Deploying container images

Console

To deploy a container image:

1. Go to Cloud Run

2. Click Create service to display the Create service page.

   

   In the form,

   1. Select Cloud Run (fully managed) to deploy to a fully managed environment.

   2. Select the region where you want your service located.

   3. Enter the desired service name. Service names must be unique per region and project or per cluster. A service name cannot be changed later and is publicly visible when using Cloud Run (fully managed).

   4. Under Authentication,

      • If you are creating a public API or website, select Allow unauthenticated invocations. Selecting this assigns the IAM Invoker role to the special identifier allUser. You can use IAM to edit this setting later after you create the service.
      • If you want a secure service protected by authentication, select Require authentication.

   5. Click Next to continue to the second page of the service creation form:

      

      In the form,

      1. In the Container image URL textbox, supply the URL of an image from a supported registry, for example: gcr.io/cloudrun/hello

      2. Optionally, click Show Advanced Settings and the subsequent tabs to set:

         • Container configuration
         • Concurrency
         • Request timeout.
         • CPU allocation.
         • Memory limits
         • Maximum instances
         • Environment variables,
         • Cloud SQL connections, if you are deploying to Cloud Run (fully managed).

      3. Click Create to deploy the image to Cloud Run and wait for the deployment to finish.

3. Click the displayed URL link to open the unique and stable endpoint of your deployed service.

Command line

To deploy a container image:

1. Run the command:

   gcloud run deploy SERVICE --image IMAGE_URL

   • Replace SERVICE with the name of the service you want to deploy to. If the service does not exist yet, this command creates the service during the deployment. You can omit this parameter entirely, but you will be prompted for the service name if you omit it.

   • Replace IMAGE_URL with a reference to the container image, for example, gcr.io/myproject/my-image:latest.

     If you are creating a public API or website, you can allow unauthenticated invocations of your service using the --allow-unauthenticated flag. This assigns the Cloud Run Invoker IAM role to allUsers. You can also specify --no-allow-unauthenticated to not allow unauthenticated invocations. If you omit either of these flags, you are prompted to confirm when the deploy command runs.

2. Wait for the deployment to finish. Upon successful completion, a success message is displayed along with the URL of the deployed service.

Note that to deploy to a different location from the one you set via the run/region gcloud properties, use:

• gcloud run deploy SERVICE --platform managed --region REGION

YAML

You can store your service specification in a YAML file and then deploy it using the gcloud command line.

1. Create a new service.yaml file with this content:

   apiVersion: serving.knative.dev/v1
   kind: Service
   metadata:
     name: SERVICE
   spec:
     template:
       spec:
         containers:
         - image: IMAGE

   Replace

   • SERVICE with the name of your Cloud Run service
   • IMAGE with the URL of your container image.

   You can also specify more configuration such as environment variables or memory limits.

2. Deploy the new service using the following command:

   gcloud beta run services replace service.yaml

3. Optionally, make your service public if you want to allow unauthenticated access to the service.

Cloud Code

To deploy with Cloud Code, read the IntelliJ and Visual Studio Code guides.

Terraform

If you use Terraform, you can define your service in a Terraform configuration, using the google_cloud_run_service resource from the Google Cloud Platform Provider.

1. Create a new main.tf file with this content:

   provider "google" {
       project = "PROJECT-ID"
   }
   
   resource "google_cloud_run_service" "default" {
       name     = "SERVICE"
       location = "REGION"
   
       metadata {
         annotations = {
           "run.googleapis.com/client-name" = "terraform"
         }
       }
   
       template {
         spec {
           containers {
             image = "gcr.io/PROJECT-ID/IMAGE"
           }
         }
       }
    }
   
    data "google_iam_policy" "noauth" {
      binding {
        role = "roles/run.invoker"
        members = ["allUsers"]
      }
    }
   
    resource "google_cloud_run_service_iam_policy" "noauth" {
      location    = google_cloud_run_service.default.location
      project     = google_cloud_run_service.default.project
      service     = google_cloud_run_service.default.name
   
      policy_data = data.google_iam_policy.noauth.policy_data
   }
   

   Replace

   • PROJECT-ID with the Google Cloud project ID
   • REGION with the Google Cloud region
   • SERVICE with the name of your Cloud Run service
   • IMAGE with the name of your container image.

   The above configuration allows public access (the equivalent of --allow-unauthenticated). To make the service private, remove the google_iam_policy and google_cloud_run_service_iam_policy stanzas.

2. Initialize Terraform:

   terraform init

3. Apply the Terraform configuration:

   terraform apply

   Confirm you want to apply the actions described by entering yes.

Console

To deploy a new revision of an existing service:

1. Go to Cloud Run

2. Locate the service you want to update in the services list, and click on it to open the details of that service.

3. Click EDIT & DEPLOY NEW REVISION. This displays the revision deployment form:

   

4. If needed, supply the URL to the new container image you want to deploy.

5. Optionally, set:

   • Container configuration
   • Concurrency
   • Request timeout.
   • CPU allocation.
   • Memory limits
   • Maximum instances
   • Environment variables,
   • Cloud SQL connections, if you are deploying to Cloud Run (fully managed).

6. To send all traffic to the new revision, check the checkbox labelled Serve this revision immediately. To gradually roll out a new revision, uncheck that checkbox: this will result in a deployment where no traffic is sent to the new revision--follow the instructions for gradual rollouts after you deploy.

7. Click DEPLOY and wait for the deployment to finish.

Command line

To use the command line, you need to have already set up the gcloud command line.

To deploy a container image:

1. Run the command:

   gcloud run deploy SERVICE --image IMAGE_URL

   • Replace SERVICE with the name of the service you are deploying to. You can omit this parameter entirely, but you will be prompted for the service name if you omit it.

   • Replace IMAGE_URL with a reference to the container image, for example, gcr.io/myproject/my-image:latest.

     The revision suffix is assigned automatically for new revisions. If you want to supply your own revision suffix, use the gcloud command line parameter --revision-suffix.

2. Wait for the deployment to finish. Upon successful completion, a success message is displayed along with the URL of the deployed service.

YAML

If you need to download or view the configuration of an existing service, use the following command to save results to a YAML file:

gcloud run services describe SERVICE --format export > service.yaml

From a service configuration YAML file, modify any spec.template child attributes as desired to update revision settings, then deploy the new revision:

gcloud beta run services replace service.yaml

Cloud Code

To deploy a new revision of an existing service with Cloud Code, read the IntelliJ and Visual Studio Code guides.

Terraform

You will already need to have setup Terraform as per the Deploying a new service example.

1. Make a change to the configuration file.

2. Apply the Terraform configuration:

   terraform apply

   Confirm you want to apply the actions described by entering yes.