # The API version for this call; returns "serving.knative.dev/v1". "items": [ # List of Services. { # Service acts as a top-level container that manages a set of Routes and Configurations which implement a network service. Service exists to provide a singular abstraction which can be access controlled, reasoned about, and which encapsulates software lifecycle decisions such as rollout policy and team resource ownership. Service acts only as an orchestrator of the underlying Routes and Configurations (much as a kubernetes Deployment orchestrates ReplicaSets). The Service's controller will track the statuses of its owned Configuration and Route, reflecting their statuses and conditions as its own. "apiVersion": "A String", # The API version for this call. It must be "serving.knative.dev/v1". "kind": "A String", # The kind of resource. It must be "Service". "metadata": { # google.cloud.run.meta.v1.ObjectMeta is metadata that all persisted resources must have, which includes all objects users must create. # Metadata associated with this Service, including name, namespace, labels, and annotations. In Cloud Run, annotations with 'run.googleapis.com/' and 'autoscaling.knative.dev' are restricted, and the accepted annotations will be different depending on the resource type. The following Cloud Run-specific annotations are accepted in Service.metadata.annotations. * `run.googleapis.com/binary-authorization-breakglass` * `run.googleapis.com/binary-authorization` * `run.googleapis.com/client-name` * `run.googleapis.com/custom-audiences` * `run.googleapis.com/default-url-disabled` * `run.googleapis.com/description` * `run.googleapis.com/gc-traffic-tags` * `run.googleapis.com/ingress` * `run.googleapis.com/ingress` sets the ingress settings for the Service. See [the ingress settings documentation](/run/docs/securing/ingress) for details on configuring ingress settings. * `run.googleapis.com/ingress-status` is output-only and contains the currently active ingress settings for the Service. `run.googleapis.com/ingress-status` may differ from `run.googleapis.com/ingress` while the system is processing a change to `run.googleapis.com/ingress` or if the system failed to process a change to `run.googleapis.com/ingress`. When the system has processed all changes successfully `run.googleapis.com/ingress-status` and `run.googleapis.com/ingress` are equal. "annotations": { # Unstructured key value map stored with a resource that may be set by external tools to store and retrieve arbitrary metadata. They are not queryable and should be preserved when modifying objects. In Cloud Run, annotations with 'run.googleapis.com/' and 'autoscaling.knative.dev' are restricted, and the accepted annotations will be different depending on the resource type. * `autoscaling.knative.dev/maxScale`: Revision. * `autoscaling.knative.dev/minScale`: Revision. * `run.googleapis.com/base-images`: Service, Revision. * `run.googleapis.com/binary-authorization-breakglass`: Service, Job, * `run.googleapis.com/binary-authorization`: Service, Job, Execution. * `run.googleapis.com/build-base-image`: Service. * `run.googleapis.com/build-enable-automatic-updates`: Service. * `run.googleapis.com/build-environment-variables`: Service. * `run.googleapis.com/build-function-target`: Service. * `run.googleapis.com/build-id`: Service. * `run.googleapis.com/build-image-uri`: Service. * `run.googleapis.com/build-name`: Service. * `run.googleapis.com/build-service-account`: Service. * `run.googleapis.com/build-source-location`: Service. * `run.googleapis.com/build-worker-pool`: Service. * `run.googleapis.com/client-name`: All resources. * `run.googleapis.com/cloudsql-instances`: Revision, Execution. * `run.googleapis.com/container-dependencies`: Revision . * `run.googleapis.com/cpu-throttling`: Revision. * `run.googleapis.com/custom-audiences`: Service. * `run.googleapis.com/default-url-disabled`: Service. * `run.googleapis.com/description`: Service. * `run.googleapis.com/encryption-key-shutdown-hours`: Revision * `run.googleapis.com/encryption-key`: Revision, Execution. * `run.googleapis.com/execution-environment`: Revision, Execution. * `run.googleapis.com/gc-traffic-tags`: Service. * `run.googleapis.com/health-check-disabled`: Revision. * `run.googleapis.com/ingress`: Service. * `run.googleapis.com/launch-stage`: Service, Job. * `run.googleapis.com/minScale`: Service * `run.googleapis.com/network-interfaces`: Revision, Execution. * `run.googleapis.com/post-key-revocation-action-type`: Revision. * `run.googleapis.com/secrets`: Revision, Execution. * `run.googleapis.com/secure-session-agent`: Revision. * `run.googleapis.com/sessionAffinity`: Revision. * `run.googleapis.com/startup-cpu-boost`: Revision. * `run.googleapis.com/vpc-access-connector`: Revision, Execution. * `run.googleapis.com/vpc-access-egress`: Revision, Execution. "a_key": "A String", }, "clusterName": "A String", # Not supported by Cloud Run "creationTimestamp": "A String", # UTC timestamp representing the server time when this object was created. "deletionGracePeriodSeconds": 42, # Not supported by Cloud Run "deletionTimestamp": "A String", # The read-only soft deletion timestamp for this resource. In Cloud Run, users are not able to set this field. Instead, they must call the corresponding Delete API. "finalizers": [ # Not supported by Cloud Run "A String", ], "generateName": "A String", # Not supported by Cloud Run "generation": 42, # A system-provided sequence number representing a specific generation of the desired state. "labels": { # Map of string keys and values that can be used to organize and categorize (scope and select) objects. May match selectors of replication controllers and routes. "a_key": "A String", }, "name": "A String", # Required. The name of the resource. Name is required when creating top-level resources (Service, Job), must be unique within a Cloud Run project/region, and cannot be changed once created. "namespace": "A String", # Required. Defines the space within each name must be unique within a Cloud Run region. In Cloud Run, it must be project ID or number. "ownerReferences": [ # Not supported by Cloud Run { # This is not supported or used by Cloud Run. "apiVersion": "A String", # This is not supported or used by Cloud Run. "blockOwnerDeletion": True or False, # This is not supported or used by Cloud Run. "controller": True or False, # This is not supported or used by Cloud Run. "kind": "A String", # This is not supported or used by Cloud Run. "name": "A String", # This is not supported or used by Cloud Run. "uid": "A String", # This is not supported or used by Cloud Run. }, ], "resourceVersion": "A String", # Opaque, system-generated value that represents the internal version of this object that can be used by clients to determine when objects have changed. May be used for optimistic concurrency, change detection, and the watch operation on a resource or set of resources. Clients must treat these values as opaque and passed unmodified back to the server or omit the value to disable conflict-detection. "selfLink": "A String", # URL representing this object. "uid": "A String", # Unique, system-generated identifier for this resource. }, "spec": { # ServiceSpec holds the desired state of the Route (from the client), which is used to manipulate the underlying Route and Configuration(s). # Holds the desired state of the Service (from the client). "template": { # RevisionTemplateSpec describes the data a revision should have when created from a template. # Holds the latest specification for the Revision to be stamped out. "metadata": { # google.cloud.run.meta.v1.ObjectMeta is metadata that all persisted resources must have, which includes all objects users must create. # Optional metadata for this Revision, including labels and annotations. Name will be generated by the Configuration. The following annotation keys set properties of the created revision: * `autoscaling.knative.dev/minScale` sets the minimum number of instances. * `autoscaling.knative.dev/maxScale` sets the maximum number of instances. * `run.googleapis.com/cloudsql-instances` sets Cloud SQL connections. Multiple values should be comma separated. * `run.googleapis.com/health-check-disabled`: if true, deploy-time startup probes will not run for this revision. * `run.googleapis.com/vpc-access-connector` sets a Serverless VPC Access connector. * `run.googleapis.com/vpc-access-egress` sets VPC egress. Supported values are `all-traffic`, `all` (deprecated), and `private-ranges-only`. `all-traffic` and `all` provide the same functionality. `all` is deprecated but will continue to be supported. Prefer `all-traffic`. "annotations": { # Unstructured key value map stored with a resource that may be set by external tools to store and retrieve arbitrary metadata. They are not queryable and should be preserved when modifying objects. In Cloud Run, annotations with 'run.googleapis.com/' and 'autoscaling.knative.dev' are restricted, and the accepted annotations will be different depending on the resource type. * `autoscaling.knative.dev/maxScale`: Revision. * `autoscaling.knative.dev/minScale`: Revision. * `run.googleapis.com/base-images`: Service, Revision. * `run.googleapis.com/binary-authorization-breakglass`: Service, Job, * `run.googleapis.com/binary-authorization`: Service, Job, Execution. * `run.googleapis.com/build-base-image`: Service. * `run.googleapis.com/build-enable-automatic-updates`: Service. * `run.googleapis.com/build-environment-variables`: Service. * `run.googleapis.com/build-function-target`: Service. * `run.googleapis.com/build-id`: Service. * `run.googleapis.com/build-image-uri`: Service. * `run.googleapis.com/build-name`: Service. * `run.googleapis.com/build-service-account`: Service. * `run.googleapis.com/build-source-location`: Service. * `run.googleapis.com/build-worker-pool`: Service. * `run.googleapis.com/client-name`: All resources. * `run.googleapis.com/cloudsql-instances`: Revision, Execution. * `run.googleapis.com/container-dependencies`: Revision . * `run.googleapis.com/cpu-throttling`: Revision. * `run.googleapis.com/custom-audiences`: Service. * `run.googleapis.com/default-url-disabled`: Service. * `run.googleapis.com/description`: Service. * `run.googleapis.com/encryption-key-shutdown-hours`: Revision * `run.googleapis.com/encryption-key`: Revision, Execution. * `run.googleapis.com/execution-environment`: Revision, Execution. * `run.googleapis.com/gc-traffic-tags`: Service. * `run.googleapis.com/health-check-disabled`: Revision. * `run.googleapis.com/ingress`: Service. * `run.googleapis.com/launch-stage`: Service, Job. * `run.googleapis.com/minScale`: Service * `run.googleapis.com/network-interfaces`: Revision, Execution. * `run.googleapis.com/post-key-revocation-action-type`: Revision. * `run.googleapis.com/secrets`: Revision, Execution. * `run.googleapis.com/secure-session-agent`: Revision. * `run.googleapis.com/sessionAffinity`: Revision. * `run.googleapis.com/startup-cpu-boost`: Revision. * `run.googleapis.com/vpc-access-connector`: Revision, Execution. * `run.googleapis.com/vpc-access-egress`: Revision, Execution. "a_key": "A String", }, "clusterName": "A String", # Not supported by Cloud Run "creationTimestamp": "A String", # UTC timestamp representing the server time when this object was created. "deletionGracePeriodSeconds": 42, # Not supported by Cloud Run "deletionTimestamp": "A String", # The read-only soft deletion timestamp for this resource. In Cloud Run, users are not able to set this field. Instead, they must call the corresponding Delete API. "finalizers": [ # Not supported by Cloud Run "A String", ], "generateName": "A String", # Not supported by Cloud Run "generation": 42, # A system-provided sequence number representing a specific generation of the desired state. "labels": { # Map of string keys and values that can be used to organize and categorize (scope and select) objects. May match selectors of replication controllers and routes. "a_key": "A String", }, "name": "A String", # Required. The name of the resource. Name is required when creating top-level resources (Service, Job), must be unique within a Cloud Run project/region, and cannot be changed once created. "namespace": "A String", # Required. Defines the space within each name must be unique within a Cloud Run region. In Cloud Run, it must be project ID or number. "ownerReferences": [ # Not supported by Cloud Run { # This is not supported or used by Cloud Run. "apiVersion": "A String", # This is not supported or used by Cloud Run. "blockOwnerDeletion": True or False, # This is not supported or used by Cloud Run. "controller": True or False, # This is not supported or used by Cloud Run. "kind": "A String", # This is not supported or used by Cloud Run. "name": "A String", # This is not supported or used by Cloud Run. "uid": "A String", # This is not supported or used by Cloud Run. }, ], "resourceVersion": "A String", # Opaque, system-generated value that represents the internal version of this object that can be used by clients to determine when objects have changed. May be used for optimistic concurrency, change detection, and the watch operation on a resource or set of resources. Clients must treat these values as opaque and passed unmodified back to the server or omit the value to disable conflict-detection. "selfLink": "A String", # URL representing this object. "uid": "A String", # Unique, system-generated identifier for this resource. }, "spec": { # RevisionSpec holds the desired state of the Revision (from the client). # RevisionSpec holds the desired state of the Revision (from the client). "containerConcurrency": 42, # ContainerConcurrency specifies the maximum allowed in-flight (concurrent) requests per container instance of the Revision. If not specified or 0, defaults to 80 when requested CPU >= 1 and defaults to 1 when requested CPU < 1. "containers": [ # Required. Containers holds the list which define the units of execution for this Revision. In the context of a Revision, we disallow a number of fields on this Container, including: name and lifecycle. { # A single application container. This specifies both the container to run, the command to run in the container and the arguments to supply to it. Note that additional arguments may be supplied by the system to the container at runtime. "args": [ # Arguments to the entrypoint. The docker image's CMD is used if this is not provided. Variable references are not supported in Cloud Run. "A String", ], "command": [ # Entrypoint array. Not executed within a shell. The docker image's ENTRYPOINT is used if this is not provided. Variable references are not supported in Cloud Run. "A String", ], "env": [ # List of environment variables to set in the container. EnvVar with duplicate names are generally allowed; if referencing a secret, the name must be unique for the container. For non-secret EnvVar names, the Container will only get the last-declared one. { # EnvVar represents an environment variable present in a Container. "name": "A String", # Required. Name of the environment variable. "value": "A String", # Value of the environment variable. Defaults to "". Variable references are not supported in Cloud Run. "valueFrom": { # EnvVarSource represents a source for the value of an EnvVar. # Source for the environment variable's value. Only supports secret_key_ref. Cannot be used if value is not empty. "configMapKeyRef": { # Not supported by Cloud Run. # Not supported by Cloud Run. Not supported in Cloud Run. "key": "A String", # Required. Not supported by Cloud Run. "localObjectReference": { # Not supported by Cloud Run. LocalObjectReference contains enough information to let you locate the referenced object inside the same namespace. # Not supported by Cloud Run. "name": "A String", # Name of the referent. }, "name": "A String", # Required. Not supported by Cloud Run. "optional": True or False, # Not supported by Cloud Run. }, "secretKeyRef": { # SecretKeySelector selects a key of a Secret. # Selects a key (version) of a secret in Secret Manager. "key": "A String", # Required. A Cloud Secret Manager secret version. Must be 'latest' for the latest version, an integer for a specific version, or a version alias. The key of the secret to select from. Must be a valid secret key. "localObjectReference": { # Not supported by Cloud Run. LocalObjectReference contains enough information to let you locate the referenced object inside the same namespace. # This field should not be used directly as it is meant to be inlined directly into the message. Use the "name" field instead. "name": "A String", # Name of the referent. }, "name": "A String", # The name of the secret in Cloud Secret Manager. By default, the secret is assumed to be in the same project. If the secret is in another project, you must define an alias. An alias definition has the form: :projects//secrets/. If multiple alias definitions are needed, they must be separated by commas. The alias definitions must be set on the run.googleapis.com/secrets annotation. The name of the secret in the pod's namespace to select from. "optional": True or False, # Specify whether the Secret or its key must be defined. }, }, }, ], "envFrom": [ # Not supported by Cloud Run. { # Not supported by Cloud Run. EnvFromSource represents the source of a set of ConfigMaps "configMapRef": { # Not supported by Cloud Run. ConfigMapEnvSource selects a ConfigMap to populate the environment variables with. The contents of the target ConfigMap's Data field will represent the key-value pairs as environment variables. # The ConfigMap to select from "localObjectReference": { # Not supported by Cloud Run. LocalObjectReference contains enough information to let you locate the referenced object inside the same namespace. # This field should not be used directly as it is meant to be inlined directly into the message. Use the "name" field instead. "name": "A String", # Name of the referent. }, "name": "A String", # The ConfigMap to select from. "optional": True or False, # Specify whether the ConfigMap must be defined. }, "prefix": "A String", # An optional identifier to prepend to each key in the ConfigMap. Must be a C_IDENTIFIER. "secretRef": { # Not supported by Cloud Run. SecretEnvSource selects a Secret to populate the environment variables with. The contents of the target Secret's Data field will represent the key-value pairs as environment variables. # The Secret to select from "localObjectReference": { # Not supported by Cloud Run. LocalObjectReference contains enough information to let you locate the referenced object inside the same namespace. # This field should not be used directly as it is meant to be inlined directly into the message. Use the "name" field instead. "name": "A String", # Name of the referent. }, "name": "A String", # The Secret to select from. "optional": True or False, # Specify whether the Secret must be defined }, }, ], "image": "A String", # Required. Name of the container image in Dockerhub, Google Artifact Registry, or Google Container Registry. If the host is not provided, Dockerhub is assumed. "imagePullPolicy": "A String", # Image pull policy. One of Always, Never, IfNotPresent. Defaults to Always if :latest tag is specified, or IfNotPresent otherwise. "livenessProbe": { # Probe describes a health check to be performed against a container to determine whether it is alive or ready to receive traffic. # Periodic probe of container liveness. Container will be restarted if the probe fails. "exec": { # Not supported by Cloud Run. ExecAction describes a "run in container" action. # Not supported by Cloud Run. "command": [ # Command is the command line to execute inside the container, the working directory for the command is root ('/') in the container's filesystem. The command is simply exec'd, it is not run inside a shell, so traditional shell instructions ('|', etc) won't work. To use a shell, you need to explicitly call out to that shell. Exit status of 0 is treated as live/healthy and non-zero is unhealthy. "A String", ], }, "failureThreshold": 42, # Minimum consecutive failures for the probe to be considered failed after having succeeded. Defaults to 3. Minimum value is 1. "grpc": { # GRPCAction describes an action involving a GRPC port. # GRPCAction specifies an action involving a GRPC port. "port": 42, # Port number of the gRPC service. Number must be in the range 1 to 65535. "service": "A String", # Service is the name of the service to place in the gRPC HealthCheckRequest. If this is not specified, the default behavior is defined by gRPC. }, "httpGet": { # HTTPGetAction describes an action based on HTTP Get requests. # HTTPGet specifies the http request to perform. "host": "A String", # Not supported by Cloud Run. "httpHeaders": [ # Custom headers to set in the request. HTTP allows repeated headers. { # HTTPHeader describes a custom header to be used in HTTP probes "name": "A String", # Required. The header field name "value": "A String", # The header field value }, ], "path": "A String", # Path to access on the HTTP server. "port": 42, # Port number to access on the container. Number must be in the range 1 to 65535. "scheme": "A String", # Not supported by Cloud Run. }, "initialDelaySeconds": 42, # Number of seconds after the container has started before the probe is initiated. Defaults to 0 seconds. Minimum value is 0. Maximum value for liveness probe is 3600. Maximum value for startup probe is 240. "periodSeconds": 42, # How often (in seconds) to perform the probe. Default to 10 seconds. Minimum value is 1. Maximum value for liveness probe is 3600. Maximum value for startup probe is 240. Must be greater or equal than timeout_seconds. "successThreshold": 42, # Minimum consecutive successes for the probe to be considered successful after having failed. Must be 1 if set. "tcpSocket": { # TCPSocketAction describes an