File: //snap/google-cloud-cli/current/help/man/man1/gcloud_alpha_functions_deploy.1
.TH "GCLOUD_ALPHA_FUNCTIONS_DEPLOY" 1
.SH "NAME"
.HP
gcloud alpha functions deploy \- create or update a Google Cloud Function
.SH "SYNOPSIS"
.HP
\f5gcloud alpha functions deploy\fR (\fINAME\fR\ :\ \fB\-\-region\fR=\fIREGION\fR) [\fB\-\-[no\-]allow\-unauthenticated\fR] [\fB\-\-buildpack\-stack\fR=\fIBUILDPACK_STACK\fR] [\fB\-\-concurrency\fR=\fICONCURRENCY\fR] [\fB\-\-docker\-registry\fR=\fIDOCKER_REGISTRY\fR] [\fB\-\-egress\-settings\fR=\fIEGRESS_SETTINGS\fR] [\fB\-\-entry\-point\fR=\fIENTRY_POINT\fR] [\fB\-\-gen2\fR] [\fB\-\-ignore\-file\fR=\fIIGNORE_FILE\fR] [\fB\-\-ingress\-settings\fR=\fIINGRESS_SETTINGS\fR] [\fB\-\-retry\fR] [\fB\-\-run\-service\-account\fR=\fIRUN_SERVICE_ACCOUNT\fR] [\fB\-\-runtime\fR=\fIRUNTIME\fR] [\fB\-\-runtime\-update\-policy\fR=\fIRUNTIME_UPDATE_POLICY\fR] [\fB\-\-security\-level\fR=\fISECURITY_LEVEL\fR;\ default="secure\-always"] [\fB\-\-serve\-all\-traffic\-latest\-revision\fR] [\fB\-\-service\-account\fR=\fISERVICE_ACCOUNT\fR] [\fB\-\-source\fR=\fISOURCE\fR] [\fB\-\-stage\-bucket\fR=\fISTAGE_BUCKET\fR] [\fB\-\-timeout\fR=\fITIMEOUT\fR] [\fB\-\-trigger\-location\fR=\fITRIGGER_LOCATION\fR] [\fB\-\-trigger\-service\-account\fR=\fITRIGGER_SERVICE_ACCOUNT\fR] [\fB\-\-update\-labels\fR=[\fIKEY\fR=\fIVALUE\fR,...]] [\fB\-\-binary\-authorization\fR=\fIBINARY_AUTHORIZATION\fR\ |\ \fB\-\-clear\-binary\-authorization\fR] [\fB\-\-build\-env\-vars\-file\fR=\fIFILE_PATH\fR\ |\ \fB\-\-clear\-build\-env\-vars\fR\ |\ \fB\-\-set\-build\-env\-vars\fR=[\fIKEY\fR=\fIVALUE\fR,...]\ |\ \fB\-\-remove\-build\-env\-vars\fR=[\fIKEY\fR,...]\ \fB\-\-update\-build\-env\-vars\fR=[\fIKEY\fR=\fIVALUE\fR,...]] [\fB\-\-build\-service\-account\fR=\fIBUILD_SERVICE_ACCOUNT\fR\ |\ \fB\-\-clear\-build\-service\-account\fR] [\fB\-\-build\-worker\-pool\fR=\fIBUILD_WORKER_POOL\fR\ |\ \fB\-\-clear\-build\-worker\-pool\fR] [\fB\-\-clear\-docker\-repository\fR\ |\ \fB\-\-docker\-repository\fR=\fIDOCKER_REPOSITORY\fR] [\fB\-\-clear\-env\-vars\fR\ |\ \fB\-\-env\-vars\-file\fR=\fIFILE_PATH\fR\ |\ \fB\-\-set\-env\-vars\fR=[\fIKEY\fR=\fIVALUE\fR,...]\ |\ \fB\-\-remove\-env\-vars\fR=[\fIKEY\fR,...]\ \fB\-\-update\-env\-vars\fR=[\fIKEY\fR=\fIVALUE\fR,...]] [\fB\-\-clear\-kms\-key\fR\ |\ \fB\-\-kms\-key\fR=\fIKMS_KEY\fR] [\fB\-\-clear\-labels\fR\ |\ \fB\-\-remove\-labels\fR=[\fIKEY\fR,...]] [\fB\-\-clear\-max\-instances\fR\ |\ \fB\-\-max\-instances\fR=\fIMAX_INSTANCES\fR] [\fB\-\-clear\-min\-instances\fR\ |\ \fB\-\-min\-instances\fR=\fIMIN_INSTANCES\fR] [\fB\-\-clear\-secrets\fR\ |\ \fB\-\-set\-secrets\fR=[\fISECRET_ENV_VAR\fR=\fISECRET_VALUE_REF\fR,/\fIsecret_path\fR=\fISECRET_VALUE_REF\fR,/\fImount_path\fR:/\fIsecret_file_path\fR=\fISECRET_VALUE_REF\fR,...]\ |\ \fB\-\-remove\-secrets\fR=[\fISECRET_ENV_VAR\fR,/\fIsecret_path\fR,/\fImount_path\fR:/\fIsecret_file_path\fR,...]\ \fB\-\-update\-secrets\fR=[\fISECRET_ENV_VAR\fR=\fISECRET_VALUE_REF\fR,/\fIsecret_path\fR=\fISECRET_VALUE_REF\fR,/\fImount_path\fR:/\fIsecret_file_path\fR=\fISECRET_VALUE_REF\fR,...]] [\fB\-\-clear\-vpc\-connector\fR\ |\ \fB\-\-vpc\-connector\fR=\fIVPC_CONNECTOR\fR] [\fB\-\-memory\fR=\fIMEMORY\fR\ :\ \fB\-\-cpu\fR=\fICPU\fR] [\fB\-\-trigger\-bucket\fR=\fITRIGGER_BUCKET\fR\ |\ \fB\-\-trigger\-http\fR\ |\ \fB\-\-trigger\-topic\fR=\fITRIGGER_TOPIC\fR\ |\ \fB\-\-trigger\-event\fR=\fIEVENT_TYPE\fR\ \fB\-\-trigger\-resource\fR=\fIRESOURCE\fR\ |\ \fB\-\-trigger\-event\-filters\fR=[\fIATTRIBUTE\fR=\fIVALUE\fR,...]\ \fB\-\-trigger\-event\-filters\-path\-pattern\fR=[\fIATTRIBUTE\fR=\fIPATH_PATTERN\fR,...]] [\fIGCLOUD_WIDE_FLAG\ ...\fR]
