Connect from Cloud Run

This quickstart guides you through the process of deploying a sample application on a Cloud Run service by using the Google Cloud console and a client application. This sample application connects Cloud Run to AlloyDB for PostgreSQL.

Sample application code

The sample application code for this quickstart is located in the examples/go directory of the GoogleCloudPlatform/alloydb-auth-proxy GitHub repository.

The application is written in the Go programming language and serves as a tool for collecting votes. The main logic is contained in the main.go file, which starts a web server and handles user requests.

The database connection is configured using environment variables, which you set up when you create the Cloud Run service. These variables tell the application how to connect to your AlloyDB instance, including the database name, user, password, and the instance's IP address. The code uses these variables to establish a secure connection to your AlloyDB database.

Code repository

The alloydb-auth-proxy repository contains the AlloyDB Auth Proxy , a tool that helps you securely connect to your AlloyDB instances. The repository also includes related libraries and examples, such as the Go application used in this quickstart.

You don't need the entire alloydb-auth-proxy project to connect to AlloyDB from Cloud Run. The cloudshell_open command clones the entire repository for your convenience, but the only files used to build the container for this quickstart are located in the examples/go directory.

Before you begin

Sign in to your Google Cloud account. If you're new to Google Cloud, create an account to evaluate how our products perform in real-world scenarios. New customers also get $300 in free credits to run, test, and deploy workloads.

In the Google Cloud console, on the project selector page, select or create a Google Cloud project.

Roles required to select or create a project

Select a project : Selecting a project doesn't require a specific IAM role—you can select any project that you've been granted a role on.
Create a project : To create a project, you need the Project Creator role ( roles/resourcemanager.projectCreator ), which contains the resourcemanager.projects.create permission. Learn how to grant roles .

Go to project selector

If you're using an existing project for this guide, verify that you have the permissions required to complete this guide . If you created a new project, then you already have the required permissions.

Verify that billing is enabled for your Google Cloud project .

Enable the Compute Engine, Cloud Run, AlloyDB, Cloud Resource Manager, Service Networking, Cloud Build, and Container Registry APIs.

Roles required to enable APIs

To enable APIs, you need the Service Usage Admin IAM role ( roles/serviceusage.serviceUsageAdmin ), which contains the serviceusage.services.enable permission. Learn how to grant roles .

Enable the APIs

In the Google Cloud console, on the project selector page, select or create a Google Cloud project.

Roles required to select or create a project

Select a project : Selecting a project doesn't require a specific IAM role—you can select any project that you've been granted a role on.
Create a project : To create a project, you need the Project Creator role ( roles/resourcemanager.projectCreator ), which contains the resourcemanager.projects.create permission. Learn how to grant roles .

Go to project selector

Verify that billing is enabled for your Google Cloud project .

Enable the Compute Engine, Cloud Run, AlloyDB, Cloud Resource Manager, Service Networking, Cloud Build, and Container Registry APIs.

Roles required to enable APIs

To enable APIs, you need the Service Usage Admin IAM role ( roles/serviceusage.serviceUsageAdmin ), which contains the serviceusage.services.enable permission. Learn how to grant roles .

Enable the APIs

Make sure that you have an AlloyDB cluster and primary instance. For more information, see Create a cluster and its primary instance .

Required roles

To get the permissions that you need to connect from Cloud Run, ask your administrator to grant you the following IAM roles on your project:

Compute Network Admin ( roles/compute.networkAdmin )
AlloyDB Admin ( roles/alloydb.admin )
Artifact Registry Administrator ( roles/artifactregistry.admin )
Cloud Run Admin ( roles/run.admin )
Storage Admin ( roles/storage.admin )
Cloud Build Editor ( roles/cloudbuild.builds.editor )
Container Analysis Admin ( roles/containeranalysis.admin )
Service Account Token Creator ( roles/iam.serviceAccountTokenCreator )
Monitoring Metric Writer ( roles/monitoring.metricWriter )
Dev Ops ( roles/iam.devOps )

For more information about granting roles, see Manage access to projects, folders, and organizations .

You might also be able to get the required permissions through custom roles or other predefined roles .

Connect to your instance and create a database

If you are not in your newly created cluster Overviewpage, then in the Google Cloud console, go to the Clusterspage.

Go to Clusters
To display the cluster Overviewpage, click the my-cluster cluster name.
In the navigation menu, click AlloyDB Studio.
In the Databaselist on the Sign in to AlloyDB Studiopage, select postgres .
In the Userdrop-down list, select postgres .
In the Passwordfield, enter the password you created in Create a cluster and its primary instance .
Click Authenticate. The Explorerpane displays a list of the objects in your database.

In the Editor 1tab, create a database:

  CREATE 
  
 DATABASE 
  
 quickstart_db 
 ;

Click Run. Wait for the Statement executed successfully message to display in the Resultspane.

Find your project ID

Go to the Dashboardpage in the Google Cloud console.

