Deploy an app to Cloud Run using Cloud Deploy

This page shows you how to use Cloud Deploy to deliver a sample application image named hello to a sequence of two Cloud Run services or two Cloud Run jobs.

In this quickstart, you'll do the following:

  1. Create a Skaffold configuration

  2. Create configuration files for two Cloud Run services or two jobs.

    These files define the services or jobs, and specify the (pre-built) container images to deploy.

  3. Define your Cloud Deploy delivery pipeline and deployment targets, which point to the two services or the two jobs.

  4. Instantiate your delivery pipeline by creating a release, which automatically deploys to the first target.

  5. Promote the release to the second target.

  6. View both rollouts in Google Cloud console.

Before you begin

  1. Sign in to your Google Cloud account. If you're new to Google Cloud, create an account to evaluate how our products perform in real-world scenarios. New customers also get $300 in free credits to run, test, and deploy workloads.
  2. In the Google Cloud console, on the project selector page, select or create a Google Cloud project.

    Go to project selector

  3. Make sure that billing is enabled for your Google Cloud project.

  4. Enable the Cloud Deploy, Cloud Build, Cloud Run, and Cloud Storage APIs.

    Enable the APIs

  5. Install the Google Cloud CLI.
  6. To initialize the gcloud CLI, run the following command:

    gcloud init
  7. In the Google Cloud console, on the project selector page, select or create a Google Cloud project.

    Go to project selector

  8. Make sure that billing is enabled for your Google Cloud project.

  9. Enable the Cloud Deploy, Cloud Build, Cloud Run, and Cloud Storage APIs.

    Enable the APIs

  10. Install the Google Cloud CLI.
  11. To initialize the gcloud CLI, run the following command:

    gcloud init
  12. If you already have the CLI installed, make sure you're running the latest version:

    gcloud components update
    

  13. Make sure the default Compute Engine service account has sufficient permissions.

    The service account might already have the necessary permissions. These steps are included for projects that disable automatic role grants for default service accounts.

    1. Add the clouddeploy.jobRunner role:

      gcloud projects add-iam-policy-binding PROJECT_ID \
          --member=serviceAccount:$(gcloud projects describe PROJECT_ID \
          --format="value(projectNumber)")-compute@developer.gserviceaccount.com \
          --role="roles/clouddeploy.jobRunner"
      

    2. Grant the default execution service account actAs permission to deploy workloads into Cloud Run:

      gcloud iam service-accounts add-iam-policy-binding $(gcloud projects describe PROJECT_ID \
          --format="value(projectNumber)")-compute@developer.gserviceaccount.com \
          --member=serviceAccount:$(gcloud projects describe PROJECT_ID \
          --format="value(projectNumber)")-compute@developer.gserviceaccount.com \
          --role="roles/iam.serviceAccountUser" \
          --project=PROJECT_ID
      

    3. Add the Cloud Run developer permissions:

      gcloud projects add-iam-policy-binding PROJECT_ID \
          --member=serviceAccount:$(gcloud projects describe PROJECT_ID \
          --format="value(projectNumber)")-compute@developer.gserviceaccount.com \
          --role="roles/run.developer"
      

      If you have trouble adding either of these roles, contact your project administrator.

Prepare your Skaffold configuration

Cloud Deploy uses Skaffold to provide the details for what to deploy and how to deploy it properly for your separate targets.

For this quickstart, you create a skaffold.yaml file, which identifies the Cloud Run service or job definition to be used to deploy the sample app.

  1. Open a terminal window.

  2. Create a new directory, named deploy-run-quickstart and navigate into it.

    mkdir deploy-run-quickstart
    cd deploy-run-quickstart
    
  3. Create a file named skaffold.yaml with the following contents:

    Services

    apiVersion: skaffold/v4beta7
    kind: Config
    metadata: 
      name: deploy-run-quickstart
    profiles:
    - name: dev
      manifests:
        rawYaml:
        - run-service-dev.yaml
    - name: prod
      manifests:
        rawYaml:
        - run-service-prod.yaml
    deploy:
      cloudrun: {}
    

    Jobs

    apiVersion: skaffold/v4beta7
    kind: Config
    metadata: 
      name: deploy-run-quickstart
    profiles:
    - name: dev
      manifests:
        rawYaml:
        - run-job-dev.yaml
    - name: prod
      manifests:
        rawYaml:
        - run-job-prod.yaml
    deploy:
      cloudrun: {}
    

    This file is a minimal Skaffold config, identifying your Cloud Run services or jobs. See the skaffold.yaml reference for more information about this file.