.SH "DESCRIPTION"
\fB(ALPHA)\fR Create or update a Google Cloud Function.
.SH "EXAMPLES"
To deploy a function that is triggered by write events on the document
\f5\fI/messages/{pushId}\fR\fR, run:
.RS 2m
$ gcloud alpha functions deploy my_function \-\-runtime=python37 \e
\-\-trigger\-event=providers/cloud.firestore/eventTypes/\e
document.write \e
\-\-trigger\-resource=projects/project_id/databases/(default)/\e
documents/messages/{pushId}
.RE
See https://cloud.google.com/functions/docs/calling for more details of using
other types of resource as triggers.
.SH "POSITIONAL ARGUMENTS"
.RS 2m
.TP 2m
Function resource \- The Cloud Function name to deploy. The arguments in this
group can be used to specify the attributes of this resource. (NOTE) Some
attributes are not given arguments in this group but can be set in other ways.
To set the \f5project\fR attribute:
.RS 2m
.IP "\(em" 2m
provide the argument \f5NAME\fR on the command line with a fully specified name;
.IP "\(em" 2m
provide the argument \f5\-\-project\fR on the command line;
.IP "\(em" 2m
set the property \f5core/project\fR.
.RE
.sp
This must be specified.
.RS 2m
.TP 2m
\fINAME\fR
ID of the function or fully qualified identifier for the function.
To set the \f5function\fR attribute:
.RS 2m
.IP "\(bu" 2m
provide the argument \f5NAME\fR on the command line.
.RE
.sp
This positional argument must be specified if any of the other arguments in this
group are specified.
.TP 2m
\fB\-\-region\fR=\fIREGION\fR
The Cloud region for the function. Overrides the default \f5functions/region\fR
property value for this command invocation.
To set the \f5region\fR attribute:
.RS 2m
.IP "\(bu" 2m
provide the argument \f5NAME\fR on the command line with a fully specified name;
.IP "\(bu" 2m
provide the argument \f5\-\-region\fR on the command line;
.IP "\(bu" 2m
set the property \f5functions/region\fR.
.RE
.sp
.RE
.RE
.sp
.SH "FLAGS"
.RS 2m
.TP 2m
\fB\-\-[no\-]allow\-unauthenticated\fR
If set, makes this a public function. This will allow all callers, without
checking authentication. Use \fB\-\-allow\-unauthenticated\fR to enable and
\fB\-\-no\-allow\-unauthenticated\fR to disable.
.TP 2m
\fB\-\-buildpack\-stack\fR=\fIBUILDPACK_STACK\fR
Specifies one of the Google provided buildpack stacks.
.TP 2m
\fB\-\-concurrency\fR=\fICONCURRENCY\fR
Set the maximum number of concurrent requests allowed per container instance.
Leave concurrency unspecified to receive the server default value.
.TP 2m
\fB\-\-docker\-registry\fR=\fIDOCKER_REGISTRY\fR
(DEPRECATED) Docker Registry to use for storing the function's Docker images.
The option \f5artifact\-registry\fR is used by default.
.RS 2m
With the general transition from Container Registry to
Artifact Registry, the option to specify docker registry is deprecated.
All container image storage and management will automatically
transition to Artifact Registry.
