Deploy Serverless Apps with Google Cloud Run
A brief on deploying serverless apps with Google Cloud Run.
Serverless computing has taken off in recent years, greatly improving time-to-market for modern applications while simultaneously decreasing infrastructure management overheads. The term "serverless" is confusing though - of course servers are still used by the cloud service providers; it's just that developers focus on building great applications without having to manage the underlying servers.
Cloud Run is one such serverless platform offered by Google - it allows you to run your own containers in a fully managed and highly scalable environment. It is built upon the open-source knative project, and supports Go, Python, Java, Node.js, .NET, Docker and several other languages. Cloud Run automatically scales out your container to handle an increase in requests, then scales back in when the requests slow down. You only pay when your code is running, with all customers getting 2 million requests per month free of charge.
In this post, I'll walk through a serverless application deployment with Cloud Run.
Setup Google Cloud Environment
If you don't have a Google Cloud Platform account, sign up here. New customers get a generous $300 credit for 90 days, with several always-free products once the trial period expires. Enable billing on your account, and create a new project (this allows you to easily discard the project and resources once you are done).
Enable the following Google Cloud APIs from the Console or using gcloud
CLI:
Cloud Run API
Compute Engine API
Identity-Aware Proxy API
gcloud services enable run.googleapis.com compute.googleapis.com iap.googleapis.com
If your VPC does not already have networking set up, navigate to VPC network
> VPC networks
and click Create VPC Network
(e.g. hello-net
). Subsequently, click on the network and add a custom-mode subnet (e.g. hello-subnet-us-west1
). Also, click on VPC network
> Firewall
and create a firewall rule to allow incoming HTTPS connections from the internet (i.e. TCP port 443
).
Deploy Hello App to Cloud Run
Deploy sample hello app (us-docker.pkg.dev/cloudrun/container/hello
) to Cloud Run. You can also use your own image if you wish. Allow unauthenticated invocations for now. In a production scenario, you'll have to think about the authentication scheme you want to enforce.
# Replace SERVICE_NAME and REGION with the respective values (e.g. hello and us-west1)
gcloud run deploy SERVICE_NAME --image us-docker.pkg.dev/cloudrun/container/hello --region REGION --platform managed --allow-unauthenticated
# If successful, you should see an output similar to this
Deploying container to Cloud Run service [hello] in project [project-id] region [us-west1]
OK Deploying new service... Done.
OK Creating Revision... Initializing project for the current region.
OK Routing traffic...
OK Setting IAM Policy...
Done.
Service [hello] revision [hello-00001-ter] has been deployed and is serving 100 percent of traffic.
Service URL: https://hello-pe4x9efvyx-wl.a.run.app
Click on the Service URL
to launch the serverless app on Cloud Run.
Next, let's map our subdomain to the Cloud Run service. Click Manage Custom Domains
and then Add Mapping
. I'm going to assume that you already own the domain that you'll use to host the serverless app. If you don't, head over to Cloudflare Registrar or Namecheap and register your domain first. You can also click on Register Domain
in the Domain Mappings
tab and register a domain with Google Cloud Domains instead. If you buy the domain from Google, it will be automatically verified, else you have to verify it manually first.
Select the service to map to, a verified domain and specify the subdomain to be mapped. Cloud Run domain mappings are only available in some regions at the time of writing, so do check that your chosen region is available. Click Continue
and review the DNS information presented.
Finally, update the DNS records for your domain host - add a CNAME
record for the specified subdomain pointing to ghs.googlehosted.com
. A managed certificate is automatically issued and renewed when you map a service to a custom domain. Once the certificate is provisioned, the hello app will be available at the new subdomain.