- About
- Quickstart
- Local Development & Live Debugging
- Deploying
- Extending & Developing
- Optional Extras
- TODO
- Contributing
- Authors
A template for developing and deploying a Cloud Run Python app, with a ready to use local development environment, automated builds and lots of optional extras.
💥Just get me a Cloud Run Python App!💥
The quickest way to get started is it fork this repo and deploy by following the "Continuous Deployment from Github via Cloud Build" instructions.
Then make your code changes in /app, commit and push to GitHub, this will trigger an automatic build and deployment, you'll see your app building at console.cloud.google.com/cloud-build/triggers, once built you'll find your app at console.cloud.google.com/run.
Requirements: Docker.
The app can be built with docker-compose build
and then run with docker-compose run
. After which you'll be able to view the app at localhost:80.
The application lives in /app, a "Hello World" Flask app has been supplied by default but you can of course change this to whatever you prefer.
There is also a Hug template available, see Hug not Flask.
Any changes to the code will be reflected after a page refresh.
- Deployment Option A - Continuous Deployment from Github via Cloud Build
- Deployment Option B - Continuous Deployment from Github via Terraform
- Deployment Option C - One off Deployment
Requirements: gcloud.
We'll need to need to know the name of your Cloud Build service account, it will have the suffix @cloudbuild.gserviceaccount.com.
You can find it using the following:
gcloud projects get-iam-policy [PROJECT-ID] | grep @cloudbuild.gserviceaccount.com
Replacing [PROJECT-ID] with your GCP project ID.
Once we know the Cloud Build service account we can grant the run.admin role to allow Cloud Build to manipulate Cloud Run resources, and the iam.serviceAccountUser role to allow Cloud Build to act as other service accounts, which include your Cloud Run services, by using the following:
gcloud projects add-iam-policy-binding [PROJECT_ID] --member='serviceAccount:[SERVICE-ACCOUNT]' --role='roles/run.admin'
gcloud projects add-iam-policy-binding [PROJECT_ID] --member='serviceAccount:[SERVICE-ACCOUNT]' --role='roles/iam.serviceAccountUser'
Again, in both, replacing [PROJECT-ID] with your GCP project ID, and [SERVICE-ACCOUNT] with the account discovered in the previous step.
The gcloud build trigger command is currently in alpha and has limited functionality, connecting a GitHub source is not get supported through gcloud and so has to be done via the UI, enabling the trigger is currently easier through the UI
-
Visit the Cloud Build Repository Connect page
-
Select the
GitHub (Cloud Build GitHub App)
and follow the steps though to the final page. -
On the final page, select
Create Trigger
. You should be taken back to the main Build triggers page.
You're finished! From this point on, anytime you push to your repository, you automatically trigger a build and a deployment to your Cloud Run service.
The gcloud build trigger command is currently in alpha and has limited functionality, connecting a GitHub source is not get supported through gcloud and so has to be done via the UI, and therefore not supported by Terraform, enabling the trigger is currently easier through the UI but I have created a Terraform config both incase you need to keep infrastructure as code and in the hopes that this can be expanded upon in the future.
Requirements: Terraform.
-
run
terraform init
to make sure you have everything you need, Terraform will prompt for permission to pull any missing requirements. -
Update variables.tf with your information.
-
run
terraform apply
, Terraform will supply you with warning and link if your GitHub repo is not linked to Google Cloud, if all is well it will then show you what it intends to build, typeyes
to deploy.
Your service will be built and deployed every time you git push
to the master branch. Once you have pushed a commit, you'll see your app building at console.cloud.google.com/cloud-build/triggers, and once it's built you'll find your app at console.cloud.google.com/run.
Requirements: gcloud.
As Cloud Run is in Beta you'll need to install the gcloud beta component:
gcloud components install beta
.
Using Cloud Build, build and host your image:
gcloud builds submit --tag gcr.io/[PROJECT-ID]/helloworld
Replacing [PROJECT-ID] with your GCP project ID. You can view a list of projects available to you by using gcloud projects list
.
Deploy your image to Cloud Run:
You can either deploy your app through the web UI at cloud.google.com/run or by via the command-line as shown below.
gcloud beta run deploy --image gcr.io/[PROJECT-ID]/helloworld
Again replacing [PROJECT-ID] with your GCP project ID.
When prompted, select region us-central1 as Cloud Run is currently only available here, confirm the service name, and respond y to allow unauthenticated invocations.
Wait a few moments until the deployment is complete. On success, the command line displays the service URL.
- Add Terraform.
- This TODO list.
You can use Cloud Run with the supported GCP services using the client libraries provided by these products. For a list of services supported, and not see here.
There is plenty official documentation with examples of how to use Python client libraries for each GCP service, you may find it easier to read through these first but for quick reference some examples of common services has been supplied in gcp-services-examples. You will need to uncomment the relevant lines in app/requirements.txt
for the GCP services that you use.
Note that Cloud Run uses a default runtime service account that has the Project > Editor role, which means it is able to call all GCP APIs. You do not need to provide credentials manually inside Cloud Run container instances when using the GCP client libraries.
When developing locally however you will need to supply credentials.
Create the service account. Replace [NAME] with a name for the service account.
gcloud iam service-accounts create [NAME]
Grant permissions to the service account. Replace [PROJECT_ID] with your project ID.
gcloud projects add-iam-policy-binding [PROJECT_ID] --member "serviceAccount:[NAME]@[PROJECT_ID].iam.gserviceaccount.com" --role "roles/owner"
Generate the key file and store it in the service_account directory of the repository.
gcloud iam service-accounts keys create service_account/sa.json --iam-account [NAME]@[PROJECT_ID].iam.gserviceaccount.com
If you'd rather use Hug instead of Flask you can delete the app
direcory and rename hug-app to app
, you'll also need to edit Dockerfile and remove the final CMD
line, then uncomment the CMD
line Hug.