Create an application from existing resources

This quickstart shows you how to organize existing Google Cloud services into an App Hub application. First, you deploy a sample configuration, which you then use to define a global web application by registering its components as an application in App Hub.

This approach is for users who want to use their existing infrastructure to gain visibility and operational control by grouping resources into logical applications.

Before you begin

Before you start this quickstart, do the following:

  1. Set up App Hub with an app-enabled folder.

  2. Note the project ID of the management project to use throughout this document.

  3. Verify that the following APIs are enabled in the management project. When you configure an app-enabled folder, most of the APIs you need for this quickstart are enabled automatically.

    • Compute Engine API (compute.googleapis.com)
    • Infrastructure Manager API (config.googleapis.com)

    Enable APIs

Required roles

To get the permissions that you need to enable required APIs and create a sample application from existing resources, ask your administrator to grant you the following IAM roles on the management project:

For more information about granting roles, see Manage access to projects, folders, and organizations.

You might also be able to get the required permissions through custom roles or other predefined roles.

Deploy resources for the application

You must first deploy a set of sample resources that you will later use to define a global application in App Hub:

  • A Cloud Run service that acts as the application's backend.
  • A global external Application Load Balancer that directs traffic to the Cloud Run service as a forwarding rule.

Follow these steps to deploy these resources:

gcloud

  1. Set the required environment variables:

    export PROJECT_ID="PROJECT_ID"
    export REGION="REGION"
    

    Replace the following:

    • PROJECT_ID: the ID of your management project.
    • REGION: your chosen region for resources, for example, us-central1.
  2. Deploy a sample Cloud Run service named hello-run:

    gcloud run deploy hello-run \
        --image=us-docker.pkg.dev/cloudrun/container/hello \
        --allow-unauthenticated \
        --region=${REGION} \
        --project=${PROJECT_ID}
    
  3. Create the global external Application Load Balancer. This process involves the following steps:

    1. Create a serverless network endpoint group (NEG) called hello-run-neg:

      gcloud compute network-endpoint-groups create hello-run-neg \
          --region=${REGION} \
          --network-endpoint-type=serverless \
          --cloud-run-service=hello-run \
          --project=${PROJECT_ID}
      

      The NEG acts as a backend for the load balancer, pointing to your hello-run service.

    2. Create a backend service to manage how traffic is distributed to the NEG:

      gcloud compute backend-services create hello-backend-service \
          --global \
          --load-balancing-scheme=EXTERNAL_MANAGED \
          --project=${PROJECT_ID}
      
    3. Add the serverless NEG as a backend to the backend service:

      gcloud compute backend-services add-backend hello-backend-service \
          --global \
          --network-endpoint-group=hello-run-neg \
          --network-endpoint-group-region=${REGION} \
          --project=${PROJECT_ID}
      
    4. Create a URL map to route incoming requests to the backend service:

      gcloud compute url-maps create hello-url-map \
          --default-service=hello-backend-service \
          --project=${PROJECT_ID}
      
    5. Create an HTTP proxy to receive requests and route them using the URL map:

      gcloud compute target-http-proxies create hello-http-proxy \
          --url-map=hello-url-map \
          --project=${PROJECT_ID}
      
    6. Create a global forwarding rule:

      gcloud compute forwarding-rules create hello-forwarding-rule \
          --global \
          --load-balancing-scheme=EXTERNAL_MANAGED \
          --target-http-proxy=hello-http-proxy \
          --ports=80 \
          --project=${PROJECT_ID}
      

      This forwarding rule provides a public IP address and port to handle incoming user requests and directs them to the proxy.