For more information, see
https://cloud.google.com/artifact\-registry/docs/transition/transition\-from\-gcr
.RE
\fIDOCKER_REGISTRY\fR must be one of: \fBartifact\-registry\fR,
\fBcontainer\-registry\fR.
.TP 2m
\fB\-\-egress\-settings\fR=\fIEGRESS_SETTINGS\fR
Egress settings controls what traffic is diverted through the VPC Access
Connector resource. By default \f5private\-ranges\-only\fR will be used.
\fIEGRESS_SETTINGS\fR must be one of: \fBprivate\-ranges\-only\fR, \fBall\fR.
.TP 2m
\fB\-\-entry\-point\fR=\fIENTRY_POINT\fR
Name of a Google Cloud Function (as defined in source code) that will be
executed. Defaults to the resource name suffix (ID of the function), if not
specified.
.TP 2m
\fB\-\-gen2\fR
If enabled, this command will use Cloud Functions (Second generation). If
disabled with \f5\-\-no\-gen2\fR, Cloud Functions (First generation) will be
used. If not specified, the value of this flag will be taken from the
\f5functions/gen2\fR configuration property. If the \f5functions/gen2\fR
configuration property is not set, defaults to looking up the given function and
using its generation.
.TP 2m
\fB\-\-ignore\-file\fR=\fIIGNORE_FILE\fR
Override the .gcloudignore file in the source directory and use the specified
file instead. By default, the source directory is your current directory. Note
that it could be changed by the \-\-source flag, in which case your
.gcloudignore file will be searched in the overridden directory. For example,
\f5\-\-ignore\-file=.mygcloudignore\fR combined with \f5\-\-source=./mydir\fR
would point to \f5./mydir/.mygcloudignore\fR
.TP 2m
\fB\-\-ingress\-settings\fR=\fIINGRESS_SETTINGS\fR
Ingress settings controls what traffic can reach the function. By default
\f5all\fR will be used. \fIINGRESS_SETTINGS\fR must be one of: \fBall\fR,
\fBinternal\-only\fR, \fBinternal\-and\-gclb\fR.
.TP 2m
\fB\-\-retry\fR
If specified, then the function will be retried in case of a failure.
.TP 2m
\fB\-\-run\-service\-account\fR=\fIRUN_SERVICE_ACCOUNT\fR
The email address of the IAM service account associated with the Cloud Run
service for the function. The service account represents the identity of the
running function, and determines what permissions the function has.
If not provided, the function will use the project's default service account for
Compute Engine.
.TP 2m
\fB\-\-runtime\fR=\fIRUNTIME\fR
Runtime in which to run the function.
Required when deploying a new function; optional when updating an existing
function.
For a list of available runtimes, run \f5gcloud functions runtimes list\fR.
.TP 2m
\fB\-\-runtime\-update\-policy\fR=\fIRUNTIME_UPDATE_POLICY\fR
Runtime update policy for the function being deployed. The option
\f5automatic\fR is used by default. \fIRUNTIME_UPDATE_POLICY\fR must be one of:
\fBautomatic\fR, \fBon\-deploy\fR.
.TP 2m
\fB\-\-security\-level\fR=\fISECURITY_LEVEL\fR; default="secure\-always"
Security level controls whether a function's URL supports HTTPS only or both
HTTP and HTTPS. By default, \f5secure\-always\fR will be used, meaning only
HTTPS is supported. \fISECURITY_LEVEL\fR must be one of: \fBsecure\-always\fR,
\fBsecure\-optional\fR.
.TP 2m
\fB\-\-serve\-all\-traffic\-latest\-revision\fR
If specified, latest function revision will be served all traffic.
.TP 2m
\fB\-\-service\-account\fR=\fISERVICE_ACCOUNT\fR
The email address of the IAM service account associated with the function at
runtime. The service account represents the identity of the running function,
and determines what permissions the function has.
If not provided, the function will use the project's default service account for
Compute Engine.
.TP 2m
\fB\-\-source\fR=\fISOURCE\fR
Location of source code to deploy.
Location of the source can be one of the following three options:
.RS 2m
.IP "\(em" 2m
Source code in Google Cloud Storage (must be a \f5.zip\fR archive),
.IP "\(em" 2m
Reference to source repository or,
.IP "\(em" 2m
Local filesystem path (root directory of function source).
.RE
.sp
Note that, depending on your runtime type, Cloud Functions will look for files
with specific names for deployable functions. For Node.js, these filenames are
\f5index.js\fR or \f5function.js\fR. For Python, this is \f5main.py\fR.
If you do not specify the \f5\-\-source\fR flag:
.RS 2m
.IP "\(em" 2m
The current directory will be used for new function deployments.
.IP "\(em" 2m
If the function was previously deployed using a local filesystem path, then the
function's source code will be updated using the current directory.
.IP "\(em" 2m
If the function was previously deployed using a Google Cloud Storage location or
a source repository, then the function's source code will not be updated.