Go to Dashboard
Find the project ID on the Project infocard.
Take note of your project ID. You need it for the following step of this quickstart.

Populate Artifact Registry with an image of the sample application

In the Google Cloud console, open Cloud Shell.

Open Cloud Shell

In Cloud Shell Editor, use the following command to clone the repository with the sample application code from GitHub:

 cloudshell_open  
--repo_url  
 \ 
 "https://github.com/GoogleCloudPlatform/alloydb-auth-proxy" 
  
 \ 
--dir  
 \ 
 "examples/go" 
  
 \ 
--force_new_clone

Create a repository in Artifact Registry for docker images:

 gcloud  
artifacts  
repositories  
create  
cloud-run-source-deploy  
--location  
us-central1  
--repository-format = 
docker  
--project  
 PROJECT_ID

Replace PROJECT_ID with the ID of your project.

In the Authorize Cloud Shelldialog, click Authorize. This prompt does not appear if you have done this step previously.
To build a Docker container and publish it to Artifact Registry, use the following command:
```
   
gcloud  
builds  
submit  
--tag  
us-central1-docker.pkg.dev/ PROJECT_ID 
/cloud-run-source-deploy/run-sql  
--project  
 PROJECT_ID 
 
```
Replace PROJECT_ID with the ID of your project.

The sample application code for this quickstart is located in the examples/go directory of the GoogleCloudPlatform/alloydb-auth-proxy GitHub repository. The cloudshell_open command in the previous step automatically clones this repository and opens the correct directory for you.

Find the IP address for your new instance

In the Google Cloud console, go to the Clusterspage.

Go to Clusters
Find the row in the table whose Resource nameis my-primary .
Take note of that row's Private IP address. You need it for the following step of this quickstart.

The example format of the IP address is 172.19.209.2:5432 .

Create a service for Cloud Run

In the Google Cloud console, go to the Cloud Runpage.

Go to Cloud Run
In the Servicestab, click Deploy Container.
In the Create servicepage, select the Deploy one revision from an existing container imageoption.
In the Container image URLfield, click Select.
In the Select container imagepane, complete the following steps:
1. Select the Artifact registrytab.
2. Expand us-central1-docker.pkg.dev/ PROJECT_ID /cloud-run-source-deploy .
3. Expand run-sql .
4. Select the latest image.
5. Click Select.
In the Service namefield, enter quickstart-service .
Make sure us-central1 (Iowa) is selected in the Regionlist by default.
In the Authenticationsection, select Allow public access.
Ensure that CPU is only allocated during request processingis selected in the CPU allocation and pricingsection.
Expand the Container(s), Volumes, Networking, Securitysection.
In the Container(s)tab, select the Variables & secretstab and complete the following steps:
1. In the Environment variablessection, click Add variable.
2. Enter the following in the Name and Value fields:
  - DB_NAME : quickstart_db
  - DB_USER : postgres
  - DB_PASS : The password that you entered when you created the cluster .
  - DB_PORT : 5432
  - INSTANCE_HOST : The IP address of your cluster's primary instance, which you found in Find the IP address for your new instance . Don't include the port number—for example, set to 172.19.209.2 , and not 172.19.209.2:5432 .
Switch from the Container(s)tab to the Networkingtab and complete the following steps:
1. Select the Connect to a VPC for outbound trafficcheckbox.
2. Select the Send traffic directly to a VPCoption.
3. In the Networkdrop-down list, choose the default value.
4. In the Subnetdrop-down list, ensure that the default value is selected.
Click Createto create the Cloud Run service.

After the Cloud Run service is deployed, the quickstart-servicepage displays the URL of the sample application in the URLfield.

The application uses AlloyDB as its data store.

View the sample application

In the Google Cloud console, go to the Cloud Runpage.

Go to Cloud Run
On the quickstart-servicepage, click Copy to clipboardto copy the application URL.
In a new browser tab, paste the copied application URL and click Enter.

Clean up

To avoid incurring charges to your Google Cloud account for the resources used on this page, follow these steps.

Clean up the cluster

In the Google Cloud console, go to the Clusterspage.

Go to Clusters
Next to the my-cluster cluster that you want to delete, click Actions, and then click Delete.
In the Delete clusterdialog that appears, type my-cluster in the my-clusterfield, confirming that you want to delete it.
Click Delete.

Clean up the service

In the Google Cloud console, go to the Cloud Runpage.

Go to Cloud Run
Select the checkbox next to the quickstart-service service name.
Click Deleteat the top of the Cloud Runpage.
In the Delete quickstart-servicedialog that appears, click Deleteto confirm.

Connect from Cloud Run

Sample application code

Code repository

Before you begin

Required roles

Connect to your instance and create a database

Find your project ID

Populate Artifact Registry with an image of the sample application

Find the IP address for your new instance

Create a service for Cloud Run

View the sample application

Clean up

Clean up the cluster

Clean up the service

What's next