Create an application from existing resources

This quickstart shows you how to organize existing Google Cloud services into an App Hub application. First, you deploy a sample configuration, which you then use to define a global web application by registering its components as an application in App Hub.

This approach is for users who want to use their existing infrastructure to gain visibility and operational control by grouping resources into logical applications.

Before you begin

Before you start this quickstart, do the following:

Set up App Hub with an app-enabled folder.

Note: This quickstart creates an App Hub application within a single Google Cloud project, the management project located in the app-enabled folder.
Note the project ID of the management project to use throughout this document.
Verify that the following APIs are enabled in the management project. When you configure an app-enabled folder, most of the APIs you need for this quickstart are enabled automatically.
- Compute Engine API (compute.googleapis.com)
- Infrastructure Manager API (config.googleapis.com)
Enable APIs

Required roles

To get the permissions that you need to enable required APIs and create a sample application from existing resources, ask your administrator to grant you the following IAM roles on the management project:

To enable required APIs: Service Usage Admin (roles/serviceusage.serviceUsageAdmin)
To get full access to required services:
- App Hub Admin (roles/apphub.admin)
- Cloud Run Admin (roles/run.admin)
- Compute Admin (roles/compute.admin)
- Cloud Infrastructure Manager Admin (roles/config.admin)

For more information about granting roles, see Manage access to projects, folders, and organizations.

You might also be able to get the required permissions through custom roles or other predefined roles.

Deploy resources for the application

You must first deploy a set of sample resources that you will later use to define a global application in App Hub:

A Cloud Run service that acts as the application's backend.
A global external Application Load Balancer that directs traffic to the Cloud Run service as a forwarding rule.

Follow these steps to deploy these resources:

gcloud

Set the required environment variables:
```
export PROJECT_ID="PROJECT_ID"
export REGION="REGION"
```
Replace the following:
- PROJECT_ID: the ID of your management project.
- REGION: your chosen region for resources, for example, us-central1.

Deploy a sample Cloud Run service named hello-run:

gcloud run deploy hello-run \
    --image=us-docker.pkg.dev/cloudrun/container/hello \
    --allow-unauthenticated \
    --region=${REGION} \
    --project=${PROJECT_ID}

Create the global external Application Load Balancer. This process involves the following steps:

Create a serverless network endpoint group (NEG) called hello-run-neg:

gcloud compute network-endpoint-groups create hello-run-neg \
    --region=${REGION} \
    --network-endpoint-type=serverless \
    --cloud-run-service=hello-run \
    --project=${PROJECT_ID}

The NEG acts as a backend for the load balancer, pointing to your hello-run service.

Create a backend service to manage how traffic is distributed to the NEG:

gcloud compute backend-services create hello-backend-service \
    --global \
    --load-balancing-scheme=EXTERNAL_MANAGED \
    --project=${PROJECT_ID}

Add the serverless NEG as a backend to the backend service:

gcloud compute backend-services add-backend hello-backend-service \
    --global \
    --network-endpoint-group=hello-run-neg \
    --network-endpoint-group-region=${REGION} \
    --project=${PROJECT_ID}

Create a URL map to route incoming requests to the backend service:

gcloud compute url-maps create hello-url-map \
    --default-service=hello-backend-service \
    --project=${PROJECT_ID}

Create an HTTP proxy to receive requests and route them using the URL map:

gcloud compute target-http-proxies create hello-http-proxy \
    --url-map=hello-url-map \
    --project=${PROJECT_ID}

Create a global forwarding rule:

gcloud compute forwarding-rules create hello-forwarding-rule \
    --global \
    --load-balancing-scheme=EXTERNAL_MANAGED \
    --target-http-proxy=hello-http-proxy \
    --ports=80 \
    --project=${PROJECT_ID}

This forwarding rule provides a public IP address and port to handle incoming user requests and directs them to the proxy.

