Deploying applications on GCP
Serverless on GCP
Deploying server less container on GCP is very straight forward , I was able to deploy my container image https://hub.docker.com/repository/docker/vishalmysore/serverless on GCP Cloud Run in less than 10 mins. GCP Provides cloud shell which makes it easy to deploy from external container read about it here https://cloud.google.com/shell
docker pull vishalmysore/serverless
docker tag vishalmysore/serverless:latest gcr.io/gtajava/vishalmysore/serverless:latest
docker push gcr.io/gtajava/vishalmysore/serverless:latest
gcloud run deploy --image=gcr.io/gtajava/vishalmysore/serverless:latest --port=8080--region=us-central1 --allow-unauthenticated --platform=managed
You can visit the link which you see on console ( something similar to https://serverless-xvzdlchfxa-uc.a.run.app/swagger-ui/ ) on browser to see your application running.
Congrats!! You have deployed your first application on Cloud Run.
As you have noticed its not a very secure way of hosting your application. Next step is to add your first layer of security
** Delete the Cloud Run Service ** We will do it again with a service role.
Add the service account role called vishal-view
gcloud iam service-accounts create vishal-view
Deploy it again with the service role and prevent unauthenticated access .
gcloud run deploy --image=gcr.io/gtajava/vishalmysore/serverless:latest --port=8080 --region=us-central1 --service-account vishal-view --no-allow-unauthenticated --platform=managed
Its deployed again but now you cannot access it without auth token
Try to access the same URL from browser and you will see
Error: Forbidden
Your client does not have permission to get URL /jobs/all from this server.
To fix that go back to shell and Get the TOKEN with this command
TOKEN=$(gcloud auth print-identity-token)
Now run the command
curl -H "Authorization: Bearer $TOKEN" -H 'Content-Type: text/plain' https://serverless-xvzdlchfxa-uc.a.run.app/jobs/all
Congrats!! you have successfully deployed your first serverless container as service and added security layer to it.