.RE
.sp
The value of the flag will be interpreted as a Cloud Storage location, if it
starts with \f5gs://\fR.
The value will be interpreted as a reference to a source repository, if it
starts with \f5https://\fR.
Otherwise, it will be interpreted as the local filesystem path. When deploying
source from the local filesystem, this command skips files specified in the
\f5.gcloudignore\fR file (see \f5gcloud topic gcloudignore\fR for more
information). If the \f5.gcloudignore\fR file doesn't exist, the command will
try to create it.
The minimal source repository URL is:
\f5https://source.developers.google.com/projects/${PROJECT}/repos/${REPO}\fR
By using the URL above, sources from the root directory of the repository on the
revision tagged \f5master\fR will be used.
If you want to deploy from a revision different from \f5master\fR, append one of
the following three sources to the URL:
.RS 2m
.IP "\(em" 2m
\f5/revisions/${REVISION}\fR,
.IP "\(em" 2m
\f5/moveable\-aliases/${MOVEABLE_ALIAS}\fR,
.IP "\(em" 2m
\f5/fixed\-aliases/${FIXED_ALIAS}\fR.
.RE
.sp
If you'd like to deploy sources from a directory different from the root, you
must specify a revision, a moveable alias, or a fixed alias, as above, and
append \f5/paths/${PATH_TO_SOURCES_DIRECTORY}\fR to the URL.
Overall, the URL should match the following regular expression:
.RS 2m
^https://source\e.developers\e.google\e.com/projects/
(?<accountId>[^/]+)/repos/(?<repoName>[^/]+)
(((/revisions/(?<commit>[^/]+))|(/moveable\-aliases/(?<branch>[^/]+))|
(/fixed\-aliases/(?<tag>[^/]+)))(/paths/(?<path>.*))?)?$
.RE
An example of a validly formatted source repository URL is:
.RS 2m
https://source.developers.google.com/projects/123456789/repos/testrepo/
moveable\-aliases/alternate\-branch/paths/path\-to=source
.RE
.TP 2m
\fB\-\-stage\-bucket\fR=\fISTAGE_BUCKET\fR
When deploying a function from a local directory, this flag's value is the name
of the Google Cloud Storage bucket in which source code will be stored. Note
that if you set the \f5\-\-stage\-bucket\fR flag when deploying a function, you
will need to specify \f5\-\-source\fR or \f5\-\-stage\-bucket\fR in subsequent
deployments to update your source code. To use this flag successfully, the
account in use must have permissions to write to this bucket. For help granting
access, refer to this guide:
https://cloud.google.com/storage/docs/access\-control/
.TP 2m
\fB\-\-timeout\fR=\fITIMEOUT\fR
The function execution timeout, e.g. 30s for 30 seconds. Defaults to original
value for existing function or 60 seconds for new functions.
For GCF 1st gen functions, cannot be more than 540s.
For GCF 2nd gen functions, cannot be more than 3600s.
See $ gcloud topic datetimes for information on duration formats.
.TP 2m
\fB\-\-trigger\-location\fR=\fITRIGGER_LOCATION\fR
The location of the trigger, which must be a region or multi\-region where the
relevant events originate.
.TP 2m
\fB\-\-trigger\-service\-account\fR=\fITRIGGER_SERVICE_ACCOUNT\fR
The email address of the IAM service account associated with the Eventarc
trigger for the function. This is used for authenticated invocation.
If not provided, the function will use the project's default service account for
Compute Engine.
.TP 2m
\fB\-\-update\-labels\fR=[\fIKEY\fR=\fIVALUE\fR,...]
List of label KEY=VALUE pairs to update. If a label exists, its value is
modified. Otherwise, a new label is created.
Keys must start with a lowercase character and contain only hyphens (\f5\-\fR),
underscores (\f5_\fR), lowercase characters, and numbers. Values must contain
only hyphens (\f5\-\fR), underscores (\f5_\fR), lowercase characters, and
numbers.
Label keys starting with \f5deployment\fR are reserved for use by deployment
tools and cannot be specified manually.
.TP 2m
At most one of these can be specified:
.RS 2m
.TP 2m
\fB\-\-binary\-authorization\fR=\fIBINARY_AUTHORIZATION\fR
Name of the Binary Authorization policy that the function image should be
checked against when deploying to Cloud Run.
Example: default
The flag is only applicable to 2nd gen functions.
.TP 2m
\fB\-\-clear\-binary\-authorization\fR
Clears the Binary Authorization policy field.
.RE
.sp
.TP 2m
At most one of these can be specified:
.RS 2m
.TP 2m
\fB\-\-build\-env\-vars\-file\fR=\fIFILE_PATH\fR
Path to a local YAML file with definitions for all build environment variables.
All existing build environment variables will be removed before the new build
environment variables are added.
.TP 2m
\fB\-\-clear\-build\-env\-vars\fR
Remove all build environment variables.
