gcloud alpha run jobs deploy - create or update a Cloud Run job
gcloud alpha run jobs deploy [JOB] [--args=[ARG,...]] [--binary-authorization=POLICY] [--breakglass=JUSTIFICATION] [--command=[COMMAND,...]] [--cpu=CPU] [--execute-now] [--key=KEY] [--labels=[KEY=VALUE,...]] [--max-retries=MAX_RETRIES] [--memory=MEMORY] [--parallelism=PARALLELISM] [--region=REGION] [--service-account=SERVICE_ACCOUNT] [--set-cloudsql-instances=[CLOUDSQL-INSTANCES,...]] [--set-secrets=[KEY=SECRET_NAME:SECRET_VERSION,...]] [--task-timeout=TASK_TIMEOUT] [--tasks=TASKS; default=1] [--vpc-connector=VPC_CONNECTOR] [--vpc-egress=VPC_EGRESS] [--async | --wait] [--clear-env-vars | --env-vars-file=FILE_PATH | --set-env-vars=[KEY=VALUE,...] | --remove-env-vars=[KEY,...] --update-env-vars=[KEY=VALUE,...]] [--image=IMAGE | --source=SOURCE] [GCLOUD_WIDE_FLAG ...]
(ALPHA) Creates or updates a Cloud Run job.
To deploy a new job my-data-transformation to Cloud Run:
$ gcloud alpha run jobs deploy my-data-transformation \ --image=us-docker.pkg.dev/project/image
You may also omit the job name. Then a prompt will be displayed with a suggested default value:
$ gcloud alpha run jobs deploy \ --image=us-docker.pkg.dev/project/image
- Job resource - Job to deploy. This represents a Cloud resource. (NOTE) Some
attributes are not given arguments in this group but can be set in other ways. To set the project attribute:
- —
provide the argument JOB on the command line with a fully specified name;
- —
specify the job name from an interactive prompt with a fully specified name;
- —
provide the argument --project on the command line;
- —
set the property core/project.
- [JOB]
ID of the Job or fully qualified identifier for the Job. To set the jobs attribute:
provide the argument JOB on the command line;
specify the job name from an interactive prompt.
- --args=[ARG,...]
Comma-separated arguments passed to the command run by the container image. If not specified and no '--command' is provided, the container image's default Cmd is used. Otherwise, if not specified, no arguments are passed. To reset this field to its default, pass an empty string.
- --binary-authorization=POLICY
Binary Authorization policy to check against. This must be set to "default".
- --breakglass=JUSTIFICATION
Justification to bypass Binary Authorization policy constraints and allow the operation. See https://cloud.google.com/binary-authorization/docs/using-breakglass for more information. Next update or deploy command will automatically clear existing breakglass justification.
- --command=[COMMAND,...]
Entrypoint for the container image. If not specified, the container image's default Entrypoint is run. To reset this field to its default, pass an empty string.
- --cpu=CPU
Set a CPU limit in Kubernetes cpu units.
Cloud Run (fully managed) supports values 1, 2 and 4. For Cloud Run (fully managed), 4 cpus also requires a minimum 2Gi --memory value. Examples 2, 2.0, 2000m
- --execute-now
Execute the job immediately after creation.
- --key=KEY
CMEK key reference to encrypt the container with.
- --labels=[KEY=VALUE,...]
List of label KEY=VALUE pairs to add.
- --max-retries=MAX_RETRIES
Number of times a task is allowed to restart in case of failure before being failed permanently. This applies per-task, not per-job. If set to 0, tasks will only run once and never be retried on failure.
- --memory=MEMORY
Set a memory limit. Ex: 1024Mi, 4Gi.
- --parallelism=PARALLELISM
Number of tasks that may run concurrently. Must be less than or equal to the number of tasks. Set to 0 to unset.
- --region=REGION
Region in which the resource can be found. Alternatively, set the property [run/region].
- --service-account=SERVICE_ACCOUNT
Service account associated with the revision of the service. The service account represents the identity of the running revision, and determines what permissions the revision has. This is the email address of an IAM service account.
