Introducing Application Development with Cloud Run

• This module gives a general overview of Cloud Run. If you’re new to Cloud Run (or even to Google Cloud), this will be a great introduction.

Understanding Cloud Run

• You can use any language, any library and any binary. Cloud Run expects your app
  (in a container image) to listen on a port and respond to HTTP requests.
• Use a docker repository on Artifact Registry to store your images: Cloud Run only
  deploys from there.
• Cloud Run uses autoscaling to handle all incoming requests
• Pay for use pricing model
• No background tasks: Container lifetime is only guaranteed while handling requests
• There is no persistent storage: Store data downstream
• Cloud Run is portable (containers and Knative)

Building Container Images

• The contents of a container image (deep dive)
• There are two ways to build container images
  – Buildpacks (hands-off)
  – Docker (you’re in control)
• Cloud Run supports both source-based and a container image based workflow
• The most important considerations of building a secure container image

Building Container Images

• Container lifecycle
  – Idle vs serving
  – Shutdown lifecycle hook
• Cold starts
  – Min instances
• Container readiness
• The service resource and what it describes
• Configuring memory limits and CPU allocation
• Deploying a new revision
• Traffic steering (tagging, gradual rollouts)

Configuring Service Identity and Authorization

• Cloud IAM
  – Service account, policy binding, roles, types of members, resource hierarchy (in practice)
  – Service accounts
  – Cloud Run IAM roles
• Cloud Run
  – Default service account
  – Risks of using the default service account

Serving Requests

• Custom Domains
• Global Load Balancer
  – URL Map
  – Frontend
  – Backend services
• Benefits and drawbacks of GLB over custom domain
• Types of GLB Backends
• Multi-region load balancing
• Multi-regional applications challenges
• Cloud CDN

Using Inbound and Outbound Access Control

• Ingress settings
• Cloud Armor
• Using Cloud IAM to protect services
  – Understand how authenticated requests (IAM + OIDC tokens) work (builds on Module 5)
• VPC, VPC Access Connector
• Egress settings

Persisting Data

• Understanding why you need to store data externally when running a workload on Cloud Run.
• Connect with Cloud SQL from Cloud Run
  – Understand how it works (managed Cloud SQL Proxy)
• Managing concurrency as a way to safeguard performance (understand why and when)
• Connecting with Memorystore
• VPC Connector
  – Challenges with scaling Memorystore (throughput)
• Briefly introduce Cloud Storage, Firestore and Cloud Spanner, while reinforcing how the client libraries use the built-in service account to connect (Module 5 is prerequisite knowledge).
• Multi-region data storage (and what Spanner and Firestore can do for you)

Implementing Service-to-Service Communication

• Understanding Cloud Pub/Sub
  – Understanding topics, push subscriptions
  – Idempotency (Handling retries and at-least-once invocation)
  – Event ID, design for resume, or use a lease
  – Handling undeliverable messages
• How to asynchronously schedule a background task on a different service
• Cloud Tasks, and when to choose it over Cloud Pub/Sub
• Benefits of using Pub/Sub to pass messages over making sync RPC requests
• Learn about services in Google Cloud with a built-in integration to push events to Pub/Sub (Cloud Build, Artifact Registry, Cloud Storage, IOT Core, BigQuery)
• Cloud Scheduler to invoke services on a schedule.
• CloudEvents
• EventArc, and how to consume Audit logs
  – What to expect now, and how EventArc will develop over time

Orchestrating and Automating Serverless Workflows

• Conceptual overview of Cloud Workflows
• Invoking and passing parameters
• Understand steps and jumps
• Defining, using and passing values with variables
• Using the switch statement to add logic
• Workflow visualization
• Calling HTTPS endpoints
• Calling an authenticated Cloud Run service
• Example: polling API for completion