Container
import type { Container } from "https://googleapis.deno.dev/v1/batch:v1.ts";
Container runnable.
§Properties
If set to true, external network access to and from container will be
blocked, containers that are with block_external_network as true can still
communicate with each other, network cannot be specified in the
container.options
field.
Required for some container images. Overrides the CMD
specified in the
container. If there is an ENTRYPOINT
(either in the container image or
with the entrypoint
field below) then these commands are appended as
arguments to the ENTRYPOINT
.
Optional. If set to true, this container runnable uses Image streaming.
Use Image streaming to allow the runnable to initialize without waiting for
the entire container image to download, which can significantly reduce
startup time for large container images. When enableImageStreaming
is set
to true, the container runtime is containerd
instead of Docker. Additionally, this container runnable only supports the
following container
subfields: imageUri
, commands[]
, entrypoint
,
and volumes[]
; any other container
subfields are ignored. For more
information about the requirements and limitations for using Image
streaming with Batch, see the image-streaming
sample on
GitHub.
Required for some container images. Overrides the ENTRYPOINT
specified
in the container.
Required for some container images. Arbitrary additional options to
include in the docker run
command when running this container—for
example, --network host
. For the --volume
option, use the volumes
field for the container.
Required if the container image is from a private Docker registry. The
password to login to the Docker registry that contains the image. For
security, it is strongly recommended to specify an encrypted password by
using a Secret Manager secret: projects/*\/secrets/*\/versions/*
.
Warning: If you specify the password using plain text, you risk the
password being exposed to any users who can view the job or its logs. To
avoid this risk, specify a secret that contains the password instead. Learn
more about Secret Manager
and using Secret Manager with
Batch.
Required if the container image is from a private Docker registry. The
username to login to the Docker registry that contains the image. You can
either specify the username directly by using plain text or specify an
encrypted username by using a Secret Manager secret:
projects/*\/secrets/*\/versions/*
. However, using a secret is recommended
for enhanced security. Caution: If you specify the username using plain
text, you risk the username being exposed to any users who can view the job
or its logs. To avoid this risk, specify a secret that contains the
username instead. Learn more about Secret
Manager and using Secret
Manager with
Batch.
Volumes to mount (bind mount) from the host machine files or directories
into the container, formatted to match --volume
option for the docker run
command—for example, /foo:/bar
or /foo:/bar:ro
. If the
TaskSpec.Volumes
field is specified but this field is not, Batch will
mount each volume from the host machine to the container with the same
mount path by default. In this case, the default mount option for
containers will be read-only (ro
) for existing persistent disks and
read-write (rw
) for other volume types, regardless of the original mount
options specified in TaskSpec.Volumes
. If you need different mount
settings, you can explicitly configure them in this field.