Deploying to Cloud Run

You can deploy an image hosted by Artifact Registry to Cloud Run (fully managed).

Permissions required to deploy

To deploy to Cloud Run (fully managed), you must have the Owner or Editor role, or both the Cloud Run Admin and Service Account User roles, or any custom role that includes this specific list of permissions.

Deploying a new service

You can specify a container image with a tag or digest.

Deploying to a service for the first time creates its first revision. Note that revisions are immutable. If you deploy from a container image tag, it will be resolved to a digest and the revision will always serve this particular digest.

You can deploy a container using the Cloud Console or the gcloud command line.

Console

To deploy a container image:

  1. Go to Cloud Run

  2. Click Create service to display the Create service page.

  3. Under Deployment platform:

    1. Select Cloud Run (fully managed) as the deployment platform.

    2. Select the region where you want your service located.

    3. Enter the service name. Service names must be unique per region and project or per cluster. A service name cannot be changed later and is publicly visible when using Cloud Run (fully managed).

  4. Under Authentication:

    • If you are creating a public API or website, select Allow unauthenticated invocations. Selecting this assigns the IAM Invoker role to the special identifier allUser. You can use IAM to edit this setting later after you create the service.
    • If you want a secure service protected by authentication, select Require authentication.
  5. Click Next to continue to the second page of the service creation form:

  6. In the Container image URL textbox, supply the URL of an image, for example: us-central1-docker.pkg.dev/my-project/my-repo/my-image:latest

  7. Optionally, click Show Advanced Settings and the subsequent tabs to set:

  8. Click Create to deploy the image to Cloud Run and wait for the deployment to finish.

  9. Click the displayed URL link to open the endpoint of your deployed service.

Command line

To deploy a container image:

  1. Run the following command.

    gcloud run deploy SERVICE --image REPO-LOCATION-docker.pkg.dev/PROJECT-ID/REPOSITORY/IMAGE \
    [--platform managed --region RUN-REGION]
    

    Where

    • REPO-LOCATION is the location of the repository. For example, us-central1.
    • SERVICE is the name of the service you want to deploy to. If the service does not exist yet, this command creates the service during the deployment. You can omit this parameter entirely, but you will be prompted for the service name if you omit it.
    • PROJECT-ID is the Google Cloud project ID.
    • REPOSITORY is the name of the repository where the image is stored.
    • IMAGE is the name of your image, for example, us-central1-docker.pkg.dev/my-project/my-repo/my-image:latest.
    • RUN-REGION is the Cloud Run location for the deployment. If you set a default Cloud Run location set with the gcloud property run/region, you can omit --platform managed -region RUN-REGION].

    If you are creating a public API or website, you can allow unauthenticated invocations of your service using the --allow- unauthenticated flag. This assigns the Cloud Run Invoker IAM role to allUsers. You can also specify --no-allow-unauthenticated to not allow unauthenticated invocations. If you omit either of these flags, you are prompted to confirm when the deploy command runs.

  2. Wait for the deployment to finish. Upon successful completion, a success message is displayed along with the URL of the deployed service.