Re: Cannot run even the simplest app in Cloud Run ...

AndyF · 01-05-2024 06:52 AM

Hi,

I am trying to learn how humans should use your Cloud Run service and keep failing. I have a GitHub repo that contains a single file `Dockerfile` that has:

FROM python:3.12-alpine
EXPOSE 8080
ENTRYPOINT ["python", "-m", "http.server", "-d", "/tmp", "8080"]

It works fine locally of course but when I try to create a Cloud Run service it shows me the default placeholder "Oops.." which exposes my project ID -- security by obscurity in its finest, anyone?

I don't change anything in the service apart allowing unauth access. Deploy via push fails, but GitHub status does not update so the queue of deploy tasks just grows with each push. Link to the deploy log fails, says cannot find the log. Deploying manually just gives the placeholder that I don't want but there is no way to opt-out from it? (Edit: since then I figured out that I was manually re-deploying the placeholder container all along, not saying that it's an expected behavior nor a nice feature)

This is such a horrible DX. I sincerely hope you realize it. But still it's better than what I experienced using your Python SDK (no docs, bizarre api) and trying to deploy App Engine and Functions.

Cloud Run is not even an option in the label list here. Good thing it's Friday today and one can just chill.

AndyF

I should probably mention that I am using a free trial account. I would expect it not affect anything but at this stage I would not be surprised at all.

AndyF

Also, I gave up on using Cloud Build without Dockerfile since there was no way to know why it was failing. I thought Dockerfile would help me, but no.

Well, I could try to make a container with your `pack` cli and try to see what's going on there. Hopefully, it's the way to go forward.

AndyF

Could you please ban bot user `pfilourenco` that likes everything anyone posts. Annoying.

AndyF

To add to the rant -- I have tried multiple times to set user avatar here but you just keep resetting it to my google user's one. At this point I start to suspect that you fired all your testers in recent lay offs and things just go to shit now.

AndyF

Funny, that when I share the link to this thread in Slack, I get a preview using text from the first comment instead of the original question. Off-by-one error now too?

AndyF

Oh I see what's going on now - service uses the default placeholder container so my manual deploys just redeploy it. I have to use push, but it fails and there is no way to know why.

AndyF

At least I made it to work via CLI and it gives some hope

# Note: It expects env var PROJECT to be set before running make commands!
# Example:  PROJECT=my-123  make setup

REGION = europe-west1
ZONE = b
REPO = test-repo
APP = test-app
APP_IMG = ${REGION}-docker.pkg.dev/${PROJECT}/${REPO}/${APP}:latest


###  SETUP CLI

GCLOUD_IMG = gcr.io/google.com/cloudsdktool/google-cloud-cli:alpine
GCLOUD_CONTAINER = gcloud
GCLOUD_EXEC = docker exec -ti ${GCLOUD_CONTAINER}
GCLOUD = ${GCLOUD_EXEC} gcloud
PLATFORM = $(shell uname -m | grep -q 'arm64' && echo '--platform linux/arm64')

setup:  auth  config-set
remove-existing-container:
    @docker rm -f ${GCLOUD_CONTAINER} 2>/dev/null || true
auth:  remove-existing-container
    docker run -ti ${PLATFORM} -v .:/app -w /app --name ${GCLOUD_CONTAINER} ${GCLOUD_IMG} \
        gcloud auth login --brief
    docker start ${GCLOUD_CONTAINER}
config-set:
    test -n "${PROJECT}" || (echo "PROJECT env var not set"; exit 1)
    ${GCLOUD} config set core/project ${PROJECT}
    ${GCLOUD} config set compute/region ${REGION}
    ${GCLOUD} config set compute/zone ${REGION}-$(subst ${REGION}-,,${ZONE})
    @echo
    make config-list
config-list:
    ${GCLOUD} config list


###  BUILD AND DEPLOY

PROJECT_NUMBER = $(shell ${GCLOUD} projects describe ${PROJECT} --format='value(projectNumber)')
SERVICE_ACCOUNT = ${PROJECT_NUMBER}@cloudbuild.gserviceaccount.com
COMPUTE_ACCOUNT = ${PROJECT_NUMBER}-compute@developer.gserviceaccount.com

repo-create:
    ${GCLOUD} artifacts repositories list --location=${REGION} | grep -q ${REPO} || \
    ${GCLOUD} artifacts repositories create ${REPO} --project=${PROJECT} \
        --repository-format=docker --location=${REGION}

repo-list:
    ${GCLOUD} artifacts repositories list

build:
    ${GCLOUD} builds submit --region=${REGION} --tag ${APP_IMG}

grant-run-admin:  # Grant the Cloud Run Admin role to the Cloud Build service account
    ${GCLOUD} projects add-iam-policy-binding ${PROJECT} \
       --member=serviceAccount:${SERVICE_ACCOUNT} --role=roles/run.admin

grant-service:  # Grant the IAM Service Account User role to the Cloud Build service account for the Cloud Run runtime service account
    ${GCLOUD} iam service-accounts add-iam-policy-binding ${COMPUTE_ACCOUNT} \
       --member=serviceAccount:${SERVICE_ACCOUNT} --role=roles/iam.serviceAccountUser

deploy:
    ${GCLOUD} run deploy cloudrunservice --image ${APP_IMG} --region ${REGION} \
         --platform managed --allow-unauthenticated

build-and-deploy:  repo-create  build  grant-run-admin  grant-service  deploy

CJ-Pav

Make sure your port is open (use 8080 or 80) and a Dockerfile like below. Clone your git code into cloud shell then build it into a container (there are guides for this). Then push it to the artifact registry. Then when creating cloud run service, simply select the docker image in the registry and it should work.

FROM node:alpine

RUN mkdir /app

WORKDIR /app

COPY package.json /app

RUN npm install

COPY . /app

CMD ["npm", "start"]

Note: this is nodejs not python.

Aquiestoy

It's funny how

1. They didn't listen and did not ban this weird bot liking everything
2. Make it extra hard to deploy the dumbest app ever and you have to decipher how all that works

I'm in the same situation and I find that super annoying as well. I just want to have a kind of hello world app running from Github to Google Cloud Run and it fails without logs. Why do you make it so complicated?

Cannot run even the simplest app in Cloud Run via GitHub/Dockerfile