action based on opening a socket # TCPSocket specifies an action involving a TCP port. "host": "A String", # Not supported by Cloud Run. "port": 42, # Port number to access on the container. Number must be in the range 1 to 65535. }, "timeoutSeconds": 42, # Number of seconds after which the probe times out. Defaults to 1 second. Minimum value is 1. Maximum value is 3600. Must be smaller than period_seconds; if period_seconds is not set, must be less or equal than 10. }, "name": "A String", # Name of the container specified as a DNS_LABEL (RFC 1123). "ports": [ # List of ports to expose from the container. Only a single port can be specified. The specified ports must be listening on all interfaces (0.0.0.0) within the container to be accessible. If omitted, a port number will be chosen and passed to the container through the PORT environment variable for the container to listen on. { # ContainerPort represents a network port in a single container. "containerPort": 42, # Port number the container listens on. If present, this must be a valid port number, 0 < x < 65536. If not present, it will default to port 8080. For more information, see https://cloud.google.com/run/docs/container-contract#port "name": "A String", # If specified, used to specify which protocol to use. Allowed values are "http1" and "h2c". "protocol": "A String", # Protocol for port. Must be "TCP". Defaults to "TCP". }, ], "readinessProbe": { # Probe describes a health check to be performed against a container to determine whether it is alive or ready to receive traffic. # Readiness probe to be used for health checks. Not supported by Cloud Run. "exec": { # Not supported by Cloud Run. ExecAction describes a "run in container" action. # Not supported by Cloud Run. "command": [ # Command is the command line to execute inside the container, the working directory for the command is root ('/') in the container's filesystem. The command is simply exec'd, it is not run inside a shell, so traditional shell instructions ('|', etc) won't work. To use a shell, you need to explicitly call out to that shell. Exit status of 0 is treated as live/healthy and non-zero is unhealthy. "A String", ], }, "failureThreshold": 42, # Minimum consecutive failures for the probe to be considered failed after having succeeded. Defaults to 3. Minimum value is 1. "grpc": { # GRPCAction describes an action involving a GRPC port. # GRPCAction specifies an action involving a GRPC port. "port": 42, # Port number of the gRPC service. Number must be in the range 1 to 65535. "service": "A String", # Service is the name of the service to place in the gRPC HealthCheckRequest. If this is not specified, the default behavior is defined by gRPC. }, "httpGet": { # HTTPGetAction describes an action based on HTTP Get requests. # HTTPGet specifies the http request to perform. "host": "A String", # Not supported by Cloud Run. "httpHeaders": [ # Custom headers to set in the request. HTTP allows repeated headers. { # HTTPHeader describes a custom header to be used in HTTP probes "name": "A String", # Required. The header field name "value": "A String", # The header field value }, ], "path": "A String", # Path to access on the HTTP server. "port": 42, # Port number to access on the container. Number must be in the range 1 to 65535. "scheme": "A String", # Not supported by Cloud Run. }, "initialDelaySeconds": 42, # Number of seconds after the container has started before the probe is initiated. Defaults to 0 seconds. Minimum value is 0. Maximum value for liveness probe is 3600. Maximum value for startup probe is 240. "periodSeconds": 42, # How often (in seconds) to perform the probe. Default to 10 seconds. Minimum value is 1. Maximum value for liveness probe is 3600. Maximum value for startup probe is 240. Must be greater or equal than timeout_seconds. "successThreshold": 42, # Minimum consecutive successes for the probe to be considered successful after having failed. Must be 1 if set. "tcpSocket": { # TCPSocketAction describes an action based on opening a socket # TCPSocket specifies an action involving a TCP port. "host": "A String", # Not supported by Cloud Run. "port": 42, # Port number to access on the container. Number must be in the range 1 to 65535. }, "timeoutSeconds": 42, # Number of seconds after which the probe times out. Defaults to 1 second. Minimum value is 1. Maximum value is 3600. Must be smaller than period_seconds; if period_seconds is not set, must be less or equal than 10. }, "resources": { # ResourceRequirements describes the compute resource requirements. # Compute Resources required by this container. "limits": { # Limits describes the maximum amount of compute resources allowed. Only 'cpu' and 'memory' keys are supported. * For supported 'cpu' values, go to https://cloud.google.com/run/docs/configuring/cpu. * For supported 'memory' values and syntax, go to https://cloud.google.com/run/docs/configuring/memory-limits "a_key": "A String", }, "requests": { # Requests describes the minimum amount of compute resources required. Only `cpu` and `memory` are supported. If Requests is omitted for a container, it defaults to Limits if that is explicitly specified, otherwise to an implementation-defined value. * For supported 'cpu' values, go to https://cloud.google.com/run/docs/configuring/cpu. * For supported 'memory' values and syntax, go to https://cloud.google.com/run/docs/configuring/memory-limits "a_key": "A String", }, }, "securityContext": { # Not supported by Cloud Run. SecurityContext holds security configuration that will be applied to a container. Some fields are present in both SecurityContext and PodSecurityContext. When both are set, the values in SecurityContext take precedence. # Not supported by Cloud Run. "runAsUser": 42, # The UID to run the entrypoint of the container process. Defaults to user specified in image metadata if unspecified. May also be set in PodSecurityContext. If set in both SecurityContext and PodSecurityContext, the value specified in SecurityContext takes precedence. }, "startupProbe": { # Probe describes a health check to be performed against a container to determine whether it is alive or ready to receive traffic. # Startup probe of application within the container. All other probes are disabled if a startup probe is provided, until it succeeds. Container will not receive traffic if the probe fails. If not provided, a default startup probe with TCP socket action is used. "exec": { # Not supported by Cloud Run. ExecAction describes a "run in container" action. # Not supported by Cloud Run. "command": [ # Command is the command line to execute inside the container, the working directory for the command is root ('/') in the container's filesystem. The command is simply exec'd, it is not run inside a shell, so traditional shell instructions ('|', etc) won't work. To use a shell, you need to explicitly call out to that shell. Exit status of 0 is treated as live/healthy and non-zero is unhealthy. "A String", ], }, "failureThreshold": 42, # Minimum consecutive failures for the probe to be considered failed after having succeeded. Defaults to 3. Minimum value is 1. "grpc": { # GRPCAction describes an action involving a GRPC port. # GRPCAction specifies an action involving a GRPC port. "port": 42, # Port number of the gRPC service. Number must be in the range 1 to 65535. "service": "A String", # Service is the name of the service to place in the gRPC HealthCheckRequest. If this is not specified, the default behavior is defined by gRPC. }, "httpGet": { # HTTPGetAction describes an action based on HTTP Get requests. # HTTPGet specifies the http request to perform. "host": "A String", # Not supported by Cloud Run. "httpHeaders": [ # Custom headers to set in the request. HTTP allows repeated headers. { # HTTPHeader describes a custom header to be used in HTTP probes "name": "A String", # Required. The header field name "value": "A String", # The header field value }, ], "path": "A String", # Path to access on the HTTP server. "port": 42, # Port number to access on the container. Number must be in the range 1 to 65535. "scheme": "A String", # Not supported by Cloud Run. }, "initialDelaySeconds": 42, # Number of seconds after the container has started before the probe is initiated. Defaults to 0 seconds. Minimum value is 0. Maximum value for liveness probe is 3600. Maximum value for startup probe is 240. "periodSeconds": 42, # How often (in seconds) to perform the probe. Default to 10 seconds. Minimum value is 1. Maximum value for liveness probe is 3600. Maximum value for startup probe is 240. Must be greater or equal than timeout_seconds. "successThreshold": 42, # Minimum consecutive successes for the probe to be considered successful after having failed. Must be 1 if set. "tcpSocket": { # TCPSocketAction describes an action based on opening a socket # TCPSocket specifies an action involving a TCP port. "host": "A String", # Not supported by Cloud Run. "port": 42, # Port number to access on the container. Number must be in the range 1 to 65535. }, "timeoutSeconds": 42, # Number of seconds after which the probe times out. Defaults to 1 second. Minimum value is 1. Maximum value is 3600. Must be smaller than period_seconds; if period_seconds is not set, must be less or equal than 10. }, "terminationMessagePath": "A String", # Path at which the file to which the container's termination message will be written is mounted into the container's filesystem. Message written is intended to be brief final status, such as an assertion failure message. Will be truncated by the node if greater than 4096 bytes. The total message length across all containers will be limited to 12kb. Defaults to /dev/termination-log. "terminationMessagePolicy": "A String", # Indicate how the termination message should be populated. File will use the contents of terminationMessagePath to populate the container status message on both success and failure. FallbackToLogsOnError will use the last chunk of container log output if the termination message file is empty and the container exited with an error. The log output is limited to 2048 bytes or 80 lines, whichever is smaller. Defaults to File. Cannot be updated. "volumeMounts": [ # Volume to mount into the container's filesystem. Only supports SecretVolumeSources. Pod volumes to mount into the container's filesystem. { # VolumeMount describes a mounting of a Volume within a container. "mountPath": "A String", # Required. Path within the container at which the volume should be mounted. Must not contain ':'. "name": "A String", # Required. The name of the volume. There must be a corresponding Volume with the same name. "readOnly": True or False, # Sets the mount to be read-only or read-write. Not used by Cloud Run. "subPath": "A String", # Path within the volume from which the container's volume should be mounted. Defaults to "" (volume's root). }, ], "workingDir": "A String", # Container's working directory. If not specified, the container runtime's default will be used, which might be configured in the container image. }, ], "enableServiceLinks": True or False, # Not supported by Cloud Run. "imagePullSecrets": [ # Not supported by Cloud Run. { # Not supported by Cloud Run. LocalObjectReference contains enough information to let you locate the referenced object inside the same namespace. "name": "A String", # Name of the referent. }, ], "nodeSelector": { # Optional. The Node Selector configuration. Map of selector key to a value which matches a node. "a_key": "A String", }, "runtimeClassName": "A String", # Runtime. Leave unset for default. "serviceAccountName": "A String", # Email address of the IAM service account associated with the revision of the service. The service account represents the identity of the running revision, and determines what permissions the revision has. If not provided, the revision will use the project's default service account. "timeoutSeconds": 42, # TimeoutSeconds holds the max duration the instance is allowed for responding to a request. Cloud Run: defaults to 300 seconds (5 minutes). Maximum allowed value is 3600 seconds (1 hour). "volumes": [ { # Volume represents a named volume in a container. "configMap": { # Not supported by Cloud Run. Adapts a ConfigMap into a volume. The contents of the target ConfigMap's Data field will be presented in a volume as files using the keys in the Data field as the file names, unless the items element is populated with specific mappings of keys to paths. # Not supported in Cloud Run. "defaultMode": 42, # (Optional) Integer representation of mode bits to use on created files by default. Must be a value between 01 and 0777 (octal). If 0 or not set, it will default to 0644. Directories within the path are not affected by this setting. Notes * Internally, a umask of 0222 will be applied to any non-zero value. * This is an integer representation of the mode bits. So, the octal integer value should look exactly as the chmod numeric notation with a leading zero. Some examples: for chmod 777 (a=rwx), set to 0777 (octal) or 511 (base-10). For chmod 640 (u=rw,g=r), set to 0640 (octal) or 416 (base-10). For chmod 755 (u=rwx,g=rx,o=rx), set to 0755 (octal) or 493 (base-10). * This might be in conflict with other options that affect the file mode, like fsGroup, and the result can be other mode bits set. "items": [ # (Optional) If unspecified, each key-value pair in the Data field of the referenced Secret will be projected into the volume as a file whose name is the key and content is the value. If specified, the listed keys will be projected into the specified paths, and unlisted keys will not be present. If a key is specified that is not present in the Secret, the volume setup will error unless it is marked optional. { # Maps a string key to a path within a volume. "key": "A String", # The Cloud Secret Manager secret version. Can be 'latest' for the latest value, or an integer or a secret alias for a specific version. The key to project. "mode": 42, # (Optional) Mode bits to use on this file, must be a value between 01 and 0777 (octal). If 0 or not set, the Volume's default mode will be used. Notes * Internally, a umask of 0222 will be applied to any non-zero value. * This is an integer representation of the mode bits. So, the octal integer value should look exactly as the chmod numeric notation with a leading zero. Some examples: for chmod 777 (a=rwx), set to 0777 (octal) or 511 (base-10). For chmod 640 (u=rw,g=r), set to 0640 (octal) or 416 (base-10). For chmod 755 (u=rwx,g=rx,o=rx), set to 0755 (octal) or 493 (base-10). * This might be in conflict with other options that affect the file mode, like fsGroup, and the result can be other mode bits set. "path": "A String", # The relative path of the file to map the key to. May not be an absolute path. May not contain the path element '..'. May not start with the string '..'. }, ], "name": "A String", # Name of the config. "optional": True or False, # (Optional) Specify whether the Secret or its keys must be defined. }, "csi": { # Storage volume source using the Container Storage Interface. # Volume specified by the Container Storage Interface driver "driver": "A String", # name of the CSI driver for the requested storage system. Cloud Run supports the following drivers: * gcsfuse.run.googleapis.com : Mount a Cloud Storage Bucket as a volume. "readOnly": True or False, # If true, mount the volume as read only. Defaults to false. "volumeAttributes": { # stores driver specific attributes. For Google Cloud Storage volumes, the following attributes are supported: * bucketName: the name of the Cloud Storage bucket to mount. The Cloud Run Service identity must have access to this bucket. "a_key": "A String", }, }, "emptyDir": { # In memory (tmpfs) ephemeral storage. It is ephemeral in the sense that when the sandbox is taken down, the data is destroyed with it (it does not persist across sandbox runs). # Ephemeral storage used as a shared volume. "medium": "A String", # The medium on which the data is stored. The default is "" which means to use the node's default medium. Must be an empty string (default) or Memory. More info: https://kubernetes.io/docs/concepts/storage/volumes#emptydir "sizeLimit": "A String", # Limit on the storage usable by this EmptyDir volume. The size limit is also applicable for memory medium. The maximum usage on memory medium EmptyDir would be the minimum value between the SizeLimit specified here and the sum of memory limits of all containers. The default is nil which means that the limit is undefined. More info: https://cloud.google.com/run/docs/configuring/in-memory-volumes#configure-volume. Info in Kubernetes: https://kubernetes.io/docs/concepts/storage/volumes/#emptydir }, "name": "A String", # Volume's name. In Cloud Run Fully Managed, the name 'cloudsql' is reserved. "nfs": { # Represents a persistent volume that will be mounted using NFS. This volume will be shared between all instances of the resource and data will not be deleted when the instance is shut down. "path": "A String", # Path that is exported by the NFS server. "readOnly": True or False, # If true, mount the NFS volume as read only. Defaults to false. "server": "A String", # Hostname or IP address of the NFS server. }, "secret": { # A volume representing a secret stored in Google Secret Manager. The secret's value will be presented as the content of a file whose name is defined in the item path. If no items are defined, the name of the file is the secret_name. The contents of the target Secret's Data field will be presented in a volume as files using the keys in the Data field as the file names. # The secret's value will be presented as the content of a file whose name is defined in the item path. If no items are defined, the name of the file is the secretName. "defaultMode": 42, # Integer representation of mode bits to use on created files by default. Must be a value between 01 and 0777 (octal). If 0 or not set, it will default to 0444. Directories within the path are not affected by this setting. Notes * Internally, a umask of 0222 will be applied to any non-zero value. * This is an integer representation of the mode bits. So, the octal integer value should look exactly as the chmod numeric notation with a leading zero. Some examples: for chmod 777 (a=rwx), set to 0777 (octal) or 511 (base-10). For chmod 640 (u=rw,g=r), set to 0640 (octal) or 416 (base-10). For chmod 755 (u=rwx,g=rx,o=rx), set to 0755 (octal) or 493 (base-10). * This might be in conflict with other options that affect the file mode, like fsGroup, and the result can be other mode bits set. "items": [ # A list of secret versions to mount in the volume. If no items are specified, the volume will expose a file with the same name as the secret name. The contents of the file will be the data in the latest version of the secret. If items are specified, the key will be used as the version to fetch from Cloud Secret Manager and the path will be the name of the file exposed in the volume. When items are defined, they must specify both a key and a path. { # Maps a string key to a path within a volume. "key": "A String", # The Cloud Secret Manager secret version. Can be 'latest' for the latest value, or an integer or a secret alias for a specific version. The key to project. "mode": 42, # (Optional) Mode bits to use on this file, must be a value between 01 and 0777 (octal). If 0 or not set, the Volume's default mode will be used. Notes * Internally, a umask of 0222 will be applied to any non-zero value. * This is an integer representation of the mode bits. So, the octal integer value should look exactly as the chmod numeric notation with a leading zero. Some examples: for chmod 777 (a=rwx), set to 0777 (octal) or 511 (base-10). For chmod 640 (u=rw,g=r), set to 0640 (octal) or 416 (base-10). For chmod 755 (u=rwx,g=rx,o=rx), set to 0755 (octal) or 493 (base-10). * This might be in conflict with other options that affect the file mode, like fsGroup, and the result can be other mode bits set. "path": "A String", # The relative path of the file to map the key to. May not be an absolute path. May not contain the path element '..'. May not start with the string '..'