Upgrade to Pro — share decks privately, control downloads, hide ads and more …

How We Use Cloud Run and its Friends

How We Use Cloud Run and its Friends

Yuki Ito

July 13, 2022
Tweet

More Decks by Yuki Ito

Other Decks in Technology

Transcript

  1. How We Use Cloud Run and its Friends! Yuki Ito

    (@mrno110) Kauche Tech Talk
  2. Kauche Architect Yuki Ito @mrno110

  3. None
  4. Agenda ɾWhat is Cloud Run ɾArchitecture ɾObservability

  5. Agenda ɾWhat is Cloud Run ɾArchitecture ɾObservability

  6. What is Cloud Run Cloud Run is a managed compute

    platform that enables you to run containers that are invocable via requests or events. Cloud Run is serverless: it abstracts away all infrastructure management... https://cloud.google.com/run/docs
  7. Agenda ɾWhat is Cloud Run ɾArchitecture ɾObservability

  8. Agenda ɾWhat is Cloud Run ɾArchitecture ɾObservability

  9. Architecture Run Tasks Pub/Sub Mobile App External Service Mobile API

    Web Hook API Job API Scheduler
  10. Architecture - Key Concepts - ɾEverything runs on Cloud Run

    ɾEverything runs as a API
  11. Architecture - Key Concepts - e.g.) VS. Cloud Functions Trigger

    Run Pub/Sub Functions Run Firestore Functions
  12. Architecture Run Tasks Pub/Sub Mobile App External Service Mobile API

    Web Hook API Job API Scheduler
  13. Architecture ✅ Everything is Managed by API De fi nitions

    ✅ Reuse same implementation logic as APIs ✅ Use same Monitoring environments
  14. Architecture Run Tasks Pub/Sub Mobile App External Service Mobile API

    Web Hook API Job API Scheduler
  15. Job Run Pub/Sub

  16. Job resource "google_pubsub_topic" "foo" { name = "foo" } resource

    "google_pubsub_subscription" "job-foo" { name = "job-foo" topic = google_pubsub_topic.foo.name push_config { push_endpoint = "<cloud run endpoint uri>" } }
  17. Job Run Pub/Sub 💀 ❌ ✅

  18. Job Run Pub/Sub Service Account

  19. Job Run Pub/Sub OIDC Token (JWT)

  20. Job resource "google_project_iam_member" "pubsub-is-sa-token-creator" { project = "<project name>" role

    = "roles/iam.serviceAccountTokenCreator" member = "serviceAccount:service-<project number>@gcp-sa-pubsub... } roles/iam.serviceAccountTokenCreator
  21. Job resource "google_service_account" "job-api-invoker" { // ... account_id = "job-api-invoker"

    } resource "google_pubsub_subscription" "job-foo" { name = "job-foo" topic = google_pubsub_topic.foo.name push_config { push_endpoint = "<cloud run endpoint uri>" oidc_token { service_account_email = "job-api-invoker@..." audience = "<audience>" } } }
  22. Job Run Pub/Sub Public Keys OIDC Token (JWT) JWKS 🔑

    JWT Veri fi cation
  23. Job Run Pub/Sub 💀 ❌ ✅

  24. Architecture Run Tasks Pub/Sub Mobile App External Service Mobile API

    Web Hook API Job API Scheduler
  25. Agenda ɾWhat is Cloud Run ɾArchitecture ɾObservability

  26. Agenda ɾWhat is Cloud Run ɾArchitecture ɾObservability

  27. Observability • Logging • Trace • Monitoring Dashboard

  28. Observability • Logging • Trace

  29. Logging • Request logs • Container logs https://cloud.google.com/run/docs/logging Cloud Run

    has two types of logs: automatically sent to Cloud Logging
  30. Logging • Request logs • Container logs https://cloud.google.com/run/docs/logging Cloud Run

    has two types of logs: automatically sent to Cloud Logging
  31. Logging Cloud Run generates Request Logs

  32. Logging Cloud Run generates Request Logs Not enough...

  33. Logging • Request logs • Container logs https://cloud.google.com/run/docs/logging Cloud Run

    has two types of logs: automatically sent to Cloud Logging
  34. Logging Container (Application) logs

  35. Logging Container (Application) logs Structured Log

  36. Logging Request Logs + Container Logs https://cloud.google.com/run/docs/logging#correlate-logs Correlating

  37. Logging Correlating Request Logs Container Logs

  38. Logging Correlating

  39. Logging Container (Application) logs { "message": "grpc request", "logger": "grpc.request_logger",

    "method": "/customer.v1.CustomerService/GetXXX", "level": "info", "timestamp": 1613885945098.689 "logging.googleapis.com/trace": "projects/.../traces/xxx", } https://cloud.google.com/logging/docs/structured-logging
  40. Logging Container X-Cloud-Trace-Context: projects/.../traces/xxx Header

  41. Logging Correlating

  42. Logging Correlating Request Logs Container Logs

  43. Observability • Logging • Trace

  44. Observability • Logging • Trace

  45. Trace Cloud Trace

  46. Trace OpenTelemetry OpenTelemetry is a collection of tools, APIs, and

    SDKs. Use it to instrument, generate, collect, and export telemetry data (metrics, logs, and traces) to help you analyze your software’s performance and behavior. https://opentelemetry.io/
  47. Trace OpenTelemetry

  48. Trace OpenCensus

  49. Trace OpenTelemetry + OpenCensus (Bridge)

  50. Agenda ɾWhat is Cloud Run ɾArchitecture ɾObservability

  51. Architecture Run Tasks Pub/Sub Mobile App External Service Mobile API

    Web Hook API Job API Scheduler
  52. AD https://kauche.connpass.com/event/252043/ 7/20 (Wed)