Spotted a bug? Have a great idea? Help us improve developer profiles!

Hello Cloud Run for Anthos Codelab

Cloud Run is a managed compute platform that enables you to run stateless containers that are invocable via HTTP requests. Cloud Run is serverless: it abstracts away all infrastructure management, so you can focus on what matters most — building great applications.

Cloud Run is built from Knative, letting you choose to run your containers either fully managed with Cloud Run, or in your Google Kubernetes Engine cluster with Cloud Run for Anthos.

The goal of this codelab is for you to setup Cloud Run targeting an Anthos GKE cluster and deploy a container as a service.

Self-paced environment setup

If you don't already have a Google Account (Gmail or Google Apps), you must create one. Sign-in to Google Cloud Platform console ( and create a new project:

Screenshot from 2016-02-10 12:45:26.png

Remember the project ID, a unique name across all Google Cloud projects (the name above has already been taken and will not work for you, sorry!). It will be referred to later in this codelab as PROJECT_ID.

Next, you'll need to enable billing in the Cloud Console in order to use Google Cloud resources.

Running through this codelab shouldn't cost you more than a few dollars, but it could be more if you decide to use more resources or if you leave them running (see "cleanup" section at the end of this document).

New users of Google Cloud Platform are eligible for a $300 free trial.

Google Cloud Shell

While Google Cloud can be operated remotely from your laptop, in this codelab we will be using Google Cloud Shell, a command line environment running in the Cloud.

This Debian-based virtual machine is loaded with all the development tools you'll need. It offers a persistent 5GB home directory, and runs on the Google Cloud, greatly enhancing network performance and authentication. This means that all you will need for this codelab is a browser (yes, it works on a Chromebook).

To activate Google Cloud Shell, from the developer console simply click the button on the top right-hand side (it should only take a few moments to provision and connect to the environment):


Click the "Start Cloud Shell" button:

Screen Shot 2017-06-14 at 10.13.43 PM.png

Once connected to the cloud shell, you should see that you are already authenticated and that the project is already set to your PROJECT_ID :

gcloud auth list

Command output

Credentialed accounts:
 - <myaccount>@<mydomain>.com (active)
gcloud config list project

Command output

project = <PROJECT_ID>

Cloud Shell also sets some environment variables by default which may be useful as you run future commands.


Command output


If for some reason the project is not set, simply issue the following command :

gcloud config set project <PROJECT_ID>

Looking for your PROJECT_ID? Check out what ID you used in the setup steps or look it up in the console dashboard:


IMPORTANT: Finally, set the default zone and project configuration:

gcloud config set compute/zone us-central1-f

You can choose a variety of different zones. Learn more in the Regions & Zones documentation.

Using your browser, navigate to the Google Kubernetes Engine (GKE) section in Google Cloud Console:

Click Create cluster to open the Create a Kubernetes cluster page, select the Standard cluster template, and set the following values in the template:

  • Enter the name of your cluster, for instance run-gke.
  • Choose either Zonal or Regional for the location type, either will work with Cloud Run for Anthos. Zonal clusters are less expensive, but may incur downtime during master upgrades.
  • Select a zone or region, depending on your choice in the previous step, for the cluster, using the dropdown list. Choose a location close to you, or use us-central1-a.
  • Configure the node pool with these recommended settings: Number of nodes = 3 | Machine type = 4 vCPUs.

Still in the ‘Node pools' section, click More options :

  • Under Security, change the Access scopes to Allow full access to all Cloud APIs and click Save.

Back in the "'Standard cluster' template", click "Availability, networking, security, and additional features" to expand the form, and scroll down to Stackdriver:

  • Select the Enable Stackdriver Kubernetes Engine Monitoring service checkbox

Scroll back up to find the ‘Anthos features' section:

  • Select the Enable Istio (beta) checkbox and make sure Enable mTLS is set to Permissive (the default)
  • Select the Enable Cloud Run for Anthos (beta) checkbox

Finally click Create to create and provision the Anthos GKE cluster.

Creating the Cloud Run-enabled cluster will take a few moments. Please wait for the cluster to be ready before moving to the next step.

To deploy a container to the cluster you have just created, go to the Cloud Run section ( and click Create service:

  • Use as the sample container image
  • Choose Cloud Run for Anthos and select the cluster you have just created from the Available Anthos GKE clusters dropdown
  • Use the default namespace
  • Give the service a name, for instance hello-run-gke
  • Keep "External" as the Connectivity choice
  • Click Create and wait for the deployment to finish

Congratulations, you have just created the service and deployed it to Cloud Run for Anthos:

Note the URL listed at the top. This will be needed to test the deployed service in the next and final step.

Once you've deployed your service, you can use curl to send a request and verify the service is working, using the cluster's IP address.

To avoid having to setup DNS, we'll test the deployed service by sending a request to the Istio ingress gateway (Knative is built using Istio) with the target host that should handle the request sent as an HTTP header. That hostname should be the URL listed in the previous deployment step and of the form:

From Cloud Console, go back to the GKE section ( and click Services & Ingress in the left navigation panel to display the list of services.

Scroll down to the istio-ingressgateway service and copy the IP address shown next to the load balancer. Ignore the other values under that IP address.

From Cloud Shell, use curl to access the service :

curl -v -H "Host:" http://[INGRESS-GATEWAY-IP]

Replace [INGRESS-GATEWAY-IP] with the IP address you obtained in the previous step, and if you used a service name other than "hello-run-gke" you'll need to replace that as well.

The response should be HTTP 200 along with the default "Congratulations | Cloud Run" HTML content :

* Rebuilt URL to:
*   Trying
* Connected to ( port 80 (#0)
> GET / HTTP/1.1
> Host:
> User-Agent: curl/7.52.1
> Accept: */*
< HTTP/1.1 200 OK
< content-type: text/html; charset=utf-8


<title>Congratulations | Cloud Run</title>

While Cloud Run for Anthos is in beta, you must delete the cluster if you wish to stop the Cloud Run for Anthos components from running. This will permanently delete workloads in the cluster and all other cluster state.

To delete the cluster, go to the GKE section in the console, select the cluster and click Delete.

If you haven't already done so, a good next step would be to Build your own container and Deploy to Cloud Run (the fully managed version, without Anthos GKE).

For more information on building a container from code source and pushing to Container Registry, see: