How We Use Cloud Run and its Friends

Transcript

1. How We Use Cloud Run and its Friends! Yuki Ito

   (@mrno110) Kauche Tech Talk

2. Kauche Architect Yuki Ito @mrno110

3. None

4. Agenda ɾWhat is Cloud Run ɾArchitecture ɾObservability

5. Agenda ɾWhat is Cloud Run ɾArchitecture ɾObservability

6. What is Cloud Run Cloud Run is a managed compute

   platform that enables you to run containers that are invocable via requests or events. Cloud Run is serverless: it abstracts away all infrastructure management... https://cloud.google.com/run/docs

7. Agenda ɾWhat is Cloud Run ɾArchitecture ɾObservability

8. Agenda ɾWhat is Cloud Run ɾArchitecture ɾObservability

9. Architecture Run Tasks Pub/Sub Mobile App External Service Mobile API

   Web Hook API Job API Scheduler

10. Architecture - Key Concepts - ɾEverything runs on Cloud Run

    ɾEverything runs as a API

11. Architecture - Key Concepts - e.g.) VS. Cloud Functions Trigger

    Run Pub/Sub Functions Run Firestore Functions

12. Architecture Run Tasks Pub/Sub Mobile App External Service Mobile API

    Web Hook API Job API Scheduler

13. Architecture ✅ Everything is Managed by API De fi nitions

    ✅ Reuse same implementation logic as APIs ✅ Use same Monitoring environments

14. Architecture Run Tasks Pub/Sub Mobile App External Service Mobile API

    Web Hook API Job API Scheduler

15. Job Run Pub/Sub

16. Job resource "google_pubsub_topic" "foo" { name = "foo" } resource

    "google_pubsub_subscription" "job-foo" { name = "job-foo" topic = google_pubsub_topic.foo.name push_config { push_endpoint = "<cloud run endpoint uri>" } }

17. Job Run Pub/Sub 💀 ❌ ✅

18. Job Run Pub/Sub Service Account

19. Job Run Pub/Sub OIDC Token (JWT)

20. Job resource "google_project_iam_member" "pubsub-is-sa-token-creator" { project = "<project name>" role

    = "roles/iam.serviceAccountTokenCreator" member = "serviceAccount:service-<project number>@gcp-sa-pubsub... } roles/iam.serviceAccountTokenCreator

21. Job resource "google_service_account" "job-api-invoker" { // ... account_id = "job-api-invoker"

    } resource "google_pubsub_subscription" "job-foo" { name = "job-foo" topic = google_pubsub_topic.foo.name push_config { push_endpoint = "<cloud run endpoint uri>" oidc_token { service_account_email = "job-api-invoker@..." audience = "<audience>" } } }

22. Job Run Pub/Sub Public Keys OIDC Token (JWT) JWKS 🔑

    JWT Veri fi cation

23. Job Run Pub/Sub 💀 ❌ ✅

24. Architecture Run Tasks Pub/Sub Mobile App External Service Mobile API

    Web Hook API Job API Scheduler

25. Agenda ɾWhat is Cloud Run ɾArchitecture ɾObservability

26. Agenda ɾWhat is Cloud Run ɾArchitecture ɾObservability

27. Observability • Logging • Trace • Monitoring Dashboard

28. Observability • Logging • Trace

29. Logging • Request logs • Container logs https://cloud.google.com/run/docs/logging Cloud Run

    has two types of logs: automatically sent to Cloud Logging

30. Logging • Request logs • Container logs https://cloud.google.com/run/docs/logging Cloud Run

    has two types of logs: automatically sent to Cloud Logging

31. Logging Cloud Run generates Request Logs

32. Logging Cloud Run generates Request Logs Not enough...

33. Logging • Request logs • Container logs https://cloud.google.com/run/docs/logging Cloud Run

    has two types of logs: automatically sent to Cloud Logging

34. Logging Container (Application) logs

35. Logging Container (Application) logs Structured Log

36. Logging Request Logs + Container Logs https://cloud.google.com/run/docs/logging#correlate-logs Correlating

37. Logging Correlating Request Logs Container Logs

38. Logging Correlating

39. Logging Container (Application) logs { "message": "grpc request", "logger": "grpc.request_logger",

    "method": "/customer.v1.CustomerService/GetXXX", "level": "info", "timestamp": 1613885945098.689 "logging.googleapis.com/trace": "projects/.../traces/xxx", } https://cloud.google.com/logging/docs/structured-logging

40. Logging Container X-Cloud-Trace-Context: projects/.../traces/xxx Header

41. Logging Correlating

42. Logging Correlating Request Logs Container Logs

43. Observability • Logging • Trace

44. Observability • Logging • Trace

45. Trace Cloud Trace

46. Trace OpenTelemetry OpenTelemetry is a collection of tools, APIs, and

    SDKs. Use it to instrument, generate, collect, and export telemetry data (metrics, logs, and traces) to help you analyze your software’s performance and behavior. https://opentelemetry.io/

47. Trace OpenTelemetry

48. Trace OpenCensus

49. Trace OpenTelemetry + OpenCensus (Bridge)

50. Agenda ɾWhat is Cloud Run ɾArchitecture ɾObservability

51. Architecture Run Tasks Pub/Sub Mobile App External Service Mobile API

    Web Hook API Job API Scheduler

52. AD https://kauche.connpass.com/event/252043/ 7/20 (Wed)