Deploy a containerized application to Cloud Run using Cloud Build

This page shows you how to use Cloud Build to deploy a containerized application to Cloud Run.

To follow step-by-step guidance for this task directly in the Cloud Shell Editor, click Guide me:

Guide me

Before you begin

  1. Sign in to your Google Cloud account. If you're new to Google Cloud, create an account to evaluate how our products perform in real-world scenarios. New customers also get $300 in free credits to run, test, and deploy workloads.

  2. In the Google Cloud console, on the project selector page, select or create a Google Cloud project.

    Go to project selector

  3. Verify that billing is enabled for your Google Cloud project.

  4. Enable the Cloud Build, Cloud Run, Artifact Registry, and Compute Engine APIs.

    Enable the APIs

  5. Install the Google Cloud CLI.

  6. If you're using an external identity provider (IdP), you must first sign in to the gcloud CLI with your federated identity.

  7. To initialize the gcloud CLI, run the following command: 

    gcloud init

  8. In the Google Cloud console, on the project selector page, select or create a Google Cloud project.

    Go to project selector

  9. Verify that billing is enabled for your Google Cloud project.

  10. Enable the Cloud Build, Cloud Run, Artifact Registry, and Compute Engine APIs.

    Enable the APIs

  11. Install the Google Cloud CLI.

  12. If you're using an external identity provider (IdP), you must first sign in to the gcloud CLI with your federated identity.

  13. To initialize the gcloud CLI, run the following command: 

    gcloud init

Grant permissions

Cloud Build requires Cloud Run Admin and IAM Service Account User permissions before it can deploy an image to Cloud Run.

  1. Open a terminal window.

  2. Set environment variables to store your project ID and project number:

    PROJECT_ID=$(gcloud config list --format='value(core.project)')
PROJECT_NUMBER=$(gcloud projects describe $PROJECT_ID --format='value(projectNumber)')

  3. Grant the Cloud Run Admin role to the Cloud Build service account:

    gcloud projects add-iam-policy-binding $PROJECT_ID \
    --member=serviceAccount:$(gcloud projects describe $PROJECT_ID \
    --format="value(projectNumber)")-compute@developer.gserviceaccount.com \
    --role=roles/run.admin

  4. Grant the Storage Object User role to the Cloud Build service account:

    gcloud projects add-iam-policy-binding $PROJECT_ID \
    --member=serviceAccount:$(gcloud projects describe $PROJECT_ID \
    --format="value(projectNumber)")-compute@developer.gserviceaccount.com \
    --role="roles/storage.objectUser"

  5. Grant the IAM Service Account User role to the Cloud Build service account for the Cloud Run runtime service account:

    gcloud iam service-accounts add-iam-policy-binding $(gcloud projects describe $PROJECT_ID \
    --format="value(projectNumber)")-compute@developer.gserviceaccount.com \
    --member=serviceAccount:$(gcloud projects describe $PROJECT_ID \
    --format="value(projectNumber)")-compute@developer.gserviceaccount.com \
    --role="roles/iam.serviceAccountUser" \
    --project=$PROJECT_ID

Deploy a prebuilt image

You can configure Cloud Build to deploy a prebuilt image that is stored in Artifact Registry to Cloud Run.

To deploy a prebuilt image:

  1. Open a terminal window (if not already open).

  2. Create a new directory named helloworld and navigate into it:

    mkdir helloworld
cd helloworld

  3. Create a file named cloudbuild.yaml with the following contents. This file is the Cloud Build config file. It contains instructions for Cloud Build to deploy the image named us-docker.pkg.dev/cloudrun/container/hello on the Cloud Run service named cloudrunservice.

    steps:
- name: 'gcr.io/cloud-builders/gcloud'
  script: |
    gcloud run deploy cloudrunservice --image us-docker.pkg.dev/cloudrun/container/hello --region us-central1 --platform managed --allow-unauthenticated

  4. Deploy the image by running the following command:

    gcloud builds submit --region=us-west2 --config cloudbuild.yaml

When the build is complete, you will see an output similar to the following:

DONE
------------------------------------------------------------------------------------------------------------------------------------------------------------------------------

ID                                    CREATE_TIME                DURATION  SOURCE                                                                                            IMAGES  STATUS
784653b2-f00e-4c4b-9f5f-96a5f115bef4  2020-01-23T14:53:13+00:00  23S       gs://cloudrunqs-project_cloudbuild/source/1579791193.217726-ea20e1c787fb4784b19fb1273d032df2.tgz  -       SUCCESS

You've just deployed the image hello to Cloud Run.

Run the deployed image

  1. Open the Cloud Run page in the Google Cloud console:

    Open the Cloud Run page

  2. Select your project and click Open.

    You will see the Cloud Run Services page.

  3. In the table, locate the row with the name cloudrunservice, and click cloudrunservice.

    The Service details page for cloudrunservice is displayed.

  4. To run the image that you deployed on cloudrunservice, click the URL:

    Screenshot of the Cloud Run Service details page

What's next