Terraform

  1. Create a main.tf file and add the following code:

    # Provider configuration
    provider "google" {
      project = "PROJECT_ID"
    }
    
    # Cloud Run service
    resource "google_cloud_run_v2_service" "default" {
      name     = "hello-run"
      location = "REGION"
      template {
        containers {
          image = "us-docker.pkg.dev/cloudrun/container/hello"
        }
      }
    }
    
    # Allow unauthenticated access to the Cloud Run service
    resource "google_cloud_run_v2_service_iam_member" "noauth" {
      project  = google_cloud_run_v2_service.default.project
      location = google_cloud_run_v2_service.default.location
      name     = google_cloud_run_v2_service.default.name
      role     = "roles/run.invoker"
      member   = "allUsers"
    }
    

    Replace the following:

    • PROJECT_ID: the ID of your management project.
    • REGION: your chosen region for resources, for example, us-central1.

    This block defines the Google Cloud provider and configures a public-facing Cloud Run service using a sample hello-world container image. It also includes an IAM policy binding to allow unauthenticated invocations, making the service publicly accessible.

  2. Add the following code to your main.tf file to create the global external Application Load Balancer:

    # Serverless NEG for the Cloud Run service
    resource "google_compute_region_network_endpoint_group" "serverless_neg" {
      name                  = "hello-run-neg"
      network_endpoint_type = "SERVERLESS"
      region                = "REGION"
      cloud_run {
        service = google_cloud_run_v2_service.default.name
      }
    }
    
    # Global external backend service
    resource "google_compute_backend_service" "default" {
      name                            = "hello-backend-service"
      protocol                        = "HTTP"
      load_balancing_scheme           = "EXTERNAL_MANAGED"
      backend {
        group = google_compute_region_network_endpoint_group.serverless_neg.id
      }
    }
    
    # URL map to route requests to the backend service
    resource "google_compute_url_map" "default" {
      name            = "hello-url-map"
      default_service = google_compute_backend_service.default.id
    }
    
    # HTTP proxy to route requests to the URL map
    resource "google_compute_target_http_proxy" "default" {
      name    = "hello-http-proxy"
      url_map = google_compute_url_map.default.id
    }
    
    # Global forwarding rule to handle incoming requests
    resource "google_compute_global_forwarding_rule" "default" {
      name       = "hello-forwarding-rule"
      target     = google_compute_target_http_proxy.default.id
      port_range = "80"
    }
    

    This block defines the following components:

    • A serverless network endpoint group (NEG), which acts as a backend for the load balancer and points to the Cloud Run service.
    • A backend service that directs traffic to the serverless NEG.
    • A URL map to route incoming requests to the backend service.
    • An HTTP proxy to receive requests and route them using the URL map.
    • A global forwarding rule, which provides a public IP address and port to handle incoming user requests and directs them to the proxy.
  3. Initialize and apply the Terraform configuration:

    terraform init
    terraform apply
    

    Terraform deploys the resources to your project.

Define the application in App Hub

After deploying the resources as a forwarding rule and a Cloud Run service, follow these steps to group them into an application in App Hub:

Console

  1. Go to the Applications page from App Hub:

    Go to Applications

  2. Click Create application.

  3. Select Global as the application location.

  4. Enter my-global-app for the Application name and click Continue.

  5. Optionally, add a display name, criticality, environment, and owners.

  6. Click Create.

  7. On the Services and workloads tab, click Register service/workload.

  8. Select the forwarding rule, name it frontend-service, and click Register.

  9. Select the Cloud Run service, name it backend-service, and click Register.

gcloud

  1. Create the application:

    gcloud apphub applications create my-global-app \
        --location=global \
        --display-name="My Global Application" \
        --project=${PROJECT_ID}
    
  2. Discover the IDs for the forwarding rule and the Cloud Run service in the appropriate region:

    gcloud apphub discovered-services list \
        --location=global \
        --project=${PROJECT_ID}
    
    gcloud apphub discovered-services list \
        --location=${REGION} \
        --project=${PROJECT_ID}
    

    Note the ID of the forwarding rule and the Cloud Run service.

