Skip to content

Instantly share code, notes, and snippets.

@dinvlad
Created September 6, 2019 15:51
Show Gist options
  • Save dinvlad/fcf72039c403bc2bf46663fb43c62a57 to your computer and use it in GitHub Desktop.
Save dinvlad/fcf72039c403bc2bf46663fb43c62a57 to your computer and use it in GitHub Desktop.
Create Cloud Run Service through Deployment Manager
{% set PROJECT = env['project'] %}
{% set REGION = properties['region'] | default('us-east1') %}
{% set PARENT = 'projects/' + PROJECT + '/locations/' + REGION %}
{% set PREFIX = env['deployment'] %}
{% set CLOUDRUN_TYPE_PROVIDER = PREFIX + '-provider' %}
{% set CLOUDRUN_SERVICE_TYPE = PROJECT + '/' + CLOUDRUN_TYPE_PROVIDER + ':projects.locations.services' %}
{% set CLOUDRUN_SERVICE = PREFIX + '-service' %}
{% set CLOUDRUN_SERVICE_ACCOUNT = PREFIX + '-sa' %}
{% set CLOUDRUN_SERVICE_INVOKER = PREFIX + '-service' %}
{% set CLOUDRUN_INVOKER = properties['invoker'] | default('allUsers') %}
resources:
- name: {{ CLOUDRUN_TYPE_PROVIDER }}
type: deploymentmanager.v2beta.typeProvider
properties:
descriptorUrl: https://run.googleapis.com/$discovery/rest?version=v1alpha1
options:
inputMappings:
- fieldName: Authorization
location: HEADER
value: $.concat("Bearer ", $.googleOauth2AccessToken())
collectionOverrides:
- collection: projects.locations.services
options:
virtualProperties: |
schema: http://json-schema.org/draft-04/schema#
type: object
required:
- spec
properties:
spec:
type: object
description: https://cloud.google.com/run/docs/reference/rest/v1alpha1/RevisionSpec
inputMappings:
- methodMatch: ^create$
location: PATH
fieldName: parent
value: $.concat("{{ PARENT }}")
- methodMatch: ^(get|replaceService|delete)$
location: PATH
fieldName: name
value: $.concat("{{ PARENT }}/services/", $.resource.name)
- methodMatch: ^setIamPolicy$
location: PATH
fieldName: resource
value: $.concat("{{ PARENT }}/services/", $.resource.name)
- methodMatch: ^create$
location: BODY
fieldName: kind
value: $.concat("Service")
- methodMatch: ^create$
location: BODY
fieldName: apiVersion
value: $.concat("serving.knative.dev/v1alpha1")
- methodMatch: ^create$
location: BODY
fieldName: metadata.name
value: $.resource.name
- methodMatch: ^replaceService$
location: BODY
fieldName: metadata
value: $.resource.self.metadata
- methodMatch: ^(create|replaceService)$
location: BODY
fieldName: spec.template.spec
value: $.resource.properties.spec
- name: {{ CLOUDRUN_SERVICE }}
type: {{ CLOUDRUN_SERVICE_TYPE }}
metadata:
dependsOn:
- {{ CLOUDRUN_TYPE_PROVIDER }}
properties:
spec:
serviceAccountName: $(ref.{{ CLOUDRUN_SERVICE_ACCOUNT }}.email)
containerConcurrency: 5
timeoutSeconds: 10
containers:
- image: marketplace.gcr.io/google/nginx1
env:
- name: NGINX_HOST
value: example.com
resources:
limits:
memory: 128Mi
accessControl:
gcpIamPolicy:
bindings:
- role: roles/run.invoker
members:
- {{ CLOUDRUN_INVOKER }}
- name: {{ CLOUDRUN_SERVICE_ACCOUNT }}
type: iam.v1.serviceAccount
properties:
accountId: {{ CLOUDRUN_SERVICE_ACCOUNT }}
displayName: Service account for {{ CLOUDRUN_SERVICE }}
@ocsig
Copy link

ocsig commented Nov 20, 2019

The DM team is actively working on the GA type provier but we are facing minor issues with the API (because of the multi-region endpoints). This should be resolved soon.

@dinvlad
Copy link
Author

dinvlad commented Nov 20, 2019

Thanks for the update!

@matthiasa4
Copy link

Are there any updates in this direction (support for Cloud Run through Deployment Manager)?

@xalien10
Copy link

@ocsig and @dinvlad Is there any python template available for cloudrun deployment using google cloud deployment manager?

@VikramVasudevan
Copy link

VikramVasudevan commented Jul 14, 2021

Hey @ocsig - great info! is there any further update on the native support?

I am having one more issue. Would appreciate some help here as I am stuck.

Please refer my issue
https://stackoverflow.com/questions/67065062/create-cloud-run-service-with-deployment-manager/68379784#68379784

Here is a summary:

Despite having the authorization header in the options inputMappings, I am getting a 401

ERROR: (gcloud.beta.deployment-manager.deployments.create) Error in Operation [operation-1626271807378-5c715e9631374-01345f3b-a23ceb5e]: errors:
- code: RESOURCE_ERROR
  location: /deployments/my-deployment-001/resources/my-service-001
  message: '{"ResourceType":"spatial-cat-319209/tp-cloudrun:run.projects.locations.services.create","ResourceErrorCode":"401","ResourceErrorMessage":{"code":401,"message":"Request
    is missing required authentication credential. Expected OAuth 2 access token,
    login cookie or other valid authentication credential. See https://developers.google.com/identity/sign-in/web/devconsole-project.","status":"UNAUTHENTICATED","statusMessage":"Unauthorized","requestPath":"https://run.googleapis.com/v1/projects/spatial-cat-319209/locations/asia-south1/services","httpMethod":"POST"}}'

@Bashorun97
Copy link

Bashorun97 commented Jul 15, 2021

Hello @VikramVasudevan - I'm not sure if there's native support or an API available for cloud run. I checked through this link and none exists. I think one still needs to go down the route of declaring a custom base type for cloud run.

@VikramVasudevan
Copy link

Thanks for confirming @Bashorun97 - any advice on my issue though?

@dinvlad
Copy link
Author

dinvlad commented Jul 15, 2021

@VikramVasudevan I'd really recommend using Terraform, tbh. Can't help much more since we stopped using DM for this and other reasons. Terraform is much more flexible and logical (and easier to troubleshoot)!

@VikramVasudevan
Copy link

Thanks for writing back @dinvlad
I have to say I am very surprised google's own sdk is not good enough (atleast not yet).
Will explore terraform.

@red8888
Copy link

red8888 commented Jul 21, 2021

From almost 3 years ago The DM team is actively working on the GA type provier but we are facing minor issues with the API (because of the multi-region endpoints). This should be resolved soon.

The next time I meet with our google reps I'll have to ask them about the Deployment Manager road map because it really seems like its been abandoned. Its especially frustrating to not have support for cloud run because its serverless. serverless stuff is like the easiest use case for IaC but I have to roll my own janky scripts to deploy it- terraform isnt great for deploying apps

@dinvlad
Copy link
Author

dinvlad commented Jul 21, 2021

Yep, although it's possible to do Docker even in Terraform:
https://registry.terraform.io/providers/kreuzwerker/docker/latest/docs/resources/image#build
(but we're actually using https://github.com/GoogleContainerTools/kaniko for it via separate Cloud Build steps, which works nicely).

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment