Deploy a containerized application to Cloud Run using Cloud Build
This page shows you how to use Cloud Build to deploy a containerized application to Cloud Run.
To follow step-by-step guidance for this task directly in the Cloud Shell Editor, click Guide me :
Before you begin
- Sign in to your Google Cloud account. If you're new to Google Cloud, create an account to evaluate how our products perform in real-world scenarios. New customers also get $300 in free credits to run, test, and deploy workloads.
-
In the Google Cloud console, on the project selector page, select or create a Google Cloud project.
Roles required to select or create a project
- Select a project : Selecting a project doesn't require a specific IAM role—you can select any project that you've been granted a role on.
- Create a project
: To create a project, you need the Project Creator role
(
roles/resourcemanager.projectCreator), which contains theresourcemanager.projects.createpermission. Learn how to grant roles .
-
Verify that billing is enabled for your Google Cloud project .
-
Enable the Cloud Build, Cloud Run, Artifact Registry, and Compute Engine APIs.
Roles required to enable APIs
To enable APIs, you need the Service Usage Admin IAM role (
roles/serviceusage.serviceUsageAdmin), which contains theserviceusage.services.enablepermission. Learn how to grant roles . -
Install the Google Cloud CLI.
-
If you're using an external identity provider (IdP), you must first sign in to the gcloud CLI with your federated identity .
-
To initialize the gcloud CLI, run the following command:
gcloud init
-
In the Google Cloud console, on the project selector page, select or create a Google Cloud project.
Roles required to select or create a project
- Select a project : Selecting a project doesn't require a specific IAM role—you can select any project that you've been granted a role on.
- Create a project
: To create a project, you need the Project Creator role
(
roles/resourcemanager.projectCreator), which contains theresourcemanager.projects.createpermission. Learn how to grant roles .
-
Verify that billing is enabled for your Google Cloud project .
-
Enable the Cloud Build, Cloud Run, Artifact Registry, and Compute Engine APIs.
Roles required to enable APIs
To enable APIs, you need the Service Usage Admin IAM role (
roles/serviceusage.serviceUsageAdmin), which contains theserviceusage.services.enablepermission. Learn how to grant roles . -
Install the Google Cloud CLI.
-
If you're using an external identity provider (IdP), you must first sign in to the gcloud CLI with your federated identity .
-
To initialize the gcloud CLI, run the following command:
gcloud init
Grant permissions
Cloud Build requires Cloud Run Adminand IAM Service Account Userpermissions before it can deploy an image to Cloud Run.
-
Open a terminal window.
-
Set environment variables to store your project ID and project number:
PROJECT_ID=$(gcloud config list --format='value(core.project)') PROJECT_NUMBER=$(gcloud projects describe $PROJECT_ID --format='value(projectNumber)') -
Grant the Cloud Run Adminrole to the Cloud Build service account :
gcloud projects add-iam-policy-binding $PROJECT_ID \ --member=serviceAccount:$(gcloud projects describe $PROJECT_ID \ --format="value(projectNumber)")-compute@developer.gserviceaccount.com \ --role=roles/run.admin -
Grant the Storage Object Userrole to the Cloud Build service account:
gcloud projects add-iam-policy-binding $PROJECT_ID \ --member=serviceAccount:$(gcloud projects describe $PROJECT_ID \ --format="value(projectNumber)")-compute@developer.gserviceaccount.com \ --role="roles/storage.objectUser" -
Grant the IAM Service Account Userrole to the Cloud Build service account for the Cloud Run runtime service account:
gcloud iam service - accounts add - iam - policy - binding $ ( gcloud projects describe $ PROJECT_ID \ --format="value(projectNumber)")-compute@developer.gserviceaccount.com \ --member=serviceAccount:$(gcloud projects describe $PROJECT_ID \ --format="value(projectNumber)")-compute@developer.gserviceaccount.com \ --role="roles/iam.serviceAccountUser" \ --project=$PROJECT_ID
Deploy a prebuilt image
You can configure Cloud Build to deploy a prebuilt image that is stored in Artifact Registry to Cloud Run.
To deploy a prebuilt image:
-
Open a terminal window (if not already open).
-
Create a new directory named
helloworldand navigate into it:mkdir helloworld cd helloworld -
Create a file named
cloudbuild.yamlwith the following contents. This file is the Cloud Build config file. It contains instructions for Cloud Build to deploy the image namedus-docker.pkg.dev/cloudrun/container/helloon the Cloud Run service namedcloudrunservice. -
Deploy the image by running the following command:
gcloud builds submit -- region = us - west2 -- config cloudbuild . yaml
When the build is complete, you will see an output similar to the following:
DONE
ID CREATE_TIME DURATION SOURCE IMAGES STATUS
784653b2
-
f00e
-
4c4b
-
9f5f
-
96a5f115bef4 2020
-
01
-
23T14:53:13
+
00:00 23S gs://cloudrunqs
-
project_cloudbuild/source/1579791193
.
217726
-
ea20e1c787fb4784b19fb1273d032df2
.
tgz
-
SUCCESS
You've just deployed the image hello
to Cloud Run.
Run the deployed image
-
Open the Cloud Run page in the Google Cloud console:
-
Select your project and click Open.
You will see the Cloud Run Servicespage.
-
In the table, locate the row with the name cloudrunservice, and click cloudrunservice.
The Service detailspage for cloudrunserviceis displayed.
-
To run the image that you deployed on cloudrunservice, click the URL:
