You can deploy a container image stored in Artifact Registry to Cloud Run. You can also deploy directly from source to Cloud Run, which includes automatically creating a container image for your built source and storing the image in Artifact Registry.
Permissions required to deploy
- Deploying from source
- To deploy from source, you must have permissions to build, store the built container image, and deploy.
- Deploying container images
To deploy to Cloud Run, you must have the Owner or Editor role, or the Cloud Run Admin, Service Account User roles, and Artifact Registry Reader role, or any custom role that includes a specific set of permissions.
If your repositories are in a different project, you must grant Artifact Registry Reader permissions to the Cloud Run Service Agent.
Deploying from local source
For supported languages, Cloud Run can automatically:
- Containerize local source code.
- Push the container image to an Artifact Registry repository.
- Deploy the container image Cloud Run from the repository.
Cloud Run pushes and pulls images using the repository
cloud-run-source-deploy in the region that you specify at deploy time.
If the repository does not exist, Cloud Run creates it for you if
your account has the required permissions.
For details, see Deploying from source code. You can also try the Cloud Run quickstarts for languages that support deploying from source code.
Deploying container images
You can deploy an image by tag or digest that is stored in Artifact Registry.
Deploying to a service for the first time creates its first revision. Note that revisions are immutable. If you deploy from a container image tag, it will be resolved to a digest and the revision will always serve this particular digest.
You can deploy a container using the Google Cloud console or the gcloud
command line. For instructions see, Deploying container images.