1

I'm trying to deploy a deep learning-based app for image processing that uses user validation and Postgres database for storing the results. The following is the desired architecture for my app.

enter image description here

In order to keep it free for the long run time, I decided to deploy it using CloudRun serverless service within GCP. The following shell script is used to deploy it, which basically builds the docker image on the Docker registry and then deploys it as a service.

# Build container image 
gcloud builds submit --tag gcr.io/$(gcloud config get-value project)/$APP_NAME

# Deploying to Cloud Run
gcloud run deploy ${SERVICE_NAME} --image gcr.io/$(gcloud config get-value project)/$APP_NAME --platform=managed --region=${REGION} --allow-unauthenticated 

#Update for CloudSQL connection
gcloud run services update ${SERVICE_NAME} \
    --platform=managed \
    --region=${REGION}\
    --add-cloudsql-instances $INSTANCE_CONNECTION_NAME \
    --set-env-vars CLOUD_SQL_CONNECTION_NAME=$INSTANCE_CONNECTION_NAME,DB_USER=$DB_USER,DB_PASS=$DB_PASS,DB_NAME=$DB_NAME

Once the service has been built the next step could be setting up the keycloak container for users validation as shown below.

- image: >-
    quay.io/keycloak/keycloak:latest
  ports:
  - name: tcp
    containerPort: 8443
  env:
  - name: DB_VENDOR
    value: postgres
  - name: DB_ADDR
    value: <IP_ADDRESS>
  - name: DB_DATABASE
    value: <DB_NAME>
  - name: DB_SCHEMA
    value: public
  - name: DB_USER
    value: postgres
  - name: DB_PASSWORD
    value: postgres
  - name: KEYCLOAK_USER
    value: admin
  - name: KEYCLOAK_PASSWORD
    value: admin

However, this doesn't seem to work for Cloud Run configuration. Did anyone tried to achive something similar?

Miguel Rueda
  • 478
  • 1
  • 6
  • 13
  • You have clearly 2 services: one for the API, one for the authN/authZ (keycloack). Why don't you create 2 Cloud Run services? Did I miss something? – guillaume blaquiere Apr 19 '21 at 19:27
  • @guillaumeblaquiere you got it right and seems reasonable to create 2 separate services, however, I've got no clue how to link one service to another. – Miguel Rueda Apr 20 '21 at 11:54
  • It's HTTP communication. When you deploy the first service, you will get a URL. Put this url in the parameter of the second one, in the env var for example, and it should work easily. Have a try, and come back here if you are stuck! – guillaume blaquiere Apr 20 '21 at 12:32
  • I'm kinda stuck at building keycloak's service by itself. I'm trying without success to deploy it using a docker file. ```ERROR: (gcloud.run.services.update) Cloud Run error: Container failed to start. Failed to start and then listen on the port defined by the PORT environment variable. Logs for this revision might contain more information. ``` – Miguel Rueda Apr 20 '21 at 15:57
  • Have a look to Cloud Logging to have more detail on the startup issue details. – guillaume blaquiere Apr 20 '21 at 18:43
  • Instead of putting a URL of the other CloudRun services into the parameters (environment) of a given service, you can use the GCP API and lookup services dynamically - see this answer: https://stackoverflow.com/a/59426990/854737 – Roman Kharkovski Feb 08 '23 at 20:04

1 Answers1

1

Google Cloud Run supports one container per service. You can run almost anything you want inside one container. To run two containers requires two services.

John Hanley
  • 74,467
  • 6
  • 95
  • 159
  • Fair enough, however, doesn't seem feasible to build a container registry out for a keycloak instance. This post even shows some trade-offs of implementing a keycloak service using Cloud Run. https://stackoverflow.com/questions/59130538/run-keycloak-with-googlecloud-run – Miguel Rueda Apr 20 '21 at 12:05
  • @MiguelRueda - However, your question is not about how to deploy keycloak. That is a different question/problem. – John Hanley Apr 20 '21 at 17:17
  • I've just opened a new question with this issue, since I'm having problems with keycloak's deployment as well. – Miguel Rueda Apr 21 '21 at 12:23