.TP 2m
\fB\-\-set\-build\-env\-vars\fR=[\fIKEY\fR=\fIVALUE\fR,...]
List of key\-value pairs to set as build environment variables. All existing
build environment variables will be removed first.
.TP 2m
Only \-\-update\-build\-env\-vars and \-\-remove\-build\-env\-vars can be used
together. If both are specified, \-\-remove\-build\-env\-vars will be applied
first.
.RS 2m
.TP 2m
\fB\-\-remove\-build\-env\-vars\fR=[\fIKEY\fR,...]
List of build environment variables to be removed.
.TP 2m
\fB\-\-update\-build\-env\-vars\fR=[\fIKEY\fR=\fIVALUE\fR,...]
List of key\-value pairs to set as build environment variables.
.RE
.RE
.sp
.TP 2m
At most one of these can be specified:
.RS 2m
.TP 2m
\fB\-\-build\-service\-account\fR=\fIBUILD_SERVICE_ACCOUNT\fR
IAM service account whose credentials will be used for the build step. Must be
of the format projects/${PROJECT_ID}/serviceAccounts/${ACCOUNT_EMAIL_ADDRESS}.
If not provided, the function will use the project's default service account for
Cloud Build.
.TP 2m
\fB\-\-clear\-build\-service\-account\fR
Clears the build service account field.
.RE
.sp
.TP 2m
At most one of these can be specified:
.RS 2m
.TP 2m
\fB\-\-build\-worker\-pool\fR=\fIBUILD_WORKER_POOL\fR
Name of the Cloud Build Custom Worker Pool that should be used to build the
function. The format of this field is
\f5projects/${PROJECT}/locations/${LOCATION}/workerPools/${WORKERPOOL}\fR where
${PROJECT} is the project id and ${LOCATION} is the location where the worker
pool is defined and ${WORKERPOOL} is the short name of the worker pool.
.TP 2m
\fB\-\-clear\-build\-worker\-pool\fR
Clears the Cloud Build Custom Worker Pool field.
.RE
.sp
.TP 2m
At most one of these can be specified:
.RS 2m
.TP 2m
\fB\-\-clear\-docker\-repository\fR
Clears the Docker repository configuration of the function.
.TP 2m
\fB\-\-docker\-repository\fR=\fIDOCKER_REPOSITORY\fR
Sets the Docker repository to be used for storing the Cloud Function's Docker
images while the function is being deployed. \f5DOCKER_REPOSITORY\fR must be an
Artifact Registry Docker repository present in the \f5same\fR project and
location as the Cloud Function.
**Preview:** for 2nd gen functions, a Docker Artifact registry repository in a
different project and/or location may be used. Additional requirements apply,
see https://cloud.google.com/functions/docs/building#image_registry
The repository name should match one of these patterns:
.RS 2m
.IP "\(bu" 2m
\f5projects/${PROJECT}/locations/${LOCATION}/repositories/${REPOSITORY}\fR,
.IP "\(bu" 2m
\f5{LOCATION}\-docker.pkg.dev/{PROJECT}/{REPOSITORY}\fR.
.RE
.sp
where \f5${PROJECT}\fR is the project, \f5${LOCATION}\fR is the location of the
repository and \f5${REPOSITORY}\fR is a valid repository ID.
.RE
.sp
.TP 2m
At most one of these can be specified:
.RS 2m
.TP 2m
\fB\-\-clear\-env\-vars\fR
Remove all environment variables.
.TP 2m
\fB\-\-env\-vars\-file\fR=\fIFILE_PATH\fR
Path to a local YAML file with definitions for all environment variables. All
existing environment variables will be removed before the new environment
variables are added.
.TP 2m
\fB\-\-set\-env\-vars\fR=[\fIKEY\fR=\fIVALUE\fR,...]
List of key\-value pairs to set as environment variables. All existing
environment variables will be removed first.
.TP 2m
Only \-\-update\-env\-vars and \-\-remove\-env\-vars can be used together. If
both are specified, \-\-remove\-env\-vars will be applied first.
.RS 2m
.TP 2m
\fB\-\-remove\-env\-vars\fR=[\fIKEY\fR,...]
List of environment variables to be removed.
.TP 2m
\fB\-\-update\-env\-vars\fR=[\fIKEY\fR=\fIVALUE\fR,...]
List of key\-value pairs to set as environment variables.
.RE
.RE
.sp
.TP 2m
At most one of these can be specified:
.RS 2m
.TP 2m
\fB\-\-clear\-kms\-key\fR
Clears the KMS crypto key used to encrypt the function.
.TP 2m
\fB\-\-kms\-key\fR=\fIKMS_KEY\fR
Sets the user managed KMS crypto key used to encrypt the Cloud Function and its
resources.
