Back to Details

gcp-deploy

Compare original and translation side by side

🇺🇸

Original

English
🇨🇳

Translation

Chinese

GCP Cloud Run Deploy

GCP Cloud Run 部署

Deploy from source to Cloud Run in a single command. Requires: a GCP project, a Dockerfile in the repo root, and an app that listens on a port (default 8080 / 
PORT
env var).
通过单条命令将源码部署至Cloud Run。需满足以下条件:一个GCP项目、仓库根目录下的Dockerfile,以及监听端口(默认8080 / 
PORT
环境变量)的应用。

Quick Deploy

快速部署

bash
undefined
bash
undefined

1. Auth (skip if already logged in)

1. 身份验证(已登录可跳过)

gcloud auth login gcloud config set project PROJECT_ID
gcloud auth login gcloud config set project PROJECT_ID

2. Enable APIs (first time only)

2. 启用API(首次部署时执行)

gcloud services enable run.googleapis.com cloudbuild.googleapis.com artifactregistry.googleapis.com
gcloud services enable run.googleapis.com cloudbuild.googleapis.com artifactregistry.googleapis.com

3. Deploy

3. 部署

gcloud run deploy SERVICE_NAME
--source .
--region australia-southeast1
--allow-unauthenticated

This builds the container remotely via Cloud Build, pushes to Artifact Registry, deploys to Cloud Run, and returns a public HTTPS URL. Redeploy by re-running the same command.
gcloud run deploy SERVICE_NAME
--source .
--region australia-southeast1
--allow-unauthenticated

此命令通过Cloud Build远程构建容器,推送至Artifact Registry,部署到Cloud Run,并返回一个公开的HTTPS URL。重新部署只需再次运行相同命令。

Deploy Script

部署脚本

Copy 
scripts/deploy.sh
into the project root for one-command deploys:
bash
chmod +x deploy.sh
./deploy.sh my-service
Env vars: 
GCP_REGION
(default 
australia-southeast1
), 
GCP_PROJECT
(default: current gcloud project).
scripts/deploy.sh
复制到项目根目录,即可实现一键部署:
bash
chmod +x deploy.sh
./deploy.sh my-service
环境变量:
GCP_REGION
(默认值
australia-southeast1
)、
GCP_PROJECT
(默认值:当前gcloud项目)。

Common Flags

常用参数

FlagPurposeExample
--region
Deployment region
australia-southeast1
--allow-unauthenticated
Public access
--port
Container port (if not 8080)
--port 3000
--set-env-vars
Env vars
--set-env-vars KEY=val,FOO=bar
--set-secrets
Secret Manager secrets
--set-secrets ENV=SECRET:latest
--memory
Memory
--memory 512Mi
--cpu
CPU
--cpu 1
--min-instances
Min instances (0 = scale to zero)
--min-instances 0
--max-instances
Max instances
--max-instances 3
--timeout
Request timeout (max 3600)
--timeout 300
参数用途示例
--region
部署区域
australia-southeast1
--allow-unauthenticated
允许公开访问
--port
容器端口(若不是8080)
--port 3000
--set-env-vars
设置环境变量
--set-env-vars KEY=val,FOO=bar
--set-secrets
设置Secret Manager密钥
--set-secrets ENV=SECRET:latest
--memory
内存配置
--memory 512Mi
--cpu
CPU配置
--cpu 1
--min-instances
最小实例数(0表示缩容至零)
--min-instances 0
--max-instances
最大实例数
--max-instances 3
--timeout
请求超时时间(最大3600秒)
--timeout 300

Environment Variables and Secrets

环境变量与密钥

Inline env vars:
bash
gcloud run deploy SERVICE --source . --region REGION --allow-unauthenticated \
  --set-env-vars "DATABASE_URL=postgres://...,API_KEY=abc123"
Secret Manager (recommended for sensitive values):
bash
undefined
内联设置环境变量:
bash
gcloud run deploy SERVICE --source . --region REGION --allow-unauthenticated \
  --set-env-vars "DATABASE_URL=postgres://...,API_KEY=abc123"
使用Secret Manager(敏感值推荐方式):
bash
undefined

Create secret

创建密钥

echo -n "secret-value" | gcloud secrets create MY_SECRET --data-file=-
echo -n "secret-value" | gcloud secrets create MY_SECRET --data-file=-

Grant access to default compute SA

为默认计算服务账号授予访问权限

gcloud secrets add-iam-policy-binding MY_SECRET
--member="serviceAccount:$(gcloud iam service-accounts list --format='value(email)' --filter='displayName:Compute Engine default')"
--role="roles/secretmanager.secretAccessor"
gcloud secrets add-iam-policy-binding MY_SECRET
--member="serviceAccount:$(gcloud iam service-accounts list --format='value(email)' --filter='displayName:Compute Engine default')"
--role="roles/secretmanager.secretAccessor"

Deploy with secret

携带密钥部署

gcloud run deploy SERVICE --source . --region REGION --allow-unauthenticated
--set-secrets "MY_SECRET=MY_SECRET:latest"
undefined
gcloud run deploy SERVICE --source . --region REGION --allow-unauthenticated
--set-secrets "MY_SECRET=MY_SECRET:latest"
undefined

Useful Commands

实用命令

bash
undefined
bash
undefined

Stream logs

流式查看日志

gcloud run services logs tail SERVICE --region REGION
gcloud run services logs tail SERVICE --region REGION

List services

列出所有服务

gcloud run services list --region REGION
gcloud run services list --region REGION

Get service URL

获取服务URL

gcloud run services describe SERVICE --region REGION --format "value(status.url)"
gcloud run services describe SERVICE --region REGION --format "value(status.url)"

Delete service

删除服务

gcloud run services delete SERVICE --region REGION
undefined
gcloud run services delete SERVICE --region REGION
undefined

CI/Headless Auth

CI/无界面身份验证

bash
gcloud auth activate-service-account --key-file=key.json
gcloud config set project PROJECT_ID
bash
gcloud auth activate-service-account --key-file=key.json
gcloud config set project PROJECT_ID

Troubleshooting

故障排查

IssueFix
Build failsCheck Dockerfile locally: 
docker build .
403 on deployNeed 
roles/run.admin
and 
roles/cloudbuild.builds.editor
App crashes on startCheck logs: 
gcloud run services logs tail SERVICE --region REGION
Port mismatchSet 
--port
to match app, or have app read 
PORT
env var
Cold start slowSet 
--min-instances 1
(stays warm, costs more)
Timeout on long requestsIncrease with 
--timeout 300
(max 3600s)
问题解决方法
构建失败本地检查Dockerfile:
docker build .
部署时出现403错误需要
roles/run.admin
roles/cloudbuild.builds.editor
权限
应用启动时崩溃查看日志:
gcloud run services logs tail SERVICE --region REGION
端口不匹配设置
--port
参数匹配应用端口,或让应用读取
PORT
环境变量
冷启动缓慢设置
--min-instances 1
(保持实例热启动,成本更高)
长请求超时增加超时时间:
--timeout 300
(最大3600秒)