Prepare your Cloud Run services or jobs

For this quickstart, you'll create either two different Cloud Run services or two Cloud Run jobs, in the same project. Cloud Deploy also supports deploying across multiple projects. Also, we use Skaffold profiles to make it possible to have two services or jobs in the same project. When you use different projects, you might not need to use Skaffold profiles.

Services

  1. Create a file named run-service-dev.yaml with the following contents:

    apiVersion: serving.knative.dev/v1
    kind: Service
    metadata:
      name: deploy-run-service-dev
    spec:
      template:
        spec:
          containers:
          - image: my-app-image
    

    This file defines a Cloud Run service. As the name deploy-run-service-dev implies, this is your dev service, and corresponds to the first target in your delivery pipeline progression.

  2. Create a file named run-service-prod.yaml with the following contents:

    apiVersion: serving.knative.dev/v1
    kind: Service
    metadata:
      name: deploy-run-service-prod
    spec:
      template:
        spec:
          containers:
          - image: my-app-image
    

    This file defines another Cloud Run service, and as the name deploy-run-service-prod implies, this is your prod service, and corresponds to the second target in your delivery pipeline progression.

Jobs

  1. Create a file named run-job-dev.yaml with the following contents:

    apiVersion: run.googleapis.com/v1
    kind: Job
    metadata:
      name: deploy-run-job-dev
    spec:
      template:
        spec:
          template:
            spec:
              containers:
              - image: my-app-image
    

    This file defines a Cloud Run job. As the name deploy-run-job-dev implies, this is your dev job, and corresponds to the first target in your delivery pipeline progression.

  2. Create a file named run-job-prod.yaml with the following contents:

    apiVersion: run.googleapis.com/v1
    kind: Job
    metadata:
      name: deploy-run-job-prod
    spec:
      template:
        spec:
          template:
            spec:
              containers:
              - image: my-app-image
    

    This file defines another Cloud Run job. As the name deploy-run-job-prod implies, this is your prod job, and corresponds to the second target in your delivery pipeline progression.

Create your delivery pipeline and targets

You can define your pipeline and targets in one file or in separate files. In this quickstart, you create a single file.

  1. In the deploy-run-quickstart directory, create a new file: clouddeploy.yaml, with the following contents:

    apiVersion: deploy.cloud.google.com/v1
    kind: DeliveryPipeline
    metadata:
      name: my-run-demo-app-1
    description: main application pipeline
    serialPipeline:
      stages:
      - targetId: run-qsdev
        profiles: [dev]
      - targetId: run-qsprod
        profiles: [prod]
    ---
    
    apiVersion: deploy.cloud.google.com/v1
    kind: Target
    metadata:
      name: run-qsdev
    description: Cloud Run development service
    run:
      location: projects/PROJECT_ID/locations/us-central1
    ---
    
    apiVersion: deploy.cloud.google.com/v1
    kind: Target
    metadata:
      name: run-qsprod
    description: Cloud Run production service
    run:
      location: projects/PROJECT_ID/locations/us-central1
    
  2. Register your pipeline and targets with the Cloud Deploy service:

    gcloud deploy apply --file=clouddeploy.yaml --region=us-central1 --project=PROJECT_ID
    

    You now have a pipeline, with targets, ready to deploy your application to your first target.

  3. Confirm your pipeline and targets:

    In the Google Cloud console, navigate to the Cloud Deploy Delivery pipelines page to view of list of your available delivery pipelines.