. }, ], "optional": True or False, # Not supported by Cloud Run. "secretName": "A String", # The name of the secret in Cloud Secret Manager. By default, the secret is assumed to be in the same project. If the secret is in another project, you must define an alias. An alias definition has the form: :projects//secrets/. If multiple alias definitions are needed, they must be separated by commas. The alias definitions must be set on the run.googleapis.com/secrets annotation. Name of the secret in the container's namespace to use. }, }, ], }, }, "traffic": [ # Specifies how to distribute traffic over a collection of Knative Revisions and Configurations to the Service's main URL. { # TrafficTarget holds a single entry of the routing table for a Route. "configurationName": "A String", # [Deprecated] Not supported in Cloud Run. It must be empty. "latestRevision": True or False, # Uses the "status.latestReadyRevisionName" of the Service to determine the traffic target. When it changes, traffic will automatically migrate from the prior "latest ready" revision to the new one. This field must be false if RevisionName is set. This field defaults to true otherwise. If the field is set to true on Status, this means that the Revision was resolved from the Service's latest ready revision. "percent": 42, # Percent specifies percent of the traffic to this Revision or Configuration. This defaults to zero if unspecified. "revisionName": "A String", # Points this traffic target to a specific Revision. This field is mutually exclusive with latest_revision. "tag": "A String", # Tag is used to expose a dedicated url for referencing this target exclusively. "url": "A String", # Output only. URL displays the URL for accessing tagged traffic targets. URL is displayed in status, and is disallowed on spec. URL must contain a scheme (e.g. https://) and a hostname, but may not contain anything else (e.g. basic auth, url path, etc.) }, ], }, "status": { # The current state of the Service. Output only. # Communicates the system-controlled state of the Service. "address": { # Information for connecting over HTTP(s). # Similar to url, information on where the service is available on HTTP. "url": "A String", }, "conditions": [ # Conditions communicate information about ongoing/complete reconciliation processes that bring the `spec` inline with the observed state of the world. Service-specific conditions include: * `ConfigurationsReady`: `True` when the underlying Configuration is ready. * `RoutesReady`: `True` when the underlying Route is ready. * `Ready`: `True` when all underlying resources are ready. { # Conditions show the status of reconciliation progress on a given resource. Most resource use a top-level condition type "Ready" or "Completed" to show overall status with other conditions to checkpoint each stage of reconciliation. Note that if metadata.Generation does not equal status.ObservedGeneration, the conditions shown may not be relevant for the current spec. "lastTransitionTime": "A String", # Optional. Last time the condition transitioned from one status to another. "message": "A String", # Optional. Human readable message indicating details about the current status. "reason": "A String", # Optional. One-word CamelCase reason for the condition's last transition. These are intended to be stable, unique values which the client may use to trigger error handling logic, whereas messages which may be changed later by the server. "severity": "A String", # Optional. How to interpret this condition. One of Error, Warning, or Info. Conditions of severity Info do not contribute to resource readiness. "status": "A String", # Status of the condition, one of True, False, Unknown. "type": "A String", # type is used to communicate the status of the reconciliation process. Types common to all resources include: * "Ready" or "Completed": True when the Resource is ready. }, ], "latestCreatedRevisionName": "A String", # Name of the last revision that was created from this Service's Configuration. It might not be ready yet, for that use LatestReadyRevisionName. "latestReadyRevisionName": "A String", # Name of the latest Revision from this Service's Configuration that has had its `Ready` condition become `True`. "observedGeneration": 42, # Returns the generation last seen by the system. Clients polling for completed reconciliation should poll until observedGeneration = metadata.generation and the Ready condition's status is True or False. "traffic": [ # Holds the configured traffic distribution. These entries will always contain RevisionName references. When ConfigurationName appears in the spec, this will hold the LatestReadyRevisionName that we last observed. { # TrafficTarget holds a single entry of the routing table for a Route. "configurationName": "A String", # [Deprecated] Not supported in Cloud Run. It must be empty. "latestRevision": True or False, # Uses the "status.latestReadyRevisionName" of the Service to determine the traffic target. When it changes, traffic will automatically migrate from the prior "latest ready" revision to the new one. This field must be false if RevisionName is set. This field defaults to true otherwise. If the field is set to true on Status, this means that the Revision was resolved from the Service's latest ready revision. "percent": 42, # Percent specifies percent of the traffic to this Revision or Configuration. This defaults to zero if unspecified. "revisionName": "A String", # Points this traffic target to a specific Revision. This field is mutually exclusive with latest_revision. "tag": "A String", # Tag is used to expose a dedicated url for referencing this target exclusively. "url": "A String", # Output only. URL displays the URL for accessing tagged traffic targets. URL is displayed in status, and is disallowed on spec. URL must contain a scheme (e.g. https://) and a hostname, but may not contain anything else (e.g. basic auth, url path, etc.) }, ], "url": "A String", # URL that will distribute traffic over the provided traffic targets. It generally has the form `https://{route-hash}-{project-hash}-{cluster-level-suffix}.a.run.app` }, }, ], "kind": "A String", # The kind of this resource; returns "ServiceList". "metadata": { # Metadata for synthetic resources like List. In Cloud Run, all List Resources Responses will have a ListMeta instead of ObjectMeta. # Metadata associated with this Service list. "continue": "A String", # Continuation token is a value emitted when the count of items is larger than the user/system limit. To retrieve the next page of items, pass the value of `continue` as the next request's `page_token`. "resourceVersion": "A String", # Opaque string that identifies the server's internal version of this object. It can be used by clients to determine when objects have changed. If the message is passed back to the server, it must be left unmodified. "selfLink": "A String", # URL representing this object. }, "unreachable": [ # For calls against the global endpoint, returns the list of Cloud locations that could not be reached. For regional calls, this field is not used. "A String", ], }
replaceService(name, body=None, dryRun=None, x__xgafv=None)
Replaces a service. Only the spec and metadata labels and annotations are modifiable. After the Update request, Cloud Run will work to make the 'status' match the requested 'spec'. May provide metadata.resourceVersion to enforce update from last read for optimistic concurrency control. Args: name: string, Required. The fully qualified name of the service to replace. It can be any of the following forms: * `namespaces/{project_id_or_number}/services/{service_name}` (only when the `endpoint` is regional) * `projects/{project_id_or_number}/locations/{region}/services/{service_name}` * `projects/{project_id_or_number}/regions/{region}/services/{service_name}` (required) body: object, The request body. The object takes the form of: { # Service acts as a top-level container that manages a set of Routes and Configurations which implement a network service. Service exists to provide a singular abstraction which can be access controlled, reasoned about, and which encapsulates software lifecycle decisions such as rollout policy and team resource ownership. Service acts only as an orchestrator of the underlying Routes and Configurations (much as a kubernetes Deployment orchestrates ReplicaSets). The Service's controller will track the statuses of its owned Configuration and Route, reflecting their statuses and conditions as its own. "apiVersion": "A String", # The API version for this call. It must be "serving.knative.dev/v1". "kind": "A String", # The kind of resource. It must be "Service". "metadata": { # google.cloud.run.meta.v1.ObjectMeta is metadata that all persisted resources must have, which includes all objects users must create. # Metadata associated with this Service, including name, namespace, labels, and annotations. In Cloud Run, annotations with 'run.googleapis.com/' and 'autoscaling.knative.dev' are restricted, and the accepted annotations will be different depending on the resource type. The following Cloud Run-specific annotations are accepted in Service.metadata.annotations. * `run.googleapis.com/binary-authorization-breakglass` * `run.googleapis.com/binary-authorization` * `run.googleapis.com/client-name` * `run.googleapis.com/custom-audiences` * `run.googleapis.com/default-url-disabled` * `run.googleapis.com/description` * `run.googleapis.com/gc-traffic-tags` * `run.googleapis.com/ingress` * `run.googleapis.com/ingress` sets the ingress settings for the Service. See [the ingress settings documentation](/run/docs/securing/ingress) for details on configuring ingress settings. * `run.googleapis.com/ingress-status` is output-only and contains the currently active ingress settings for the Service. `run.googleapis.com/ingress-status` may differ from `run.googleapis.com/ingress` while the system is processing a change to `run.googleapis.com/ingress` or if the system failed to process a change to `run.googleapis.com/ingress`. When the system has processed all changes successfully `run.googleapis.com/ingress-status` and `run.googleapis.com/ingress` are equal. "annotations": { # Unstructured key value map stored with a resource that may be set by external tools to store and retrieve arbitrary metadata. They are not queryable and should be preserved when modifying objects. In Cloud Run, annotations with 'run.googleapis.com/' and 'autoscaling.knative.dev' are restricted, and the accepted annotations will be different depending on the resource type. * `autoscaling.knative.dev/maxScale`: Revision. * `autoscaling.knative.dev/minScale`: Revision. * `run.googleapis.com/base-images`: Service, Revision. * `run.googleapis.com/binary-authorization-breakglass`: Service, Job, * `run.googleapis.com/binary-authorization`: Service, Job, Execution. * `run.googleapis.com/build-base-image`: Service. * `run.googleapis.com/build-enable-automatic-updates`: Service. * `run.googleapis.com/build-environment-variables`: Service. * `run.googleapis.com/build-function-target`: Service. * `run.googleapis.com/build-id`: Service. * `run.googleapis.com/build-image-uri`: Service. * `run.googleapis.com/build-name`: Service. * `run.googleapis.com/build-service-account`: Service. * `run.googleapis.com/build-source-location`: Service. * `run.googleapis.com/build-worker-pool`: Service. * `run.googleapis.com/client-name`: All resources. * `run.googleapis.com/cloudsql-instances`: Revision, Execution. * `run.googleapis.com/container-dependencies`: Revision . * `run.googleapis.com/cpu-throttling`: Revision. * `run.googleapis.com/custom-audiences`: Service. * `run.googleapis.com/default-url-disabled`: Service. * `run.googleapis.com/description`: Service. * `run.googleapis.com/encryption-key-shutdown-hours`: Revision * `run.googleapis.com/encryption-key`: Revision, Execution. * `run.googleapis.com/execution-environment`: Revision, Execution. * `run.googleapis.com/gc-traffic-tags`: Service. * `run.googleapis.com/health-check-disabled`: Revision. * `run.googleapis.com/ingress`: Service. * `run.googleapis.com/launch-stage`: Service, Job. * `run.googleapis.com/minScale`: Service * `run.googleapis.com/network-interfaces`: Revision, Execution. * `run.googleapis.com/post-key-revocation-action-type`: Revision. * `run.googleapis.com/secrets`: Revision, Execution. * `run.googleapis.com/secure-session-agent`: Revision. * `run.googleapis.com/sessionAffinity`: Revision. * `run.googleapis.com/startup-cpu-boost`: Revision. * `run.googleapis.com/vpc-access-connector`: Revision, Execution. * `run.googleapis.com/vpc-access-egress`: Revision, Execution. "a_key": "A String", }, "clusterName": "A String", # Not supported by Cloud Run "creationTimestamp": "A String", # UTC timestamp representing the server time when this object was created. "deletionGracePeriodSeconds": 42, # Not supported by Cloud Run "deletionTimestamp": "A String", # The read-only soft deletion timestamp for this resource. In Cloud Run, users are not able to set this field. Instead, they must call the corresponding Delete API. "finalizers": [ # Not supported by Cloud Run "A String", ], "generateName": "A String", # Not supported by Cloud Run "generation": 42, # A system-provided sequence number representing a specific generation of the desired state. "labels": { # Map of string keys and values that can be used to organize and categorize (scope and select) objects. May match selectors of replication controllers and routes. "a_key": "A String", }, "name": "A String", # Required. The name of the resource. Name is required when creating top-level resources (Service, Job), must be unique within a Cloud Run project/region, and cannot be changed once created. "namespace": "A String", # Required. Defines the space within each name must be unique within a Cloud Run region. In Cloud Run, it must be project ID or number. "ownerReferences": [ # Not supported by Cloud Run { # This is not supported or used by Cloud Run. "apiVersion": "A String", # This is not supported or used by Cloud Run. "blockOwnerDeletion": True or False, # This is not supported or used by Cloud Run. "controller": True or False, # This is not supported or used by Cloud Run. "kind": "A String", # This is not supported or used by Cloud Run. "name": "A String", # This is not supported or used by Cloud Run. "uid": "A String", # This is not supported or used by Cloud Run. }, ], "resourceVersion": "A String", # Opaque, system-generated value that represents the internal version of this object that can be used by clients to determine when objects have changed. May be used for optimistic concurrency, change detection, and the watch operation on a resource or set of resources. Clients must treat these values as opaque and passed unmodified back to the server or omit the value to disable conflict-detection. "selfLink": "A String", # URL representing this object. "uid": "A String", # Unique, system-generated identifier for this resource. }, "spec": { # ServiceSpec holds the desired state of the Route (from the client), which is used to manipulate the underlying Route and Configuration(s). # Holds the desired state of the Service (from the client). "template": { # RevisionTemplateSpec describes the data a revision should have when created from a template. # Holds the latest specification for the Revision to be stamped out. "metadata": { # google.cloud.run.meta.v1.ObjectMeta is metadata that all persisted resources must have, which includes all objects users must create. # Optional metadata for this Revision, including labels and annotations. Name will be generated by the Configuration. The following annotation keys set properties of the created revision: * `autoscaling.knative.dev/minScale` sets the minimum number of instances. * `autoscaling.knative.dev/maxScale` sets the maximum number of instances. * `run.googleapis.com/cloudsql-instances` sets Cloud SQL connections. Multiple values should be comma separated. * `run.googleapis.com/health-check-disabled`: if true, deploy-time startup probes will not run for this revision. * `run.googleapis.com/vpc-access-connector` sets a Serverless VPC Access connector. * `run.googleapis.com/vpc-access-egress` sets VPC egress. Supported values are `all-traffic`, `all` (deprecated), and `private-ranges-only`. `all-traffic` and `all` provide the same functionality. `all` is deprecated but will continue to be supported. Prefer `all-traffic`. "annotations": { # Unstructured key value map stored with a resource that may be set by external tools to store and retrieve arbitrary metadata. They are not queryable and should be preserved when modifying objects. In Cloud Run, annotations with 'run.googleapis.com/' and 'autoscaling.knative.dev' are restricted, and the accepted annotations will be different depending on the resource type. * `autoscaling.knative.dev/maxScale`: Revision. * `autoscaling.knative.dev/minScale`: Revision. * `run.googleapis.com/base-images`: Service, Revision. * `run.googleapis.com/binary-authorization-breakglass`: Service, Job, * `run.googleapis.com/binary-authorization`: Service, Job, Execution. * `run.googleapis.com/build-base-image`: Service. * `run.googleapis.com/build-enable-automatic-updates`: Service. * `run.googleapis.com/build-environment-variables`: Service. * `run.googleapis.com/build-function-target`: Service. * `run.googleapis.com/build-id`: Service. * `run.googleapis.com/build-image-uri`: Service. * `run.googleapis.com/build-name`: Service. * `run.googleapis.com/build-service-account`: Service. * `run.googleapis.com/build-source-location`: Service. * `run.googleapis.com/build-worker-pool`: Service. * `run.googleapis.com/client-name`: All resources. * `run.googleapis.com/cloudsql-instances`: Revision, Execution. * `run.googleapis.com/container-dependencies`: Revision . * `run.googleapis.com/cpu-throttling`: Revision. * `run.googleapis.com/custom-audiences`: Service. * `run.googleapis.com/default-url-disabled`: Service. * `run.googleapis.com/description`: Service. * `run.googleapis.com/encryption-key-shutdown-hours`: Revision * `run.googleapis.com/encryption-key`: Revision, Execution. * `run.googleapis.com/execution-environment`: Revision, Execution. * `run.googleapis.com/gc-traffic-tags`: Service. * `run.googleapis.com/health-check-disabled`: Revision. * `run.googleapis.com/ingress`: Service. * `run.googleapis.com/launch-stage`: Service, Job. * `run.googleapis.com/minScale`: Service * `run.googleapis.com/network-interfaces`: Revision, Execution. * `run.googleapis.com/post-key-revocation-action-type`: Revision. * `run.googleapis.com/secrets`: Revision, Execution. * `run.googleapis.com/secure-session-agent`: Revision. * `run.googleapis.com/sessionAffinity`: Revision. * `run.googleapis.com/startup-cpu-boost`: Revision. * `run.googleapis.com/vpc-access-connector`: Revision, Execution. * `run.googleapis.com/vpc-access-egress`: Revision, Execution. "a_key": "A String", }, "clusterName": "A String", # Not supported by Cloud Run "creationTimestamp": "A String", # UTC timestamp representing the server time when this object was created. "deletionGracePeriodSeconds": 42, # Not supported by Cloud Run "deletionTimestamp": "A String", # The read-only soft deletion timestamp for this resource. In Cloud Run, users are not able to set this field. Instead, they must call the corresponding Delete API. "finalizers": [ # Not supported by Cloud Run "A String", ], "generateName": "A String", # Not supported by Cloud Run "generation": 42, # A system-provided sequence number representing a specific generation of the desired state. "labels": { # Map of string keys and values that can be used to organize and categorize (scope and select) objects. May match selectors of replication controllers and routes. "a_key": "A String", }, "name": "A String", # Required. The name of the resource. Name is required when creating top-level resources (Service, Job), must be unique within a Cloud Run project/region, and cannot be changed once created. "namespace": "A String", # Required. Defines the space within each name must be unique within a Cloud Run region. In Cloud Run, it must be project ID or number. "ownerReferences": [ # Not supported by Cloud Run { # This is not supported or used by Cloud Run. "apiVersion": "A String", # This is not supported or used by Cloud Run. "blockOwnerDeletion": True or False, # This is not supported or used by Cloud Run. "controller": True or False, # This is not supported or used by Cloud Run. "kind": "A String", # This is not supported or used by Cloud Run. "name": "A String", # This is not supported or used by Cloud Run. "uid": "A String", # This is not supported or used by Cloud Run. }, ], "resourceVersion": "A String", # Opaque, system-generated value that represents the internal version of this object that can be used by clients to determine when objects have changed. May be used for optimistic concurrency, change detection, and the watch operation on a resource or set of resources. Clients must treat these values as opaque and passed unmodified back to the server or omit the value to disable conflict-detection. "selfLink": "A String", # URL representing this object. "uid": "A String", # Unique, system-generated identifier for this resource. }, "spec": { # RevisionSpec holds the desired state of the Revision (from the client). # RevisionSpec holds the desired state of the Revision (from the client). "containerConcurrency": 42, # ContainerConcurrency specifies the maximum allowed in-flight (concurrent) requests per container instance of the Revision. If not specified or 0, defaults to 80 when requested CPU >= 1 and defaults to 1 when requested CPU < 1. "containers": [ # Required. Containers holds the list which define the units of execution for this Revision. In the context of a Revision, we disallow a number of fields on this Container, including: name and lifecycle. { # A single application container. This specifies both the container to run, the command to run in the container and the arguments to supply to it. Note that additional arguments may be supplied by the system to the container at runtime. "args": [ # Arguments to the entrypoint. The docker image's CMD is used if this is not provided. Variable references are not supported in Cloud Run. "A String", ], "command": [ # Entrypoint array. Not executed within a shell. The docker image's ENTRYPOINT is used if this is not provided. Variable references are not supported in Cloud Run. "A String", ], "env": [ # List of environment variables to set in the container. EnvVar with duplicate names are generally allowed; if referencing a secret, the name must be unique for the container. For non-secret EnvVar names, the Container will only get the last-declared one. { # EnvVar represents an environment variable present in a Container. "name": "A String", # Required. Name of the environment variable. "value": "A String", # Value of the environment variable. Defaults to "". Variable references are not supported in Cloud Run. "valueFrom": { # EnvVarSource represents a source for the value of an EnvVar. # Source for the environment variable's value. Only supports secret_key_ref. Cannot be used if value is not empty. "configMapKeyRef": { # Not supported by Cloud Run. # Not supported by Cloud Run. Not supported in Cloud Run. "key": "A String", # Required. Not supported by Cloud Run. "localObjectReference": { # Not supported by Cloud Run. LocalObjectReference contains enough information to let you locate the referenced object inside the