GCP Run Service
Google Cloud Run is a fully-managed compute platform that automatically scales stateless containers. A Cloud Run Service is the top-level resource that represents a logical application consisting of one or more immutable revisions of a container image. It manages traffic splitting between revisions, automatic scaling, networking, IAM permissions and observability for the workload.
Official documentation: https://cloud.google.com/run/docs/reference/rest/v2/projects.locations.services
Terrafrom Mappings:
google_cloud_run_v2_service.id
Supported Methodsβ
GET: Get a gcp-run-service by its "locations|services"LISTSEARCH: Search for gcp-run-service by its "locations"
Possible Linksβ
gcp-iam-service-accountβ
A Cloud Run service executes as a specific IAM service account (its run-time identity). Overmind links the service to that gcp-iam-service-account so you can inspect the permissions with which the containers will operate.
gcp-artifact-registry-docker-imageβ
Each revision of a Cloud Run service pulls a container image from Artifact Registry. The link shows the exact Docker image currently referenced by the active revision, allowing you to trace provenance and vulnerability information.
gcp-run-revisionβ
A service consists of one or more revisions created on each deploy. The gcp-run-service is therefore linked to all of its gcp-run-revision resources so you can see historical configuration and roll-back points.
gcp-compute-subnetworkβ
When a service is configured to run in a VPC connector or with private ingress, traffic flows through a specific subnetwork. Overmind shows this link so you can assess network reachability and egress rules.
gcp-compute-networkβ
The subnetwork in turn belongs to a VPC network. Linking the gcp-run-service to the parent gcp-compute-network provides a broader view of network segmentation and firewall policies that may affect the service.
gcp-secret-manager-secretβ
Environment variables and mounted volumes in Cloud Run can reference Secret Manager secrets. The link highlights which secrets are injected into the container, helping you verify least-privilege access and rotation status.
gcp-sql-admin-instanceβ
A service can connect to Cloud SQL via the Cloud SQL connector. Overmind links the service to any referenced gcp-sql-admin-instance so you can understand database dependencies and assess fail-over implications.
gcp-storage-bucketβ
Applications often interact with Cloud Storage buckets (e.g., for static assets or uploads). If the serviceβs configuration or IAM roles reference buckets, Overmind surfaces a link to each gcp-storage-bucket to evaluate access controls.
gcp-cloud-kms-crypto-keyβ
If the service uses customer-managed encryption keys (CMEK) for its logs or secrets, it is connected to one or more KMS crypto keys. This link lets you audit key rotation policies and IAM bindings associated with encryption.