    Open the Delivery pipelines page

    The delivery pipeline you just created is shown, and the two targets are listed in the Targets column.

    Delivery pipeline shown in Google Cloud console

Create a release

A release is the central Cloud Deploy resource representing the changes being deployed. The delivery pipeline defines the lifecycle of that release. See Cloud Deploy service architecture for details about that lifecycle.

Run the following command from the deploy-run-quickstart directory to create a release resource that represents the container image to deploy:

Services

 gcloud deploy releases create test-release-001 \
   --project=PROJECT_ID \
   --region=us-central1 \
   --delivery-pipeline=my-run-demo-app-1 \
   --images=my-app-image=gcr.io/cloudrun/hello@sha256:98cdb98c2d97a67d5e9183beedfec98ca9d5967acd874409b4800bf4d1a51710

Jobs

 gcloud deploy releases create test-release-001 \
   --project=PROJECT_ID \
   --region=us-central1 \
   --delivery-pipeline=my-run-demo-app-1 \
   --images=my-app-image=us-docker.pkg.dev/cloudrun/container/job@sha256:d7c33651fbad911a9a0a0c16f2f9b3a79f0b9e3e89afb205603af706067feac5

As with all releases (unless they include --disable-initial-rollout), Cloud Deploy automatically creates a rollout resource too. The application is automatically deployed into the first target in the progression.

Promote the release

  1. From the Delivery pipelines page, click the my-run-demo-app-1 pipeline.

    Open the Delivery pipelines page

    The Delivery pipeline details page shows a graphical representation of your delivery pipeline's progress. In this case, it shows that the release was deployed to the run-qsdev target.

    delivery pipeline visualization in Google Cloud console

  2. On the first target in the delivery pipeline visualization, click Promote.

    The Promote release dialog is shown. It shows the details of the target you're promoting to.

  3. Click Promote.

    The release is now queued for deployment into run-qsprod. When deployment is complete, the delivery pipeline visualization shows it as deployed:

    delivery pipeline visualization in Google Cloud console, showing release deployed to prod.

View the results in Google Cloud console

  1. In the Google Cloud console, navigate to the Cloud Deploy Delivery pipelines page to view your my-run-demo-app-1 delivery pipeline.

    Open the Delivery pipelines page

  2. Click the name of your delivery pipeline "my-run-demo-app-1".

    The pipeline visualization shows the app's progress through the pipeline.

    delivery pipeline visualization in Google Cloud console

    And your release is listed on the Releases tab under Delivery pipeline details.

  3. Click the release name, test-release-001.

    Your rollouts appear under Rollouts. You can click a rollout to view its details, including the deployment log.

    rollouts in Google Cloud console

Accessing your Cloud Run service

By default, you must be authenticated in order to access newly created Cloud Run services. See the Cloud Run Authentication overview to learn how to provide credentials and to find out what Identity and Access Management configuration is required in order access the service without authentication. This doesn't apply to Cloud Run jobs.

Clean up

To avoid incurring charges to your Google Cloud account for the resources used on this page, follow these steps.

  1. Delete the deploy-qs-dev Cloud Run service or job:

    Services

    gcloud run services delete deploy-run-service-dev --region=us-central1 --project=PROJECT_ID
    

    Jobs

    gcloud run jobs delete deploy-run-job-dev --region=us-central1 --project=PROJECT_ID
    
  2. Delete the deploy-qs-prod service:

    Services

    gcloud run services delete deploy-run-service-prod --region=us-central1 --project=PROJECT_ID
    

    Jobs

    gcloud run jobs delete deploy-run-job-prod --region=us-central1 --project=PROJECT_ID
    
  3. Delete the delivery pipeline, targets, release and rollouts:

    gcloud deploy delete --file=clouddeploy.yaml --force --region=us-central1 --project=PROJECT_ID
    
  4. Delete the Cloud Storage buckets that Cloud Deploy created.

    One ends with _clouddeploy, and the other is [region].deploy-artifacts.[project].appspot.com.

    Open the Cloud Storage browser page

That's it, you completed this quickstart!

What's next