same namespace. # Not supported by Cloud Run. "name": "A String", # Name of the referent. }, "name": "A String", # Required. Not supported by Cloud Run. "optional": True or False, # Not supported by Cloud Run. }, "secretKeyRef": { # SecretKeySelector selects a key of a Secret. # Selects a key (version) of a secret in Secret Manager. "key": "A String", # Required. A Cloud Secret Manager secret version. Must be 'latest' for the latest version, an integer for a specific version, or a version alias. The key of the secret to select from. Must be a valid secret key. "localObjectReference": { # Not supported by Cloud Run. LocalObjectReference contains enough information to let you locate the referenced object inside the same namespace. # This field should not be used directly as it is meant to be inlined directly into the message. Use the "name" field instead. "name": "A String", # Name of the referent. }, "name": "A String", # The name of the secret in Cloud Secret Manager. By default, the secret is assumed to be in the same project. If the secret is in another project, you must define an alias. An alias definition has the form: :projects//secrets/. If multiple alias definitions are needed, they must be separated by commas. The alias definitions must be set on the run.googleapis.com/secrets annotation. The name of the secret in the pod's namespace to select from. "optional": True or False, # Specify whether the Secret or its key must be defined. }, }, }, ], "envFrom": [ # Not supported by Cloud Run. { # Not supported by Cloud Run. EnvFromSource represents the source of a set of ConfigMaps "configMapRef": { # Not supported by Cloud Run. ConfigMapEnvSource selects a ConfigMap to populate the environment variables with. The contents of the target ConfigMap's Data field will represent the key-value pairs as environment variables. # The ConfigMap to select from "localObjectReference": { # Not supported by Cloud Run. LocalObjectReference contains enough information to let you locate the referenced object inside the same namespace. # This field should not be used directly as it is meant to be inlined directly into the message. Use the "name" field instead. "name": "A String", # Name of the referent. }, "name": "A String", # The ConfigMap to select from. "optional": True or False, # Specify whether the ConfigMap must be defined. }, "prefix": "A String", # An optional identifier to prepend to each key in the ConfigMap. Must be a C_IDENTIFIER. "secretRef": { # Not supported by Cloud Run. SecretEnvSource selects a Secret to populate the environment variables with. The contents of the target Secret's Data field will represent the key-value pairs as environment variables. # The Secret to select from "localObjectReference": { # Not supported by Cloud Run. LocalObjectReference contains enough information to let you locate the referenced object inside the same namespace. # This field should not be used directly as it is meant to be inlined directly into the message. Use the "name" field instead. "name": "A String", # Name of the referent. }, "name": "A String", # The Secret to select from. "optional": True or False, # Specify whether the Secret must be defined }, }, ], "image": "A String", # Required. Name of the container image in Dockerhub, Google Artifact Registry, or Google Container Registry. If the host is not provided, Dockerhub is assumed. "imagePullPolicy": "A String", # Image pull policy. One of Always, Never, IfNotPresent. Defaults to Always if :latest tag is specified, or IfNotPresent otherwise. "livenessProbe": { # Probe describes a health check to be performed against a container to determine whether it is alive or ready to receive traffic. # Periodic probe of container liveness. Container will be restarted if the probe fails. "exec": { # Not supported by Cloud Run. ExecAction describes a "run in container" action. # Not supported by Cloud Run. "command": [ # Command is the command line to execute inside the container, the working directory for the command is root ('/') in the container's filesystem. The command is simply exec'd, it is not run inside a shell, so traditional shell instructions ('|', etc) won't work. To use a shell, you need to explicitly call out to that shell. Exit status of 0 is treated as live/healthy and non-zero is unhealthy. "A String", ], }, "failureThreshold": 42, # Minimum consecutive failures for the probe to be considered failed after having succeeded. Defaults to 3. Minimum value is 1. "grpc": { # GRPCAction describes an action involving a GRPC port. # GRPCAction specifies an action involving a GRPC port. "port": 42, # Port number of the gRPC service. Number must be in the range 1 to 65535. "service": "A String", # Service is the name of the service to place in the gRPC HealthCheckRequest. If this is not specified, the default behavior is defined by gRPC. }, "httpGet": { # HTTPGetAction describes an action based on HTTP Get requests. # HTTPGet specifies the http request to perform. "host": "A String", # Not supported by Cloud Run. "httpHeaders": [ # Custom headers to set in the request. HTTP allows repeated headers. { # HTTPHeader describes a custom header to be used in HTTP probes "name": "A String", # Required. The header field name "value": "A String", # The header field value }, ], "path": "A String", # Path to access on the HTTP server. "port": 42, # Port number to access on the container. Number must be in the range 1 to 65535. "scheme": "A String", # Not supported by Cloud Run. }, "initialDelaySeconds": 42, # Number of seconds after the container has started before the probe is initiated. Defaults to 0 seconds. Minimum value is 0. Maximum value for liveness probe is 3600. Maximum value for startup probe is 240. "periodSeconds": 42, # How often (in seconds) to perform the probe. Default to 10 seconds. Minimum value is 1. Maximum value for liveness probe is 3600. Maximum value for startup probe is 240. Must be greater or equal than timeout_seconds. "successThreshold": 42, # Minimum consecutive successes for the probe to be considered successful after having failed. Must be 1 if set. "tcpSocket": { # TCPSocketAction describes an action based on opening a socket # TCPSocket specifies an action involving a TCP port. "host": "A String", # Not supported by Cloud Run. "port": 42, # Port number to access on the container. Number must be in the range 1 to 65535. }, "timeoutSeconds": 42, # Number of seconds after which the probe times out. Defaults to 1 second. Minimum value is 1. Maximum value is 3600. Must be smaller than period_seconds; if period_seconds is not set, must be less or equal than 10. }, "name": "A String", # Name of the container specified as a DNS_LABEL (RFC 1123). "ports": [ # List of ports to expose from the container. Only a single port can be specified. The specified ports must be listening on all interfaces (0.0.0.0) within the container to be accessible. If omitted, a port number will be chosen and passed to the container through the PORT environment variable for the container to listen on. { # ContainerPort represents a network port in a single container. "containerPort": 42, # Port number the container listens on. If present, this must be a valid port number, 0 < x < 65536. If not present, it will default to port 8080. For more information, see https://cloud.google.com/run/docs/container-contract#port "name": "A String", # If specified, used to specify which protocol to use. Allowed values are "http1" and "h2c". "protocol": "A String", # Protocol for port. Must be "TCP". Defaults to "TCP". }, ], "readinessProbe": { # Probe describes a health check to be performed against a container to determine whether it is alive or ready to receive traffic. # Readiness probe to be used for health checks. Not supported by Cloud Run. "exec": { # Not supported by Cloud Run. ExecAction describes a "run in container" action. # Not supported by Cloud Run. "command": [ # Command is the command line to execute inside the container, the working directory for the command is root ('/') in the container's filesystem. The command is simply exec'd, it is not run inside a shell, so traditional shell instructions ('|', etc) won't work. To use a shell, you need to explicitly call out to that shell. Exit status of 0 is treated as live/healthy and non-zero is unhealthy. "A String", ], }, "failureThreshold": 42, # Minimum consecutive failures for the probe to be considered failed after having succeeded. Defaults to 3. Minimum value is 1. "grpc": { # GRPCAction describes an action involving a GRPC port. # GRPCAction specifies an action involving a GRPC port. "port": 42, # Port number of the gRPC service. Number must be in the range 1 to 65535. "service": "A String", # Service is the name of the service to place in the gRPC HealthCheckRequest. If this is not specified, the default behavior is defined by gRPC. }, "httpGet": { # HTTPGetAction describes an action based on HTTP Get requests. # HTTPGet specifies the http request to perform. "host": "A String", # Not supported by Cloud Run. "httpHeaders": [ # Custom headers to set in the request. HTTP allows repeated headers. { # HTTPHeader describes a custom header to be used in HTTP probes "name": "A String", # Required. The header field name "value": "A String", # The header field value }, ], "path": "A String", # Path to access on the HTTP server. "port": 42, # Port number to access on the container. Number must be in the range 1 to 65535. "scheme": "A String", # Not supported by Cloud Run. }, "initialDelaySeconds": 42, # Number of seconds after the container has started before the probe is initiated. Defaults to 0 seconds. Minimum value is 0. Maximum value for liveness probe is 3600. Maximum value for startup probe is 240. "periodSeconds": 42, # How often (in seconds) to perform the probe. Default to 10 seconds. Minimum value is 1. Maximum value for liveness probe is 3600. Maximum value for startup probe is 240. Must be greater or equal than timeout_seconds. "successThreshold": 42, # Minimum consecutive successes for the probe to be considered successful after having failed. Must be 1 if set. "tcpSocket": { # TCPSocketAction describes an action based on opening a socket # TCPSocket specifies an action involving a TCP port. "host": "A String", # Not supported by Cloud Run. "port": 42, # Port number to access on the container. Number must be in the range 1 to 65535. }, "timeoutSeconds": 42, # Number of seconds after which the probe times out. Defaults to 1 second. Minimum value is 1. Maximum value is 3600. Must be smaller than period_seconds; if period_seconds is not set, must be less or equal than 10. }, "resources": { # ResourceRequirements describes the compute resource requirements. # Compute Resources required by this container. "limits": { # Limits describes the maximum amount of compute resources allowed. Only 'cpu' and 'memory' keys are supported. * For supported 'cpu' values, go to https://cloud.google.com/run/docs/configuring/cpu. * For supported 'memory' values and syntax, go to https://cloud.google.com/run/docs/configuring/memory-limits "a_key": "A String", }, "requests": { # Requests describes the minimum amount of compute resources required. Only `cpu` and `memory` are supported. If Requests is omitted for a container, it defaults to Limits if that is explicitly specified, otherwise to an implementation-defined value. * For supported 'cpu' values, go to https://cloud.google.com/run/docs/configuring/cpu. * For supported 'memory' values and syntax, go to https://cloud.google.com/run/docs/configuring/memory-limits "a_key": "A String", }, }, "securityContext": { # Not supported by Cloud Run. SecurityContext holds security configuration that will be applied to a container. Some fields are present in both SecurityContext and PodSecurityContext. When both are set, the values in SecurityContext take precedence. # Not supported by Cloud Run. "runAsUser": 42, # The UID to run the entrypoint of the container process. Defaults to user specified in image metadata if unspecified. May also be set in PodSecurityContext. If set in both SecurityContext and PodSecurityContext, the value specified in SecurityContext takes precedence. }, "startupProbe": { # Probe describes a health check to be performed against a container to determine whether it is alive or ready to receive traffic. # Startup probe of application within the container. All other probes are disabled if a startup probe is provided, until it succeeds. Container will not receive traffic if the probe fails. If not provided, a default startup probe with TCP socket action is used. "exec": { # Not supported by Cloud Run. ExecAction describes a "run in container" action. # Not supported by Cloud Run. "command": [ # Command is the command line to execute inside the container, the working directory for the command is root ('/') in the container's filesystem. The command is simply exec'd, it is not run inside a shell, so traditional shell instructions ('|', etc) won't work. To use a shell, you need to explicitly call out to that shell. Exit status of 0 is treated as live/healthy and non-zero is unhealthy. "A String", ], }, "failureThreshold": 42, # Minimum consecutive failures for the probe to be considered failed after having succeeded. Defaults to 3. Minimum value is 1. "grpc": { # GRPCAction describes an action involving a GRPC port. # GRPCAction specifies an action involving a GRPC port. "port": 42, # Port number of the gRPC service. Number must be in the range 1 to 65535. "service": "A String", # Service is the name of the service to place in the gRPC HealthCheckRequest. If this is not specified, the default behavior is defined by gRPC. }, "httpGet": { # HTTPGetAction describes an action based on HTTP Get requests. # HTTPGet specifies the http request to perform. "host": "A String", # Not supported by Cloud Run. "httpHeaders": [ # Custom headers to set in the request. HTTP allows repeated headers. { # HTTPHeader describes a custom header to be used in HTTP probes "name": "A String", # Required. The header field name "value": "A String", # The header field value }, ], "path": "A String", # Path to access on the HTTP server. "port": 42, # Port number to access on the container. Number must be in the range 1 to 65535. "scheme": "A String", # Not supported by Cloud Run. }, "initialDelaySeconds": 42, # Number of seconds after the container has started before the probe is initiated. Defaults to 0 seconds. Minimum value is 0. Maximum value for liveness probe is 3600. Maximum value for startup probe is 240. "periodSeconds": 42, # How often (in seconds) to perform the probe. Default to 10 seconds. Minimum value is 1. Maximum value for liveness probe is 3600. Maximum value for startup probe is 240. Must be greater or equal than timeout_seconds. "successThreshold": 42, # Minimum consecutive successes for the probe to be considered successful after having failed. Must be 1 if set. "tcpSocket": { # TCPSocketAction describes an action based on opening a socket # TCPSocket specifies an action involving a TCP port. "host": "A String", # Not supported by Cloud Run. "port": 42, # Port number to access on the container. Number must be in the range 1 to 65535. }, "timeoutSeconds": 42, # Number of seconds after which the probe times out. Defaults to 1 second. Minimum value is 1. Maximum value is 3600. Must be smaller than period_seconds; if period_seconds is not set, must be less or equal than 10. }, "terminationMessagePath": "A String", # Path at which the file to which the container's termination message will be written is mounted into the container's filesystem. Message written is intended to be brief final status, such as an assertion failure message. Will be truncated by the node if greater than 4096 bytes. The total message length across all containers will be limited to 12kb. Defaults to /dev/termination-log. "terminationMessagePolicy": "A String", # Indicate how the termination message should be populated. File will use the contents of terminationMessagePath to populate the container status message on both success and failure. FallbackToLogsOnError will use the last chunk of container log output if the termination message file is empty and the container exited with an error. The log output is limited to 2048 bytes or 80 lines, whichever is smaller. Defaults to File. Cannot be updated. "volumeMounts": [ # Volume to mount into the container's filesystem. Only supports SecretVolumeSources. Pod volumes to mount into the container's filesystem. { # VolumeMount describes a mounting of a Volume within a container. "mountPath": "A String", # Required. Path within the container at which the volume should be mounted. Must not contain ':'. "name": "A String", # Required. The name of the volume. There must be a corresponding Volume with the same name. "readOnly": True or False, # Sets the mount to be read-only or read-write. Not used by Cloud Run. "subPath": "A String", # Path within the volume from which the container's volume should be mounted. Defaults to "" (volume's root). }, ], "workingDir": "A String", # Container's working directory. If not specified, the container runtime's default will be used, which might be configured in the container image. }, ], "enableServiceLinks": True or False, # Not supported by Cloud Run. "imagePullSecrets": [ # Not supported by Cloud Run. { # Not supported by Cloud Run. LocalObjectReference contains enough information to let you locate the referenced object inside the same namespace. "name": "A String", # Name of the referent. }, ], "nodeSelector": { # Optional. The Node Selector configuration. Map of selector key to a value which matches a node. "a_key": "A String", }, "runtimeClassName": "A String", # Runtime. Leave unset for default. "serviceAccountName": "A String", # Email address of the IAM service account associated with the revision of the service. The service account represents the identity of the running revision, and determines what permissions the revision has. If not provided, the revision will use the project's default service account. "timeoutSeconds": 42, # TimeoutSeconds holds the max duration the instance is allowed for responding to a request. Cloud Run: defaults to 300 seconds (5 minutes). Maximum allowed value is 3600 seconds (1 hour). "volumes": [ { # Volume represents a named volume in a container. "configMap": { # Not supported by Cloud Run. Adapts a ConfigMap into a volume. The contents of the target ConfigMap's Data field will be presented in a volume as files using the keys in the Data field as the file names, unless the items element is populated with specific mappings of keys to paths. # Not supported in Cloud Run. "defaultMode": 42, # (Optional) Integer representation of mode bits to use on created files by default. Must be a value between 01 and 0777 (octal). If 0 or not set, it will default to 0644. Directories within the path are not affected by this setting. Notes * Internally, a umask of 0222 will be applied to any non-zero value. * This is an integer representation of the mode bits. So, the octal integer value should look exactly as the chmod numeric notation with a leading zero. Some examples: for chmod 777 (a=rwx), set to 0777 (octal) or 511 (base-10). For chmod 640 (u=rw,g=r), set to 0640 (octal) or 416 (base-10). For chmod 755 (u=rwx,g=rx,o=rx), set to 0755 (octal) or 493 (base-10). * This might be in conflict with other options that affect the file mode, like fsGroup, and the result can be other mode bits set. "items": [ # (Optional) If unspecified, each key-value pair in the Data field of the referenced Secret will be projected into the volume as a file whose name is the key and content is the value. If specified, the listed keys will be projected into the specified paths, and unlisted keys will not be present. If a key is specified that is not present in the Secret, the volume setup will error unless it is marked optional. { # Maps a string key to a path within a volume. "key": "A String", # The Cloud Secret Manager secret version. Can be 'latest' for the latest value, or an integer or a secret alias for a specific version. The key to project. "mode": 42, # (Optional) Mode bits to use on this file, must be a value between 01 and 0777 (octal). If 0 or not set, the Volume's default mode will be used. Notes * Internally, a umask of 0222 will be applied to any non-zero value. * This is an integer representation of the mode bits. So, the octal integer value should look exactly as the chmod numeric notation with a leading zero. Some examples: for chmod 777 (a=rwx), set to 0777 (octal) or 511 (base-10). For chmod 640 (u=rw,g=r), set to 0640 (octal) or 416 (base-10). For chmod 755 (u=rwx,g=rx,o=rx), set to 0755 (octal) or 493 (base-10). * This might be in conflict with other options that affect the file mode, like fsGroup, and the result can be other mode bits set. "path": "A String", # The relative path of the file to map the key to. May not be an absolute path. May not contain the path element '..'. May not start with the string '..'