GCP-ADCR: Application Development with Cloud Run

Module 1: Introducing Application Development with Cloud Run

• This module gives a general overview of Cloud Run. If you’re new to Cloud Run (or even to Google Cloud), this will be a great introduction.

Objectives

• A general understanding of Cloud Run
• Understand how how high availability, low end-user latency and developer productivity are important architectural drivers for web based applications today
• Understand the advantages of serverless on Google Cloud.

Module 2: Understanding Cloud Run

• You can use any language, any library and any binary. Cloud Run expects your app (in a container image) to listen on a port and respond to HTTP requests.
• Use a docker repository on Artifact Registry to store your images: Cloud Run only deploys from there.
• Cloud Run uses autoscaling to handle all incoming requests
• Pay for use pricing model
• No background tasks: Container lifetime is only guaranteed while handling requests
• There is no persistent storage: Store data downstream
• Cloud Run is portable (containers and Knative)

Objectives

• Understand Container Images and Containers
• Understand how Cloud Run is different from an always-on server
• Implement the deployment of a container image to Cloud Run (hands-on lab)
• Understand auto-scaling and on-demand containers

Module 3: Building Container Images

• The contents of a container image (deep dive)
• There are two ways to build container images
  – Buildpacks (hands-off)
  – Docker (you’re in control)
• Cloud Run supports both source-based and a container image based workflow
• The most important considerations of building a secure container image

Objectives

• Deeply understand what is inside a container image
• Package an application into a container image with Buildpacks (hands-on lab activity)
• Understand that Dockerfiles are a lower-level and more transparent alternative to Buildpacks

Module 4: Building Container Images

• Container lifecycle
  – Idle vs serving
  – Shutdown lifecycle hook
• Cold starts
  – Min instances
• Container readiness
• The service resource and what it describes
• Configuring memory limits and CPU allocation
• Deploying a new revision
• Traffic steering (tagging, gradual rollouts)

Objectives

• Understand the advantages of the shutdown lifecycle hook
• Understand how to avoid request queuing
• Implement new versions of an application (hands-on lab activity)
• Implement gradual traffic migration (hands-on lab activity)

Module 5: Configuring Service Identity and Authorization

• Cloud IAM
  – Service account, policy binding, roles, types of members, resource hierarchy (in practice)
  – Service accounts
  – Cloud Run IAM roles
• Cloud Run
  – Default service account
  – Risks of using the default service account

Objectives

• Understand that every action on a Cloud resource is actually an API call
• Understand how and why to limit the permissions in your Cloud Run service to only specific and necessary API calls
• Understand the process needed to make the default permissions of a Cloud API more secure
• Use the client libraries to call other Google Cloud services (hands-on lab activity)

Module 6: Serving Requests

• Custom Domains
• Global Load Balancer
  – URL Map
  – Frontend
  – Backend services
• Benefits and drawbacks of GLB over custom domain
• Types of GLB Backends
• Multi-region load balancing
• Multi-regional applications challenges
• Cloud CDN

Objectives

• Use Cloud CDN to improve the reliability and performance of an application
• Use path-based routing to combine multiple applications on one domain
• Route incoming requests to the Cloud Run service closest to clients

Module 7: Using Inbound and Outbound Access Control

• Ingress settings
• Cloud Armor
• Using Cloud IAM to protect services
  – Understand how authenticated requests (IAM + OIDC tokens) work (builds on Module 5)
• VPC, VPC Access Connector
• Egress settings

Objectives

• Connecting your project to resources with a private IP
• Implementing controls to prevent outbound traffic to dangerous or unwanted hosts
• Implementing filters for inbound traffic using content-based rules
• Implementing controlled access to only specific service accounts

Module 8: Persisting Data

• Understanding why you need to store data externally when running a workload on Cloud Run.
• Connect with Cloud SQL from Cloud Run
  – Understand how it works (managed Cloud SQL Proxy)
• Managing concurrency as a way to safeguard performance (understand why and when)
• Connecting with Memorystore
• VPC Connector
  – Challenges with scaling Memorystore (throughput)
• Briefly introduce Cloud Storage, Firestore and Cloud Spanner, while reinforcing how the client libraries use the built-in service account to connect (Module 5 is prerequisite knowledge).
• Multi-region data storage (and what Spanner and Firestore can do for you)

Objectivs

• Understand how to connect your application with Cloud SQL to store relational data
• Use a VPC Connector to reach a private Memorystore instance
• Understand how to connect with Cloud Storage, Spanner and Firestore

Module 9: Implementing Service-to-Service Communication

• Understanding Cloud Pub/Sub
  – Understanding topics, push subscriptions
  – Idempotency (Handling retries and at-least-once invocation)
  – Event ID, design for resume, or use a lease
  – Handling undeliverable messages
• How to asynchronously schedule a background task on a different service
• Cloud Tasks, and when to choose it over Cloud Pub/Sub
• Benefits of using Pub/Sub to pass messages over making sync RPC requests
• Learn about services in Google Cloud with a built-in integration to push events to Pub/Sub (Cloud Build, Artifact Registry, Cloud Storage, IOT Core, BigQuery)
• Cloud Scheduler to invoke services on a schedule.
• CloudEvents
• EventArc, and how to consume Audit logs
  – What to expect now, and how EventArc will develop over time

Objectives

• Using Cloud Pub/Sub to send messages between services
• Discovering the URL of other Cloud Run services
• Receiving events from other Google Cloud services
• Processing background tasks asynchronously

Module 10: Orchestrating and Automating Serverless Workflows

• Conceptual overview of Cloud Workflows
• Invoking and passing parameters
• Understand steps and jumps
• Defining, using and passing values with variables
• Using the switch statement to add logic
• Workflow visualization
• Calling HTTPS endpoints
• Calling an authenticated Cloud Run service
• Example: polling API for completion

Objectives

• Understand the capabilities of Cloud Workflows
• Learn how to model a simple workflow with steps and conditional jumps
• Integrating Cloud Run with Cloud Workflows
• Understand how to invoke workflows