The KMS crypto key name should match the pattern
\f5projects/${PROJECT}/locations/${LOCATION}/keyRings/${KEYRING}/cryptoKeys/${CRYPTOKEY}\fR
where ${PROJECT} is the project, ${LOCATION} is the location of the key ring,
and ${KEYRING} is the key ring that contains the ${CRYPTOKEY} crypto key.
If this flag is set, then a Docker repository created in Artifact Registry must
be specified using the \f5\-\-docker\-repository\fR flag and the repository must
be encrypted using the \f5same\fR KMS key.
.RE
.sp
.TP 2m
At most one of these can be specified:
.RS 2m
.TP 2m
\fB\-\-clear\-labels\fR
Remove all labels. If \f5\-\-update\-labels\fR is also specified then
\f5\-\-clear\-labels\fR is applied first.
For example, to remove all labels:
.RS 2m
$ gcloud alpha functions deploy \-\-clear\-labels
.RE
To remove all existing labels and create two new labels, \f5\fIfoo\fR\fR and
\f5\fIbaz\fR\fR:
.RS 2m
$ gcloud alpha functions deploy \-\-clear\-labels \e
\-\-update\-labels foo=bar,baz=qux
.RE
.TP 2m
\fB\-\-remove\-labels\fR=[\fIKEY\fR,...]
List of label keys to remove. If a label does not exist it is silently ignored.
If \f5\-\-update\-labels\fR is also specified then \f5\-\-update\-labels\fR is
applied first.Label keys starting with \f5deployment\fR are reserved for use by
deployment tools and cannot be specified manually.
.RE
.sp
.TP 2m
At most one of these can be specified:
.RS 2m
.TP 2m
\fB\-\-clear\-max\-instances\fR
Clears the maximum instances setting for the function.
If it's any 2nd gen function or a 1st gen HTTP function, this flag sets maximum
instances to 0, which means there is no limit to maximum instances. If it's an
event\-driven 1st gen function, this flag sets maximum instances to 3000, which
is the default value for 1st gen functions.
.TP 2m
\fB\-\-max\-instances\fR=\fIMAX_INSTANCES\fR
Sets the maximum number of instances for the function. A function execution that
would exceed max\-instances times out.
.RE
.sp
.TP 2m
At most one of these can be specified:
.RS 2m
.TP 2m
\fB\-\-clear\-min\-instances\fR
Clears the minimum instances setting for the function.
.TP 2m
\fB\-\-min\-instances\fR=\fIMIN_INSTANCES\fR
Sets the minimum number of instances for the function. This is helpful for
reducing cold start times. Defaults to zero.
.RE
.sp
.TP 2m
At most one of these can be specified:
.RS 2m
.TP 2m
\fB\-\-clear\-secrets\fR
Remove all secret environment variables and volumes.
.TP 2m
\fB\-\-set\-secrets\fR=[\fISECRET_ENV_VAR\fR=\fISECRET_VALUE_REF\fR,/\fIsecret_path\fR=\fISECRET_VALUE_REF\fR,/\fImount_path\fR:/\fIsecret_file_path\fR=\fISECRET_VALUE_REF\fR,...]
List of secret environment variables and secret volumes to configure. Existing
secrets configuration will be overwritten.
You can reference a secret value referred to as \f5SECRET_VALUE_REF\fR in the
help text in the following ways.
.RS 2m
.IP "\(bu" 2m
Use \f5${SECRET}:${VERSION}\fR if you are referencing a secret in the same
project, where \f5${SECRET}\fR is the name of the secret in secret manager (not
the full resource name) and \f5${VERSION}\fR is the version of the secret which
is either a \f5positive integer\fR or the label \f5latest\fR. For example, use
\f5SECRET_FOO:1\fR to reference version \f51\fR of the secret \f5SECRET_FOO\fR
which exists in the same project as the function.
.RE
.sp
.RS 2m
.IP "\(bu" 2m
Use \f5projects/${PROJECT}/secrets/${SECRET}/versions/${VERSION}\fR or
\f5projects/${PROJECT}/secrets/${SECRET}:${VERSION}\fR to reference a secret
version using the full resource name, where \f5${PROJECT}\fR is either the
project number (\f5preferred\fR) or the project ID of the project which contains
the secret, \f5${SECRET}\fR is the name of the secret in secret manager (not the
full resource name) and \f5${VERSION}\fR is the version of the secret which is
either a \f5positive integer\fR or the label \f5latest\fR. For example, use
\f5projects/1234567890/secrets/SECRET_FOO/versions/1\fR or
\f5projects/project_id/secrets/SECRET_FOO/versions/1\fR to reference version
\f51\fR of the secret \f5SECRET_FOO\fR that exists in the project
\f51234567890\fR or \f5project_id\fR respectively. This format is useful when
the secret exists in a different project.
.RE
.sp
To configure the secret as an environment variable, use
\f5SECRET_ENV_VAR=SECRET_VALUE_REF\fR. To use the value of the secret, read the
environment variable \f5SECRET_ENV_VAR\fR as you would normally do in the
function's programming language.