. }, ], "name": "A String", # Name of the config. "optional": True or False, # (Optional) Specify whether the Secret or its keys must be defined. }, "csi": { # Storage volume source using the Container Storage Interface. # Volume specified by the Container Storage Interface driver "driver": "A String", # name of the CSI driver for the requested storage system. Cloud Run supports the following drivers: * gcsfuse.run.googleapis.com : Mount a Cloud Storage Bucket as a volume. "readOnly": True or False, # If true, mount the volume as read only. Defaults to false. "volumeAttributes": { # stores driver specific attributes. For Google Cloud Storage volumes, the following attributes are supported: * bucketName: the name of the Cloud Storage bucket to mount. The Cloud Run Service identity must have access to this bucket. "a_key": "A String", }, }, "emptyDir": { # In memory (tmpfs) ephemeral storage. It is ephemeral in the sense that when the sandbox is taken down, the data is destroyed with it (it does not persist across sandbox runs). # Ephemeral storage used as a shared volume. "medium": "A String", # The medium on which the data is stored. The default is "" which means to use the node's default medium. Must be an empty string (default) or Memory. More info: https://kubernetes.io/docs/concepts/storage/volumes#emptydir "sizeLimit": "A String", # Limit on the storage usable by this EmptyDir volume. The size limit is also applicable for memory medium. The maximum usage on memory medium EmptyDir would be the minimum value between the SizeLimit specified here and the sum of memory limits of all containers. The default is nil which means that the limit is undefined. More info: https://cloud.google.com/run/docs/configuring/in-memory-volumes#configure-volume. Info in Kubernetes: https://kubernetes.io/docs/concepts/storage/volumes/#emptydir }, "name": "A String", # Volume's name. In Cloud Run Fully Managed, the name 'cloudsql' is reserved. "nfs": { # Represents a persistent volume that will be mounted using NFS. This volume will be shared between all instances of the resource and data will not be deleted when the instance is shut down. "path": "A String", # Path that is exported by the NFS server. "readOnly": True or False, # If true, mount the NFS volume as read only. Defaults to false. "server": "A String", # Hostname or IP address of the NFS server. }, "secret": { # A volume representing a secret stored in Google Secret Manager. The secret's value will be presented as the content of a file whose name is defined in the item path. If no items are defined, the name of the file is the secret_name. The contents of the target Secret's Data field will be presented in a volume as files using the keys in the Data field as the file names. # The secret's value will be presented as the content of a file whose name is defined in the item path. If no items are defined, the name of the file is the secretName. "defaultMode": 42, # Integer representation of mode bits to use on created files by default. Must be a value between 01 and 0777 (octal). If 0 or not set, it will default to 0444. Directories within the path are not affected by this setting. Notes * Internally, a umask of 0222 will be applied to any non-zero value. * This is an integer representation of the mode bits. So, the octal integer value should look exactly as the chmod numeric notation with a leading zero. Some examples: for chmod 777 (a=rwx), set to 0777 (octal) or 511 (base-10). For chmod 640 (u=rw,g=r), set to 0640 (octal) or 416 (base-10). For chmod 755 (u=rwx,g=rx,o=rx), set to 0755 (octal) or 493 (base-10). * This might be in conflict with other options that affect the file mode, like fsGroup, and the result can be other mode bits set. "items": [ # A list of secret versions to mount in the volume. If no items are specified, the volume will expose a file with the same name as the secret name. The contents of the file will be the data in the latest version of the secret. If items are specified, the key will be used as the version to fetch from Cloud Secret Manager and the path will be the name of the file exposed in the volume. When items are defined, they must specify both a key and a path. { # Maps a string key to a path within a volume. "key": "A String", # The Cloud Secret Manager secret version. Can be 'latest' for the latest value, or an integer or a secret alias for a specific version. The key to project. "mode": 42, # (Optional) Mode bits to use on this file, must be a value between 01 and 0777 (octal). If 0 or not set, the Volume's default mode will be used. Notes * Internally, a umask of 0222 will be applied to any non-zero value. * This is an integer representation of the mode bits. So, the octal integer value should look exactly as the chmod numeric notation with a leading zero. Some examples: for chmod 777 (a=rwx), set to 0777 (octal) or 511 (base-10). For chmod 640 (u=rw,g=r), set to 0640 (octal) or 416 (base-10). For chmod 755 (u=rwx,g=rx,o=rx), set to 0755 (octal) or 493 (base-10). * This might be in conflict with other options that affect the file mode, like fsGroup, and the result can be other mode bits set. "path": "A String", # The relative path of the file to map the key to. May not be an absolute path. May not contain the path element '..'. May not start with the string '..'. }, ], "optional": True or False, # Not supported by Cloud Run. "secretName": "A String", # The name of the secret in Cloud Secret Manager. By default, the secret is assumed to be in the same project. If the secret is in another project, you must define an alias. An alias definition has the form: :projects//secrets/. If multiple alias definitions are needed, they must be separated by commas. The alias definitions must be set on the run.googleapis.com/secrets annotation. Name of the secret in the container's namespace to use. }, }, ], }, }, "traffic": [ # Specifies how to distribute traffic over a collection of Knative Revisions and Configurations to the Service's main URL. { # TrafficTarget holds a single entry of the routing table for a Route. "configurationName": "A String", # [Deprecated] Not supported in Cloud Run. It must be empty. "latestRevision": True or False, # Uses the "status.latestReadyRevisionName" of the Service to determine the traffic target. When it changes, traffic will automatically migrate from the prior "latest ready" revision to the new one. This field must be false if RevisionName is set. This field defaults to true otherwise. If the field is set to true on Status, this means that the Revision was resolved from the Service's latest ready revision. "percent": 42, # Percent specifies percent of the traffic to this Revision or Configuration. This defaults to zero if unspecified. "revisionName": "A String", # Points this traffic target to a specific Revision. This field is mutually exclusive with latest_revision. "tag": "A String", # Tag is used to expose a dedicated url for referencing this target exclusively. "url": "A String", # Output only. URL displays the URL for accessing tagged traffic targets. URL is displayed in status, and is disallowed on spec. URL must contain a scheme (e.g. https://) and a hostname, but may not contain anything else (e.g. basic auth, url path, etc.) }, ], }, "status": { # The current state of the Service. Output only. # Communicates the system-controlled state of the Service. "address": { # Information for connecting over HTTP(s). # Similar to url, information on where the service is available on HTTP. "url": "A String", }, "conditions": [ # Conditions communicate information about ongoing/complete reconciliation processes that bring the `spec` inline with the observed state of the world. Service-specific conditions include: * `ConfigurationsReady`: `True` when the underlying Configuration is ready. * `RoutesReady`: `True` when the underlying Route is ready. * `Ready`: `True` when all underlying resources are ready. { # Conditions show the status of reconciliation progress on a given resource. Most resource use a top-level condition type "Ready" or "Completed" to show overall status with other conditions to checkpoint each stage of reconciliation. Note that if metadata.Generation does not equal status.ObservedGeneration, the conditions shown may not be relevant for the current spec. "lastTransitionTime": "A String", # Optional. Last time the condition transitioned from one status to another. "message": "A String", # Optional. Human readable message indicating details about the current status. "reason": "A String", # Optional. One-word CamelCase reason for the condition's last transition. These are intended to be stable, unique values which the client may use to trigger error handling logic, whereas messages which may be changed later by the server. "severity": "A String", # Optional. How to interpret this condition. One of Error, Warning, or Info. Conditions of severity Info do not contribute to resource readiness. "status": "A String", # Status of the condition, one of True, False, Unknown. "type": "A String", # type is used to communicate the status of the reconciliation process. Types common to all resources include: * "Ready" or "Completed": True when the Resource is ready. }, ], "latestCreatedRevisionName": "A String", # Name of the last revision that was created from this Service's Configuration. It might not be ready yet, for that use LatestReadyRevisionName. "latestReadyRevisionName": "A String", # Name of the latest Revision from this Service's Configuration that has had its `Ready` condition become `True`. "observedGeneration": 42, # Returns the generation last seen by the system. Clients polling for completed reconciliation should poll until observedGeneration = metadata.generation and the Ready condition's status is True or False. "traffic": [ # Holds the configured traffic distribution. These entries will always contain RevisionName references. When ConfigurationName appears in the spec, this will hold the LatestReadyRevisionName that we last observed. { # TrafficTarget holds a single entry of the routing table for a Route. "configurationName": "A String", # [Deprecated] Not supported in Cloud Run. It must be empty. "latestRevision": True or False, # Uses the "status.latestReadyRevisionName" of the Service to determine the traffic target. When it changes, traffic will automatically migrate from the prior "latest ready" revision to the new one. This field must be false if RevisionName is set. This field defaults to true otherwise. If the field is set to true on Status, this means that the Revision was resolved from the Service's latest ready revision. "percent": 42, # Percent specifies percent of the traffic to this Revision or Configuration. This defaults to zero if unspecified. "revisionName": "A String", # Points this traffic target to a specific Revision. This field is mutually exclusive with latest_revision. "tag": "A String", # Tag is used to expose a dedicated url for referencing this target exclusively. "url": "A String", # Output only. URL displays the URL for accessing tagged traffic targets. URL is displayed in status, and is disallowed on spec. URL must contain a scheme (e.g. https://) and a hostname, but may not contain anything else (e.g. basic auth, url path, etc.) }, ], "url": "A String", # URL that will distribute traffic over the provided traffic targets. It generally has the form `https://{route-hash}-{project-hash}-{cluster-level-suffix}.a.run.app` }, } dryRun: string, Indicates that the server should validate the request and populate default values without persisting the request. Supported values: `all` x__xgafv: string, V1 error format. Allowed values 1 - v1 error format 2 - v2 error format Returns: An object of the form: { # Service acts as a top-level container that manages a set of Routes and Configurations which implement a network service. Service exists to provide a singular abstraction which can be access controlled, reasoned about, and which encapsulates software lifecycle decisions such as rollout policy and team resource ownership. Service acts only as an orchestrator of the underlying Routes and Configurations (much as a kubernetes Deployment orchestrates ReplicaSets). The Service's controller will track the statuses of its owned Configuration and Route, reflecting their statuses and conditions as its own. "apiVersion": "A String", # The API version for this call. It must be "serving.knative.dev/v1". "kind": "A String", # The kind of resource. It must be "Service". "metadata": { # google.cloud.run.meta.v1.ObjectMeta is metadata that all persisted resources must have, which includes all objects users must create. # Metadata associated with this Service, including name, namespace, labels, and annotations. In Cloud Run, annotations with 'run.googleapis.com/' and 'autoscaling.knative.dev' are restricted, and the accepted annotations will be different depending on the resource type. The following Cloud Run-specific annotations are accepted in Service.metadata.annotations. * `run.googleapis.com/binary-authorization-breakglass` * `run.googleapis.com/binary-authorization` * `run.googleapis.com/client-name` * `run.googleapis.com/custom-audiences` * `run.googleapis.com/default-url-disabled` * `run.googleapis.com/description` * `run.googleapis.com/gc-traffic-tags` * `run.googleapis.com/ingress` * `run.googleapis.com/ingress` sets the ingress settings for the Service. See [the ingress settings documentation](/run/docs/securing/ingress) for details on configuring ingress settings. * `run.googleapis.com/ingress-status` is output-only and contains the currently active ingress settings for the Service. `run.googleapis.com/ingress-status` may differ from `run.googleapis.com/ingress` while the system is processing a change to `run.googleapis.com/ingress` or if the system failed to process a change to `run.googleapis.com/ingress`. When the system has processed all changes successfully `run.googleapis.com/ingress-status` and `run.googleapis.com/ingress` are equal. "annotations": { # Unstructured key value map stored with a resource that may be set by external tools to store and retrieve arbitrary metadata. They are not queryable and should be preserved when modifying objects. In Cloud Run, annotations with 'run.googleapis.com/' and 'autoscaling.knative.dev' are restricted, and the accepted annotations will be different depending on the resource type. * `autoscaling.knative.dev/maxScale`: Revision. * `autoscaling.knative.dev/minScale`: Revision. * `run.googleapis.com/base-images`: Service, Revision. * `run.googleapis.com/binary-authorization-breakglass`: Service, Job, * `run.googleapis.com/binary-authorization`: Service, Job, Execution. * `run.googleapis.com/build-base-image`: Service. * `run.googleapis.com/build-enable-automatic-updates`: Service. * `run.googleapis.com/build-environment-variables`: Service. * `run.googleapis.com/build-function-target`: Service. * `run.googleapis.com/build-id`: Service. * `run.googleapis.com/build-image-uri`: Service. * `run.googleapis.com/build-name`: Service. * `run.googleapis.com/build-service-account`: Service. * `run.googleapis.com/build-source-location`: Service. * `run.googleapis.com/build-worker-pool`: Service. * `run.googleapis.com/client-name`: All resources. * `run.googleapis.com/cloudsql-instances`: Revision, Execution. * `run.googleapis.com/container-dependencies`: Revision . * `run.googleapis.com/cpu-throttling`: Revision. * `run.googleapis.com/custom-audiences`: Service. * `run.googleapis.com/default-url-disabled`: Service. * `run.googleapis.com/description`: Service. * `run.googleapis.com/encryption-key-shutdown-hours`: Revision * `run.googleapis.com/encryption-key`: Revision, Execution. * `run.googleapis.com/execution-environment`: Revision, Execution. * `run.googleapis.com/gc-traffic-tags`: Service. * `run.googleapis.com/health-check-disabled`: Revision. * `run.googleapis.com/ingress`: Service. * `run.googleapis.com/launch-stage`: Service, Job. * `run.googleapis.com/minScale`: Service * `run.googleapis.com/network-interfaces`: Revision, Execution. * `run.googleapis.com/post-key-revocation-action-type`: Revision. * `run.googleapis.com/secrets`: Revision, Execution. * `run.googleapis.com/secure-session-agent`: Revision. * `run.googleapis.com/sessionAffinity`: Revision. * `run.googleapis.com/startup-cpu-boost`: Revision. * `run.googleapis.com/vpc-access-connector`: Revision, Execution. * `run.googleapis.com/vpc-access-egress`: Revision, Execution. "a_key": "A String", }, "clusterName": "A String", # Not supported by Cloud Run "creationTimestamp": "A String", # UTC timestamp representing the server time when this object was created. "deletionGracePeriodSeconds": 42, # Not supported by Cloud Run "deletionTimestamp": "A String", # The read-only soft deletion timestamp for this resource. In Cloud Run, users are not able to set this field. Instead, they must call the corresponding Delete API. "finalizers": [ # Not supported by Cloud Run "A String", ], "generateName": "A String", # Not supported by Cloud Run "generation": 42, # A system-provided sequence number representing a specific generation of the desired state. "labels": { # Map of string keys and values that can be used to organize and categorize (scope and select) objects. May match selectors of replication controllers and routes. "a_key": "A String", }, "name": "A String", # Required. The name of the resource. Name is required when creating top-level resources (Service, Job), must be unique within a Cloud Run project/region, and cannot be changed once created. "namespace": "A String", # Required. Defines the space within each name must be unique within a Cloud Run region. In Cloud Run, it must be project ID or number. "ownerReferences": [ # Not supported by Cloud Run { # This is not supported or used by Cloud Run. "apiVersion": "A String", # This is not supported or used by Cloud Run. "blockOwnerDeletion": True or False, # This is not supported or used by Cloud Run. "controller": True or False, # This is not supported or used by Cloud Run. "kind": "A String", # This is not supported or used by Cloud Run. "name": "A String", # This is not supported or used by Cloud Run. "uid": "A String", # This is not supported or used by Cloud Run. }, ], "resourceVersion": "A String", # Opaque, system-generated value that represents the internal version of this object that can be used by clients to determine when objects have changed. May be used for optimistic concurrency, change detection, and the watch operation on a resource or set of resources. Clients must treat these values as opaque and passed unmodified back to the server or omit the value to disable conflict-detection. "selfLink": "A String", # URL representing this object. "uid": "A String", # Unique, system-generated identifier for this resource. }, "spec": { # ServiceSpec holds the desired state of the Route (from the client), which is used to manipulate the underlying Route and Configuration(s). # Holds the desired state of the Service (from the client). "template": { # RevisionTemplateSpec describes the data a revision should have when created from a template. # Holds the latest specification for the Revision to be stamped out. "metadata": { # google.cloud.run.meta.v1.ObjectMeta is metadata that all persisted resources must have, which includes all objects users must create. # Optional metadata for this Revision, including labels and annotations. Name will be generated by the Configuration. The following annotation keys set properties of the created revision: * `autoscaling.knative.dev/minScale` sets the minimum number of instances. * `autoscaling.knative.dev/maxScale` sets the maximum number of instances. * `run.googleapis.com/cloudsql-instances` sets Cloud SQL connections. Multiple values should be comma separated. * `run.googleapis.com/health-check-disabled`: if true, deploy-time startup probes will not run for this revision. * `run.googleapis.com/vpc-access-connector` sets a Serverless VPC Access connector. * `run.googleapis.com/vpc-access-egress` sets VPC egress. Supported values are `all-traffic`, `all` (deprecated), and `private-ranges-only`. `all-traffic` and `all` provide the same functionality. `all` is deprecated but will continue to be supported. Prefer `all-traffic`. "annotations": { # Unstructured key value map stored with a resource that may be set by external tools to store and retrieve arbitrary metadata. They are not queryable and should be preserved when modifying objects. In Cloud Run, annotations with 'run.googleapis.com/' and 'autoscaling.knative.dev' are restricted, and the accepted annotations will be different depending on the resource type. * `autoscaling.knative.dev/maxScale`: Revision. * `autoscaling.knative.dev/minScale`: Revision. * `run.googleapis.com/base-images`: Service, Revision. * `run.googleapis.com/binary-authorization-breakglass`: Service, Job, * `run.googleapis.com/binary-authorization`: Service, Job, Execution. * `run.googleapis.com/build-base-image`: Service. * `run.googleapis.com/build-enable-automatic-updates`: Service. * `run.googleapis.com/build-environment-variables`: Service. * `run.googleapis.com/build-function-target`: Service. * `run.googleapis.com/build-id`: Service. * `run.googleapis.com/build-image-uri`: Service. * `run.googleapis.com/build-name`: Service. * `run.googleapis.com/build-service-account`: Service. * `run.googleapis.com/build-source-location`: Service. * `run.googleapis.com/build-worker-pool`: Service. * `run.googleapis.com/client-name`: All resources. * `run.googleapis.com/cloudsql-instances`: Revision, Execution. * `run.googleapis.com/container-dependencies`: Revision . * `run.googleapis.com/cpu-throttling`: Revision. * `run.googleapis.com/custom-audiences`: Service. * `run.googleapis.com/default-url-disabled`: Service. * `run.googleapis.com/description`: Service. * `run.googleapis.com/encryption-key-shutdown-hours`: Revision * `run.googleapis.com/encryption-key`: Revision, Execution. * `run.googleapis.com/execution-environment`: Revision, Execution. * `run.googleapis.com/gc-traffic-tags`: Service. * `run.googleapis.com/health-check-disabled`: Revision. * `run.googleapis.com/ingress`: Service. * `run.googleapis.com/launch-stage`: Service, Job. * `run.googleapis.com/minScale`: Service * `run.googleapis.com/network-interfaces`: Revision, Execution. * `run.googleapis.com/post-key-revocation-action-type`: Revision. * `run.googleapis.com/secrets`: Revision, Execution. * `run.googleapis.com/secure-session-agent`: Revision. * `run.googleapis.com/sessionAffinity`: Revision. * `run.googleapis.com/startup-cpu-boost`: Revision. * `run.googleapis.com/vpc-access-connector`: Revision, Execution. * `run.googleapis.com/vpc-access-egress`: