Learn through the super-clean Baeldung Pro experience:
>> Membership and Baeldung Pro.
No ads, dark-mode and 6 months free of IntelliJ Idea Ultimate to start with.
1. Introduction
Deploying applications in a serverless environment like Google Cloud Run offers scalability and ease of management.
In this tutorial, we’ll outline the process of pulling a Docker Hub image and deploying it in Google Cloud Run. For illustration purposes, we’ll use pgAdmin, a popular database management tool for PostgreSQL.
2. Prerequisites
Before we start the deployment processes, let’s ensure the following prerequisites are met:
- Google Cloud Account: an active Google Cloud account with billing enabled
- Google Cloud SDK: we install and configure gcloud on the machine
- Docker: installed and running on the machine
Once these prerequisites are met, we can proceed with the next step.
3. Pulling and Deploying Docker Image from Docker Hub
Firstly, we pull the desired image from Docker Hub to the system.
3.1. Pulling the Docker Image from the Docker Hub
For this example, we pull the official pdAdmin docker image with the docker command:
$ docker pull dpage/pgadmin4
Using default tag: latest
latest: Pulling from dpage/pgadmin4
43c4264eed91: Pull complete
...
Digest: sha256:585350593e8b0483941fa9a2d5ebb04b88a66e83a7b5603c169f9446b271312f
Status: Downloaded newer image for dpage/pgadmin4:latest
docker.io/dpage/pgadmin4:latest
The command retrieves the latest version of the pgAdmin image from Docker Hub. In particular, it ensures the deployment uses the most recent updates and features. Furthermore, the image stores locally after pulling is successful. We can verify this with the use of the docker image command.
3.2. Tagging the Docker Image for Google Cloud Registry
The next step is tagging it for Google Container Registry (GCR). Tagging organizes the image for easy retrieval later. Let’s tag the image with the Google Cloud project ID:
$ docker tag dpage/pgadmin4 gcr.io/nifty-bird-432210-q8/pgadmin4
The command creates a new tag for an existing image. Additionally, the gcr.io/nifty-bird-432210-q8/pgadmin4 is the target tag where nifty-bird-432210-q8 is the actual Google Cloud project ID.
It’s important to note that the tagging helps Docker identify the correct destination when pushing the image to GCR. In particular, it prepares the image for deployment by associating it with the Google Cloud project.
3.3. Authentication With Google Cloud
Before pushing the image to GCR, it’s necessary to authenticate with Google Cloud. First, let’s log in to Google Cloud:
$ gcloud auth login
Your browser has been opened to visit:
...
You are now logged in as [[email protected]].
Your current project is [nifty-bird-432210-q8]. You can change this setting by running:
$ gcloud config set project PROJECT_ID
This command grants Google Cloud SDK access to our account.
Additionally, let’s set the active project:
$ gcloud config set project nifty-bird-432210-q8
Updated property [core/project].This command sets the active project for the Google Cloud SDK. Further, it ensures subsequent commands are executed within the context of the specified project which in this case is nifty-bird-432210-q8.
Next, we configure Docker to use gcloud credentials:
$ gcloud auth configure-docker
...
{
"credHelpers": {
"gcr.io": "gcloud",
"us.gcr.io": "gcloud",
"eu.gcr.io": "gcloud",
"asia.gcr.io": "gcloud",
"staging-k8s.gcr.io": "gcloud",
"marketplace.gcr.io": "gcloud"
}
}
Adding credentials for all GCR repositories.
...With all these commands, the Google Cloud SDK is authenticated, the active project is set, and Docker is ready to communicate with Google Cloud services.
3.4. Pushing the Docker Image to Google Cloud Registry
With the image tagged and authentication configured, let’s push the image to Google Cloud Container registry:
$ docker push gcr.io/nifty-bird-432210-q8/pgadmin4
Using default tag: latest
The push refers to repository [gcr.io/nifty-bird-432210-q8/pgadmin4]
03ff70d2b32a: Layer already exists
4022158531c6: Layer already exists
...
latest: digest: sha256:89f0402040f7fac463a5479636c1a7556dae867440549ff02bef9cfeab8e6be4 size: 3666The docker push command uploads an image to a registry. Furthermore, the gcr.io/nifty-bird-432210-q8/pgadmin4 is the target location in the Google Cloud Container Registry where the image will be pushed.
To sum up, the command uploads the tagged pgAdmin image to the specified Google Cloud project. This makes it available for deployment on Cloud Run. Note that the push process may take a few moments depending on the image size and internet connection.
3.5. Deploy pgAdmin on Google Cloud Run
Let’s deploy pgAdmin on Cloud Run:
$ gcloud run deploy pgadmin \
--image=gcr.io/nifty-bird-432210-q8/pgadmin4 \
--platform=managed \
--region=us-central1 \
--allow-unauthenticated \
--set-env-vars "[email protected],PGADMIN_DEFAULT_PASSWORD=yourpassword" \
--port=80
Deploying container to Cloud Run service [pgadmin] in project [nifty-bird-432210-q8] region [us-central1]
✓ Deploying new service... Done.
