Deploy an app to Cloud Run using Cloud Deploy

This page shows you how to use Cloud Deploy to deliver a sample application image named hello to a sequence of two Cloud Run services.

In this quickstart, you'll do the following:

Create a Skaffold configuration
Create service definition files for two Cloud Run services.

These files define the services and specify the (pre-built) container image to deploy.
Define your Cloud Deploy delivery pipeline and deployment targets, which point to the two services.
Instantiate your delivery pipeline by creating a release, which automatically deploys to the first target.
Promote the release to the second target.
View both rollouts in Google Cloud console.

Before you begin

Sign in to your Google Cloud account. If you're new to Google Cloud, create an account to evaluate how our products perform in real-world scenarios. New customers also get $300 in free credits to run, test, and deploy workloads.

In the Google Cloud console, on the project selector page, select or create a Google Cloud project.

Go to project selector

Make sure that billing is enabled for your Google Cloud project.

Enable the Cloud Deploy, Cloud Build, Cloud Run, and Cloud Storage APIs.

Enable the APIs

Install the Google Cloud CLI.

To initialize the gcloud CLI, run the following command:

gcloud init

In the Google Cloud console, on the project selector page, select or create a Google Cloud project.

Go to project selector

Make sure that billing is enabled for your Google Cloud project.

Enable the Cloud Deploy, Cloud Build, Cloud Run, and Cloud Storage APIs.

Enable the APIs

Install the Google Cloud CLI.

To initialize the gcloud CLI, run the following command:

gcloud init

If you already have the CLI installed, make sure you're running the latest version:

gcloud components update

Make sure the default Compute Engine service account has sufficient permissions.
The service account might already have the necessary permissions. These steps are included for projects that disable automatic role grants for default service accounts.

Add the clouddeploy.jobRunner role:

gcloud projects add-iam-policy-binding PROJECT_ID \
    --member=serviceAccount:$(gcloud projects describe PROJECT_ID \
    --format="value(projectNumber)")-compute@developer.gserviceaccount.com \
    --role="roles/clouddeploy.jobRunner"

Grant the default execution service account actAs permission to deploy workloads into Cloud Run:

gcloud iam service-accounts add-iam-policy-binding $(gcloud projects describe PROJECT_ID \
    --format="value(projectNumber)")-compute@developer.gserviceaccount.com \
    --member=serviceAccount:$(gcloud projects describe PROJECT_ID \
    --format="value(projectNumber)")-compute@developer.gserviceaccount.com \
    --role="roles/iam.serviceAccountUser" \
    --project=PROJECT_ID

Add the Cloud Run developer permissions:

gcloud projects add-iam-policy-binding PROJECT_ID \
    --member=serviceAccount:$(gcloud projects describe PROJECT_ID \
    --format="value(projectNumber)")-compute@developer.gserviceaccount.com \
    --role="roles/run.developer"

If you have trouble adding either of these roles, contact your project administrator.

Prepare your Skaffold configuration

Cloud Deploy uses Skaffold to provide the details for what to deploy and how to deploy it properly for your separate targets.

In this quickstart, you create a skaffold.yaml file, which identifies the Cloud Run service definition to be used to deploy the sample app.

Open a terminal window.
Create a new directory, named deploy-run-quickstart and navigate into it.
```
mkdir deploy-run-quickstart
cd deploy-run-quickstart
```

Create a file named skaffold.yaml with the following contents:

apiVersion: skaffold/v3alpha1
kind: Config
metadata: 
  name: deploy-run-quickstart
profiles:
- name: dev
  manifests:
    rawYaml:
    - run-dev.yaml
- name: prod
  manifests:
    rawYaml:
    - run-prod.yaml
deploy:
  cloudrun: {}

This file is a minimal Skaffold config, identifying your Cloud Run services. See the skaffold.yaml reference for more information about this file.

Prepare your Cloud Run services

For this quickstart, you'll create two different Cloud Run services in the same project. Cloud Deploy also supports deploying across multiple projects. Also, we use Skaffold profiles to make it possible to have two services in the same project. When you use different projects, you might not need to use Skaffold profiles.

Create a file named run-dev.yaml with the following contents:
```
apiVersion: serving.knative.dev/v1
kind: Service
metadata:
  name: deploy-qs-dev
spec:
  template:
    spec:
      containers:
      - image: my-app-image
```
This file defines a Cloud Run service. As the name deploy-qs-dev implies, this is your dev service, and will correspond to the first target in your delivery pipeline progression.

