Deploy an app to Cloud Run using Cloud Deploy
This page shows you how to use Cloud Deploy to deliver a sample
application image named hello
to a sequence of two Cloud Run
services.
In this quickstart, you'll do the following:
Create a Skaffold configuration
Create service definition files for two Cloud Run services.
These files define the services and specify the (pre-built) container image to deploy.
Define your Cloud Deploy delivery pipeline and deployment targets, which point to the two services.
Instantiate your delivery pipeline by creating a release, which automatically deploys to the first target.
Promote the release to the second target.
View both rollouts in Google Cloud console.
Before you begin
- Sign in to your Google Cloud account. If you're new to Google Cloud, create an account to evaluate how our products perform in real-world scenarios. New customers also get $300 in free credits to run, test, and deploy workloads.
-
In the Google Cloud console, on the project selector page, select or create a Google Cloud project.
-
Make sure that billing is enabled for your Google Cloud project.
-
Enable the Cloud Deploy, Cloud Build, Cloud Run, and Cloud Storage APIs.
- Install the Google Cloud CLI.
-
To initialize the gcloud CLI, run the following command:
gcloud init
-
In the Google Cloud console, on the project selector page, select or create a Google Cloud project.
-
Make sure that billing is enabled for your Google Cloud project.
-
Enable the Cloud Deploy, Cloud Build, Cloud Run, and Cloud Storage APIs.
- Install the Google Cloud CLI.
-
To initialize the gcloud CLI, run the following command:
gcloud init
- Make sure the default Compute Engine service account has sufficient permissions.
The service account might already have the necessary permissions. These steps are included for projects that disable automatic role grants for default service accounts.
- Add the
clouddeploy.jobRunner
role:gcloud projects add-iam-policy-binding PROJECT_ID \ --member=serviceAccount:$(gcloud projects describe PROJECT_ID \ --format="value(projectNumber)")-compute@developer.gserviceaccount.com \ --role="roles/clouddeploy.jobRunner"
- Grant the default execution service account
actAs
permission to deploy workloads into Cloud Run:gcloud iam service-accounts add-iam-policy-binding $(gcloud projects describe PROJECT_ID \ --format="value(projectNumber)")-compute@developer.gserviceaccount.com \ --member=serviceAccount:$(gcloud projects describe PROJECT_ID \ --format="value(projectNumber)")-compute@developer.gserviceaccount.com \ --role="roles/iam.serviceAccountUser" \ --project=PROJECT_ID
- Add the Cloud Run developer permissions:
gcloud projects add-iam-policy-binding PROJECT_ID \ --member=serviceAccount:$(gcloud projects describe PROJECT_ID \ --format="value(projectNumber)")-compute@developer.gserviceaccount.com \ --role="roles/run.developer"
If you have trouble adding either of these roles, contact your project administrator.
If you already have the CLI installed, make sure you're running the latest version:
gcloud components update
Prepare your Skaffold configuration
Cloud Deploy uses Skaffold to provide the details for what to deploy and how to deploy it properly for your separate targets.
In this quickstart, you create a skaffold.yaml
file, which identifies the
Cloud Run service definition to be used to deploy the sample
app.
Open a terminal window.
Create a new directory, named
deploy-run-quickstart
and navigate into it.mkdir deploy-run-quickstart cd deploy-run-quickstart
Create a file named
skaffold.yaml
with the following contents:apiVersion: skaffold/v3alpha1 kind: Config metadata: name: deploy-run-quickstart profiles: - name: dev manifests: rawYaml: - run-dev.yaml - name: prod manifests: rawYaml: - run-prod.yaml deploy: cloudrun: {}
This file is a minimal Skaffold config, identifying your Cloud Run services. See the
skaffold.yaml
reference for more information about this file.
Prepare your Cloud Run services
For this quickstart, you'll create two different Cloud Run services in the same project. Cloud Deploy also supports deploying across multiple projects. Also, we use Skaffold profiles to make it possible to have two services in the same project. When you use different projects, you might not need to use Skaffold profiles.
Create a file named
run-dev.yaml
with the following contents:apiVersion: serving.knative.dev/v1 kind: Service metadata: name: deploy-qs-dev spec: template: spec: containers: - image: my-app-image
This file defines a Cloud Run service. As the name
deploy-qs-dev
implies, this is yourdev
service, and will correspond to the first target in your delivery pipeline progression.Create a file named
run-prod.yaml
with the following contents:apiVersion: serving.knative.dev/v1 kind: Service metadata: name: deploy-qs-prod spec: template: spec: containers: - image: my-app-image
This file defines the
prod
service.
