Introducing Application Development with Cloud Run
- This module gives a general overview of Cloud Run. If you’re new to Cloud Run (or even to Google Cloud), this will be a great introduction.
Understanding Cloud Run
- You can use any language, any library and any binary. Cloud Run expects your app
(in a container image) to listen on a port and respond to HTTP requests.
- Use a docker repository on Artifact Registry to store your images: Cloud Run only
deploys from there.
- Cloud Run uses autoscaling to handle all incoming requests
- Pay for use pricing model
- No background tasks: Container lifetime is only guaranteed while handling requests
- There is no persistent storage: Store data downstream
- Cloud Run is portable (containers and Knative)
Building Container Images
- The contents of a container image (deep dive)
- There are two ways to build container images
– Buildpacks (hands-off)
– Docker (you’re in control)
- Cloud Run supports both source-based and a container image based workflow
- The most important considerations of building a secure container image
Building Container Images
- Container lifecycle
– Idle vs serving
– Shutdown lifecycle hook
- Cold starts
– Min instances
- Container readiness
- The service resource and what it describes
- Configuring memory limits and CPU allocation
- Deploying a new revision
- Traffic steering (tagging, gradual rollouts)
Configuring Service Identity and Authorization
- Cloud IAM
– Service account, policy binding, roles, types of members, resource hierarchy (in practice)
– Service accounts
– Cloud Run IAM roles
- Cloud Run
– Default service account
– Risks of using the default service account
Serving Requests
- Custom Domains
- Global Load Balancer
– URL Map
– Frontend
– Backend services
- Benefits and drawbacks of GLB over custom domain
- Types of GLB Backends
- Multi-region load balancing
- Multi-regional applications challenges
- Cloud CDN
Using Inbound and Outbound Access Control
- Ingress settings
- Cloud Armor
- Using Cloud IAM to protect services
– Understand how authenticated requests (IAM + OIDC tokens) work (builds on Module 5)
- VPC, VPC Access Connector
- Egress settings
Persisting Data
- Understanding why you need to store data externally when running a workload on Cloud Run.
- Connect with Cloud SQL from Cloud Run
– Understand how it works (managed Cloud SQL Proxy)
- Managing concurrency as a way to safeguard performance (understand why and when)
- Connecting with Memorystore
- VPC Connector
– Challenges with scaling Memorystore (throughput)
- Briefly introduce Cloud Storage, Firestore and Cloud Spanner, while reinforcing how the client libraries use the built-in service account to connect (Module 5 is prerequisite knowledge).
- Multi-region data storage (and what Spanner and Firestore can do for you)
Implementing Service-to-Service Communication
- Understanding Cloud Pub/Sub
– Understanding topics, push subscriptions
– Idempotency (Handling retries and at-least-once invocation)
– Event ID, design for resume, or use a lease
– Handling undeliverable messages
- How to asynchronously schedule a background task on a different service
- Cloud Tasks, and when to choose it over Cloud Pub/Sub
- Benefits of using Pub/Sub to pass messages over making sync RPC requests
- Learn about services in Google Cloud with a built-in integration to push events to Pub/Sub (Cloud Build, Artifact Registry, Cloud Storage, IOT Core, BigQuery)
- Cloud Scheduler to invoke services on a schedule.
- CloudEvents
- EventArc, and how to consume Audit logs
– What to expect now, and how EventArc will develop over time
Orchestrating and Automating Serverless Workflows
- Conceptual overview of Cloud Workflows
- Invoking and passing parameters
- Understand steps and jumps
- Defining, using and passing values with variables
- Using the switch statement to add logic
- Workflow visualization
- Calling HTTPS endpoints
- Calling an authenticated Cloud Run service
- Example: polling API for completion