Revision, Execution. "a_key": "A String", }, "clusterName": "A String", # Not supported by Cloud Run "creationTimestamp": "A String", # UTC timestamp representing the server time when this object was created. "deletionGracePeriodSeconds": 42, # Not supported by Cloud Run "deletionTimestamp": "A String", # The read-only soft deletion timestamp for this resource. In Cloud Run, users are not able to set this field. Instead, they must call the corresponding Delete API. "finalizers": [ # Not supported by Cloud Run "A String", ], "generateName": "A String", # Not supported by Cloud Run "generation": 42, # A system-provided sequence number representing a specific generation of the desired state. "labels": { # Map of string keys and values that can be used to organize and categorize (scope and select) objects. May match selectors of replication controllers and routes. "a_key": "A String", }, "name": "A String", # Required. The name of the resource. Name is required when creating top-level resources (Service, Job), must be unique within a Cloud Run project/region, and cannot be changed once created. "namespace": "A String", # Required. Defines the space within each name must be unique within a Cloud Run region. In Cloud Run, it must be project ID or number. "ownerReferences": [ # Not supported by Cloud Run { # This is not supported or used by Cloud Run. "apiVersion": "A String", # This is not supported or used by Cloud Run. "blockOwnerDeletion": True or False, # This is not supported or used by Cloud Run. "controller": True or False, # This is not supported or used by Cloud Run. "kind": "A String", # This is not supported or used by Cloud Run. "name": "A String", # This is not supported or used by Cloud Run. "uid": "A String", # This is not supported or used by Cloud Run. }, ], "resourceVersion": "A String", # Opaque, system-generated value that represents the internal version of this object that can be used by clients to determine when objects have changed. May be used for optimistic concurrency, change detection, and the watch operation on a resource or set of resources. Clients must treat these values as opaque and passed unmodified back to the server or omit the value to disable conflict-detection. "selfLink": "A String", # URL representing this object. "uid": "A String", # Unique, system-generated identifier for this resource. }, "spec": { # RevisionSpec holds the desired state of the Revision (from the client). # RevisionSpec holds the desired state of the Revision (from the client). "containerConcurrency": 42, # ContainerConcurrency specifies the maximum allowed in-flight (concurrent) requests per container instance of the Revision. If not specified or 0, defaults to 80 when requested CPU >= 1 and defaults to 1 when requested CPU < 1. "containers": [ # Required. Containers holds the list which define the units of execution for this Revision. In the context of a Revision, we disallow a number of fields on this Container, including: name and lifecycle. { # A single application container. This specifies both the container to run, the command to run in the container and the arguments to supply to it. Note that additional arguments may be supplied by the system to the container at runtime. "args": [ # Arguments to the entrypoint. The docker image's CMD is used if this is not provided. Variable references are not supported in Cloud Run. "A String", ], "command": [ # Entrypoint array. Not executed within a shell. The docker image's ENTRYPOINT is used if this is not provided. Variable references are not supported in Cloud Run. "A String", ], "env": [ # List of environment variables to set in the container. EnvVar with duplicate names are generally allowed; if referencing a secret, the name must be unique for the container. For non-secret EnvVar names, the Container will only get the last-declared one. { # EnvVar represents an environment variable present in a Container. "name": "A String", # Required. Name of the environment variable. "value": "A String", # Value of the environment variable. Defaults to "". Variable references are not supported in Cloud Run. "valueFrom": { # EnvVarSource represents a source for the value of an EnvVar. # Source for the environment variable's value. Only supports secret_key_ref. Cannot be used if value is not empty. "configMapKeyRef": { # Not supported by Cloud Run. # Not supported by Cloud Run. Not supported in Cloud Run. "key": "A String", # Required. Not supported by Cloud Run. "localObjectReference": { # Not supported by Cloud Run. LocalObjectReference contains enough information to let you locate the referenced object inside the same namespace. # Not supported by Cloud Run. "name": "A String", # Name of the referent. }, "name": "A String", # Required. Not supported by Cloud Run. "optional": True or False, # Not supported by Cloud Run. }, "secretKeyRef": { # SecretKeySelector selects a key of a Secret. # Selects a key (version) of a secret in Secret Manager. "key": "A String", # Required. A Cloud Secret Manager secret version. Must be 'latest' for the latest version, an integer for a specific version, or a version alias. The key of the secret to select from. Must be a valid secret key. "localObjectReference": { # Not supported by Cloud Run. LocalObjectReference contains enough information to let you locate the referenced object inside the same namespace. # This field should not be used directly as it is meant to be inlined directly into the message. Use the "name" field instead. "name": "A String", # Name of the referent. }, "name": "A String", # The name of the secret in Cloud Secret Manager. By default, the secret is assumed to be in the same project. If the secret is in another project, you must define an alias. An alias definition has the form: :projects//secrets/. If multiple alias definitions are needed, they must be separated by commas. The alias definitions must be set on the run.googleapis.com/secrets annotation. The name of the secret in the pod's namespace to select from. "optional": True or False, # Specify whether the Secret or its key must be defined. }, }, }, ], "envFrom": [ # Not supported by Cloud Run. { # Not supported by Cloud Run. EnvFromSource represents the source of a set of ConfigMaps "configMapRef": { # Not supported by Cloud Run. ConfigMapEnvSource selects a ConfigMap to populate the environment variables with. The contents of the target ConfigMap's Data field will represent the key-value pairs as environment variables. # The ConfigMap to select from "localObjectReference": { # Not supported by Cloud Run. LocalObjectReference contains enough information to let you locate the referenced object inside the same namespace. # This field should not be used directly as it is meant to be inlined directly into the message. Use the "name" field instead. "name": "A String", # Name of the referent. }, "name": "A String", # The ConfigMap to select from. "optional": True or False, # Specify whether the ConfigMap must be defined. }, "prefix": "A String", # An optional identifier to prepend to each key in the ConfigMap. Must be a C_IDENTIFIER. "secretRef": { # Not supported by Cloud Run. SecretEnvSource selects a Secret to populate the environment variables with. The contents of the target Secret's Data field will represent the key-value pairs as environment variables. # The Secret to select from "localObjectReference": { # Not supported by Cloud Run. LocalObjectReference contains enough information to let you locate the referenced object inside the same namespace. # This field should not be used directly as it is meant to be inlined directly into the message. Use the "name" field instead. "name": "A String", # Name of the referent. }, "name": "A String", # The Secret to select from. "optional": True or False, # Specify whether the Secret must be defined }, }, ], "image": "A String", # Required. Name of the container image in Dockerhub, Google Artifact Registry, or Google Container Registry. If the host is not provided, Dockerhub is assumed. "imagePullPolicy": "A String", # Image pull policy. One of Always, Never, IfNotPresent. Defaults to Always if :latest tag is specified, or IfNotPresent otherwise. "livenessProbe": { # Probe describes a health check to be performed against a container to determine whether it is alive or ready to receive traffic. # Periodic probe of container liveness. Container will be restarted if the probe fails. "exec": { # Not supported by Cloud Run. ExecAction describes a "run in container" action. # Not supported by Cloud Run. "command": [ # Command is the command line to execute inside the container, the working directory for the command is root ('/') in the container's filesystem. The command is simply exec'd, it is not run inside a shell, so traditional shell instructions ('|', etc) won't work. To use a shell, you need to explicitly call out to that shell. Exit status of 0 is treated as live/healthy and non-zero is unhealthy. "A String", ], }, "failureThreshold": 42, # Minimum consecutive failures for the probe to be considered failed after having succeeded. Defaults to 3. Minimum value is 1. "grpc": { # GRPCAction describes an action involving a GRPC port. # GRPCAction specifies an action involving a GRPC port. "port": 42, # Port number of the gRPC service. Number must be in the range 1 to 65535. "service": "A String", # Service is the name of the service to place in the gRPC HealthCheckRequest. If this is not specified, the default behavior is defined by gRPC. }, "httpGet": { # HTTPGetAction describes an action based on HTTP Get requests. # HTTPGet specifies the http request to perform. "host": "A String", # Not supported by Cloud Run. "httpHeaders": [ # Custom headers to set in the request. HTTP allows repeated headers. { # HTTPHeader describes a custom header to be used in HTTP probes "name": "A String", # Required. The header field name "value": "A String", # The header field value }, ], "path": "A String", # Path to access on the HTTP server. "port": 42, # Port number to access on the container. Number must be in the range 1 to 65535. "scheme": "A String", # Not supported by Cloud Run. }, "initialDelaySeconds": 42, # Number of seconds after the container has started before the probe is initiated. Defaults to 0 seconds. Minimum value is 0. Maximum value for liveness probe is 3600. Maximum value for startup probe is 240. "periodSeconds": 42, # How often (in seconds) to perform the probe. Default to 10 seconds. Minimum value is 1. Maximum value for liveness probe is 3600. Maximum value for startup probe is 240. Must be greater or equal than timeout_seconds. "successThreshold": 42, # Minimum consecutive successes for the probe to be considered successful after having failed. Must be 1 if set. "tcpSocket": { # TCPSocketAction describes an action based on opening a socket # TCPSocket specifies an action involving a TCP port. "host": "A String", # Not supported by Cloud Run. "port": 42, # Port number to access on the container. Number must be in the range 1 to 65535. }, "timeoutSeconds": 42, # Number of seconds after which the probe times out. Defaults to 1 second. Minimum value is 1. Maximum value is 3600. Must be smaller than period_seconds; if period_seconds is not set, must be less or equal than 10. }, "name": "A String", # Name of the container specified as a DNS_LABEL (RFC 1123). "ports": [ # List of ports to expose from the container. Only a single port can be specified. The specified ports must be listening on all interfaces (0.0.0.0) within the container to be accessible. If omitted, a port number will be chosen and passed to the container through the PORT environment variable for the container to listen on. { # ContainerPort represents a network port in a single container. "containerPort": 42, # Port number the container listens on. If present, this must be a valid port number, 0 < x < 65536. If not present, it will default to port 8080. For more information, see https://cloud.google.com/run/docs/container-contract#port "name": "A String", # If specified, used to specify which protocol to use. Allowed values are "http1" and "h2c". "protocol": "A String", # Protocol for port. Must be "TCP". Defaults to "TCP". }, ], "readinessProbe": { # Probe describes a health check to be performed against a container to determine whether it is alive or ready to receive traffic. # Readiness probe to be used for health checks. Not supported by Cloud Run. "exec": { # Not supported by Cloud Run. ExecAction describes a "run in container" action. # Not supported by Cloud Run. "command": [ # Command is the command line to execute inside the container, the working directory for the command is root ('/') in the container's filesystem. The command is simply exec'd, it is not run inside a shell, so traditional shell instructions ('|', etc) won't work. To use a shell, you need to explicitly call out to that shell. Exit status of 0 is treated as live/healthy and non-zero is unhealthy. "A String", ], }, "failureThreshold": 42, # Minimum consecutive failures for the probe to be considered failed after having succeeded. Defaults to 3. Minimum value is 1. "grpc": { # GRPCAction describes an action involving a GRPC port. # GRPCAction specifies an action involving a GRPC port. "port": 42, # Port number of the gRPC service. Number must be in the range 1 to 65535. "service": "A String", # Service is the name of the service to place in the gRPC HealthCheckRequest. If this is not specified, the default behavior is defined by gRPC. }, "httpGet": { # HTTPGetAction describes an action based on HTTP Get requests. # HTTPGet specifies the http request to perform. "host": "A String", # Not supported by Cloud Run. "httpHeaders": [ # Custom headers to set in the request. HTTP allows repeated headers. { # HTTPHeader describes a custom header to be used in HTTP probes "name": "A String", # Required. The header field name "value": "A String", # The header field value }, ], "path": "A String", # Path to access on the HTTP server. "port": 42, # Port number to access on the container. Number must be in the range 1 to 65535. "scheme": "A String", # Not supported by Cloud Run. }, "initialDelaySeconds": 42, # Number of seconds after the container has started before the probe is initiated. Defaults to 0 seconds. Minimum value is 0. Maximum value for liveness probe is 3600. Maximum value for startup probe is 240. "periodSeconds": 42, # How often (in seconds) to perform the probe. Default to 10 seconds. Minimum value is 1. Maximum value for liveness probe is 3600. Maximum value for startup probe is 240. Must be greater or equal than timeout_seconds. "successThreshold": 42, # Minimum consecutive successes for the probe to be considered successful after having failed. Must be 1 if set. "tcpSocket": { # TCPSocketAction describes an action based on opening a socket # TCPSocket specifies an action involving a TCP port. "host": "A String", # Not supported by Cloud Run. "port": 42, # Port number to access on the container. Number must be in the range 1 to 65535. }, "timeoutSeconds": 42, # Number of seconds after which the probe times out. Defaults to 1 second. Minimum value is 1. Maximum value is 3600. Must be smaller than period_seconds; if period_seconds is not set, must be less or equal than 10. }, "resources": { # ResourceRequirements describes the compute resource requirements. # Compute Resources required by this container. "limits": { # Limits describes the maximum amount of compute resources allowed. Only 'cpu' and 'memory' keys are supported. * For supported 'cpu' values, go to https://cloud.google.com/run/docs/configuring/cpu. * For supported 'memory' values and syntax, go to https://cloud.google.com/run/docs/configuring/memory-limits "a_key": "A String", }, "requests": { # Requests describes the minimum amount of compute resources required. Only `cpu` and `memory` are supported. If Requests is omitted for a container, it defaults to Limits if that is explicitly specified, otherwise to an implementation-defined value. * For supported 'cpu' values, go to https://cloud.google.com/run/docs/configuring/cpu. * For supported 'memory' values and syntax, go to https://cloud.google.com/run/docs/configuring/memory-limits "a_key": "A String", }, }, "securityContext": { # Not supported by Cloud Run. SecurityContext holds security configuration that will be applied to a container. Some fields are present in both SecurityContext and PodSecurityContext. When both are set, the values in SecurityContext take precedence. # Not supported by Cloud Run. "runAsUser": 42, # The UID to run the entrypoint of the container process. Defaults to user specified in image metadata if unspecified. May also be set in PodSecurityContext. If set in both SecurityContext and PodSecurityContext, the value specified in SecurityContext takes precedence. }, "startupProbe": { # Probe describes a health check to be performed against a container to determine whether it is alive or ready to receive traffic. # Startup probe of application within the container. All other probes are disabled if a startup probe is provided, until it succeeds. Container will not receive traffic if the probe fails. If not provided, a default startup probe with TCP socket action is used. "exec": { # Not supported by Cloud Run. ExecAction describes a "run in container" action. # Not supported by Cloud Run. "command": [ # Command is the command line to execute inside the container, the working directory for the command is root ('/') in the container's filesystem. The command is simply exec'd, it is not run inside a shell, so traditional shell instructions ('|', etc) won't work. To use a shell, you need to explicitly call out to that shell. Exit status of 0 is treated as live/healthy and non-zero is unhealthy. "A String", ], }, "failureThreshold": 42, # Minimum consecutive failures for the probe to be considered failed after having succeeded. Defaults to 3. Minimum value is 1. "grpc": { # GRPCAction describes an action involving a GRPC port. # GRPCAction specifies an action involving a GRPC port. "port": 42, # Port number of the gRPC service. Number must be in the range 1 to 65535. "service": "A String", # Service is the name of the service to place in the gRPC HealthCheckRequest. If this is not specified, the default behavior is defined by gRPC. }, "httpGet": { # HTTPGetAction describes an action based on HTTP Get requests. # HTTPGet specifies the http request to perform. "host": "A String", # Not supported by Cloud Run. "httpHeaders": [ # Custom headers to set in the request. HTTP allows repeated headers. { # HTTPHeader describes a custom header to be used in HTTP probes "name": "A String", # Required. The header field name "value": "A String", # The header field value }, ], "path": "A String", # Path to access on the HTTP server. "port": 42, # Port number to access on the container. Number must be in the range 1 to 65535. "scheme": "A String", # Not supported by Cloud Run. }, "initialDelaySeconds": 42, # Number of seconds after the container has started before the probe is initiated. Defaults to 0 seconds. Minimum value is 0. Maximum value for liveness probe is 3600. Maximum value for startup probe is 240. "periodSeconds": 42, # How often (in seconds) to perform the probe. Default to 10 seconds. Minimum value is 1. Maximum value for liveness probe is 3600. Maximum value for startup probe is 240. Must be greater or equal than timeout_seconds. "successThreshold": 42, # Minimum consecutive successes for the probe to be considered successful after having failed. Must be 1 if set. "tcpSocket": { # TCPSocketAction describes an action based on opening a socket # TCPSocket specifies an action involving a TCP port. "host": "A String", # Not supported by Cloud Run. "port": 42, # Port number to access on the container. Number must be in the range 1 to 65535. }, "timeoutSeconds": 42, # Number of seconds after which the probe times out. Defaults to 1 second. Minimum value is 1. Maximum value is 3600. Must be smaller than period_seconds; if period_seconds is not set, must be less or equal than 10. }, "terminationMessagePath": "A String", # Path at which the file to which the container's termination message will be written is mounted into the container's filesystem. Message written is intended to be brief final status, such as an assertion failure message. Will be truncated by the node if greater than 4096 bytes. The total message length across all containers will be limited to 12kb. Defaults to /dev/termination-log. "terminationMessagePolicy": "A String", # Indicate how the termination message should be populated. File will use the contents of terminationMessagePath to populate the container status message on both success and failure. FallbackToLogsOnError will use the last chunk of container log output if the termination message file is empty and the container exited with an error. The log output is limited to 2048 bytes or 80 lines, whichever is smaller. Defaults to File. Cannot be updated. "volumeMounts": [ # Volume to mount into the container's filesystem. Only supports SecretVolumeSources. Pod volumes to mount into the container's filesystem. { # VolumeMount describes a mounting of a Volume within a container. "mountPath": "A String", # Required. Path within the container at which the volume should be mounted. Must not contain ':'. "name": "A String", # Required. The name of the volume. There must be a corresponding Volume with the same name. "readOnly": True or False, # Sets the mount to be read-only or read-write. Not used by Cloud Run. "subPath": "A String", # Path within the volume from which the container's volume should be mounted. Defaults to "" (volume's root). }, ], "workingDir": "A String", # Container's working directory. If not specified, the container runtime's default will be used, which might be configured in the container