Deploy Serverless Apps with Google Cloud Run

A brief on deploying serverless apps with Google Cloud Run.

Serverless computing has taken off in recent years, greatly improving time-to-market for modern applications while simultaneously decreasing infrastructure management overheads. The term "serverless" is confusing though - of course servers are still used by the cloud service providers; it's just that developers focus on building great applications without having to manage the underlying servers.

Cloud Run is one such serverless platform offered by Google - it allows you to run your own containers in a fully managed and highly scalable environment. It is built upon the open-source knative project, and supports Go, Python, Java, Node.js, .NET, Docker and several other languages. Cloud Run automatically scales out your container to handle an increase in requests, then scales back in when the requests slow down. You only pay when your code is running, with all customers getting 2 million requests per month free of charge.

In this post, I'll walk through a serverless application deployment with Cloud Run.

Setup Google Cloud Environment

If you don't have a Google Cloud Platform account, sign up here. New customers get a generous $300 credit for 90 days, with several always-free products once the trial period expires. Enable billing on your account, and create a new project (this allows you to easily discard the project and resources once you are done).

Enable the following Google Cloud APIs from the Console or using gcloud CLI:

  • Cloud Run API
  • Compute Engine API
  • Identity-Aware Proxy API
gcloud services enable

If your VPC does not already have networking set up, navigate to VPC network > VPC networks and click Create VPC Network (e.g. hello-net). Subsequently, click on the network and add a custom-mode subnet (e.g. hello-subnet-us-west1). Also, click on VPC network > Firewall and create a firewall rule to allow incoming HTTPS connections from the internet (i.e. TCP port 443).

Deploy Hello App to Cloud Run

Deploy sample hello app ( to Cloud Run. You can also use your own image if you wish. Allow unauthenticated invocations for now. In a production scenario, you'll have to think about the authentication scheme you want to enforce.

# Replace SERVICE_NAME and REGION with the respective values (e.g. hello and us-west1)
gcloud run deploy SERVICE_NAME --image --region REGION --platform managed --allow-unauthenticated

# If successful, you should see an output similar to this
Deploying container to Cloud Run service [hello] in project [project-id] region [us-west1]
OK Deploying new service... Done.                                       
  OK Creating Revision... Initializing project for the current region.
  OK Routing traffic...
  OK Setting IAM Policy...
Service [hello] revision [hello-00001-ter] has been deployed and is serving 100 percent of traffic.
Service URL:

Click on the Service URL to launch the serverless app on Cloud Run.

Cloud Run serverless hello app
Cloud Run serverless hello app

Next, let's map our subdomain to the Cloud Run service. Click Manage Custom Domains and then Add Mapping. I'm going to assume that you already own the domain that you'll use to host the serverless app. If you don't, head over to Cloudflare Registrar or Namecheap and register your domain first. You can also click on Register Domain in the Domain Mappings tab and register a domain with Google Cloud Domains instead. If you buy the domain from Google, it will be automatically verified, else you have to verify it manually first.

Select the service to map to, a verified domain and specify the subdomain to be mapped. Cloud Run domain mappings are only available in some regions at the time of writing, so do check that your chosen region is available. Click Continue and review the DNS information presented.

Cloud Run subdomain mapping
Cloud Run subdomain mapping

Finally, update the DNS records for your domain host - add a CNAME record for the specified subdomain pointing to A managed certificate is automatically issued and renewed when you map a service to a custom domain. Once the certificate is provisioned, the hello app will be available at the new subdomain.

Subscribe to alphasec

Don’t miss out on the latest issues. Sign up now to get access to the library of members-only issues.