  3. Register the forwarding rule to the global application:

    gcloud apphub applications services create frontend-service \
        --application=my-global-app \
        --discovered-service=projects/${PROJECT_ID}/locations/global/discoveredServices/FRONTEND_ID \
        --display-name="Frontend Service" \
        --location=global \
        --project=${PROJECT_ID}
    

    Replace FRONTEND_ID with the ID of the forwarding rule.

  4. Register the Cloud Run service to the global application:

    gcloud apphub applications services create backend-service \
        --application=my-global-app \
        --discovered-service=projects/${PROJECT_ID}/locations/${REGION}/discoveredServices/BACKEND_ID \
        --display-name="Backend Service" \
        --location=global \
        --project=${PROJECT_ID}
    

    Replace BACKEND_ID with the ID of the Cloud Run service.

Terraform

  1. Create an application.tf file and add the following code:

    # Application
    resource "google_apphub_application" "my_global_app" {
      project        = "PROJECT_ID"
      location       = "global"
      application_id = "my-global-app"
      display_name   = "My Global Web App"
      description    = "A sample global web application."
      scope {
        type = "GLOBAL"
      }
      attributes {
        criticality {
          type = "MEDIUM"
        }
        environment {
          type = "DEVELOPMENT"
        }
        business_owners {
          display_name = "Example Business Owner"
          email        = "business-owner@example.com"
        }
        developer_owners {
          display_name = "Example Developer"
          email        = "dev-owner@example.com"
        }
        operator_owners {
          display_name = "Example Operator"
          email        = "operator-owner@example.com"
        }
      }
    }
    

    This block uses the google_apphub_application resource to create a logical grouping for your services and workloads.

    This example creates a global application and defines attributes for governance and discoverability, such as criticality, environment, and owners. You can modify those values for your sample configuration.

  2. Add the following code to application.tf to discover your deployed resources:

    # Discover the forwarding rule
    data "google_apphub_discovered_service" "frontend_service" {
      location = "global"
      service_uri = "//compute.googleapis.com/${google_compute_global_forwarding_rule.default.id}"
    }
    
    # Discover the Cloud Run service
    data "google_apphub_discovered_service" "backend_service" {
      location    = "REGION"
      service_uri = "//run.googleapis.com/${google_cloud_run_v2_service.default.id}"
    }
    

    The google_apphub_discovered_service data sources find the resource names of your existing infrastructure based on their URIs. This step lets App Hub identify the specific resources you want to register.

  3. Add the following code to application.tf to register the discovered resources:

    # Register the forwarding rule as a service in the application
    resource "google_apphub_service" "frontend" {
      project            = "PROJECT_ID"
      location           = "global"
      application_id     = google_apphub_application.my_global_app.application_id
      service_id         = "frontend-service"
      display_name       = "Frontend Service (LB)"
      discovered_service = data.google_apphub_discovered_service.frontend_service.name
    }
    
    # Register the Cloud Run service as a service in the application
    resource "google_apphub_service" "backend" {
      project            = "PROJECT_ID"
      location           = "global"
      application_id     = google_apphub_application.my_global_app.application_id
      service_id         = "backend-service"
      display_name       = "Backend Service (Cloud Run)"
      discovered_service = data.google_apphub_discovered_service.backend_service.name
    }
    

    The google_apphub_service resources formally register the discovered resources into your application. This step creates the link between your infrastructure and the application you defined in App Hub.

  4. Initialize and apply the Terraform configuration:

    terraform init
    terraform apply
    

    Terraform registers the resources to your my-global-app application in App Hub.

Optional: Monitor your new application

After defining your application in App Hub, you can use integrated Google Cloud services to monitor its health and performance:

Clean up

To avoid incurring charges to your Google Cloud account for the resources used on this page, follow these steps.

  1. Unregister services and workloads.
  2. Delete the global application.
  3. If you used Terraform to deploy your application, run terraform destroy in the directory containing your Terraform files to deprovision all the resources you created.
  4. Optional: If you created a new project for this quickstart, delete the project.

What's next