image. }, ], "enableServiceLinks": True or False, # Not supported by Cloud Run. "imagePullSecrets": [ # Not supported by Cloud Run. { # Not supported by Cloud Run. LocalObjectReference contains enough information to let you locate the referenced object inside the same namespace. "name": "A String", # Name of the referent. }, ], "nodeSelector": { # Optional. The Node Selector configuration. Map of selector key to a value which matches a node. "a_key": "A String", }, "runtimeClassName": "A String", # Runtime. Leave unset for default. "serviceAccountName": "A String", # Email address of the IAM service account associated with the revision of the service. The service account represents the identity of the running revision, and determines what permissions the revision has. If not provided, the revision will use the project's default service account. "timeoutSeconds": 42, # TimeoutSeconds holds the max duration the instance is allowed for responding to a request. Cloud Run: defaults to 300 seconds (5 minutes). Maximum allowed value is 3600 seconds (1 hour). "volumes": [ { # Volume represents a named volume in a container. "configMap": { # Not supported by Cloud Run. Adapts a ConfigMap into a volume. The contents of the target ConfigMap's Data field will be presented in a volume as files using the keys in the Data field as the file names, unless the items element is populated with specific mappings of keys to paths. # Not supported in Cloud Run. "defaultMode": 42, # (Optional) Integer representation of mode bits to use on created files by default. Must be a value between 01 and 0777 (octal). If 0 or not set, it will default to 0644. Directories within the path are not affected by this setting. Notes * Internally, a umask of 0222 will be applied to any non-zero value. * This is an integer representation of the mode bits. So, the octal integer value should look exactly as the chmod numeric notation with a leading zero. Some examples: for chmod 777 (a=rwx), set to 0777 (octal) or 511 (base-10). For chmod 640 (u=rw,g=r), set to 0640 (octal) or 416 (base-10). For chmod 755 (u=rwx,g=rx,o=rx), set to 0755 (octal) or 493 (base-10). * This might be in conflict with other options that affect the file mode, like fsGroup, and the result can be other mode bits set. "items": [ # (Optional) If unspecified, each key-value pair in the Data field of the referenced Secret will be projected into the volume as a file whose name is the key and content is the value. If specified, the listed keys will be projected into the specified paths, and unlisted keys will not be present. If a key is specified that is not present in the Secret, the volume setup will error unless it is marked optional. { # Maps a string key to a path within a volume. "key": "A String", # The Cloud Secret Manager secret version. Can be 'latest' for the latest value, or an integer or a secret alias for a specific version. The key to project. "mode": 42, # (Optional) Mode bits to use on this file, must be a value between 01 and 0777 (octal). If 0 or not set, the Volume's default mode will be used. Notes * Internally, a umask of 0222 will be applied to any non-zero value. * This is an integer representation of the mode bits. So, the octal integer value should look exactly as the chmod numeric notation with a leading zero. Some examples: for chmod 777 (a=rwx), set to 0777 (octal) or 511 (base-10). For chmod 640 (u=rw,g=r), set to 0640 (octal) or 416 (base-10). For chmod 755 (u=rwx,g=rx,o=rx), set to 0755 (octal) or 493 (base-10). * This might be in conflict with other options that affect the file mode, like fsGroup, and the result can be other mode bits set. "path": "A String", # The relative path of the file to map the key to. May not be an absolute path. May not contain the path element '..'. May not start with the string '..'. }, ], "name": "A String", # Name of the config. "optional": True or False, # (Optional) Specify whether the Secret or its keys must be defined. }, "csi": { # Storage volume source using the Container Storage Interface. # Volume specified by the Container Storage Interface driver "driver": "A String", # name of the CSI driver for the requested storage system. Cloud Run supports the following drivers: * gcsfuse.run.googleapis.com : Mount a Cloud Storage Bucket as a volume. "readOnly": True or False, # If true, mount the volume as read only. Defaults to false. "volumeAttributes": { # stores driver specific attributes. For Google Cloud Storage volumes, the following attributes are supported: * bucketName: the name of the Cloud Storage bucket to mount. The Cloud Run Service identity must have access to this bucket. "a_key": "A String", }, }, "emptyDir": { # In memory (tmpfs) ephemeral storage. It is ephemeral in the sense that when the sandbox is taken down, the data is destroyed with it (it does not persist across sandbox runs). # Ephemeral storage used as a shared volume. "medium": "A String", # The medium on which the data is stored. The default is "" which means to use the node's default medium. Must be an empty string (default) or Memory. More info: https://kubernetes.io/docs/concepts/storage/volumes#emptydir "sizeLimit": "A String", # Limit on the storage usable by this EmptyDir volume. The size limit is also applicable for memory medium. The maximum usage on memory medium EmptyDir would be the minimum value between the SizeLimit specified here and the sum of memory limits of all containers. The default is nil which means that the limit is undefined. More info: https://cloud.google.com/run/docs/configuring/in-memory-volumes#configure-volume. Info in Kubernetes: https://kubernetes.io/docs/concepts/storage/volumes/#emptydir }, "name": "A String", # Volume's name. In Cloud Run Fully Managed, the name 'cloudsql' is reserved. "nfs": { # Represents a persistent volume that will be mounted using NFS. This volume will be shared between all instances of the resource and data will not be deleted when the instance is shut down. "path": "A String", # Path that is exported by the NFS server. "readOnly": True or False, # If true, mount the NFS volume as read only. Defaults to false. "server": "A String", # Hostname or IP address of the NFS server. }, "secret": { # A volume representing a secret stored in Google Secret Manager. The secret's value will be presented as the content of a file whose name is defined in the item path. If no items are defined, the name of the file is the secret_name. The contents of the target Secret's Data field will be presented in a volume as files using the keys in the Data field as the file names. # The secret's value will be presented as the content of a file whose name is defined in the item path. If no items are defined, the name of the file is the secretName. "defaultMode": 42, # Integer representation of mode bits to use on created files by default. Must be a value between 01 and 0777 (octal). If 0 or not set, it will default to 0444. Directories within the path are not affected by this setting. Notes * Internally, a umask of 0222 will be applied to any non-zero value. * This is an integer representation of the mode bits. So, the octal integer value should look exactly as the chmod numeric notation with a leading zero. Some examples: for chmod 777 (a=rwx), set to 0777 (octal) or 511 (base-10). For chmod 640 (u=rw,g=r), set to 0640 (octal) or 416 (base-10). For chmod 755 (u=rwx,g=rx,o=rx), set to 0755 (octal) or 493 (base-10). * This might be in conflict with other options that affect the file mode, like fsGroup, and the result can be other mode bits set. "items": [ # A list of secret versions to mount in the volume. If no items are specified, the volume will expose a file with the same name as the secret name. The contents of the file will be the data in the latest version of the secret. If items are specified, the key will be used as the version to fetch from Cloud Secret Manager and the path will be the name of the file exposed in the volume. When items are defined, they must specify both a key and a path. { # Maps a string key to a path within a volume. "key": "A String", # The Cloud Secret Manager secret version. Can be 'latest' for the latest value, or an integer or a secret alias for a specific version. The key to project. "mode": 42, # (Optional) Mode bits to use on this file, must be a value between 01 and 0777 (octal). If 0 or not set, the Volume's default mode will be used. Notes * Internally, a umask of 0222 will be applied to any non-zero value. * This is an integer representation of the mode bits. So, the octal integer value should look exactly as the chmod numeric notation with a leading zero. Some examples: for chmod 777 (a=rwx), set to 0777 (octal) or 511 (base-10). For chmod 640 (u=rw,g=r), set to 0640 (octal) or 416 (base-10). For chmod 755 (u=rwx,g=rx,o=rx), set to 0755 (octal) or 493 (base-10). * This might be in conflict with other options that affect the file mode, like fsGroup, and the result can be other mode bits set. "path": "A String", # The relative path of the file to map the key to. May not be an absolute path. May not contain the path element '..'. May not start with the string '..'. }, ], "optional": True or False, # Not supported by Cloud Run. "secretName": "A String", # The name of the secret in Cloud Secret Manager. By default, the secret is assumed to be in the same project. If the secret is in another project, you must define an alias. An alias definition has the form: :projects//secrets/. If multiple alias definitions are needed, they must be separated by commas. The alias definitions must be set on the run.googleapis.com/secrets annotation. Name of the secret in the container's namespace to use. }, }, ], }, }, "traffic": [ # Specifies how to distribute traffic over a collection of Knative Revisions and Configurations to the Service's main URL. { # TrafficTarget holds a single entry of the routing table for a Route. "configurationName": "A String", # [Deprecated] Not supported in Cloud Run. It must be empty. "latestRevision": True or False, # Uses the "status.latestReadyRevisionName" of the Service to determine the traffic target. When it changes, traffic will automatically migrate from the prior "latest ready" revision to the new one. This field must be false if RevisionName is set. This field defaults to true otherwise. If the field is set to true on Status, this means that the Revision was resolved from the Service's latest ready revision. "percent": 42, # Percent specifies percent of the traffic to this Revision or Configuration. This defaults to zero if unspecified. "revisionName": "A String", # Points this traffic target to a specific Revision. This field is mutually exclusive with latest_revision. "tag": "A String", # Tag is used to expose a dedicated url for referencing this target exclusively. "url": "A String", # Output only. URL displays the URL for accessing tagged traffic targets. URL is displayed in status, and is disallowed on spec. URL must contain a scheme (e.g. https://) and a hostname, but may not contain anything else (e.g. basic auth, url path, etc.) }, ], }, "status": { # The current state of the Service. Output only. # Communicates the system-controlled state of the Service. "address": { # Information for connecting over HTTP(s). # Similar to url, information on where the service is available on HTTP. "url": "A String", }, "conditions": [ # Conditions communicate information about ongoing/complete reconciliation processes that bring the `spec` inline with the observed state of the world. Service-specific conditions include: * `ConfigurationsReady`: `True` when the underlying Configuration is ready. * `RoutesReady`: `True` when the underlying Route is ready. * `Ready`: `True` when all underlying resources are ready. { # Conditions show the status of reconciliation progress on a given resource. Most resource use a top-level condition type "Ready" or "Completed" to show overall status with other conditions to checkpoint each stage of reconciliation. Note that if metadata.Generation does not equal status.ObservedGeneration, the conditions shown may not be relevant for the current spec. "lastTransitionTime": "A String", # Optional. Last time the condition transitioned from one status to another. "message": "A String", # Optional. Human readable message indicating details about the current status. "reason": "A String", # Optional. One-word CamelCase reason for the condition's last transition. These are intended to be stable, unique values which the client may use to trigger error handling logic, whereas messages which may be changed later by the server. "severity": "A String", # Optional. How to interpret this condition. One of Error, Warning, or Info. Conditions of severity Info do not contribute to resource readiness. "status": "A String", # Status of the condition, one of True, False, Unknown. "type": "A String", # type is used to communicate the status of the reconciliation process. Types common to all resources include: * "Ready" or "Completed": True when the Resource is ready. }, ], "latestCreatedRevisionName": "A String", # Name of the last revision that was created from this Service's Configuration. It might not be ready yet, for that use LatestReadyRevisionName. "latestReadyRevisionName": "A String", # Name of the latest Revision from this Service's Configuration that has had its `Ready` condition become `True`. "observedGeneration": 42, # Returns the generation last seen by the system. Clients polling for completed reconciliation should poll until observedGeneration = metadata.generation and the Ready condition's status is True or False. "traffic": [ # Holds the configured traffic distribution. These entries will always contain RevisionName references. When ConfigurationName appears in the spec, this will hold the LatestReadyRevisionName that we last observed. { # TrafficTarget holds a single entry of the routing table for a Route. "configurationName": "A String", # [Deprecated] Not supported in Cloud Run. It must be empty. "latestRevision": True or False, # Uses the "status.latestReadyRevisionName" of the Service to determine the traffic target. When it changes, traffic will automatically migrate from the prior "latest ready" revision to the new one. This field must be false if RevisionName is set. This field defaults to true otherwise. If the field is set to true on Status, this means that the Revision was resolved from the Service's latest ready revision. "percent": 42, # Percent specifies percent of the traffic to this Revision or Configuration. This defaults to zero if unspecified. "revisionName": "A String", # Points this traffic target to a specific Revision. This field is mutually exclusive with latest_revision. "tag": "A String", # Tag is used to expose a dedicated url for referencing this target exclusively. "url": "A String", # Output only. URL displays the URL for accessing tagged traffic targets. URL is displayed in status, and is disallowed on spec. URL must contain a scheme (e.g. https://) and a hostname, but may not contain anything else (e.g. basic auth, url path, etc.) }, ], "url": "A String", # URL that will distribute traffic over the provided traffic targets. It generally has the form `https://{route-hash}-{project-hash}-{cluster-level-suffix}.a.run.app` }, }
setIamPolicy(resource, body=None, x__xgafv=None)
Sets the IAM Access control policy for the specified Service. Overwrites any existing policy. Args: resource: string, REQUIRED: The resource for which the policy is being specified. See [Resource names](https://cloud.google.com/apis/design/resource_names) for the appropriate value for this field. (required) body: object, The request body. The object takes the form of: { # Request message for `SetIamPolicy` method. "policy": { # An Identity and Access Management (IAM) policy, which specifies access controls for Google Cloud resources. A `Policy` is a collection of `bindings`. A `binding` binds one or more `members`, or principals, to a single `role`. Principals can be user accounts, service accounts, Google groups, and domains (such as G Suite). A `role` is a named list of permissions; each `role` can be an IAM predefined role or a user-created custom role. For some types of Google Cloud resources, a `binding` can also specify a `condition`, which is a logical expression that allows access to a resource only if the expression evaluates to `true`. A condition can add constraints based on attributes of the request, the resource, or both. To learn which resources support conditions in their IAM policies, see the [IAM documentation](https://cloud.google.com/iam/help/conditions/resource-policies). **JSON example:** ``` { "bindings": [ { "role": "roles/resourcemanager.organizationAdmin", "members": [ "user:mike@example.com", "group:admins@example.com", "domain:google.com", "serviceAccount:my-project-id@appspot.gserviceaccount.com" ] }, { "role": "roles/resourcemanager.organizationViewer", "members": [ "user:eve@example.com" ], "condition": { "title": "expirable access", "description": "Does not grant access after Sep 2020", "expression": "request.time < timestamp('2020-10-01T00:00:00.000Z')", } } ], "etag": "BwWWja0YfJA=", "version": 3 } ``` **YAML example:** ``` bindings: - members: - user:mike@example.com - group:admins@example.com - domain:google.com - serviceAccount:my-project-id@appspot.gserviceaccount.com role: roles/resourcemanager.organizationAdmin - members: - user:eve@example.com role: roles/resourcemanager.organizationViewer condition: title: expirable access description: Does not grant access after Sep 2020 expression: request.time < timestamp('2020-10-01T00:00:00.000Z') etag: BwWWja0YfJA= version: 3 ``` For a description of IAM and its features, see the [IAM documentation](https://cloud.google.com/iam/docs/). # REQUIRED: The complete policy to be applied to the `resource`. The size of the policy is limited to a few 10s of KB. An empty policy is a valid policy but certain Google Cloud services (such as Projects) might reject them. "auditConfigs": [ # Specifies cloud audit logging configuration for this policy. { # Specifies the audit configuration for a service. The configuration determines which permission types are logged, and what identities, if any, are exempted from logging. An AuditConfig must have one or more AuditLogConfigs. If there are AuditConfigs for both `allServices` and a specific service, the union of the two AuditConfigs is used for that service: the log_types specified in each AuditConfig are enabled, and the exempted_members in each AuditLogConfig are exempted. Example Policy with multiple AuditConfigs: { "audit_configs": [ { "service": "allServices", "audit_log_configs": [ { "log_type": "DATA_READ", "exempted_members": [ "user:jose@example.com" ] }, { "log_type": "DATA_WRITE" }, { "log_type": "ADMIN_READ" } ] }, { "service": "sampleservice.googleapis.com", "audit_log_configs": [ { "log_type": "DATA_READ" }, { "log_type": "DATA_WRITE", "exempted_members": [ "user:aliya@example.com" ] } ] } ] } For sampleservice, this policy enables DATA_READ, DATA_WRITE and ADMIN_READ logging. It also exempts `jose@example.com` from DATA_READ logging, and `aliya@example.com` from DATA_WRITE logging. "auditLogConfigs": [ # The configuration for logging of each type of permission. { # Provides the configuration for logging a type of permissions. Example: { "audit_log_configs": [ { "log_type": "DATA_READ", "exempted_members": [ "user:jose@example.com" ] }, { "log_type": "DATA_WRITE" } ] } This enables 'DATA_READ' and 'DATA_WRITE' logging, while exempting jose@example.com from DATA_READ logging. "exemptedMembers": [ # Specifies the identities that do not cause logging for this type of permission. Follows the same format of Binding.members. "A String", ], "logType": "A String", # The log type that this config enables. }, ], "service": "A String", # Specifies a service that will be enabled for audit logging. For example, `storage.googleapis.com`, `cloudsql.googleapis.com`. `allServices` is a special value that covers all services. }, ], "bindings": [ # Associates a list of `members`, or principals, with a `role`. Optionally, may specify a `condition` that determines how and when the `bindings` are applied. Each of the `bindings` must contain at least one principal. The `bindings` in a `Policy` can refer to up to 1,500 principals; up to 250 of these principals can be Google groups. Each occurrence of a principal counts towards these limits. For example, if the `bindings` grant 50 different roles to `user:alice@example.com`, and not to any other principal, then you can add another 1,450 principals to the `bindings` in the `Policy`. { # Associates `members`, or principals, with a `role`. "condition": { # Represents a textual expression in the Common Expression Language (CEL) syntax. CEL is a C-like expression language. The syntax and semantics of CEL are documented at https://github.com/google/cel-spec. Example (Comparison): title: "Summary size limit" description: "Determines if a summary is less than 100 chars" expression: "document.summary.size() < 100" Example (Equality): title: "Requestor is owner" description: "Determines if requestor is the document owner" expression: "document.owner == request.auth.claims.email" Example (Logic): title: "Public documents" description: "Determine whether the document should be publicly visible" expression: "document.type != 'private' && document.type != 'internal'" Example (Data Manipulation): title: "Notification string" description: "Create a notification string with a timestamp." expression: "'New message received at ' + string(document.create_time)" The exact variables and functions that may be referenced within an expression are determined by the service that evaluates it. See the service documentation for additional information. # The condition that is associated with this binding. If the condition evaluates to `true`, then this binding applies to the current request. If the condition evaluates to `false`, then this binding does not apply to the current request. However, a different role binding might grant the same role to one or more of the principals in this binding. To learn which resources support conditions in their IAM policies, see the [IAM documentation](https://cloud.google.com/iam/help/conditions/resource-policies). "description": "A String", # Optional. Description of the expression. This is a longer text which describes the expression, e.g. when hovered over it in a UI. "expression": "A String", # Textual representation of an expression in Common Expression Language syntax. "location": "A String", # Optional. String indicating the location of the expression for error reporting, e.g. a file name and a position in the file. "title": "A String", # Optional. Title for the expression, i.e. a short string describing its purpose. This can be used e.g. in UIs which allow to enter the expression. }, "members": [ # Specifies the principals requesting access for a Google Cloud resource. `members` can have the following values: * `allUsers`: A special identifier that represents anyone who is on the internet; with or without a Google account. * `allAuthenticatedUsers`: A special identifier that represents anyone who is authenticated with a Google account or a service account. Does not include identities that come from external identity providers (IdPs) through identity federation. * `user:{emailid}`: An email address that represents a specific Google account. For example, `alice@example.com` . * `serviceAccount:{emailid}`: An email address that represents a Google service account. For example, `my-other-app@appspot.gserviceaccount.com`. * `serviceAccount:{projectid}.svc.id.goog[{namespace}/{kubernetes-sa}]`: An identifier for a [Kubernetes service account](https://cloud.google.com/kubernetes-engine/docs/how-to/kubernetes-service-accounts). For example, `my-project.svc.id.goog[my-namespace/my-kubernetes-sa]`. * `group:{emailid}`: An email address that represents a Google group. For example, `admins@example.com`. * `domain:{domain}`: The G Suite domain (primary) that represents all the users of that domain. For example, `google.com` or `example.com`. * `principal://iam.googleapis.com/locations/global/workforcePools/{pool_id}/subject/{subject_attribute_value}`: A single identity in a workforce identity pool. * `principalSet://iam.googleapis.com/locations/global/workforcePools/{pool_id}/group/{group_id}`: All workforce identities in a group. * `principalSet://iam.googleapis.com/locations/global/workforcePools/{pool_id}/attribute.