このページでは、デベロッパーが gRPC を使用し、Cloud Run サービスを他のサービスと接続して、たとえば、内部のマイクロサービス間のシンプルでパフォーマンスの高い通信を行う方法について詳しく説明します。Cloud Run では、すべての gRPC タイプ(ストリーミングまたは単項)を使用できます。
Cloud Run で実行される gRPC サーバーの唯一の特別な要件は、次のコードに示されているように PORT 環境変数で指定されたポートをリッスンすることです。
Go
funcmain(){log.Printf("grpc-ping: starting server...")port:=os.Getenv("PORT")ifport==""{port="8080"log.Printf("Defaulting to port %s",port)}listener,err:=net.Listen("tcp",":"+port)iferr!=nil{log.Fatalf("net.Listen: %v",err)}grpcServer:=grpc.NewServer()pb.RegisterPingServiceServer(grpcServer,&pingService{})iferr=grpcServer.Serve(listener);err!=nil{log.Fatal(err)}}
サービスへの gRPC 接続を開く
gRPC メッセージを送信できるようにサービスへの gRPC 接続を開くには、ホストドメイン(Cloud Run サービスの URL、またはサービスにマッピングされたカスタム ドメイン)を、ポート 443(gRPC で使用されると予想されるポート)とともに指定する必要があります。
Go
import("crypto/tls""crypto/x509""google.golang.org/grpc""google.golang.org/grpc/credentials")// NewConn creates a new gRPC connection.// host should be of the form domain:port, e.g., example.com:443funcNewConn(hoststring,insecurebool)(*grpc.ClientConn,error){varopts[]grpc.DialOptionifhost!=""{opts=append(opts,grpc.WithAuthority(host))}ifinsecure{opts=append(opts,grpc.WithInsecure())}else{// Note: On the Windows platform, use of x509.SystemCertPool() requires// Go version 1.18 or higher.systemRoots,err:=x509.SystemCertPool()iferr!=nil{returnnil,err}cred:=credentials.NewTLS(&tls.Config{RootCAs:systemRoots,})opts=append(opts,grpc.WithTransportCredentials(cred))}returngrpc.Dial(host,opts...)}
import("context""time"pb"github.com/GoogleCloudPlatform/golang-samples/run/grpc-ping/pkg/api/v1""google.golang.org/grpc")// pingRequest sends a new gRPC ping request to the server configured in the connection.funcpingRequest(conn*grpc.ClientConn,p*pb.Request)(*pb.Response,error){ctx,cancel:=context.WithTimeout(context.Background(),30*time.Second)defercancel()client:=pb.NewPingServiceClient(conn)returnclient.Send(ctx,p)}
認証付き gRPC リクエストの送信
次のサンプルは、呼び出し側のサービスが受信側のサービスに対する呼び出し元権限を持っている場合に、サービス間の認証を使用する方法を示しています。このコードは、適切な ID トークンを持つ承認ヘッダーを作成します(必須)。必要な権限と承認ヘッダーの詳細については、サービス間認証をご覧ください。
Go
import("context""fmt""time""google.golang.org/api/idtoken""google.golang.org/grpc"grpcMetadata"google.golang.org/grpc/metadata"pb"github.com/GoogleCloudPlatform/golang-samples/run/grpc-ping/pkg/api/v1")// pingRequestWithAuth mints a new Identity Token for each request.// This token has a 1 hour expiry and should be reused.// audience must be the auto-assigned URL of a Cloud Run service or HTTP Cloud Function without port number.funcpingRequestWithAuth(conn*grpc.ClientConn,p*pb.Request,audiencestring)(*pb.Response,error){ctx,cancel:=context.WithTimeout(context.Background(),30*time.Second)defercancel()// Create an identity token.// With a global TokenSource tokens would be reused and auto-refreshed at need.// A given TokenSource is specific to the audience.tokenSource,err:=idtoken.NewTokenSource(ctx,audience)iferr!=nil{returnnil,fmt.Errorf("idtoken.NewTokenSource: %w",err)}token,err:=tokenSource.Token()iferr!=nil{returnnil,fmt.Errorf("TokenSource.Token: %w",err)}// Add token to gRPC Request.ctx=grpcMetadata.AppendToOutgoingContext(ctx,"authorization","Bearer "+token.AccessToken)// Send the request.client:=pb.NewPingServiceClient(conn)returnclient.Send(ctx,p)}
[[["わかりやすい","easyToUnderstand","thumb-up"],["問題の解決に役立った","solvedMyProblem","thumb-up"],["その他","otherUp","thumb-up"]],[["わかりにくい","hardToUnderstand","thumb-down"],["情報またはサンプルコードが不正確","incorrectInformationOrSampleCode","thumb-down"],["必要な情報 / サンプルがない","missingTheInformationSamplesINeed","thumb-down"],["翻訳に関する問題","translationIssue","thumb-down"],["その他","otherDown","thumb-down"]],["最終更新日 2025-09-04 UTC。"],[],[],null,["# Using gRPC\n\nThis page shows Cloud Run-specific details for developers who\nwant to use [gRPC](https://grpc.io/) to connect a\nCloud Run service with other services, for example, to provide\nsimple, high performance communication between internal\nmicroservices. You can use [all gRPC types](https://grpc.io/docs/what-is-grpc/core-concepts#rpc-life-cycle),\nstreaming or unary, with Cloud Run.\n\nPossible use cases include:\n\n- Communication between internal microservices.