Deploy a containerized application to Cloud Run using Cloud Build
This page shows you how to use Cloud Build to deploy a containerized application to Cloud Run.
To follow step-by-step guidance for this task directly in the Cloud Shell Editor, click Guide me :
Before you begin
- Sign in to your Google Cloud account. If you're new to Google Cloud, create an account to evaluate how our products perform in real-world scenarios. New customers also get $300 in free credits to run, test, and deploy workloads.
-
In the Google Cloud console, on the project selector page, select or create a Google Cloud project.
Roles required to select or create a project
- Select a project : Selecting a project doesn't require a specific IAM role—you can select any project that you've been granted a role on.
- Create a project
: To create a project, you need the Project Creator role
(
roles/resourcemanager.projectCreator), which contains theresourcemanager.projects.createpermission. Learn how to grant roles .
-
Verify that billing is enabled for your Google Cloud project .
-
Enable the Cloud Build, Cloud Run, Artifact Registry, and Compute Engine APIs.
Roles required to enable APIs
To enable APIs, you need the Service Usage Admin IAM role (
roles/serviceusage.serviceUsageAdmin), which contains theserviceusage.services.enablepermission. Learn how to grant roles . -
Install the Google Cloud CLI.
-
If you're using an external identity provider (IdP), you must first sign in to the gcloud CLI with your federated identity .
-
To initialize the gcloud CLI, run the following command:
gcloud init
-
In the Google Cloud console, on the project selector page, select or create a Google Cloud project.
Roles required to select or create a project
- Select a project : Selecting a project doesn't require a specific IAM role—you can select any project that you've been granted a role on.
- Create a project
: To create a project, you need the Project Creator role
(
roles/resourcemanager.projectCreator), which contains theresourcemanager.projects.createpermission. Learn how to grant roles .
-
Verify that billing is enabled for your Google Cloud project .
-
Enable the Cloud Build, Cloud Run, Artifact Registry, and Compute Engine APIs.
Roles required to enable APIs
To enable APIs, you need the Service Usage Admin IAM role (
roles/serviceusage.serviceUsageAdmin), which contains theserviceusage.services.enablepermission. Learn how to grant roles . -
Install the Google Cloud CLI.
-
If you're using an external identity provider (IdP), you must first sign in to the gcloud CLI with your federated identity .
-
To initialize the gcloud CLI, run the following command:
gcloud init
Grant permissions
Cloud Build requires several permissions before it can deploy an image to Cloud Run. To grant these permissions, do the following:
-
Open a terminal window.
-
Set environment variables to store your project ID and project number.
PROJECT_ID = $( gcloud config list --format = 'value(core.project)' ) PROJECT_NUMBER = $( gcloud projects describe $PROJECT_ID --format = 'value(projectNumber)' ) -
Grant the Cloud Run Adminrole to your Cloud Build service account .
gcloud projects add-iam-policy-binding $PROJECT_ID \ --member = serviceAccount: $( gcloud projects describe $PROJECT_ID \ --format = "value(projectNumber)" ) -compute@developer.gserviceaccount.com \ --role = roles/run.admin \ -
Grant the Storage Object Userrole to your Cloud Build service account.
gcloud projects add-iam-policy-binding $PROJECT_ID \ --member = serviceAccount: $( gcloud projects describe $PROJECT_ID \ --format = "value(projectNumber)" ) -compute@developer.gserviceaccount.com \ --role = roles/storage.objectUser \ -
Grant the Service Account Userrole to your Cloud Build service account.
gcloud projects add-iam-policy-binding $PROJECT_ID \ --member = serviceAccount: $( gcloud projects describe $PROJECT_ID \ --format = "value(projectNumber)" ) -compute@developer.gserviceaccount.com \ --role = roles/iam.serviceAccountUser
Deploy a prebuilt image
You can configure Cloud Build to deploy a prebuilt image that is stored in Artifact Registry to Cloud Run.
To deploy a prebuilt image:
-
Open a terminal window (if not already open).
-
Create a new directory named
helloworldand navigate into it:mkdir helloworld cd helloworld -
Create a file named
cloudbuild.yamlwith the following contents. This file is the Cloud Build config file. It contains instructions for Cloud Build to deploy the image namedus-docker.pkg.dev/cloudrun/container/helloon the Cloud Run service namedcloudrunservice. -
Deploy the image by running the following command:
gcloud builds submit -- region = us - west2 -- config cloudbuild . yaml
When the build is complete, you will see an output similar to the following:
DONE
ID CREATE_TIME DURATION SOURCE IMAGES STATUS
784653b2
-
f00e
-
4c4b
-
9f5f
-
96a5f115bef4 2020
-
01
-
23T14:53:13
+
00:00 23S gs://cloudrunqs
-
project_cloudbuild/source/1579791193
.
217726
-
ea20e1c787fb4784b19fb1273d032df2
.
tgz
-
SUCCESS
You've just deployed the image hello
to Cloud Run.
Run the deployed image
-
Open the Cloud Run page in the Google Cloud console:
-
Select your project and click Open.
You will see the Cloud Run Servicespage.
-
In the table, locate the row with the name cloudrunservice, and click cloudrunservice.
The Service detailspage for cloudrunserviceis displayed.
-
To run the image that you deployed on cloudrunservice, click the URL:
