Open in app

Sign in

Write

Sign in

Deploy to Cloud Run from Cloud Deploy

Christoph Grotz
Google Cloud - Community
Published in
4 min readJan 12, 2022

--

Update from 2022–09–15: Cloud Deploy now supports Cloud Run natively (link). I adapted this blog post to reflect this.

Google Cloud Deploy, is Googles new fully managed continuous delivery service for easy scaling. It allows you to define your Continuous Delivery pipelines in YAML and run them on GCP. For this blog post, it will probably help if you have some basic knowledge of Skaffold, Cloud Run and Helm in order to follow through. You can find the snippets in my examples repo.

Cloud Deploy allows you to create and operate deployment pipelines without the need to host infrastructure and deploy application releases to Google Kubernetes Engine (GKE) and Cloud Run. Cloud Deploy is using Skaffold under the hood to manage the deployments. Skaffold is a great tool, that allows you to declaratively declare your Continuous Development cycle, focus on the development and less on glueing things together.

Setup

You will need to have Skaffold, Helm and Docker installed on the machine you are running this. You will also need a Docker registry available, I recommend Artifact Registry.

It's a recommended best practice not to run your applications using the default compute service account, hence let's create a service account for the Cloud Run service, it doesn’t need any additional rights.

gcloud iam service-accounts create runner --project $GOOGLE_CLOUD_PROJECT

Next we create a service account to run Cloud Deploy and give it the right permissions.

gcloud iam service-accounts create deployer --project $GOOGLE_CLOUD_PROJECT# Allow the deployer SA to run Cloud Deploy jobs
gcloud projects add-iam-policy-binding $GOOGLE_CLOUD_PROJECT \
    --member=serviceAccount:deployer@$GOOGLE_CLOUD_PROJECT.iam.gserviceaccount.com \
    --role="roles/clouddeploy.jobRunner"# Allow the deployer SA to create Cloud Run services
gcloud projects add-iam-policy-binding $GOOGLE_CLOUD_PROJECT \
    --member=serviceAccount:deployer@$GOOGLE_CLOUD_PROJECT.iam.gserviceaccount.com \
    --role="roles/run.developer"# Allow the deployer service account to impersonate the Runner SA
gcloud iam service-accounts add-iam-policy-binding runner@$GOOGLE_CLOUD_PROJECT.iam.gserviceaccount.com \
--role roles/iam.serviceAccountUser \
--member "serviceAccount:deployer@$GOOGLE_CLOUD_PROJECT.iam.gserviceaccount.com" \
--project $GOOGLE_CLOUD_PROJECT

Now we are ready to setup the Deployment Pipeline. I prepared everything in my examples repo, for you to check out:

blog-examples/cloud-deploy-to-cloud-run at main · cgrotz/blog-examples

Small examples that are referenced in my blog. Contribute to cgrotz/blog-examples development by creating an account on…

github.com

There are a few things I would like to point out in the code. First you should go through the variables in the clouddeploy.yaml and set the right values for PROJECT_ID , REGION and DEPLOYER_SA_EMAIL. In the run-dev.yaml replace service_account with the name of the service account we created for running the Cloud Run service.

Let's Cloud Deploy

In order to build the sample application, you can just call Skaffold build. It will build the Docker image and push it to the remote repository. You need to capture the tags for the image, we will need it in the next step.

skaffold build --default-repo <your repo base path>

Let's apply the pipeline, this will configure the pipeline in Cloud Deploy, and you will be able to see it in the web ui afterwards.

gcloud beta deploy apply --file=clouddeploy.yaml \
                         --region=$REGION \
                         --project=$GOOGLE_CLOUD_PROJECT

In order to create a release you will need the Docker image information from the previous build step. creating the release happens with this simple command:

gcloud beta deploy releases create test-release-001 \
  --project=$GOOGLE_CLOUD_PROJECT \
  --region=$REGION \
  --delivery-pipeline=example-app \
  --images=app=<repo>:<tag_to_deploy>

Next you need to promote the release, you can also do this from the web ui but here is how you can do it from the command line:

gcloud beta deploy releases promote --release=test-release-001 \
  --to-target=qsdev \
  --delivery-pipeline=example-app \
  --project=$GOOGLE_CLOUD_PROJECT \
  --region=$REGION

This will trigger the deployment and after some time, your application should be deployed to Cloud Run.

Now we can retrive the the list of deployed services with gcloud run services list. Copy the URL of the correct service. You should be able to call it with

curl -H "Authorization: Bearer $(gcloud auth print-identity-token)" SERVICE_URL

The output should looks something like this:

That’s it! We now have a working Cloud Deploy pipeline that deploys to Cloud Run.

Skaffold
Helm
Kubernetes
Google Cloud Run
Gcp Security Operations

--

--

Christoph Grotz
Google Cloud - Community

Written by Christoph Grotz

177 Followers

I’m a technology enthusiast and focusing on Digital Transformation, Internet of Things and Cloud.

Help

Status

About

Careers

Blog

Privacy

Terms

Text to speech

Teams