You can deploy an image hosted by Artifact Registry to Cloud Run (fully managed).
Permissions required to deploy
To deploy to Cloud Run (fully managed), you must have the Owner or Editor role, or both the Cloud Run Admin and Service Account User roles, or any custom role that includes this specific list of permissions.
Deploying a new service
You can specify a container image with a tag or digest.
Deploying to a service for the first time creates its first revision. Note that revisions are immutable. If you deploy from a container image tag, it will be resolved to a digest and the revision will always serve this particular digest.
You can deploy a container using the Cloud Console or the
To deploy a container image:
Click Create service to display the Create service page.
Under Deployment platform:
Select Cloud Run (fully managed) as the deployment platform.
Select the region where you want your service located.
Enter the service name. Service names must be unique per region and project or per cluster. A service name cannot be changed later and is publicly visible when using Cloud Run (fully managed).
- If you are creating a public API or website, select
Allow unauthenticated invocations. Selecting this assigns the
IAM Invoker role to the special identifier
allUser. You can use IAM to edit this setting later after you create the service.
- If you want a secure service protected by authentication, select Require authentication.
- If you are creating a public API or website, select Allow unauthenticated invocations. Selecting this assigns the IAM Invoker role to the special identifier
Click Next to continue to the second page of the service creation form:
In the Container image URL textbox, supply the URL of an image, for example:
Optionally, click Show Advanced Settings and the subsequent tabs to set:
Click Create to deploy the image to Cloud Run and wait for the deployment to finish.
Click the displayed URL link to open the endpoint of your deployed service.
To deploy a container image:
Run the following command.
gcloud run deploy SERVICE --image REPO-LOCATION-docker.pkg.dev/PROJECT-ID/REPOSITORY/IMAGE \ [--platform managed --region RUN-REGION]
- REPO-LOCATION is the location of the repository.
- SERVICE is the name of the service you want to deploy to. If the service does not exist yet, this command creates the service during the deployment. You can omit this parameter entirely, but you will be prompted for the service name if you omit it.
- PROJECT-ID is the Google Cloud project ID.
- REPOSITORY is the name of the repository where the image is stored.
- IMAGE is the name of your image, for example,
- RUN-REGION is the Cloud Run location for the
deployment. If you set a default Cloud Run
location set with the
run/region, you can omit
--platform managed -region RUN-REGION].
If you are creating a public API or website, you can allow unauthenticated invocations of your service using the
--allow- unauthenticatedflag. This assigns the Cloud Run Invoker IAM role to
allUsers. You can also specify
--no-allow-unauthenticatedto not allow unauthenticated invocations. If you omit either of these flags, you are prompted to confirm when the
- REPO-LOCATION is the location of the repository. For example,
Wait for the deployment to finish. Upon successful completion, a success message is displayed along with the URL of the deployed service.