✓ Creating Revision...
✓ Routing traffic...
✓ Setting IAM Policy...
Done.
Service [pgadmin] revision [pgadmin-00001-xsr] has been deployed and is serving 100 percent of traffic.
Service URL: https://pgadmin-534149333305.us-central1.run.app
Let’s break down each of the commands:
- gcloud run deploy pgadmin: it initiates the deployment of a service named pgadmin on Cloud Run
- –image=gcr.io/nifty-bird-432210-q8/pgadmin4: specifies the image to deploy
- –platform=managed: Indicates that a fully managed Cloud Run service is used
- –region=us-central1: sets the deployment region
- –allow-unauthenticated: grants public access to the service, allowing anyone to access the pgAdmin interface without authentication
- –set-env-vars: configures environment variables for the container
- –port=80: specifies the port that the container will listen on
This command deploys the pgAdmin container, setting up environment variables for the default email and password. Additionally, upon successful deployment, Cloud Run provides a URL (https://pgadmin-534149333305.us-central1.run.app) to access the pgAdmin interface.
4. Deploying via Cloud Build
In addition to the method outlined above, an alternative approach involves using Google Cloud Build to automate the build and deployment process. Moreover, this method eliminates the need for local Docker commands.
4.1. Create a Cloud Build Configuration File
Firstly, we create a file named cloudbuild.yaml:
steps:
# Step 1: Pull the pgAdmin image from Docker Hub
- name: 'gcr.io/cloud-builders/docker'
args: ['pull', 'dpage/pgadmin4']
# Step 2: Tag the image for Google Container Registry (GCR)
- name: 'gcr.io/cloud-builders/docker'
args: ['tag', 'dpage/pgadmin4', 'gcr.io/nifty-bird-432210-q8/pgadmin4']
# Step 3: Push the tagged image to GCR
- name: 'gcr.io/cloud-builders/docker'
args: ['push', 'gcr.io/nifty-bird-432210-q8/pgadmin4']
# Step 4: Deploy the image to Google Cloud Run
- name: 'gcr.io/google.com/cloudsdktool/cloud-sdk'
entrypoint: 'bash'
args:
- '-c'
- |
gcloud run deploy pgadmin \
--image=gcr.io/nifty-bird-432210-q8/pgadmin4 \
--platform=managed \
--region=us-central1 \
--allow-unauthenticated \
--set-env-vars "[email protected],PGADMIN_DEFAULT_PASSWORD=yourpassword" \
--port=80
# Specify the region and project where Cloud Build will execute
timeout: 900sThis configuration file defines four steps pulling, tagging, pushing the image, and finally deploying it to Cloud Run. Additionally, it uses Cloud Build’s pre-configured Docker and Google Cloud SDK images to execute these commands. Finally, it deploys the service on Cloud Run in the us-central1 region with the provided environment variables for the pgAdmin default email and password.
4.2. Grant the Cloud Build Service Account Permission
Additionally, we need to grant the required permissions to the Compute Engine default service account. In particular, this is important so it can access the necessary Cloud build resources. Let’s grant permission with the command:
$ gcloud projects add-iam-policy-binding nifty-bird-432210-q8 \
--member="serviceAccount:[email protected]" \
--role="roles/storage.admin"
This command grants the required permission to the service account.
4.3. Submitting the Build
Now, let’s submit the build to Google Cloud Build:
$ gcloud builds submit --config cloudbuild.yaml
...
Step #3: Setting IAM policy failed, try "gcloud beta run services add-iam-policy-binding --region=us-central1 --member=allUsers --role=roles/run.invoker pgadmin"
Step #3: Service [pgadmin] revision [pgadmin-00002-4rb] has been deployed and is serving 100 percent of traffic.
Step #3: Service URL: https://pgadmin-534149333305.us-central1.run.app
Finished Step #3
PUSH
DONE
--------------------------------------------------------------------------------------------------------------------------------------------------------------------------
ID CREATE_TIME DURATION SOURCE IMAGES STATUS
2190830e-2faf-4288-8ff5-799e8bb68785 2024-10-05T22:29:42+00:00 2M17S gs://nifty-bird-432210-q8_cloudbuild/source/1728167378.83293-48b93ca8c8d04c9e8071575363bcdb97.tgz - SUCCESSThis command uploads the cloudbuild.yaml file to Cloud Build and triggers the build process. Furthermore, Cloud Build executes each step in the file in sequence, and once complete, the pgAdmin service will be deployed on Cloud Run.
5. Conclusion
In this article, we’ve covered the steps to pull a Docker image from Docker Hub and deploy it on Google Cloud Run. By leveraging Google Cloud services such as Cloud Run and Cloud Build, the process becomes seamless and scalable.
This deployment method allows us to focus on applications while Google Cloud handles infrastructure management.