- --set-cloudsql-instances=[CLOUDSQL-INSTANCES,...]
You can specify a name of a Cloud SQL instance if it's in the same project and region as your Cloud Run resource; otherwise specify <project>:<region>:<instance> for the instance.
- --set-secrets=[KEY=SECRET_NAME:SECRET_VERSION,...]
Specify secrets to provide as environment variables. For example: '--set-secrets=ENV=mysecret:latest,OTHER_ENV=othersecret:1' will create an environment variable named ENV whose value is the latest version of secret 'mysecret' and an environment variable OTHER_ENV whose value is version of 1 of secret 'othersecret'.
- --task-timeout=TASK_TIMEOUT
Set the maximum time (deadline) a job task attempt can run for. In the case of retries, this deadline applies to each attempt of a task. If the task attempt does not complete within this time, it will be killed. It is specified as a duration; for example, "10m5s" is ten minutes, and five seconds. If you don't specify a unit, seconds is assumed. For example, "10" is 10 seconds.
- --tasks=TASKS; default=1
Number of tasks that must run to completion for the job to be considered done. Use this flag to trigger multiple runs of the job.
- --vpc-connector=VPC_CONNECTOR
Set a VPC connector for this resource.
- --vpc-egress=VPC_EGRESS
The outbound traffic to send through the VPC connector for this resource. This resource must have a VPC connector to set VPC egress. VPC_EGRESS must be one of:
- all
(DEPRECATED) Sends all outbound traffic through the VPC connector. Provides the same functionality as 'all-traffic'. Prefer to use 'all-traffic' instead.
- all-traffic
Sends all outbound traffic through the VPC connector.
- private-ranges-only
Default option. Sends outbound traffic to private IP addresses defined by RFC1918 through the VPC connector.
- At most one of these can be specified:
- --async
Return immediately, without waiting for the operation in progress to complete.
- --wait
Wait until the execution has completed running before exiting. If not set, gcloud exits successfully when the execution has started. Implies --execute-now.
- At most one of these can be specified:
- --clear-env-vars
Remove all environment variables.
- --env-vars-file=FILE_PATH
Path to a local YAML file with definitions for all environment variables. All existing environment variables will be removed before the new environment variables are added. Example YAML content:
KEY_1: "value1" KEY_2: "value 2"
- --set-env-vars=[KEY=VALUE,...]
List of key-value pairs to set as environment variables. All existing environment variables will be removed first.
- Only --update-env-vars and --remove-env-vars can be used together. If
both are specified, --remove-env-vars will be applied first.
- --remove-env-vars=[KEY,...]
List of environment variables to be removed.
- --update-env-vars=[KEY=VALUE,...]
List of key-value pairs to set as environment variables.
- At most one of these can be specified:
- --image=IMAGE
Name of the container image to deploy (e.g. us-docker.pkg.dev/cloudrun/container/job:latest).
- --source=SOURCE
The location of the source to build. If a Dockerfile is present in the source code directory, it will be built using that Dockerfile, otherwise it will use Google Cloud buildpacks. See https://cloud.google.com/run/docs/deploying-source-code for more details. The location can be a directory on a local disk or a gzipped archive file (.tar.gz) in Google Cloud Storage. If the source is a local directory, this command skips the files specified in the --ignore-file. If --ignore-file is not specified, use.gcloudignore file. If a .gcloudignore file is absent and a .gitignore file is present in the local source directory, gcloud will use a generated Git-compatible .gcloudignore file that respects your .gitignored files. The global .gitignore is not respected. For more information on .gcloudignore, see gcloud topic gcloudignore.
These flags are available to all commands: --access-token-file, --account, --billing-project, --configuration, --flags-file, --flatten, --format, --help, --impersonate-service-account, --log-http, --project, --quiet, --trace-token, --user-output-enabled, --verbosity.
Run $ gcloud help for details.
This command is currently in alpha and might change without notice. If this command fails with API permission errors despite specifying the correct project, you might be trying to access an API with an invitation-only early access allowlist.