Send feedback
Configure a Cloud Run service in Application Design Center
Stay organized with collections
Save and categorize content based on your preferences.
Preview
This product is
subject to the "Pre-GA Offerings Terms" in the General Service Terms section of the
Service Specific
Terms .
Pre-GA products are available "as is" and might have limited support.
For more information, see the
launch stage descriptions .
Cloud Run is a fully managed application platform that lets you run
containers directly on top of Google's scalable infrastructure. For more
information, see Cloud Run overview .
This document describes the connections and parameters you can configure when
using App Design Center to create a Cloud Run service.
The configuration parameters are based on the terraform-google-cloud-run Terraform
module.
Component connections
The following table includes the components that you can connect to a
Cloud Run service, and the resulting updates to your application and
its generated Terraform code.
Connected component
Application updates
Background information
Secret Manager
The Cloud Run service can reference the secret data.
The Secret Manager Secret Data field is referenced by the Cloud Run env_secret_vars field.
The roles/secretmanager.secretAccessor role is added to the Cloud Run service account.
Configure secrets for services
Service account
The Cloud Run service uses the service account as a service identity .
The roles/run.invoker role is added to the service account.
The service account email and IAM information are added to the Cloud Run environment variables.
Authenticating service-to-service
AlloyDB for PostgreSQL
The Cloud Run service can connect to the AlloyDB for PostgreSQL instance.
The AlloyDB for PostgreSQL resource metadata is added to the Cloud Run environment variables.
The AlloyDB for PostgreSQL roles/alloydb.admin role is added to the Cloud Run service account.
Connect from Cloud Run
BigQuery
The Cloud Run service can interact with the BigQuery dataset.
The BigQuery resource metadata is added to the Cloud Run environment variables.
The BigQuery roles/bigquery.dataEditor role is added to the Cloud Run service account.
BigQuery overview
Bigtable
The Cloud Run service can perform administrative functions on the Bigtable instance.
The Bigtable resource metadata information is added to the Cloud Run environment variables.
The roles/bigtable.admin role is added to the Cloud Run service account.
Bigtable overview
Another Cloud Run service
The source Cloud Run service can send traffic to the destination Cloud Run service.
The source Cloud Run service contains the destination Cloud Run service URI in its environment variables.
What is Cloud Run
Cloud SQL (MySQL)
The Cloud Run service can read and write data to the Cloud SQL (MySQL) instance.
The Cloud SQL connection metadata is added to the Cloud Run service.
The roles/cloudsql.instanceUser and roles/cloudsql.client roles are added to the Cloud Run service account.
The Cloud Run service account is added as an IAM user to the Cloud SQL instance.
Connect from Cloud Run
Cloud SQL (PostgreSQL)
The Cloud Run service can read and write data to the Cloud SQL (PostgreSQL) instance.
The Cloud SQL connection metadata is added to the Cloud Run service.
The roles/cloudsql.instanceUser and roles/cloudsql.client roles are added to the Cloud Run service account.
The Cloud Run service account is added as an IAM user to the Cloud SQL instance.
Connect from Cloud Run
Cloud Storage
The Cloud Run service can manage objects in the Cloud Storage bucket.
The Cloud Run service account IAM information is added to the Cloud Storage bucket.
The roles/storage.objectAdmin role is assigned to the Cloud Run service account.
Connect to Google Cloud services
Global Cloud Load Balancing backend
The load balancer can distribute incoming traffic to the Cloud Run service.
The Cloud Run service is added as a backend endpoint in the Cloud Load Balancing serverless NEG backends configuration.
Set up a global external Application Load Balancer with Cloud Run
Memorystore for Redis
The Cloud Run service can cache data in the Memorystore for Redis instance.
The Memorystore for Redis connection information is added to the Cloud Run environment variables.
The roles/redis.editor role is added to the Cloud Run service account.
Connecting to a Redis instance from a Cloud Run service
Pub/Sub
The Cloud Run service can receive messages or publish to the Pub/Sub topic.
The Pub/Sub topic ID is added to the Cloud Run environment variables.
The roles/pubsub.publisher and roles/pubsub.subscriber roles are added to the Cloud Run service account.
The Cloud Run service is added to the Pub/Sub push and pull subscription fields.
Use Pub/Sub with Cloud Run tutorial
Regional Cloud Load Balancing backend
The load balancer can distribute incoming traffic to the Cloud Run service.
The Cloud Run service is added as a backend endpoint in the Cloud Load Balancing serverless NEG backends configuration.
Set up a regional external Application Load Balancer with Cloud Run
Regional Cloud Load Balancing frontend
The HTTP and HTTPS IP addresses of the load balancer are available to the application running in the Cloud Run container.
The Cloud Load Balancing address metadata is added to the Cloud Run environment variables.
Forwarding rules overview
Spanner
The Cloud Run service can manage the Spanner instance.
The Spanner connection details are added to the Cloud Run environment variables.
The roles/spanner.databaseAdmin role is added to the Cloud Run service account.
The Cloud Run service account IAM information is added to the Spanner instance.
Connect to Google Cloud services
Vertex AI
The Cloud Run service can interact with Vertex AI services.
The roles/aiplatform.user role is added to the Cloud Run service account.
Host AI apps and agents on Cloud Run
Required configuration parameters
If your template includes a Cloud Run component, you must configure the
following parameters before you deploy.
Optional configuration parameters
The following parameters are optional. To display advanced parameters, in the
Configuration area, select Show advanced fields .
