Create an application from existing resources
This quickstart shows you how to organize existing Google Cloud services into an App Hub application. First, you deploy a sample configuration, which you then use to define a global web application by registering its components as an application in App Hub.
This approach is for users who want to use their existing infrastructure to gain visibility and operational control by grouping resources into logical applications.
Before you begin
Before you start this quickstart, do the following:
Note the project ID of the management project to use throughout this document.
Verify that the following APIs are enabled in the management project. When you configure an app-enabled folder, most of the APIs you need for this quickstart are enabled automatically.
- Compute Engine API (
compute.googleapis.com
) - Infrastructure Manager API (
config.googleapis.com
)
- Compute Engine API (
Required roles
To get the permissions that you need to enable required APIs and create a sample application from existing resources, ask your administrator to grant you the following IAM roles on the management project:
-
To enable required APIs:
Service Usage Admin (
roles/serviceusage.serviceUsageAdmin
) -
To get full access to required services:
-
App Hub Admin (
roles/apphub.admin
) -
Cloud Run Admin (
roles/run.admin
) -
Compute Admin (
roles/compute.admin
) -
Cloud Infrastructure Manager Admin (
roles/config.admin
)
-
App Hub Admin (
For more information about granting roles, see Manage access to projects, folders, and organizations.
You might also be able to get the required permissions through custom roles or other predefined roles.
Deploy resources for the application
You must first deploy a set of sample resources that you will later use to define a global application in App Hub:
- A Cloud Run service that acts as the application's backend.
- A global external Application Load Balancer that directs traffic to the Cloud Run service as a forwarding rule.
Follow these steps to deploy these resources:
gcloud
Set the required environment variables:
export PROJECT_ID="PROJECT_ID" export REGION="REGION"
Replace the following:
PROJECT_ID
: the ID of your management project.REGION
: your chosen region for resources, for example,us-central1
.
Deploy a sample Cloud Run service named
hello-run
:gcloud run deploy hello-run \ --image=us-docker.pkg.dev/cloudrun/container/hello \ --allow-unauthenticated \ --region=${REGION} \ --project=${PROJECT_ID}
Create the global external Application Load Balancer. This process involves the following steps:
Create a serverless network endpoint group (NEG) called
hello-run-neg
:gcloud compute network-endpoint-groups create hello-run-neg \ --region=${REGION} \ --network-endpoint-type=serverless \ --cloud-run-service=hello-run \ --project=${PROJECT_ID}
The NEG acts as a backend for the load balancer, pointing to your
hello-run
service.Create a backend service to manage how traffic is distributed to the NEG:
gcloud compute backend-services create hello-backend-service \ --global \ --load-balancing-scheme=EXTERNAL_MANAGED \ --project=${PROJECT_ID}
Add the serverless NEG as a backend to the backend service:
gcloud compute backend-services add-backend hello-backend-service \ --global \ --network-endpoint-group=hello-run-neg \ --network-endpoint-group-region=${REGION} \ --project=${PROJECT_ID}
Create a URL map to route incoming requests to the backend service:
gcloud compute url-maps create hello-url-map \ --default-service=hello-backend-service \ --project=${PROJECT_ID}
Create an HTTP proxy to receive requests and route them using the URL map:
gcloud compute target-http-proxies create hello-http-proxy \ --url-map=hello-url-map \ --project=${PROJECT_ID}
Create a global forwarding rule:
gcloud compute forwarding-rules create hello-forwarding-rule \ --global \ --load-balancing-scheme=EXTERNAL_MANAGED \ --target-http-proxy=hello-http-proxy \ --ports=80 \ --project=${PROJECT_ID}
This forwarding rule provides a public IP address and port to handle incoming user requests and directs them to the proxy.
Terraform
Create a
main.tf
file and add the following code:# Provider configuration provider "google" { project = "PROJECT_ID" } # Cloud Run service resource "google_cloud_run_v2_service" "default" { name = "hello-run" location = "REGION" template { containers { image = "us-docker.pkg.dev/cloudrun/container/hello" } } } # Allow unauthenticated access to the Cloud Run service resource "google_cloud_run_v2_service_iam_member" "noauth" { project = google_cloud_run_v2_service.default.project location = google_cloud_run_v2_service.default.location name = google_cloud_run_v2_service.default.name role = "roles/run.invoker" member = "allUsers" }
Replace the following:
PROJECT_ID
: the ID of your management project.REGION
: your chosen region for resources, for example,us-central1
.
This block defines the Google Cloud provider and configures a public-facing Cloud Run service using a sample
hello-world
container image. It also includes an IAM policy binding to allow unauthenticated invocations, making the service publicly accessible.Add the following code to your
main.tf
file to create the global external Application Load Balancer:# Serverless NEG for the Cloud Run service resource "google_compute_region_network_endpoint_group" "serverless_neg" { name = "hello-run-neg" network_endpoint_type = "SERVERLESS" region = "REGION" cloud_run { service = google_cloud_run_v2_service.default.name } } # Global external backend service resource "google_compute_backend_service" "default" { name = "hello-backend-service" protocol = "HTTP" load_balancing_scheme = "EXTERNAL_MANAGED" backend { group = google_compute_region_network_endpoint_group.serverless_neg.id } } # URL map to route requests to the backend service resource "google_compute_url_map" "default" { name = "hello-url-map" default_service = google_compute_backend_service.default.id } # HTTP proxy to route requests to the URL map resource "google_compute_target_http_proxy" "default" { name = "hello-http-proxy" url_map = google_compute_url_map.default.id } # Global forwarding rule to handle incoming requests resource "google_compute_global_forwarding_rule" "default" { name = "hello-forwarding-rule" target = google_compute_target_http_proxy.default.id port_range = "80" }
This block defines the following components:
- A serverless network endpoint group (NEG), which acts as a backend for the load balancer and points to the Cloud Run service.