Create a file named run-prod.yaml with the following contents:

apiVersion: serving.knative.dev/v1
kind: Service
metadata:
  name: deploy-qs-prod
spec:
  template:
    spec:
      containers:
      - image: my-app-image

This file defines the prod service.

Create your delivery pipeline and targets

You can define your pipeline and targets in one file or in separate files. In this quickstart, you create a single file.

In the deploy-run-quickstart directory, create a new file: clouddeploy.yaml, with the following contents:

apiVersion: deploy.cloud.google.com/v1
kind: DeliveryPipeline
metadata:
  name: my-run-demo-app-1
description: main application pipeline
serialPipeline:
  stages:
  - targetId: run-qsdev
    profiles: [dev]
  - targetId: run-qsprod
    profiles: [prod]
---

apiVersion: deploy.cloud.google.com/v1
kind: Target
metadata:
  name: run-qsdev
description: Cloud Run development service
run:
  location: projects/PROJECT_ID/locations/us-central1
---

apiVersion: deploy.cloud.google.com/v1
kind: Target
metadata:
  name: run-qsprod
description: Cloud Run production service
run:
  location: projects/PROJECT_ID/locations/us-central1

Register your pipeline and targets with the Cloud Deploy service:
```
gcloud deploy apply --file=clouddeploy.yaml --region=us-central1 --project=PROJECT_ID
```
You now have a pipeline, with targets, ready to deploy your application to your first target.
Confirm your pipeline and targets:

In the Google Cloud console, navigate to the Cloud Deploy Delivery pipelines page to view of list of your available delivery pipelines.

Open the Delivery pipelines page

The delivery pipeline you just created is shown, and the two targets are listed in the Targets column.

Create a release

A release is the central Cloud Deploy resource representing the changes being deployed. The delivery pipeline defines the lifecycle of that release. See Cloud Deploy service architecture for details about that lifecycle.

Run the following command from the deploy-run-quickstart directory to create a release resource that represents the container image to deploy:

gcloud deploy releases create test-release-001 \
  --project=PROJECT_ID \
  --region=us-central1 \
  --delivery-pipeline=my-run-demo-app-1 \
  --images=my-app-image=gcr.io/cloudrun/hello@sha256:98cdb98c2d97a67d5e9183beedfec98ca9d5967acd874409b4800bf4d1a51710

As with all releases (unless they include --disable-initial-rollout), Cloud Deploy automatically creates a rollout resource too. The application is automatically deployed into the first target in the progression.

Promote the release

From the Delivery pipelines page, click the my-run-demo-app-1 pipeline.

Open the Delivery pipelines page

The Delivery pipeline details page shows a graphical representation of your delivery pipeline's progress. In this case, it shows that the release was deployed to the run-qsdev target.
On the first target in the delivery pipeline visualization, click Promote.

The Promote release dialog is shown. It shows the details of the target you're promoting to.
Click Promote.

The release is now queued for deployment into qsprod. When deployment is complete, the delivery pipeline visualization shows it as deployed:

View the results in Google Cloud console

In the Google Cloud console, navigate to the Cloud Deploy Delivery pipelines page to view your my-run-demo-app-1 delivery pipeline.

Open the Delivery pipelines page
Click the name of your delivery pipeline "my-run-demo-app-1".

The pipeline visualization shows the app's progress through the pipeline.

And your release is listed on the Releases tab under Delivery pipeline details.
Click the release name, test-release-001.

Your rollouts appear under Rollouts. You can click a rollout to view its details, including the deployment log.

Accessing your Cloud Run service

By default, you must be authenticated in order to access newly created Cloud Run services. See the Cloud Run Authentication overview to learn how to provide credentials and to find out what Identity and Access Management configuration is required in order access the service without authentication.

Clean up

To avoid incurring charges to your Google Cloud account for the resources used on this page, follow these steps.

Delete the deploy-qs-dev Cloud Run service:

gcloud run services delete deploy-qs-dev --region=us-central1 --project=PROJECT_ID

Delete the deploy-qs-prod service:

gcloud run services delete deploy-qs-prod --region=us-central1 --project=PROJECT_ID

Delete the delivery pipeline, targets, release and rollouts:

gcloud deploy delete --file=clouddeploy.yaml --force --region=us-central1 --project=PROJECT_ID

Delete the Cloud Storage buckets that Cloud Deploy created.

One ends with _clouddeploy, and the other is [region].deploy-artifacts.[project].appspot.com.

Open the Cloud Storage browser page

That's it, you completed this quickstart!