\n- High loads of data (gRPC uses [protocol buffers](https://developers.google.com/protocol-buffers), which are up to seven times faster than REST calls).\n- Only a simple service definition is needed, you don't want to write a full client library.\n- Use streaming gRPCs in your gRPC server to build more responsive applications and APIs.\n\nTo integrate your service with gRPC:\n\n- Configure your service to use HTTP/2 if you are using streaming gRPC. HTTP/2 is the transport method for gRPC streaming.\n- Define the request messages and responses in a proto file and compile them.\n- Create a gRPC server to handle requests and return responses: it should listen to the `PORT` environment variable.\n- Create a client that sends requests and handles responses from the gRPC server.\n- Optionally, add authentication.\n- Build and deploy your service.\n\nConfiguring your service to use HTTP/2\n--------------------------------------\n\nGoogle recommends [configuring your service to use HTTP/2](/run/docs/configuring/http2) if you\nuse gRPC with Cloud Run. Although some simple gRPC features work\nwithout using HTTP/2, many gRPC features, such as streaming and metadata, require HTTP/2.\n\nDefining and compiling messages in a proto file\n-----------------------------------------------\n\nThere are no extra or Cloud Run-specific things to add to your proto\ndefinitions. Just as with any other use of gRPC, you use\n[gRPC protocol buffers](https://grpc.io/docs/guides/#working-with-protocol-buffers)\nfor service definitions and data serialization.\n\nCreating a gRPC client\n----------------------\n\nThere are no extra or Cloud Run specific things to add to a client\nthat uses gRPC: follow the gRPC docs on using service definitions in\n[client code](https://grpc.io/docs/guides/concepts/#using-the-api), and the\nsample clients provided in the language-specific\n[gRPC tutorials](https://grpc.io/docs/languages).\n\nAutoscaling and load balancing\n------------------------------\n\nCloud Run uses Google-managed load balancers that keep separate\nconnections between clients and your Cloud Run instances.\nWith gRPC, autoscaling behaves as follows:\n\n- gRPC connections from clients end at the edge load balancer. Adjusting `KeepAlive` settings only affects the connection to the load balancer, not the Cloud Run instances. The client doesn't recognize when an instance drops.\n- During scale-in, the load balancer closes connections by sending GOAWAY messages to the backend instances as they shut down.\n- During scale-out, the load balancer creates new connections to the backend instances. All these operations are transparent to clients.\n- During autoscaling, many instances can start up and multiplex into a single connection between the client and the proxy load balancer.\n- Concurrency is determined by the [maximum concurrent requests per instance](/run/docs/about-concurrency) for messages. In streaming, each stream is counted once against the maximum concurrent requests.\n\nListening for gRPC requests in a Cloud Run service\n--------------------------------------------------\n\nThe only special requirement for a gRPC server running in\nCloud Run is to listen at the port specified by the `PORT`\nenvironment variable as shown in the following code:\n\n\n### Go\n\n func main() {\n \tlog.Printf(\"grpc-ping: starting server...\")\n\n \tport := os.Getenv(\"PORT\")\n \tif port == \"\" {\n \t\tport = \"8080\"\n \t\tlog.Printf(\"Defaulting to port %s\", port)\n \t}\n\n \tlistener, err := net.Listen(\"tcp\", \":\"+port)\n \tif err != nil {\n \t\tlog.Fatalf(\"net.Listen: %v\", err)\n \t}\n\n \tgrpcServer := grpc.NewServer()\n \tpb.RegisterPingServiceServer(grpcServer, &pingService{})\n \tif err = grpcServer.Serve(listener); err != nil {\n \t\tlog.Fatal(err)\n \t}\n }\n\n\u003cbr /\u003e\n\nOpening a gRPC connection to a service\n--------------------------------------\n\nTo open a gRPC connection to a service so you can send gRPC messages, you need\nto specify the host domain, which is the URL of the Cloud Run service\nor the custom domain [mapped](/run/docs/mapping-custom-domains) to that service,\nalong with the port 443, which is the port expected to be used by gRPC.