- A backend service that directs traffic to the serverless NEG.
- A URL map to route incoming requests to the backend service.
- An HTTP proxy to receive requests and route them using the URL map.
- A global forwarding rule, which provides a public IP address and port to handle incoming user requests and directs them to the proxy.
Initialize and apply the Terraform configuration:
terraform init terraform apply
Terraform deploys the resources to your project.
Define the application in App Hub
After deploying the resources as a forwarding rule and a Cloud Run service, follow these steps to group them into an application in App Hub:
Console
Go to the Applications page from App Hub:
Click Create application.
Select Global as the application location.
Enter
my-global-app
for the Application name and click Continue.Optionally, add a display name, criticality, environment, and owners.
Click Create.
On the Services and workloads tab, click Register service/workload.
Select the forwarding rule, name it
frontend-service
, and click Register.Select the Cloud Run service, name it
backend-service
, and click Register.
gcloud
Create the application:
gcloud apphub applications create my-global-app \ --location=global \ --display-name="My Global Application" \ --project=${PROJECT_ID}
Discover the IDs for the forwarding rule and the Cloud Run service in the appropriate region:
gcloud apphub discovered-services list \ --location=global \ --project=${PROJECT_ID} gcloud apphub discovered-services list \ --location=${REGION} \ --project=${PROJECT_ID}
Note the ID of the forwarding rule and the Cloud Run service.
Register the forwarding rule to the global application:
gcloud apphub applications services create frontend-service \ --application=my-global-app \ --discovered-service=projects/${PROJECT_ID}/locations/global/discoveredServices/FRONTEND_ID \ --display-name="Frontend Service" \ --location=global \ --project=${PROJECT_ID}
Replace
FRONTEND_ID
with the ID of the forwarding rule.Register the Cloud Run service to the global application:
gcloud apphub applications services create backend-service \ --application=my-global-app \ --discovered-service=projects/${PROJECT_ID}/locations/${REGION}/discoveredServices/BACKEND_ID \ --display-name="Backend Service" \ --location=global \ --project=${PROJECT_ID}
Replace
BACKEND_ID
with the ID of the Cloud Run service.
Terraform
Create an
application.tf
file and add the following code:# Application resource "google_apphub_application" "my_global_app" { project = "PROJECT_ID" location = "global" application_id = "my-global-app" display_name = "My Global Web App" description = "A sample global web application." scope { type = "GLOBAL" } attributes { criticality { type = "MEDIUM" } environment { type = "DEVELOPMENT" } business_owners { display_name = "Example Business Owner" email = "business-owner@example.com" } developer_owners { display_name = "Example Developer" email = "dev-owner@example.com" } operator_owners { display_name = "Example Operator" email = "operator-owner@example.com" } } }
This block uses the
google_apphub_application
resource to create a logical grouping for your services and workloads.This example creates a global application and defines attributes for governance and discoverability, such as criticality, environment, and owners. You can modify those values for your sample configuration.
Add the following code to
application.tf
to discover your deployed resources:# Discover the forwarding rule data "google_apphub_discovered_service" "frontend_service" { location = "global" service_uri = "//compute.googleapis.com/${google_compute_global_forwarding_rule.default.id}" } # Discover the Cloud Run service data "google_apphub_discovered_service" "backend_service" { location = "REGION" service_uri = "//run.googleapis.com/${google_cloud_run_v2_service.default.id}" }
The
google_apphub_discovered_service
data sources find the resource names of your existing infrastructure based on their URIs. This step lets App Hub identify the specific resources you want to register.Add the following code to
application.tf
to register the discovered resources:# Register the forwarding rule as a service in the application resource "google_apphub_service" "frontend" { project = "PROJECT_ID" location = "global" application_id = google_apphub_application.my_global_app.application_id service_id = "frontend-service" display_name = "Frontend Service (LB)" discovered_service = data.google_apphub_discovered_service.frontend_service.name } # Register the Cloud Run service as a service in the application resource "google_apphub_service" "backend" { project = "PROJECT_ID" location = "global" application_id = google_apphub_application.my_global_app.application_id service_id = "backend-service" display_name = "Backend Service (Cloud Run)" discovered_service = data.google_apphub_discovered_service.backend_service.name }
The
google_apphub_service
resources formally register the discovered resources into your application. This step creates the link between your infrastructure and the application you defined in App Hub.Initialize and apply the Terraform configuration:
terraform init terraform apply
Terraform registers the resources to your
my-global-app
application in App Hub.
Optional: Monitor your new application
After defining your application in App Hub, you can use integrated Google Cloud services to monitor its health and performance:
View operational data in Cloud Hub:
In the Google Cloud console, go to the Home page of Cloud Hub.
From the application selector, choose your
my-global-app
application. The page displays a summary of your application's health. For more information, see the Cloud Hub overview.
View detailed dashboards in Application Monitoring:
Set up Google Cloud Observability for Application Monitoring.
-
In the Google Cloud console, go to the Application monitoring page:
If you use the search bar to find this page, then select the result whose subheading is Monitoring.
From the project picker of the Google Cloud console, select the management project.
The Application Monitoring page displays predefined dashboards for your application. For more information, see Monitor application health and performance.
For detailed instructions on how to use the predefined dashboards and explore your telemetry data, see View application telemetry.
Clean up
To avoid incurring charges to your Google Cloud account for the resources used on this page, follow these steps.
- Unregister services and workloads.
- Delete the global application.
- If you used Terraform to deploy your application, run
terraform destroy
in the directory containing your Terraform files to deprovision all the resources you created. - Optional: If you created a new project for this quickstart, delete the project.