Terraform

Create a main.tf file and add the following code:

# Provider configuration
provider "google" {
  project = "PROJECT_ID"
}

# Cloud Run service
resource "google_cloud_run_v2_service" "default" {
  name     = "hello-run"
  location = "REGION"
  template {
    containers {
      image = "us-docker.pkg.dev/cloudrun/container/hello"
    }
  }
}

# Allow unauthenticated access to the Cloud Run service
resource "google_cloud_run_v2_service_iam_member" "noauth" {
  project  = google_cloud_run_v2_service.default.project
  location = google_cloud_run_v2_service.default.location
  name     = google_cloud_run_v2_service.default.name
  role     = "roles/run.invoker"
  member   = "allUsers"
}

Replace the following:

PROJECT_ID: the ID of your management project.
REGION: your chosen region for resources, for example, us-central1.

This block defines the Google Cloud provider and configures a public-facing Cloud Run service using a sample hello-world container image. It also includes an IAM policy binding to allow unauthenticated invocations, making the service publicly accessible.

Add the following code to your main.tf file to create the global external Application Load Balancer:

# Serverless NEG for the Cloud Run service
resource "google_compute_region_network_endpoint_group" "serverless_neg" {
  name                  = "hello-run-neg"
  network_endpoint_type = "SERVERLESS"
  region                = "REGION"
  cloud_run {
    service = google_cloud_run_v2_service.default.name
  }
}

# Global external backend service
resource "google_compute_backend_service" "default" {
  name                            = "hello-backend-service"
  protocol                        = "HTTP"
  load_balancing_scheme           = "EXTERNAL_MANAGED"
  backend {
    group = google_compute_region_network_endpoint_group.serverless_neg.id
  }
}

# URL map to route requests to the backend service
resource "google_compute_url_map" "default" {
  name            = "hello-url-map"
  default_service = google_compute_backend_service.default.id
}

# HTTP proxy to route requests to the URL map
resource "google_compute_target_http_proxy" "default" {
  name    = "hello-http-proxy"
  url_map = google_compute_url_map.default.id
}

# Global forwarding rule to handle incoming requests
resource "google_compute_global_forwarding_rule" "default" {
  name       = "hello-forwarding-rule"
  target     = google_compute_target_http_proxy.default.id
  port_range = "80"
}

This block defines the following components:

A serverless network endpoint group (NEG), which acts as a backend for the load balancer and points to the Cloud Run service.
A backend service that directs traffic to the serverless NEG.
A URL map to route incoming requests to the backend service.
An HTTP proxy to receive requests and route them using the URL map.
A global forwarding rule, which provides a public IP address and port to handle incoming user requests and directs them to the proxy.

Initialize and apply the Terraform configuration:
```
terraform init
terraform apply
```
Terraform deploys the resources to your project.

Define the application in App Hub

After deploying the resources as a forwarding rule and a Cloud Run service, follow these steps to group them into an application in App Hub:

Console

Go to the Applications page from App Hub:

Go to Applications
Click Create application.
Select Global as the application location.
Enter my-global-app for the Application name and click Continue.
Optionally, add a display name, criticality, environment, and owners.
Click Create.
On the Services and workloads tab, click Register service/workload.
Select the forwarding rule, name it frontend-service, and click Register.
Select the Cloud Run service, name it backend-service, and click Register.

gcloud

Create the application:

gcloud apphub applications create my-global-app \
    --location=global \
    --display-name="My Global Application" \
    --project=${PROJECT_ID}

Discover the IDs for the forwarding rule and the Cloud Run service in the appropriate region:

gcloud apphub discovered-services list \
    --location=global \
    --project=${PROJECT_ID}

gcloud apphub discovered-services list \
    --location=${REGION} \
    --project=${PROJECT_ID}

Note the ID of the forwarding rule and the Cloud Run service.

gcloud apphub applications services create frontend-service \
    --application=my-global-app \
    --discovered-service=projects/${PROJECT_ID}/locations/global/discoveredServices/FRONTEND_ID \
    --display-name="Frontend Service" \
    --location=global \
    --project=${PROJECT_ID}

Replace FRONTEND_ID with the ID of the forwarding rule.

gcloud apphub applications services create backend-service \
    --application=my-global-app \
    --discovered-service=projects/${PROJECT_ID}/locations/${REGION}/discoveredServices/BACKEND_ID \
    --display-name="Backend Service" \
    --location=global \
    --project=${PROJECT_ID}

Replace BACKEND_ID with the ID of the Cloud Run service.

