Known issues in Cloud Run

This page lists known issues, limitations, and unsupported features in Cloud Run.

You can also check for existing issues or open new issues in the public issue trackers.

To troubleshoot common errors, see troubleshoot errors.

Known issues

The following are general known issues in Cloud Run.

Cloud Run job tasks might be spuriously marked as retried

In some situations, a task can be marked as having been retried, when in fact the task succeeded on its first try. Until this issue is resolved, Google recommends keeping the --max-retries parameter set to 3 or higher to avoid spurious execution failures.

File descriptor limits

The maximum limit of file descriptors for Cloud Run first and second generation environments is 25000 per instance. This is a hard limit. If you exceed the limit your instance might run out of sockets.

Volume Mounts are incompatible with Config Connector

If you deploy your Cloud Run service or job with Config Connector, your volume mounts won't be persisted next time you deploy. You may also experience issues using Config Connector with services or jobs that have volume mounts already applied.

Execution environments known issues

The following are known issues for execution environments.

HOME environment variable is set to /home in first generation execution environment

The Cloud Run first generation execution environment sets the HOME environment variable to /home. The second generation execution environment sets the HOME variable to the value in /etc/passwd for the running user or falls back to /home if the /etc/passwd doesn't exist or the user cannot be found in /etc/passwd.

You can't mount secrets on /tmp in first generation execution environment

If you use first generation execution environment, you cannot mount secrets on /tmp directly. However, you can mount secrets on any subdirectory of /tmp.

Networking known issues

The following are networking known issues.

Restricted subnet when accessing VPC network destinations

If you access any destination through a private IP, the destination cannot be on the subnet 192.168.1.0/24. Using this subnet prevents any Cloud Run services that use the second generation execution environment and any Cloud Run jobs from communicating with the destination.

VPC network egress does not support IPv6

You cannot use IPv6 when sending traffic through Direct VPC egress or Serverless VPC Access connectors. Note that IPv6 is supported when accessing non-VPC endpoints while vpc-egress is set to private-ranges-only.

IP addresses not clearly identified when in use by serverless

When using Direct VPC egress, IP addresses reserved by Cloud Run are identified as in use by "None" rather than by "Serverless" when viewing the IP addresses page in the Google Cloud console.

Sending and receiving requests known issues

The following are known issues related to sending and receiving requests.

Unsupported HTTP request methods

Requests with HTTP methods TRACE and CONNECT are not supported and therefore are not received by services running on Cloud Run.

High request latency with custom domains when invoking from some regions

Requests to Cloud Run services using custom domains can have a very high latency from some locations. This issue is more pronounced for Cloud Run services in asia-northeast1 and us-east4. If you observe this issue, you can achieve greater performance with Cloud Load Balancing using a serverless NEG.

Sometimes a request might be sent to instances before startup probe results are known

A request sent to the service endpoint might be used to start a Cloud Run instance, and that request can be assigned to the instance before the startup probe results are known. If the probe passes, then the request will begin to be processed by that instance at the receiveTimestamp listed in the Cloud Run request log. If the probe fails, then failure will be logged without ever entering the service's code.

Unsupported service and features

The following are not supported when using Cloud Run.

Google Cloud services

The following table lists services that are not yet supported by Cloud Run.

Service Notes
Web Security Scanner
Container Threat Detection

HTTP/2 Push

Cloud Run supports HTTP/2, but not HTTP/2 Server Push.

Using HTTP/2 behind a classic Application Load Balancer secured with Identity-Aware Proxy

Cloud Run services with HTTP/2 enabled behind a classic Application Load Balancer that are secured with IAP encounter an infinite redirect loop upon request. Google recommends using a global external Application Load Balancer when using an HTTP/2-enabled service secured with IAP. See load balancer modes for more details.

URL known issues

The following are URL known issues.

Reserved URL paths

It is not possible to use the following URL paths:

  • /eventlog
  • Paths starting with /_ah/
  • Some paths ending with z. We recommend avoiding all paths that end in z to not collide with reserved paths.

Some encoded URL characters are decoded

Some encoded characters in URL of Cloud Run services are decoded by Cloud Run before reaching the container instance. For example, %41 is automatically decoded to A.