GCP Cloud Run from Scratch: A Real-World Architecture Guide

Why Cloud Run?

Cloud Run gives you the simplicity of serverless with the power of containers. No cluster management, automatic scaling to zero when idle, and pay-per-request billing. For the iKnowWay project I chose Cloud Run because it eliminated all infrastructure overhead while supporting the containerised Next.js application perfectly.

Architecture Overview

GitHub pushes trigger Cloud Build which builds the Docker image, pushes it to Artifact Registry, and deploys the new image to Cloud Run automatically with zero downtime rolling updates.

Step 1: Containerise Your Application

Write a minimal multi-stage Dockerfile. Use a Node alpine base image, copy only the production dependencies, build the Next.js application, then start the server on port 8080 which Cloud Run expects.

Step 2: Cloud Build Pipeline

Create a cloudbuild.yaml file that defines three steps: build the Docker image tagged with the commit SHA, push it to Artifact Registry, then deploy to Cloud Run using the gcloud run deploy command with the new image tag.

Step 3: IAM Least Privilege

Create a dedicated service account for Cloud Run. Grant it only the specific roles it needs such as Cloud SQL client access or Secret Manager access. Never use the default compute service account which has overly broad permissions.

Step 4: Billing Controls

Set up budget alerts in Google Cloud Billing at 50%, 90%, and 100% of your monthly budget. Add programmatic notifications via Pub/Sub to automatically disable billing if spend goes critically over budget.

Cost Optimisation Tips

Set min-instances to 0 for non-critical services so they scale to zero when idle. Use concurrency of 80 to maximise instance utilisation. Apply Artifact Registry cleanup policies to automatically delete images older than 30 days.

Need GCP infrastructure built from scratch? Schedule a meeting.