Google Cloud Run
Google Cloud Run is a managed compute platform.
Allows running of front-end and back-end services, batch jobs and websites.
Cloud run is based on containers. You need to package your code and the dependencies for that code in a Docker container.
You first need to create a container image of your app.
Next you need to push the image to the Artifact Registry which stores and manages these images.
A URL is built allowing the users to run the code.
No infrastructure is needed. Cloud run provides that.
Only pay when traffic occurs, not when idle.
Can run concurrently meaning can handle many requests at the same time.
It supports automatic scaling which will provide computing resources as traffic occurs.
It simplifies running workloads and provides fully managed compute to run containers that can scale up and down depending on traffic.
Also, secure endpoints are delivered using TLS.
API’s
Google Cloud APIs & Services allow cloud developers to access Google's infrastructure.
Service is a product you will need to build various types of projects.
API (Application Programming Interface) allows you to access key functionality needed for those projects. In order to use key Google functionality the developer must enable the specific API needed for the projects.
Note: You may need to turn on 2FA
Go to settings
Then Turn on 2-Step Verification
Then click Done
For Cloud run we need to enable the Cloud Run Admin API
To do this we need to search for APIs & Services
And click the APIs & Services link
Then click Enable APIs and services link
Search for Cloud Run Admin API
Click Enable
Next we need to enable the Artifact Registry API
This is needed to store container images
Then enable Cloud Build API which lets Google build code into a Container.
Then enable Compute Engine API allows access to virtual machines
This step also creates a service account
Basic Cloud run process
Type cloud run in the search bar at top of screen and select Cloud Run
Click on Deploy container
Click Deploy one revision from an existing container image
Click Test with a sample container
It brings up a test container
In the Region dialog box pick us-east1(South Carolina)
Click on Allow public access
Click Create
Click into the URL
Hello World Cloud run
We need to grant permission for our service account to properly create a cloud run process.
Service Account allows services to access resources on your behalf.
It functions as an "Identity" to perform certain actions on the project.
In the case of cloud run it needs Artifact Registry Writer permissions to upload files as well as permission to store files in the Docker repository for container images.
We will need to grant the service account roles to perform these functions.
Service accounts do not need passwords and allow for platform communication without human intervention.
First, we need to see the full name of the service account of the project.
Go to the cloud shell.
Welcome to Cloud Shell! Type "help" to get started, or type "gemini" to try prompting with Gemini CLI.
Your Cloud Platform project in this session is set to project-19ed9eac-5674-4138-9fc.
Use `gcloud config set project [PROJECT_ID]` to change to a different project.
Need to obtain the name of the service account for this project by using the gcloud command
bg4stamford@cloudshell:~ (project-19ed9eac-5674-4138-9fc)$ gcloud iam service-accounts list
DISPLAY NAME: Default compute service account
EMAIL: 344965500335-compute@developer.gserviceaccount.com
DISABLED: False
bg4stamford@cloudshell:~ (project-19ed9eac-5674-4138-9fc)$
Get the project id from the project window in the google cloud console.
Click on Project name
Copy ID project-19ed9eac-5674-4138-9fc
Now execute the console command
gcloud iam service-accounts list
bg4stamford@cloudshell:~ (project-19ed9eac-5674-4138-9fc)$ gcloud iam service-accounts list
DISPLAY NAME: Default compute service account
EMAIL: 344965500335-compute@developer.gserviceaccount.com
DISABLED: False
bg4stamford@cloudshell:~ (project-19ed9eac-5674-4138-9fc)$
You need to add the role of artifactregistry.writer to the service account created for that project.
gcloud projects add-iam-policy-binding PROJECT-ID --member="serviceAccount:SERVICE-ACCOUNT-NAME” --role="roles/artifactregistry.writer"
Now execute the command
gbg4stamford@cloudshell:~ (project-19ed9eac-5674-4138-9fc)$ gcloud projects add-iam-policy-binding project-19ed9eac-5674-4138-9fc --member="serviceAccount:344965500335-compute@developer.gserviceaccount.com" --role="roles/artifactregistry.writer"
Updated IAM policy for project [project-19ed9eac-5674-4138-9fc].
bindings:
bg4stamford@cloudshell:~ (project-19ed9eac-5674-4138-9fc)$
Next we need to create a repository to store the docker container.
Syntax is
gcloud artifacts repositories create cloud-run-source-deploy --repository-format=docker --location=REGION --project=PROJECT-ID
bg4stamford@cloudshell:~ (project-19ed9eac-5674-4138-9fc)$ gcloud artifacts repositories create cloud-run-source-deploy --repository-format=docker --location=us-central1 --project=project-19ed9eac-5674-4138-9fc
Create request issued for: [cloud-run-source-deploy]
bg4stamford@cloudshell:~ (project-19ed9eac-5674-4138-9fc)$
Lastly, we need to provide a role for the service account to view storage
Syntax is
gcloud projects add-iam-policy-binding PROJECT-ID --member="serviceAccount:SERVICE-ACCOUNT-NAME" --role="roles/storage.objectViewer"
bg4stamford@cloudshell:~/hellocloud (project-19ed9eac-5674-4138-9fc)$ gcloud projects add-iam-policy-binding project-19ed9eac-5674-4138-9fc --member="serviceAccount:344965500335-compute@developer.gserviceaccount.com" --role="roles/storage.objectViewer"
Updated IAM policy for project [project-19ed9eac-5674-4138-9fc].
Create a directory for your hello world application
john_iacovacci1@cloudshell:~ (cloud-project-examples)$ mkdir hellocloud
john_iacovacci1@cloudshell:~ (cloud-project-examples)$ cd hellocloud
john_iacovacci1@cloudshell:~/hellocloud (cloud-project-examples)$
Create a main.py file in that directory
====================================================
import os
from flask import Flask
app = Flask(__name__)
@app.route("/")
def hello_world():
return f"Hello Google World!"
if __name__ == "__main__":
port = int(os.environ.get("PORT", 8080))
app.run(debug=True, host="0.0.0.0", port=port)
====================================================
Next we need to create a requirements.txt file for the application
====================================================
Flask==3.0.0
gunicorn==21.2.0
====================================================
We are now ready to deploy this application
john_iacovacci1@cloudshell:~/hellocloud (cloud-project-examples)$ gcloud run deploy python-hello-world --source . --allow-unauthenticated --region us-central1
Deploying from source requires an Artifact Registry Docker repository to store built containers. A repository named [cloud-run-source-deploy] in region
[us-central1] will be created.
Do you want to continue (Y/n)? Y
Building using Buildpacks and deploying container to Cloud Run service [python-hello-world] in project [cloud-project-examples] region [us-central1]
Building and deploying...
Validating Service...done
Uploading sources...done
Building Container... Logs are available at [https://console.cloud.google.com/cloud-build/builds;region=us-central1/191656d0-
738d-4248-a4f3-726747439ba0?project=517129368909]....done
Setting IAM Policy...done
Creating Revision...done
Routing traffic...done
Done.
Service [python-hello-world] revision [python-hello-world-00004-466] has been deployed and is serving 100 percent of traffic.
Service URL: https://python-hello-world-517129368909.us-central1.run.app
john_iacovacci1@cloudshell:~/hellocloud (cloud-project-examples)$
Click on link brings message up in browser
No comments:
Post a Comment