We recommend using a \f5numeric\fR version for secret environment variables as
any updates to the secret value are not reflected until new clones start.
To mount the secret within a volume use \f5/secret_path=SECRET_VALUE_REF\fR or
\f5/mount_path:/secret_file_path=SECRET_VALUE_REF\fR. To use the value of the
secret, read the file at \f5/secret_path\fR as you would normally do in the
function's programming language.
For example, \f5/etc/secrets/secret_foo=SECRET_FOO:latest\fR or
\f5/etc/secrets:/secret_foo=SECRET_FOO:latest\fR will make the value of the
\f5latest\fR version of the secret \f5SECRET_FOO\fR available in a file
\f5secret_foo\fR under the directory \f5/etc/secrets\fR. \f5/etc/secrets\fR will
be considered as the \f5mount path\fR and will \f5not\fR be available for any
other volume.
We recommend referencing the \f5latest\fR version when using secret volumes so
that the secret's value changes are reflected immediately.
.TP 2m
Only \f5\-\-update\-secrets\fR and \f5\-\-remove\-secrets\fR can be used
together. If both are specified, then \f5\-\-remove\-secrets\fR will be applied
first.
.RS 2m
.TP 2m
\fB\-\-remove\-secrets\fR=[\fISECRET_ENV_VAR\fR,/\fIsecret_path\fR,/\fImount_path\fR:/\fIsecret_file_path\fR,...]
List of secret environment variable names and secret paths to remove.
Existing secrets configuration of secret environment variable names and secret
paths not specified in this list will be preserved.
To remove a secret environment variable, use the name of the environment
variable \f5SECRET_ENV_VAR\fR.
To remove a file within a secret volume or the volume itself, use the secret
path as the key (either \f5/secret_path\fR or
\f5/mount_path:/secret_file_path\fR).
.TP 2m
\fB\-\-update\-secrets\fR=[\fISECRET_ENV_VAR\fR=\fISECRET_VALUE_REF\fR,/\fIsecret_path\fR=\fISECRET_VALUE_REF\fR,/\fImount_path\fR:/\fIsecret_file_path\fR=\fISECRET_VALUE_REF\fR,...]
List of secret environment variables and secret volumes to update. Existing
secrets configuration not specified in this list will be preserved.
.RE
.RE
.sp
.TP 2m
At most one of these can be specified:
.RS 2m
.TP 2m
\fB\-\-clear\-vpc\-connector\fR
Clears the VPC connector field.
.TP 2m
Connector resource \- The VPC Access connector that the function can connect to.
It can be either the fully\-qualified URI, or the short name of the VPC Access
connector resource. If the short name is used, the connector must belong to the
same project. The format of this field is either
\f5projects/${PROJECT}/locations/${LOCATION}/connectors/${CONNECTOR}\fR or
\f5${CONNECTOR}\fR, where \f5${CONNECTOR}\fR is the short name of the VPC Access
connector. This represents a Cloud resource. (NOTE) Some attributes are not
given arguments in this group but can be set in other ways.
To set the \f5project\fR attribute:
.RS 2m
.IP "\(bu" 2m
provide the argument \f5\-\-vpc\-connector\fR on the command line with a fully
specified name;
.IP "\(bu" 2m
provide the argument \f5\-\-project\fR on the command line;
.IP "\(bu" 2m
set the property \f5core/project\fR.
.RE
.sp
To set the \f5region\fR attribute:
.RS 2m
.IP "\(bu" 2m
provide the argument \f5\-\-vpc\-connector\fR on the command line with a fully
specified name;
.IP "\(bu" 2m
provide the argument \f5\-\-region\fR on the command line;
.IP "\(bu" 2m
set the property \f5functions/region\fR.
.RE
.sp
.RS 2m
.TP 2m
\fB\-\-vpc\-connector\fR=\fIVPC_CONNECTOR\fR
ID of the connector or fully qualified identifier for the connector.
To set the \f5connector\fR attribute:
.RS 2m
.IP "\(em" 2m
provide the argument \f5\-\-vpc\-connector\fR on the command line.
.RE
.sp
.RE
.RE
.sp
.TP 2m
\fB\-\-memory\fR=\fIMEMORY\fR
Limit on the amount of memory the function can use.
Allowed values for v1 are: 128MB, 256MB, 512MB, 1024MB, 2048MB, 4096MB, and
8192MB.
Allowed values for GCF 2nd gen are in the format: <number><unit> with allowed
units of "k", "M", "G", "Ki", "Mi", "Gi". Ending 'b' or 'B' is allowed, but both
are interpreted as bytes as opposed to bits.
Examples: 1000000K, 1000000Ki, 256Mb, 512M, 1024Mi, 2G, 4Gi.
By default, a new function is limited to 256MB of memory. When deploying an
update to an existing function, the function keeps its old memory limit unless
you specify this flag.
