This article provide a guidance to complete GSP328 Serverless Cloud Run Development: Challenge Lab. It won’t provide steps directly, only tips to finish the lab.
The challenge contains 7 tasks. As it has staging and production environment, so actually is 3 different sets of tasks.
Provision the Qwiklabs environment
run those commands to set config and checkout files
Task 1:
Assessment
Build an image using Cloud Build
Deploy a Cloud Run service as an unauthenticated service
Test service responds when the endpoint is accessed
1 2 3 4 5 6 7 8 |
+-----------------+-----------------------------------+ | FIELD | VALUE | +-----------------+-----------------------------------+ | Billing Image | billing-staging-api:0.1 | | Billing Service | public-billing-service | | Authentication | unauthenticated | | Code | pet-theory/lab07/unit-api-billing | +-----------------+-----------------------------------+ |
- gCloud build command reference: https://cloud.google.com/sdk/gcloud/reference/beta/builds/submit
1 2 3 |
cd ~/<CODE> gcloud builds submit \ --tag gcr.io/$GOOGLE_CLOUD_PROJECT/<BILLING_IMAGE> |
2. gCloud deploy command reference:
- https://cloud.google.com/sdk/gcloud/reference/run/deploy
- https://cloud.google.com/sdk/gcloud/reference/run/deploy#–[no-]allow-unauthenticated
1 2 3 |
gcloud run deploy <SERVICE> \ --image gcr.io/$GOOGLE_CLOUD_PROJECT/<BILLING_IMAGE> \ --<AUTHENTICATED> |
3. optional: click on the Service URL in cloud shell, or curl manually. e.g. curl https://public-billing-service-XXXXXXX.a.run.app
Task 2:
Same as task 1, with different values.
1 2 3 4 5 6 7 8 |
+----------------+-------------------------------------------+ | FIELD | VALUE | +----------------+-------------------------------------------+ | Image Name | frontend-staging:0.1 | | Service Name | frontend-staging-service | | Authentication | unauthenticated | | Code | pet-theory/lab07/staging-frontend-billing | +----------------+-------------------------------------------+ |
Task 3:
1 2 3 4 5 6 7 8 |
+----------------+--------------------------------------+ | FIELD | VALUE | +----------------+--------------------------------------+ | Image Name | billing-staging-api:0.2 | | Service Name | private-billing-service | | Authentication | authenticated | | Code | pet-theory/lab07/staging-api-billing | +----------------+--------------------------------------+ |
- Delete the existing Billing Service
1 2 |
cd ~/<CODE> gcloud beta run services delete public-billing-service |
2. Build an image using Cloud Build: similar to task 1
3. Deploy the image to Cloud Run requiring authentication: similar to above, just be aware this time is authenticated. --no-allow-unauthenticated
4. Test service:
1 2 3 4 |
BILLING_SERVICE=private-billing-service BILLING_URL=$(gcloud run services describe $BILLING_SERVICE \ --format "value(status.URL)") curl -X get -H "Authorization: Bearer $(gcloud auth print-identity-token)" $BILLING_URL |
Task 4:
1 2 3 4 5 6 |
+-----------------+---------------------------+ | FIELD | VALUE | +-----------------+---------------------------+ | Service Account | billing-service-sa | | Display Name | Billing Service Cloud Run | +-----------------+---------------------------+ |
- create service account reference: https://cloud.google.com/iam/docs/creating-managing-service-accounts#creating
1 |
gcloud iam service-accounts create <SERVICE_ACOUNT> --display-name "<DISPLAY_NAME>" |
Task 5:
1 2 3 4 5 6 7 8 9 |
+-----------------+-----------------------------------+ | FIELD | VALUE | +-----------------+-----------------------------------+ | Image Name | billing-prod-api:0.1 | | Service Name | billing-prod-service | | Authentication | authenticated | | Code | pet-theory/lab07/prod-api-billing | | Service Account | billing-service-sa | +-----------------+-----------------------------------+ |
- Deploy the image to Cloud Run & Enable Authentication
1 2 |
cd ~/<CODE> ## similar to task 3 build and deploy command above |
2. Enable Service Account
https://cloud.google.com/sdk/gcloud/reference/run/services/add-iam-policy-binding
1 2 3 |
gcloud run services add-iam-policy-binding <SERVICE_NAME> \ --member=serviceAccount:<SERVICE_ACCOUNT>@$GOOGLE_CLOUD_PROJECT.iam.gserviceaccount.com \ --role=roles/run.invoker |
3. optional: Test service url: lab instructions URL is case sensitive.
1 2 3 4 5 6 |
PROD_BILLING_SERVICE=private-billing-servicePROD_BILLING_URL=$(gcloud run services \ describe $PROD_BILLING_SERVICE \ --format "value(status.URL)") curl -X get -H "Authorization: Bearer \ $(gcloud auth print-identity-token)" \ $PROD_BILLING_URL |
Task 6:
1 2 3 4 5 6 |
+-----------------+-----------------------------------+ | FIELD | VALUE | +-----------------+-----------------------------------+ | Service Account | frontend-service-sa | | Display Name | Billing Service Cloud Run Invoker | +-----------------+-----------------------------------+ |
- same command as Task 4
Task 7:
1 2 3 4 5 6 7 8 9 |
+-----------------+----------------------------------------+ | FIELD | VALUE | +-----------------+----------------------------------------+ | Image Name | frontend-prod:0.1 | | Service Name | frontend-prod-service | | Authentication | unauthenticated | | Code | pet-theory/lab07/prod-frontend-billing | | Service Account | frontend-service-sa | +-----------------+----------------------------------------+ |
- Deploy the image to Cloud Run & Enable Authentication: refer to Task 5
1 2 |
cd ~/<CODE> ## similar to task 5 build and deploy command above |
2. Enable Service Account: similar to task 5
1 2 3 |
gcloud run services add-iam-policy-binding <SERVICE_NAME> \ --member=serviceAccount:<SERVICE_ACCOUNT>@$GOOGLE_CLOUD_PROJECT.iam.gserviceaccount.com \ --role=roles/run.invoker |
3. optional: click on URL printed in cloud shell to verify endpoint access
Congratulations
After that you should be able to finish this challenge lab and obtain a skill badge: