使用 Cloud Build 将容器化应用部署到 Cloud Run

本页面介绍如何使用 Cloud Build 将容器化应用部署到 Cloud Run。

如需遵循有关此任务的分步指导,请直接在 Cloud Shell Editor 中点击操作演示

操作演示

准备工作

  1. 登录您的 Google Cloud 账号。如果您是 Google Cloud新手,请 创建一个账号来评估我们的产品在实际场景中的表现。新客户还可获享 $300 赠金,用于运行、测试和部署工作负载。

  2. In the Google Cloud console, on the project selector page, select or create a Google Cloud project.

    Roles required to select or create a project

    • Select a project: Selecting a project doesn't require a specific IAM role—you can select any project that you've been granted a role on.
    • Create a project: To create a project, you need the Project Creator role (roles/resourcemanager.projectCreator), which contains the resourcemanager.projects.create permission. Learn how to grant roles.

    Go to project selector

  3. Verify that billing is enabled for your Google Cloud project.

  4. Enable the Cloud Build, Cloud Run, Artifact Registry, and Compute Engine APIs.

    Roles required to enable APIs

    To enable APIs, you need the Service Usage Admin IAM role (roles/serviceusage.serviceUsageAdmin), which contains the serviceusage.services.enable permission. Learn how to grant roles.

    Enable the APIs

  5. 安装 Google Cloud CLI。

  6. 如果您使用的是外部身份提供方 (IdP),则必须先使用联合身份登录 gcloud CLI

  7. 如需初始化 gcloud CLI,请运行以下命令: 

    gcloud init

  8. In the Google Cloud console, on the project selector page, select or create a Google Cloud project.

    Roles required to select or create a project

    • Select a project: Selecting a project doesn't require a specific IAM role—you can select any project that you've been granted a role on.
    • Create a project: To create a project, you need the Project Creator role (roles/resourcemanager.projectCreator), which contains the resourcemanager.projects.create permission. Learn how to grant roles.

    Go to project selector

  9. Verify that billing is enabled for your Google Cloud project.

  10. Enable the Cloud Build, Cloud Run, Artifact Registry, and Compute Engine APIs.

    Roles required to enable APIs

    To enable APIs, you need the Service Usage Admin IAM role (roles/serviceusage.serviceUsageAdmin), which contains the serviceusage.services.enable permission. Learn how to grant roles.

    Enable the APIs

  11. 安装 Google Cloud CLI。

  12. 如果您使用的是外部身份提供方 (IdP),则必须先使用联合身份登录 gcloud CLI

  13. 如需初始化 gcloud CLI,请运行以下命令: 

    gcloud init

授予权限

Cloud Build 需要获得多项权限,然后才能将映像部署到 Cloud Run。如需授予这些权限,请执行以下操作:

  1. 打开一个终端窗口。

  2. 设置环境变量以存储您的项目 ID 和项目编号。

    PROJECT_ID=$(gcloud config list --format='value(core.project)')
PROJECT_NUMBER=$(gcloud projects describe $PROJECT_ID --format='value(projectNumber)')

  3. 向您的 Cloud Build 服务账号授予 Cloud Run Admin 角色。

    gcloud projects add-iam-policy-binding $PROJECT_ID \
    --member=serviceAccount:$(gcloud projects describe $PROJECT_ID \
    --format="value(projectNumber)")-compute@developer.gserviceaccount.com \
    --role=roles/run.admin \

  4. 向您的 Cloud Build 服务账号授予 Storage Object User 角色。

    gcloud projects add-iam-policy-binding $PROJECT_ID \
    --member=serviceAccount:$(gcloud projects describe $PROJECT_ID \
    --format="value(projectNumber)")-compute@developer.gserviceaccount.com \
    --role=roles/storage.objectUser \

  5. 向您的 Cloud Build 服务账号授予 Service Account User 角色。

    gcloud projects add-iam-policy-binding $PROJECT_ID \
    --member=serviceAccount:$(gcloud projects describe $PROJECT_ID \
    --format="value(projectNumber)")-compute@developer.gserviceaccount.com \
    --role=roles/iam.serviceAccountUser

部署预建映像

您可以配置 Cloud Build,以将存储在 Artifact Registry 中的预建映像部署到 Cloud Run。

如需部署预建映像,请执行以下操作:

  1. 打开终端窗口(如果尚未打开)。

  2. 创建名为 helloworld 的新目录并导航至该目录:

    mkdir helloworld
cd helloworld

  3. 创建名为 cloudbuild.yaml 的文件,其中包含以下内容。此文件就是 Cloud Build 配置文件。它包含 Cloud Build 在名为 cloudrunservice 的 Cloud Run 服务上部署名为 us-docker.pkg.dev/cloudrun/container/hello 的映像的说明。

    steps:
- name: 'gcr.io/cloud-builders/gcloud'
  script: |
    gcloud run deploy cloudrunservice --image us-docker.pkg.dev/cloudrun/container/hello --region us-central1 --platform managed --allow-unauthenticated

  4. 运行以下命令来部署映像:

    gcloud builds submit --region=us-west2 --config cloudbuild.yaml

构建完成后,您将看到类似于以下内容的输出:

DONE
------------------------------------------------------------------------------------------------------------------------------------------------------------------------------

ID                                    CREATE_TIME                DURATION  SOURCE                                                                                            IMAGES  STATUS
784653b2-f00e-4c4b-9f5f-96a5f115bef4  2020-01-23T14:53:13+00:00  23S       gs://cloudrunqs-project_cloudbuild/source/1579791193.217726-ea20e1c787fb4784b19fb1273d032df2.tgz  -       SUCCESS

您刚刚将映像 hello 部署到了 Cloud Run。

运行部署的映像

  1. 在 Google Cloud 控制台中打开 Cloud Run 页面:

    打开 Cloud Run 页面

  2. 选择您的项目,然后点击打开

    您将看到 Cloud Run 服务页面。

  3. 在表中,找到名为 cloudrunservice 的行,然后点击 cloudrunservice

    此时将显示 cloudrunservice服务详情页面。

  4. 要运行在 cloudrunservice 上部署的映像,请点击以下网址:

    “Cloud Run 服务详情”页面的屏幕截图

后续步骤