.TP 2m
\fB\-\-cpu\fR=\fICPU\fR
The number of available CPUs to set. Only valid when \f5\-\-memory=MEMORY\fR is
specified.
Examples: .5, 2, 2.0, 2000m.
By default, a new function's available CPUs is determined based on its memory
value.
When deploying an update that includes memory changes to an existing function,
the function's available CPUs will be recalculated based on the new memory
unless this flag is specified. When deploying an update that does not include
memory changes to an existing function, the function's "available CPUs" setting
will keep its old value unless you use this flag to change the setting.
.TP 2m
If you don't specify a trigger when deploying an update to an existing function
it will keep its current trigger. You must specify one of the following when
deploying a new function:
.RS 2m
.IP "\(em" 2m
\f5\-\-trigger\-topic\fR,
.IP "\(em" 2m
\f5\-\-trigger\-bucket\fR,
.IP "\(em" 2m
\f5\-\-trigger\-http\fR,
.IP "\(em" 2m
\f5\-\-trigger\-event\fR AND \f5\-\-trigger\-resource\fR,
.IP "\(em" 2m
\f5\-\-trigger\-event\-filters\fR and optionally
\f5\-\-trigger\-event\-filters\-path\-pattern\fR.
.RE
.sp
At most one of these can be specified:
.RS 2m
.TP 2m
\fB\-\-trigger\-bucket\fR=\fITRIGGER_BUCKET\fR
Google Cloud Storage bucket name. Trigger the function when an object is created
or overwritten in the specified Cloud Storage bucket.
.TP 2m
\fB\-\-trigger\-http\fR
Function will be assigned an endpoint, which you can view by using the
\f5describe\fR command. Any HTTP request (of a supported type) to the endpoint
will trigger function execution. Supported HTTP request types are: POST, PUT,
GET, DELETE, and OPTIONS.
.TP 2m
\fB\-\-trigger\-topic\fR=\fITRIGGER_TOPIC\fR
Name of Pub/Sub topic. Every message published in this topic will trigger
function execution with message contents passed as input data. Note that this
flag does not accept the format of projects/PROJECT_ID/topics/TOPIC_ID. Use this
flag to specify the final element TOPIC_ID. The PROJECT_ID will be read from the
active configuration.
.TP 2m
\fB\-\-trigger\-event\fR=\fIEVENT_TYPE\fR
Specifies which action should trigger the function. For a list of acceptable
values, call \f5gcloud functions event\-types list\fR.
.TP 2m
\fB\-\-trigger\-resource\fR=\fIRESOURCE\fR
Specifies which resource from \f5\-\-trigger\-event\fR is being observed. E.g.
if \f5\-\-trigger\-event\fR is
\f5providers/cloud.storage/eventTypes/object.change\fR,
\f5\-\-trigger\-resource\fR must be a bucket name. For a list of expected
resources, call \f5gcloud functions event\-types list\fR.
.TP 2m
\fB\-\-trigger\-event\-filters\fR=[\fIATTRIBUTE\fR=\fIVALUE\fR,...]
The Eventarc matching criteria for the trigger. The criteria can be specified
either as a single comma\-separated argument or as multiple arguments. The
filters must include the \f5\fItype\fR\fR attribute, as well as any other
attributes that are expected for the chosen type.
.TP 2m
\fB\-\-trigger\-event\-filters\-path\-pattern\fR=[\fIATTRIBUTE\fR=\fIPATH_PATTERN\fR,...]
The Eventarc matching criteria for the trigger in path pattern format. The
criteria can be specified as a single comma\-separated argument or as multiple
arguments.
The provided attribute/value pair will be used with the
\f5match\-path\-pattern\fR operator to configure the trigger, see
https://cloud.google.com/eventarc/docs/reference/rest/v1/projects.locations.triggers#eventfilter
and https://cloud.google.com/eventarc/docs/path\-patterns for more details about
on how to construct path patterns.
For example, to filter on events for Compute Engine VMs in a given zone:
\f5\-\-trigger\-event\-filters\-path\-pattern=resourceName='/projects/*/zones/us\-central1\-a/instances/*'
\fR
.RE
.RE
.sp
.SH "GCLOUD WIDE FLAGS"
These flags are available to all commands: \-\-access\-token\-file, \-\-account,
\-\-billing\-project, \-\-configuration, \-\-flags\-file, \-\-flatten,
\-\-format, \-\-help, \-\-impersonate\-service\-account, \-\-log\-http,
\-\-project, \-\-quiet, \-\-trace\-token, \-\-user\-output\-enabled,
\-\-verbosity.
Run \fB$ gcloud help\fR for details.
.SH "NOTES"
This command is currently in alpha and might change without notice. If this
command fails with API permission errors despite specifying the correct project,
you might be trying to access an API with an invitation\-only early access
allowlist. These variants are also available:
.RS 2m
$ gcloud functions deploy
.RE
.RS 2m
$ gcloud beta functions deploy
.RE