The case
You want to deploy a Google App Engine Docker based Application (gcloud app deploy
) but your organization enabled the resource locations constraint and you've quickly encountered the following message :
'us' violates constraint ‘constraints/gcp.resourceLocations’
or maybe it was 'eu' instead of 'us'
For example, my organization wants to target only low CO2 🌱 identified regions.
Reason
💡 This is because neither 'us' nor 'eu' multi-region groups are present in your constraints/gcp.resourceLocations
organization policy.
To check the complete list, go to the Google Cloud console, in IAM an admin menu and in Organisation Policies, look for the constraints/gcp.resourceLocations
policy and find what are the allowed ones ✅.
Because for a multi-region groups, not all the individual region are low CO2 ones, my organization cannot allowed the groups.
Solution
The solution is to specify in which region our container registry should be. But the service Google Container Registry doesn't provide this option.
Luckely 🍀, Google provides and recommands another service Artifact registry. In the meantime, you should also drop the Google Cloud Build step in the App Engine deployment process by giving the --image-url
argument as described (here)[https://cloud.google.com/artifact-registry/docs/integrate-app-engine]
Your new process to deploy is :
- Create an Artifact registry repository : https://cloud.google.com/artifact-registry/docs/repositories/create-repos#create
- Build and tag the Docker image with the following tag name
[LOCATION]-docker.pkg.dev/[PROJECT-ID]/[REPOSITORY]/[IMAGE]:[TAG]
- Deploy your application with
gcloud app deploy --image-url=[LOCATION]-docker.pkg.dev/[PROJECT-ID]/[REPOSITORY]/[IMAGE]:[TAG]
You can always configure the App Engine runtime environment with an app.yaml
file but the Dockerfile will be ignored in the deployment process
I hope this could help some of you 😆