{attribute_name}/{attribute_value}`: All workforce identities with a specific attribute value. * `principalSet://iam.googleapis.com/locations/global/workforcePools/{pool_id}/*`: All identities in a workforce identity pool. * `principal://iam.googleapis.com/projects/{project_number}/locations/global/workloadIdentityPools/{pool_id}/subject/{subject_attribute_value}`: A single identity in a workload identity pool. * `principalSet://iam.googleapis.com/projects/{project_number}/locations/global/workloadIdentityPools/{pool_id}/group/{group_id}`: A workload identity pool group. * `principalSet://iam.googleapis.com/projects/{project_number}/locations/global/workloadIdentityPools/{pool_id}/attribute.{attribute_name}/{attribute_value}`: All identities in a workload identity pool with a certain attribute. * `principalSet://iam.googleapis.com/projects/{project_number}/locations/global/workloadIdentityPools/{pool_id}/*`: All identities in a workload identity pool. * `deleted:user:{emailid}?uid={uniqueid}`: An email address (plus unique identifier) representing a user that has been recently deleted. For example, `alice@example.com?uid=123456789012345678901`. If the user is recovered, this value reverts to `user:{emailid}` and the recovered user retains the role in the binding. * `deleted:serviceAccount:{emailid}?uid={uniqueid}`: An email address (plus unique identifier) representing a service account that has been recently deleted. For example, `my-other-app@appspot.gserviceaccount.com?uid=123456789012345678901`. If the service account is undeleted, this value reverts to `serviceAccount:{emailid}` and the undeleted service account retains the role in the binding. * `deleted:group:{emailid}?uid={uniqueid}`: An email address (plus unique identifier) representing a Google group that has been recently deleted. For example, `admins@example.com?uid=123456789012345678901`. If the group is recovered, this value reverts to `group:{emailid}` and the recovered group retains the role in the binding. * `deleted:principal://iam.googleapis.com/locations/global/workforcePools/{pool_id}/subject/{subject_attribute_value}`: Deleted single identity in a workforce identity pool. For example, `deleted:principal://iam.googleapis.com/locations/global/workforcePools/my-pool-id/subject/my-subject-attribute-value`. "A String", ], "role": "A String", # Role that is assigned to the list of `members`, or principals. For example, `roles/viewer`, `roles/editor`, or `roles/owner`. For an overview of the IAM roles and permissions, see the [IAM documentation](https://cloud.google.com/iam/docs/roles-overview). For a list of the available pre-defined roles, see [here](https://cloud.google.com/iam/docs/understanding-roles). }, ], "etag": "A String", # `etag` is used for optimistic concurrency control as a way to help prevent simultaneous updates of a policy from overwriting each other. It is strongly suggested that systems make use of the `etag` in the read-modify-write cycle to perform policy updates in order to avoid race conditions: An `etag` is returned in the response to `getIamPolicy`, and systems are expected to put that etag in the request to `setIamPolicy` to ensure that their change will be applied to the same version of the policy. **Important:** If you use IAM Conditions, you must include the `etag` field whenever you call `setIamPolicy`. If you omit this field, then IAM allows you to overwrite a version `3` policy with a version `1` policy, and all of the conditions in the version `3` policy are lost. "version": 42, # Specifies the format of the policy. Valid values are `0`, `1`, and `3`. Requests that specify an invalid value are rejected. Any operation that affects conditional role bindings must specify version `3`. This requirement applies to the following operations: * Getting a policy that includes a conditional role binding * Adding a conditional role binding to a policy * Changing a conditional role binding in a policy * Removing any role binding, with or without a condition, from a policy that includes conditions **Important:** If you use IAM Conditions, you must include the `etag` field whenever you call `setIamPolicy`. If you omit this field, then IAM allows you to overwrite a version `3` policy with a version `1` policy, and all of the conditions in the version `3` policy are lost. If a policy does not include any conditions, operations on that policy may specify any valid version or leave the field unset. To learn which resources support conditions in their IAM policies, see the [IAM documentation](https://cloud.google.com/iam/help/conditions/resource-policies). }, "updateMask": "A String", # OPTIONAL: A FieldMask specifying which fields of the policy to modify. Only the fields in the mask will be modified. If no mask is provided, the following default mask is used: `paths: "bindings, etag"` } x__xgafv: string, V1 error format. Allowed values 1 - v1 error format 2 - v2 error format Returns: An object of the form: { # An Identity and Access Management (IAM) policy, which specifies access controls for Google Cloud resources. A `Policy` is a collection of `bindings`. A `binding` binds one or more `members`, or principals, to a single `role`. Principals can be user accounts, service accounts, Google groups, and domains (such as G Suite). A `role` is a named list of permissions; each `role` can be an IAM predefined role or a user-created custom role. For some types of Google Cloud resources, a `binding` can also specify a `condition`, which is a logical expression that allows access to a resource only if the expression evaluates to `true`. A condition can add constraints based on attributes of the request, the resource, or both. To learn which resources support conditions in their IAM policies, see the [IAM documentation](https://cloud.google.com/iam/help/conditions/resource-policies). **JSON example:** ``` { "bindings": [ { "role": "roles/resourcemanager.organizationAdmin", "members": [ "user:mike@example.com", "group:admins@example.com", "domain:google.com", "serviceAccount:my-project-id@appspot.gserviceaccount.com" ] }, { "role": "roles/resourcemanager.organizationViewer", "members": [ "user:eve@example.com" ], "condition": { "title": "expirable access", "description": "Does not grant access after Sep 2020", "expression": "request.time < timestamp('2020-10-01T00:00:00.000Z')", } } ], "etag": "BwWWja0YfJA=", "version": 3 } ``` **YAML example:** ``` bindings: - members: - user:mike@example.com - group:admins@example.com - domain:google.com - serviceAccount:my-project-id@appspot.gserviceaccount.com role: roles/resourcemanager.organizationAdmin - members: - user:eve@example.com role: roles/resourcemanager.organizationViewer condition: title: expirable access description: Does not grant access after Sep 2020 expression: request.time < timestamp('2020-10-01T00:00:00.000Z') etag: BwWWja0YfJA= version: 3 ``` For a description of IAM and its features, see the [IAM documentation](https://cloud.google.com/iam/docs/). "auditConfigs": [ # Specifies cloud audit logging configuration for this policy. { # Specifies the audit configuration for a service. The configuration determines which permission types are logged, and what identities, if any, are exempted from logging. An AuditConfig must have one or more AuditLogConfigs. If there are AuditConfigs for both `allServices` and a specific service, the union of the two AuditConfigs is used for that service: the log_types specified in each AuditConfig are enabled, and the exempted_members in each AuditLogConfig are exempted. Example Policy with multiple AuditConfigs: { "audit_configs": [ { "service": "allServices", "audit_log_configs": [ { "log_type": "DATA_READ", "exempted_members": [ "user:jose@example.com" ] }, { "log_type": "DATA_WRITE" }, { "log_type": "ADMIN_READ" } ] }, { "service": "sampleservice.googleapis.com", "audit_log_configs": [ { "log_type": "DATA_READ" }, { "log_type": "DATA_WRITE", "exempted_members": [ "user:aliya@example.com" ] } ] } ] } For sampleservice, this policy enables DATA_READ, DATA_WRITE and ADMIN_READ logging. It also exempts `jose@example.com` from DATA_READ logging, and `aliya@example.com` from DATA_WRITE logging. "auditLogConfigs": [ # The configuration for logging of each type of permission. { # Provides the configuration for logging a type of permissions. Example: { "audit_log_configs": [ { "log_type": "DATA_READ", "exempted_members": [ "user:jose@example.com" ] }, { "log_type": "DATA_WRITE" } ] } This enables 'DATA_READ' and 'DATA_WRITE' logging, while exempting jose@example.com from DATA_READ logging. "exemptedMembers": [ # Specifies the identities that do not cause logging for this type of permission. Follows the same format of Binding.members. "A String", ], "logType": "A String", # The log type that this config enables. }, ], "service": "A String", # Specifies a service that will be enabled for audit logging. For example, `storage.googleapis.com`, `cloudsql.googleapis.com`. `allServices` is a special value that covers all services. }, ], "bindings": [ # Associates a list of `members`, or principals, with a `role`. Optionally, may specify a `condition` that determines how and when the `bindings` are applied. Each of the `bindings` must contain at least one principal. The `bindings` in a `Policy` can refer to up to 1,500 principals; up to 250 of these principals can be Google groups. Each occurrence of a principal counts towards these limits. For example, if the `bindings` grant 50 different roles to `user:alice@example.com`, and not to any other principal, then you can add another 1,450 principals to the `bindings` in the `Policy`. { # Associates `members`, or principals, with a `role`. "condition": { # Represents a textual expression in the Common Expression Language (CEL) syntax. CEL is a C-like expression language. The syntax and semantics of CEL are documented at https://github.com/google/cel-spec. Example (Comparison): title: "Summary size limit" description: "Determines if a summary is less than 100 chars" expression: "document.summary.size() < 100" Example (Equality): title: "Requestor is owner" description: "Determines if requestor is the document owner" expression: "document.owner == request.auth.claims.email" Example (Logic): title: "Public documents" description: "Determine whether the document should be publicly visible" expression: "document.type != 'private' && document.type != 'internal'" Example (Data Manipulation): title: "Notification string" description: "Create a notification string with a timestamp." expression: "'New message received at ' + string(document.create_time)" The exact variables and functions that may be referenced within an expression are determined by the service that evaluates it. See the service documentation for additional information. # The condition that is associated with this binding. If the condition evaluates to `true`, then this binding applies to the current request. If the condition evaluates to `false`, then this binding does not apply to the current request. However, a different role binding might grant the same role to one or more of the principals in this binding. To learn which resources support conditions in their IAM policies, see the [IAM documentation](https://cloud.google.com/iam/help/conditions/resource-policies). "description": "A String", # Optional. Description of the expression. This is a longer text which describes the expression, e.g. when hovered over it in a UI. "expression": "A String", # Textual representation of an expression in Common Expression Language syntax. "location": "A String", # Optional. String indicating the location of the expression for error reporting, e.g. a file name and a position in the file. "title": "A String", # Optional. Title for the expression, i.e. a short string describing its purpose. This can be used e.g. in UIs which allow to enter the expression. }, "members": [ # Specifies the principals requesting access for a Google Cloud resource. `members` can have the following values: * `allUsers`: A special identifier that represents anyone who is on the internet; with or without a Google account. * `allAuthenticatedUsers`: A special identifier that represents anyone who is authenticated with a Google account or a service account. Does not include identities that come from external identity providers (IdPs) through identity federation. * `user:{emailid}`: An email address that represents a specific Google account. For example, `alice@example.com` . * `serviceAccount:{emailid}`: An email address that represents a Google service account. For example, `my-other-app@appspot.gserviceaccount.com`. * `serviceAccount:{projectid}.svc.id.goog[{namespace}/{kubernetes-sa}]`: An identifier for a [Kubernetes service account](https://cloud.google.com/kubernetes-engine/docs/how-to/kubernetes-service-accounts). For example, `my-project.svc.id.goog[my-namespace/my-kubernetes-sa]`. * `group:{emailid}`: An email address that represents a Google group. For example, `admins@example.com`. * `domain:{domain}`: The G Suite domain (primary) that represents all the users of that domain. For example, `google.com` or `example.com`. * `principal://iam.googleapis.com/locations/global/workforcePools/{pool_id}/subject/{subject_attribute_value}`: A single identity in a workforce identity pool. * `principalSet://iam.googleapis.com/locations/global/workforcePools/{pool_id}/group/{group_id}`: All workforce identities in a group. * `principalSet://iam.googleapis.com/locations/global/workforcePools/{pool_id}/attribute.{attribute_name}/{attribute_value}`: All workforce identities with a specific attribute value. * `principalSet://iam.googleapis.com/locations/global/workforcePools/{pool_id}/*`: All identities in a workforce identity pool. * `principal://iam.googleapis.com/projects/{project_number}/locations/global/workloadIdentityPools/{pool_id}/subject/{subject_attribute_value}`: A single identity in a workload identity pool. * `principalSet://iam.googleapis.com/projects/{project_number}/locations/global/workloadIdentityPools/{pool_id}/group/{group_id}`: A workload identity pool group. * `principalSet://iam.googleapis.com/projects/{project_number}/locations/global/workloadIdentityPools/{pool_id}/attribute.{attribute_name}/{attribute_value}`: All identities in a workload identity pool with a certain attribute. * `principalSet://iam.googleapis.com/projects/{project_number}/locations/global/workloadIdentityPools/{pool_id}/*`: All identities in a workload identity pool. * `deleted:user:{emailid}?uid={uniqueid}`: An email address (plus unique identifier) representing a user that has been recently deleted. For example, `alice@example.com?uid=123456789012345678901`. If the user is recovered, this value reverts to `user:{emailid}` and the recovered user retains the role in the binding. * `deleted:serviceAccount:{emailid}?uid={uniqueid}`: An email address (plus unique identifier) representing a service account that has been recently deleted. For example, `my-other-app@appspot.gserviceaccount.com?uid=123456789012345678901`. If the service account is undeleted, this value reverts to `serviceAccount:{emailid}` and the undeleted service account retains the role in the binding. * `deleted:group:{emailid}?uid={uniqueid}`: An email address (plus unique identifier) representing a Google group that has been recently deleted. For example, `admins@example.com?uid=123456789012345678901`. If the group is recovered, this value reverts to `group:{emailid}` and the recovered group retains the role in the binding. * `deleted:principal://iam.googleapis.com/locations/global/workforcePools/{pool_id}/subject/{subject_attribute_value}`: Deleted single identity in a workforce identity pool. For example, `deleted:principal://iam.googleapis.com/locations/global/workforcePools/my-pool-id/subject/my-subject-attribute-value`. "A String", ], "role": "A String", # Role that is assigned to the list of `members`, or principals. For example, `roles/viewer`, `roles/editor`, or `roles/owner`. For an overview of the IAM roles and permissions, see the [IAM documentation](https://cloud.google.com/iam/docs/roles-overview). For a list of the available pre-defined roles, see [here](https://cloud.google.com/iam/docs/understanding-roles). }, ], "etag": "A String", # `etag` is used for optimistic concurrency control as a way to help prevent simultaneous updates of a policy from overwriting each other. It is strongly suggested that systems make use of the `etag` in the read-modify-write cycle to perform policy updates in order to avoid race conditions: An `etag` is returned in the response to `getIamPolicy`, and systems are expected to put that etag in the request to `setIamPolicy` to ensure that their change will be applied to the same version of the policy. **Important:** If you use IAM Conditions, you must include the `etag` field whenever you call `setIamPolicy`. If you omit this field, then IAM allows you to overwrite a version `3` policy with a version `1` policy, and all of the conditions in the version `3` policy are lost. "version": 42, # Specifies the format of the policy. Valid values are `0`, `1`, and `3`. Requests that specify an invalid value are rejected. Any operation that affects conditional role bindings must specify version `3`. This requirement applies to the following operations: * Getting a policy that includes a conditional role binding * Adding a conditional role binding to a policy * Changing a conditional role binding in a policy * Removing any role binding, with or without a condition, from a policy that includes conditions **Important:** If you use IAM Conditions, you must include the `etag` field whenever you call `setIamPolicy`. If you omit this field, then IAM allows you to overwrite a version `3` policy with a version `1` policy, and all of the conditions in the version `3` policy are lost. If a policy does not include any conditions, operations on that policy may specify any valid version or leave the field unset. To learn which resources support conditions in their IAM policies, see the [IAM documentation](https://cloud.google.com/iam/help/conditions/resource-policies). }
testIamPermissions(resource, body=None, x__xgafv=None)
Returns permissions that a caller has on the specified Project. There are no permissions required for making this API call. Args: resource: string, REQUIRED: The resource for which the policy detail is being requested. See [Resource names](https://cloud.google.com/apis/design/resource_names) for the appropriate value for this field. (required) body: object, The request body. The object takes the form of: { # Request message for `TestIamPermissions` method. "permissions": [ # The set of permissions to check for the `resource`. Permissions with wildcards (such as `*` or `storage.*`) are not allowed. For more information see [IAM Overview](https://cloud.google.com/iam/docs/overview#permissions). "A String", ], } x__xgafv: string, V1 error format. Allowed values 1 - v1 error format 2 - v2 error format Returns: An object of the form: { # Response message for `TestIamPermissions` method. "permissions": [ # A subset of `TestPermissionsRequest.permissions` that the caller is allowed. "A String", ], }