\n\n\n### Go\n\n\n import (\n \t\"crypto/tls\"\n \t\"crypto/x509\"\n\n \t\"google.golang.org/grpc\"\n \t\"google.golang.org/grpc/credentials\"\n )\n\n // NewConn creates a new gRPC connection.\n // host should be of the form domain:port, e.g., example.com:443\n func NewConn(host string, insecure bool) (*grpc.ClientConn, error) {\n \tvar opts []grpc.DialOption\n \tif host != \"\" {\n \t\topts = append(opts, grpc.WithAuthority(host))\n \t}\n\n \tif insecure {\n \t\topts = append(opts, grpc.WithInsecure())\n \t} else {\n \t\t// Note: On the Windows platform, use of x509.SystemCertPool() requires\n \t\t// Go version 1.18 or higher.\n \t\tsystemRoots, err := x509.SystemCertPool()\n \t\tif err != nil {\n \t\t\treturn nil, err\n \t\t}\n \t\tcred := credentials.NewTLS(&tls.Config{\n \t\t\tRootCAs: systemRoots,\n \t\t})\n \t\topts = append(opts, grpc.WithTransportCredentials(cred))\n \t}\n\n \treturn grpc.Dial(host, opts...)\n }\n\n\u003cbr /\u003e\n\nSending gRPC requests without authentication\n--------------------------------------------\n\nThe following sample shows how to send a request without authentication, using\na [gRPC connection](#connect) configured as mentioned previously.\n\n\n### Go\n\n\n import (\n \t\"context\"\n \t\"time\"\n\n \tpb \"github.com/GoogleCloudPlatform/golang-samples/run/grpc-ping/pkg/api/v1\"\n \t\"google.golang.org/grpc\"\n )\n\n // pingRequest sends a new gRPC ping request to the server configured in the connection.\n func pingRequest(conn *grpc.ClientConn, p *pb.Request) (*pb.Response, error) {\n \tctx, cancel := context.WithTimeout(context.Background(), 30*time.Second)\n \tdefer cancel()\n\n \tclient := pb.NewPingServiceClient(conn)\n \treturn client.Send(ctx, p)\n }\n\n\u003cbr /\u003e\n\nSending gRPC requests with authentication\n-----------------------------------------\n\nThe following sample shows how to use authentication between services, if the\ncalling service has invoker permission to the receiving service. Notice that\nthis code creates an authorization header that has the proper identity token:\nthis is required. The required permissions and the authorization header are\ndescribed in detail in\n[service to service authentication](/run/docs/authenticating/service-to-service).\n\n\n### Go\n\n\n import (\n \t\"context\"\n \t\"fmt\"\n \t\"time\"\n\n \t\"google.golang.org/api/idtoken\"\n \t\"google.golang.org/grpc\"\n \tgrpcMetadata \"google.golang.org/grpc/metadata\"\n\n \tpb \"github.com/GoogleCloudPlatform/golang-samples/run/grpc-ping/pkg/api/v1\"\n )\n\n // pingRequestWithAuth mints a new Identity Token for each request.\n // This token has a 1 hour expiry and should be reused.\n // audience must be the auto-assigned URL of a Cloud Run service or HTTP Cloud Function without port number.\n func pingRequestWithAuth(conn *grpc.ClientConn, p *pb.Request, audience string) (*pb.Response, error) {\n \tctx, cancel := context.WithTimeout(context.Background(), 30*time.Second)\n \tdefer cancel()\n\n \t// Create an identity token.\n \t// With a global TokenSource tokens would be reused and auto-refreshed at need.\n \t// A given TokenSource is specific to the audience.\n \ttokenSource, err := idtoken.NewTokenSource(ctx, audience)\n \tif err != nil {\n \t\treturn nil, fmt.Errorf(\"idtoken.NewTokenSource: %w\", err)\n \t}\n \ttoken, err := tokenSource.Token()\n \tif err != nil {\n \t\treturn nil, fmt.Errorf(\"TokenSource.Token: %w\", err)\n \t}\n\n \t// Add token to gRPC Request.\n \tctx = grpcMetadata.AppendToOutgoingContext(ctx, \"authorization\", \"Bearer \"+token.AccessToken)\n\n \t// Send the request.\n \tclient := pb.NewPingServiceClient(conn)\n \treturn client.Send(ctx, p)\n }\n\n\u003cbr /\u003e\n\nSample code for gRPC streaming\n------------------------------\n\nFor sample code, refer to the `RouteGuide` implementation in the\n[gRPC](https://grpc.io/) Basics tutorial for the\nlanguage of your choice. When using Go, for example, refer to\n[Implementing RouteGuide](https://grpc.io/docs/languages/go/basics/#implementing-routeguide)."]]