Create your delivery pipeline and targets
You can define your pipeline and targets in one file or in separate files. In this quickstart, you create a single file.
In the
deploy-run-quickstart
directory, create a new file:clouddeploy.yaml
, with the following contents:apiVersion: deploy.cloud.google.com/v1 kind: DeliveryPipeline metadata: name: my-run-demo-app-1 description: main application pipeline serialPipeline: stages: - targetId: run-qsdev profiles: [dev] - targetId: run-qsprod profiles: [prod] --- apiVersion: deploy.cloud.google.com/v1 kind: Target metadata: name: run-qsdev description: Cloud Run development service run: location: projects/PROJECT_ID/locations/us-central1 --- apiVersion: deploy.cloud.google.com/v1 kind: Target metadata: name: run-qsprod description: Cloud Run production service run: location: projects/PROJECT_ID/locations/us-central1
Register your pipeline and targets with the Cloud Deploy service:
gcloud deploy apply --file=clouddeploy.yaml --region=us-central1 --project=PROJECT_ID
You now have a pipeline, with targets, ready to deploy your application to your first target.
Confirm your pipeline and targets:
In the Google Cloud console, navigate to the Cloud Deploy Delivery pipelines page to view of list of your available delivery pipelines.
Open the Delivery pipelines page
The delivery pipeline you just created is shown, and the two targets are listed in the Targets column.
Create a release
A release is the central Cloud Deploy resource representing the changes being deployed. The delivery pipeline defines the lifecycle of that release. See Cloud Deploy service architecture for details about that lifecycle.
Run the following command from the deploy-run-quickstart
directory to create a
release
resource that represents the container image to deploy:
gcloud deploy releases create test-release-001 \
--project=PROJECT_ID \
--region=us-central1 \
--delivery-pipeline=my-run-demo-app-1 \
--images=my-app-image=gcr.io/cloudrun/hello@sha256:98cdb98c2d97a67d5e9183beedfec98ca9d5967acd874409b4800bf4d1a51710
As with all releases (unless they include --disable-initial-rollout
),
Cloud Deploy automatically creates a
rollout resource too. The application is
automatically deployed into the first target in the progression.
Promote the release
From the Delivery pipelines page, click the
my-run-demo-app-1
pipeline.Open the Delivery pipelines page
The Delivery pipeline details page shows a graphical representation of your delivery pipeline's progress. In this case, it shows that the release was deployed to the
run-qsdev
target.On the first target in the delivery pipeline visualization, click Promote.
The Promote release dialog is shown. It shows the details of the target you're promoting to.
Click Promote.
The release is now queued for deployment into
qsprod
. When deployment is complete, the delivery pipeline visualization shows it as deployed:
View the results in Google Cloud console
In the Google Cloud console, navigate to the Cloud Deploy Delivery pipelines page to view your my-run-demo-app-1 delivery pipeline.
Click the name of your delivery pipeline "my-run-demo-app-1".
The pipeline visualization shows the app's progress through the pipeline.
And your release is listed on the Releases tab under Delivery pipeline details.
Click the release name,
test-release-001
.Your rollouts appear under Rollouts. You can click a rollout to view its details, including the deployment log.
Accessing your Cloud Run service
By default, you must be authenticated in order to access newly created Cloud Run services. See the Cloud Run Authentication overview to learn how to provide credentials and to find out what Identity and Access Management configuration is required in order access the service without authentication.
Clean up
To avoid incurring charges to your Google Cloud account for the resources used on this page, follow these steps.
Delete the
deploy-qs-dev
Cloud Run service:gcloud run services delete deploy-qs-dev --region=us-central1 --project=PROJECT_ID
Delete the
deploy-qs-prod
service:gcloud run services delete deploy-qs-prod --region=us-central1 --project=PROJECT_ID
Delete the delivery pipeline, targets, release and rollouts:
gcloud deploy delete --file=clouddeploy.yaml --force --region=us-central1 --project=PROJECT_ID
Delete the Cloud Storage buckets that Cloud Deploy created.
One ends with
_clouddeploy
, and the other is[region].deploy-artifacts.[project].appspot.com
.
That's it, you completed this quickstart!