In this lab, we will create a Cloud Run service that renders some 3D text and stores the image in a Cloud Storage bucket. The Cloud Run service will not be publicly available. Instead, we will create a Cloud Pub/Sub topic, with an authenticated push subscription to send messages to our rendering service. You should be familiar with the GCP console, Cloud Shell, and service accounts to perform this hands-on lab. Some familiarity with Cloud Pub/Sub would be helpful but is not essential.
Successfully complete this lab by achieving the following learning objectives:
- Deploy the Rendering Service
Note: Before you create the container, you will need to create a Cloud Storage bucket to hold rendered images. Then, you will need to update the code of the render service with the name of your bucket (line 35 of
Build the container and push it to Google Container Registry, replacing
<YOUR_PROJECT>with your project ID:
gcloud builds submit --tag gcr.io/<YOUR_PROJECT>/content-google-cloudrun-deepdive-rende .
The deployed service should not allow unauthenticated invocations.
- Configure Pub/Sub
- Create a service account with the Cloud Run Invoker role.
- Create a Cloud Pub/Sub topic.
- Create a subscription for the topic:
- The subscription should be Push.
- It should use the endpoint of the
- It should use the service account you just created.
Note: When you enable authentication for the Push subscription, Pub/Sub will prompt you to add the
iam.serviceAccountTokenCreatorrole and then reset the Add subscription form. This appears to be a normal (if somewhat quirky) behavior of the Cloud Console. Just re-enter the information to create the subscription, and it will work.
- Test the Service
- Publish some test messages to your Pub/Sub topic.
- View the rendered images in the Cloud Storage bucket.
Images may take a minute or two to render before you can see them in the bucket. If you have any problems, check the logs of your Cloud Run service.