使用 Cloud Build 將容器化應用程式部署至 Cloud Run
本頁面說明如何使用 Cloud Build 將容器化應用程式部署至 Cloud Run。
如要直接在 Cloud Shell 編輯器中按照逐步指南操作,請按一下「Guide me」:
事前準備
- Sign in to your Google Cloud account. If you're new to Google Cloud, create an account to evaluate how our products perform in real-world scenarios. New customers also get $300 in free credits to run, test, and deploy workloads.
-
In the Google Cloud console, on the project selector page, select or create a Google Cloud project.
-
Make sure that billing is enabled for your Google Cloud project.
-
Enable the Cloud Build, Cloud Run, Artifact Registry, and Compute Engine APIs.
-
Install the Google Cloud CLI.
-
If you're using an external identity provider (IdP), you must first sign in to the gcloud CLI with your federated identity.
-
To initialize the gcloud CLI, run the following command:
gcloud init -
In the Google Cloud console, on the project selector page, select or create a Google Cloud project.
-
Make sure that billing is enabled for your Google Cloud project.
-
Enable the Cloud Build, Cloud Run, Artifact Registry, and Compute Engine APIs.
-
Install the Google Cloud CLI.
-
If you're using an external identity provider (IdP), you must first sign in to the gcloud CLI with your federated identity.
-
To initialize the gcloud CLI, run the following command:
gcloud init 開啟終端機視窗。
設定環境變數,用於儲存專案 ID 和專案編號:
PROJECT_ID=$(gcloud config list --format='value(core.project)') PROJECT_NUMBER=$(gcloud projects describe $PROJECT_ID --format='value(projectNumber)')將 Cloud Run 管理員角色授予 Cloud Build 服務帳戶:
gcloud projects add-iam-policy-binding $PROJECT_ID \ --member=serviceAccount:$(gcloud projects describe $PROJECT_ID \ --format="value(projectNumber)")-compute@developer.gserviceaccount.com \ --role=roles/run.admin將 Storage 物件使用者角色授予 Cloud Build 服務帳戶:
gcloud projects add-iam-policy-binding $PROJECT_ID \ --member=serviceAccount:$(gcloud projects describe $PROJECT_ID \ --format="value(projectNumber)")-compute@developer.gserviceaccount.com \ --role="roles/storage.objectUser"將 IAM 服務帳戶使用者角色授予 Cloud Run 執行階段服務帳戶的 Cloud Build 服務帳戶:
gcloud iam service-accounts add-iam-policy-binding $(gcloud projects describe $PROJECT_ID \ --format="value(projectNumber)")-compute@developer.gserviceaccount.com \ --member=serviceAccount:$(gcloud projects describe $PROJECT_ID \ --format="value(projectNumber)")-compute@developer.gserviceaccount.com \ --role="roles/iam.serviceAccountUser" \ --project=$PROJECT_ID開啟終端機視窗 (如果尚未開啟)。
建立名為
helloworld的新目錄,然後前往該目錄:mkdir helloworld cd helloworld建立名為
cloudbuild.yaml的檔案,並在其中加入下列內容:這個檔案是 Cloud Build 設定檔。檔案會指定 Cloud Build 在名為cloudrunservice的 Cloud Run 服務中部署us-docker.pkg.dev/cloudrun/container/hello映像檔。執行下列指令來部署映像檔:
gcloud builds submit --region=us-west2 --config cloudbuild.yaml在 Google Cloud 控制台中開啟 Cloud Run 頁面:
選取您的專案並按一下 [Open] (開啟)。
您會看到「Cloud Run 服務」頁面。
在資料表中找到名為「cloudrunservice」的資料列,然後按一下「cloudrunservice」。
接著,畫面中會顯示「cloudrunservice」的「Service details」(服務詳細資料) 頁面。
如要執行您在 cloudrunservice 中部署的映像檔,請按一下網址:
授予權限
Cloud Build 必須具備 Cloud Run 管理員和 IAM 服務帳戶使用者權限,才能將映像檔部署至 Cloud Run。
部署預先建立的映像檔
您可以設定 Cloud Build,將儲存在 Artifact Registry 中的預先建構映像檔部署至 Cloud Run。
如何部署預先建立的映像檔:
建構完成時,畫面會顯示類似以下的輸出:
DONE
------------------------------------------------------------------------------------------------------------------------------------------------------------------------------
ID CREATE_TIME DURATION SOURCE IMAGES STATUS
784653b2-f00e-4c4b-9f5f-96a5f115bef4 2020-01-23T14:53:13+00:00 23S gs://cloudrunqs-project_cloudbuild/source/1579791193.217726-ea20e1c787fb4784b19fb1273d032df2.tgz - SUCCESS
您剛剛將映像檔 hello 部署至 Cloud Run。