Terraform

Create an application.tf file and add the following code:

# Application
resource "google_apphub_application" "my_global_app" {
  project        = "PROJECT_ID"
  location       = "global"
  application_id = "my-global-app"
  display_name   = "My Global Web App"
  description    = "A sample global web application."
  scope {
    type = "GLOBAL"
  }
  attributes {
    criticality {
      type = "MEDIUM"
    }
    environment {
      type = "DEVELOPMENT"
    }
    business_owners {
      display_name = "Example Business Owner"
      email        = "business-owner@example.com"
    }
    developer_owners {
      display_name = "Example Developer"
      email        = "dev-owner@example.com"
    }
    operator_owners {
      display_name = "Example Operator"
      email        = "operator-owner@example.com"
    }
  }
}

This block uses the google_apphub_application resource to create a logical grouping for your services and workloads.

This example creates a global application and defines attributes for governance and discoverability, such as criticality, environment, and owners. You can modify those values for your sample configuration.

Add the following code to application.tf to discover your deployed resources:

# Discover the forwarding rule
data "google_apphub_discovered_service" "frontend_service" {
  location = "global"
  service_uri = "//compute.googleapis.com/${google_compute_global_forwarding_rule.default.id}"
}

# Discover the Cloud Run service
data "google_apphub_discovered_service" "backend_service" {
  location    = "REGION"
  service_uri = "//run.googleapis.com/${google_cloud_run_v2_service.default.id}"
}

The google_apphub_discovered_service data sources find the resource names of your existing infrastructure based on their URIs. This step lets App Hub identify the specific resources you want to register.

Add the following code to application.tf to register the discovered resources:

# Register the forwarding rule as a service in the application
resource "google_apphub_service" "frontend" {
  project            = "PROJECT_ID"
  location           = "global"
  application_id     = google_apphub_application.my_global_app.application_id
  service_id         = "frontend-service"
  display_name       = "Frontend Service (LB)"
  discovered_service = data.google_apphub_discovered_service.frontend_service.name
}

# Register the Cloud Run service as a service in the application
resource "google_apphub_service" "backend" {
  project            = "PROJECT_ID"
  location           = "global"
  application_id     = google_apphub_application.my_global_app.application_id
  service_id         = "backend-service"
  display_name       = "Backend Service (Cloud Run)"
  discovered_service = data.google_apphub_discovered_service.backend_service.name
}

The google_apphub_service resources formally register the discovered resources into your application. This step creates the link between your infrastructure and the application you defined in App Hub.

Initialize and apply the Terraform configuration:
```
terraform init
terraform apply
```
Terraform registers the resources to your my-global-app application in App Hub.

Optional: Monitor your new application

After defining your application in App Hub, you can use integrated Google Cloud services to monitor its health and performance:

View operational data in Cloud Hub:
1. Set up Cloud Hub.
2. In the Google Cloud console, go to the Home page of Cloud Hub.
  
  Go to Home
3. From the application selector, choose your my-global-app application. The page displays a summary of your application's health. For more information, see the Cloud Hub overview.
View detailed dashboards in Application Monitoring:
1. Set up Google Cloud Observability for Application Monitoring.
2. In the Google Cloud console, go to the Application monitoring page:
  Go to Application monitoring
  
  If you use the search bar to find this page, then select the result whose subheading is Monitoring.
3. From the project picker of the Google Cloud console, select the management project.
  
  The Application Monitoring page displays predefined dashboards for your application. For more information, see Monitor application health and performance.
  
  For detailed instructions on how to use the predefined dashboards and explore your telemetry data, see View application telemetry.

Clean up

To avoid incurring charges to your Google Cloud account for the resources used on this page, follow these steps.

Unregister services and workloads.
Delete the global application.
If you used Terraform to deploy your application, run terraform destroy in the directory containing your Terraform files to deprovision all the resources you created.
Optional: If you created a new project for this quickstart, delete the project.

Create an application from existing resources

Before you begin

Required roles

Deploy resources for the application

gcloud

Terraform

Define the application in App Hub

Console

gcloud

Terraform

Optional: Monitor your new application

Clean up

What's next