- Runs Fava as Cloud Run service from Artifact Registry
- Beancount data files are served from Storage Bucket mounted using Fuse
- Create a Google Cloud Project, check if billing is enabled on it
- Install and initialize the Google Cloud CLI, set the default project for your Cloud Run service
gcloud config set project PROJECT_ID- Enable Artifact Registry and create repository in it
- Configure Docker to use the Google Cloud CLI to authenticate image pushed to the Artifact Registry
gcloud auth configure-docker- Build Docker image locally, tag it with repo address and push to the Artifact Registry
export DOCKER_IMAGE_URI=$REGION.pkg.dev/$PROJECT/$REPOSITORY/$IMAGE
docker build -f ./contrib/docker/Dockerfile --tag $DOCKER_IMAGE_URI .
docker push $DOCKER_IMAGE_URI- Create service account for read-only or read-write operations on the bucket
CLI equivalent:
gcloud iam service-accounts create $SERVICE_ACCOUNT_NAME-
Create Storage Bucket for keeping beancount files
-
Assign Role for Service account on bucket
export SERVICE_ACCOUNT_FULL_NAME=serviceAccount:$SERVICE_ACCOUNT_NAME@$PROJECT.iam.gserviceaccount.com
export ROLE="roles/storage.objectAdmin"
gcloud projects add-iam-policy-binding $PROJECT \
--member $SERVICE_ACCOUNT_FULL_NAME \
--role $ROLE- Deploy Cloud Run service from the submitted image.
pass the link to the bucket in BUCKET variable
pass beancount filenames through container argiments like /mnt/gcs/$FILENAME
set service account to $SERVICE_ACCOUNT_NAME
gcloud equivalent:
export CLOUDRUN_SERVICE_NAME=cr-fava
gcloud run deploy $CLOUDRUN_SERVICE_NAME \
--image=$DOCKER_IMAGE_URI:latest \
--execution-environment=gen2 \
--region=europe-west1 \
--project=$PROJECT \
&& gcloud run services update-traffic $CLOUDRUN_SERVICE_NAME --to-latestSet up IAP proxy to authenticate users https://dev.to/ku6ryo/how-to-limit-access-to-your-internal-users-with-cloud-run-4lcg