使用 Cloud Build 將容器化應用程式部署至 Cloud Run

本頁說明如何使用 Cloud Build 將容器化應用程式部署至 Cloud Run。

如要直接在 Cloud Shell 編輯器中按照逐步指南操作,請按一下「Guide me」(逐步引導)

逐步引導

事前準備

  1. 登入 Google Cloud 帳戶。如果您是 Google Cloud新手,歡迎 建立帳戶,親自評估產品在實際工作環境中的成效。新客戶還能獲得價值 $300 美元的免費抵免額,可用於執行、測試及部署工作負載。

  2. In the Google Cloud console, on the project selector page, select or create a Google Cloud project.

    Roles required to select or create a project

    • Select a project: Selecting a project doesn't require a specific IAM role—you can select any project that you've been granted a role on.
    • Create a project: To create a project, you need the Project Creator role (roles/resourcemanager.projectCreator), which contains the resourcemanager.projects.create permission. Learn how to grant roles.

    Go to project selector

  3. Verify that billing is enabled for your Google Cloud project.

  4. Enable the Cloud Build, Cloud Run, Artifact Registry, and Compute Engine APIs.

    Roles required to enable APIs

    To enable APIs, you need the Service Usage Admin IAM role (roles/serviceusage.serviceUsageAdmin), which contains the serviceusage.services.enable permission. Learn how to grant roles.

    Enable the APIs

  5. 安裝 Google Cloud CLI。

  6. 若您採用的是外部識別資訊提供者 (IdP),請先使用聯合身分登入 gcloud CLI

  7. 執行下列指令,初始化 gcloud CLI:

    gcloud init

  8. In the Google Cloud console, on the project selector page, select or create a Google Cloud project.

    Roles required to select or create a project

    • Select a project: Selecting a project doesn't require a specific IAM role—you can select any project that you've been granted a role on.
    • Create a project: To create a project, you need the Project Creator role (roles/resourcemanager.projectCreator), which contains the resourcemanager.projects.create permission. Learn how to grant roles.

    Go to project selector

  9. Verify that billing is enabled for your Google Cloud project.

  10. Enable the Cloud Build, Cloud Run, Artifact Registry, and Compute Engine APIs.

    Roles required to enable APIs

    To enable APIs, you need the Service Usage Admin IAM role (roles/serviceusage.serviceUsageAdmin), which contains the serviceusage.services.enable permission. Learn how to grant roles.

    Enable the APIs

  11. 安裝 Google Cloud CLI。

  12. 若您採用的是外部識別資訊提供者 (IdP),請先使用聯合身分登入 gcloud CLI

  13. 執行下列指令,初始化 gcloud CLI:

    gcloud init

授予權限

Cloud Build 需要多項權限,才能將映像檔部署至 Cloud Run。如要授予這些權限,請按照下列步驟操作:

  1. 開啟終端機視窗。

  2. 設定環境變數,儲存專案 ID 和專案編號。

    PROJECT_ID=$(gcloud config list --format='value(core.project)')
PROJECT_NUMBER=$(gcloud projects describe $PROJECT_ID --format='value(projectNumber)')

  3. Cloud Run 管理員角色授予Cloud Build 服務帳戶

    gcloud projects add-iam-policy-binding $PROJECT_ID \
    --member=serviceAccount:$(gcloud projects describe $PROJECT_ID \
    --format="value(projectNumber)")-compute@developer.gserviceaccount.com \
    --role=roles/run.admin \

  4. 將「Storage 物件使用者」角色授予 Cloud Build 服務帳戶。

    gcloud projects add-iam-policy-binding $PROJECT_ID \
    --member=serviceAccount:$(gcloud projects describe $PROJECT_ID \
    --format="value(projectNumber)")-compute@developer.gserviceaccount.com \
    --role=roles/storage.objectUser \

  5. 將「服務帳戶使用者」角色授予 Cloud Build 服務帳戶。

    gcloud projects add-iam-policy-binding $PROJECT_ID \
    --member=serviceAccount:$(gcloud projects describe $PROJECT_ID \
    --format="value(projectNumber)")-compute@developer.gserviceaccount.com \
    --role=roles/iam.serviceAccountUser

部署預先建立的映像檔

您可以設定 Cloud Build,將儲存在 Artifact Registry 中的預先建構映像檔部署至 Cloud Run。

如要部署預先建立的映像檔,請按照下列步驟操作:

  1. 開啟終端機視窗 (如果尚未開啟)。

  2. 建立名為 helloworld 的新目錄,然後前往該目錄:

    mkdir helloworld
cd helloworld

  3. 建立名為 cloudbuild.yaml 的檔案,並在其中加入下列內容:這個檔案是 Cloud Build 設定檔。其中包含 Cloud Build 的指令,可將名為 us-docker.pkg.dev/cloudrun/container/hello 的映像檔部署至名為 cloudrunservice 的 Cloud Run 服務。

    steps:
- name: 'gcr.io/cloud-builders/gcloud'
  script: |
    gcloud run deploy cloudrunservice --image us-docker.pkg.dev/cloudrun/container/hello --region us-central1 --platform managed --allow-unauthenticated

  4. 執行下列指令來部署映像檔:

    gcloud builds submit --region=us-west2 --config cloudbuild.yaml

建構完成時,畫面會顯示類似以下的輸出:

DONE
------------------------------------------------------------------------------------------------------------------------------------------------------------------------------

ID                                    CREATE_TIME                DURATION  SOURCE                                                                                            IMAGES  STATUS
784653b2-f00e-4c4b-9f5f-96a5f115bef4  2020-01-23T14:53:13+00:00  23S       gs://cloudrunqs-project_cloudbuild/source/1579791193.217726-ea20e1c787fb4784b19fb1273d032df2.tgz  -       SUCCESS

您已將 hello 映像檔部署至 Cloud Run。

執行已部署的映像檔

  1. 在 Google Cloud 控制台開啟 Cloud Run 頁面:

    開啟 Cloud Run 頁面

  2. 選取您的專案並按一下 [Open] (開啟)

    您會看到「Cloud Run Services」頁面。

  3. 在資料表中找到名為「cloudrunservice」的資料列,然後按一下「cloudrunservice」

    接著,畫面中會顯示「cloudrunservice」的「Service details」(服務詳細資料) 頁面。

  4. 如要執行您在「cloudrunservice」中部署的映像檔,請按一下網址:

    Cloud Run 服務詳細資料頁面的螢幕截圖

後續步驟