Feature
Subfeature
Parameter name
Description and constraint information
Background information
Containers
Container Name
name Building containers
Container Image
image Deploying container images to Cloud Run
Working Dir
The container's working directory. If not specified, the container runtime's default is used, which might be configured in the container image.
workingDir
Depends on Container
dependsOn[] Configure container start order for sidecar deployments
Container Args
args[] Configure containers for services
Container Command
command Configure containers for services
Env Vars
Key
name Environment variables for services
Value
value Environment variables for services
Env Secret Vars
Key
EnvVarSource Manage secrets
Secret
secret Manage secrets
Version
version Manage secrets
Volume Mounts
Name
name Connect from Cloud Run
Mount Path
mountPath Connect from Cloud Run
Ports
Name
name Use HTTP/2 for services
Container Port
containerPort Use HTTP/2 for services
Resources
CPU
limits Configure CPU limits for services
Memory
limits Configure memory limits for services
CPU Idle
Whether CPU is only allocated during requests.
cpuIdle
Startup CPU Boost
startupCPUBoost Set startup CPU boost
Startup Probe
Failure Threshold
failureThreshold Configure container health checks for services
Initial Delay Seconds
initialDelaySeconds Configure probes
Timeout Seconds
timeoutSeconds Configure probes
Period Seconds
periodSeconds Configure probes
HTTP Get Path
path Configure probes
HTTP Get Port
port Configure probes
HTTP Headers Name
name Configure probes
HTTP Headers Value
value Configure probes
TCP Socket Port
port The default TCP startup probe
GRPC Port
port Configure probes
GRPC Service
service Configure probes
Liveness Probe
livenessProbe Use cases
Description
description Set service descriptions
Create Service Account
Create a new service account for the Cloud Run service.
Configure service identity for jobs
Service Account Project Roles
Roles to grant to the newly created service account. Enable Create Service Account and don't provide input for Service Account .
Configure service identity for jobs
Ingress
IngressTraffic Restrict network ingress for Cloud Run
Members
Users and service accounts that can invoke the service. For public access, enter allUsers. For access by logged-in Google users, enter allAuthenticatedUsers, or enter a list of specific users and service accounts. For more information, see members .
Configure service identity for jobs
VPC Access
Connector
connector VPC with connectors
Egress egress Control egress service traffic
Network Interfaces
Network network Deploy a service
Subnetwork subnetwork Deploy a service
Tags tags Deploy a service
Cloud Run Deletion Protection
Prevents Terraform from destroying or recreating Cloud Run jobs and services.
deletion_protection
Enable Prometheus Sidecar
Enable Promethus sidecar in the Cloud Run instance.
Write Prometheus metrics by using the Prometheus sidecar
Volumes
Name
name Configure an in-memory volume
Secret
Secret secret Make a secret accessible to Cloud Run
Default Mode defaultMode
Path path Make a secret available to Cloud Run
Version version Make a secret available to Cloud Run
Mode mode Make a secret available to Cloud Run
Cloud SQL Instance
Instances instances[] Connect from Cloud Run
Empty Dir
Medium medium Configure in-memory volume mounts for services
Size Limit sizeLimit Configure in-memory volume mounts for services
GCS
Bucket bucket Configure Cloud Storage volume mounts for services
Read Only readOnly Configure Cloud Storage volume mounts for services
NFS
Server server Configure NFS volume mounts for services
Path path Configure NFS volume mounts for services
Read Only readOnly Configure NFS volume mounts for services
Service Scaling
Min Instance Count
minInstanceCount Set minimum instances for services
Revision
revision Cloud Run service revisions
Template Scaling
Min Instance Count
minInstanceCount Set minimum instances for services
Max Instance Count maxInstanceCount About maximum instances
Encryption Key
encryptionKey Using customer managed encryption keys
Max Instance Request Concurrency
maxInstanceRequestConcurrency Maximum concurrent requests for services
Session Affinity
sessionAffinity Set session affinity for services
Execution Environment
executionEnvironment About service execution environments
Traffic
Type
type Rollbacks, gradual rollouts, and traffic migration
Percent percent Rollbacks, gradual rollouts, and traffic migration
Revision revision Rollbacks, gradual rollouts, and traffic migration
Tag tag Rollbacks, gradual rollouts, and traffic migration
Service Labels
Key
labels Configure labels for services
Value labels Configure labels for services
Service Annotations
Key
annotations annotations
Value annotations annotations
Client
Name
Arbitrary identifier for the API client.
client
Version Arbitrary identifier for the version identifier.
clientVersion
Launch Stage
LaunchStage Product launch stages
Custom Audiences
customAudience Set custom audiences for services
Binary Authorization
Breakglass Justification
breakglassJustification Use breakglass
Use Default useDefault Use Binary Authorization
Template Labels
Key
labels Configuring labels for services
Value labels Configuring labels for services
Template Annotations
Key
annotations annotations
Value annotations annotations
Timeout
timeout Set request timeout for services
Service Account
serviceAccount Configure service identity for services
Send feedback
Except as otherwise noted, the content of this page is licensed under the Creative Commons Attribution 4.0 License , and code samples are licensed under the Apache 2.0 License . For details, see the Google Developers Site Policies . Java is a registered trademark of Oracle and/or its affiliates.
Last updated 2025-10-01 UTC.
Need to tell us more?
[[["Easy to understand","easyToUnderstand","thumb-up"],["Solved my problem","solvedMyProblem","thumb-up"],["Other","otherUp","thumb-up"]],[["Hard to understand","hardToUnderstand","thumb-down"],["Incorrect information or sample code","incorrectInformationOrSampleCode","thumb-down"],["Missing the information/samples I need","missingTheInformationSamplesINeed","thumb-down"],["Other","otherDown","thumb-down"]],["Last updated 2025-10-01 UTC."],[],[],null,[]]
