Introduce Cloud Run

Transcript

1. ࣮ફ Cloud Run GDG DevFest Yuki Ito

2. Agenda • What is Cloud Run • Architecture • Deployment

   • Monitoring • Tips

3. Agenda • What is Cloud Run • Architecture • Deployment

   • Monitoring • Tips

4. What is Cloud Run Cloud Run is a managed compute

   platform that enables you to run stateless containers that are invocable via web requests... Cloud Run is serverless: it abstracts away all infrastructure management... https://cloud.google.com/run/docs

5. What is Cloud Run on GKE (Anthos) + Fully Managed

6. What is Cloud Run on GKE (Anthos) + Fully Managed

7. Agenda • What is Cloud Run • Architecture • Deployment

   • Monitoring • Tips
8. None

9. Architecture Run Scheduler Pub/Sub Mobile App External Service Web Hook

   API Mobile API Job API

10. Key Concepts • Everything runs on Run •Everything is API

11. Key Concepts Run e.g.) Cloud Functions Trigger Pub/Sub Functions Run

    Firestore Functions

12. Architecture Run Scheduler Pub/Sub Mobile App External Service Web Hook

    API Mobile API Job API

13. Architecture ✅ Using same API interceptors ✅ Managed by API

    Definitions ✅ Using same Monitoring environments

14. Architecture Run Scheduler Pub/Sub Mobile App External Service Web Hook

    API Mobile API Job API

15. Job Run Pub/Sub

16. Job resource "google_pubsub_topic" "foo" { name = "foo" } resource

    "google_pubsub_subscription" "job-foo" { name = "job-foo" topic = google_pubsub_topic.foo.name push_config { push_endpoint = "<cloud run endpoint uri>" } }

17. Job Run ❌ ✅ Pub/Sub

18. Job Run Pub/Sub Service Account

19. Job Run Pub/Sub OIDC Token (JWT)

20. Job resource "google_project_iam_member" "pubsub-is-sa-token-creator" { project = "<project name>" role

    = "roles/iam.serviceAccountTokenCreator" member = "serviceAccount:service-<project number>@gcp-sa-pubsub... } roles/iam.serviceAccountTokenCreator

21. Job resource "google_service_account" "job-api-invoker" { // ... account_id = "job-api-invoker"

    } resource "google_pubsub_subscription" "job-foo" { name = "job-foo" topic = google_pubsub_topic.foo.name push_config { push_endpoint = "<cloud run endpoint uri>" oidc_token { service_account_email = "job-api-invoker@..." audience = "<audience>" } } }

22. Job Run Pub/Sub OIDC Token (JWT) IdP JWKS Verification

23. Job Run ❌ ✅ Pub/Sub

24. Architecture Run Scheduler Pub/Sub Mobile App External Service Web Hook

    API Mobile API Job API

25. Agenda • What is Cloud Run • Architecture • Deployment

    • Monitoring • Tips

26. Deployment GitHub Actions Cloud Run Cloud Build Artifact Registry 1.

    Hook 3. Push 4. Deploy 5.Pull 2. Build

27. Deployment GitHub Actions Cloud Run Cloud Build Artifact Registry 1.

    Hook 3. Push 4. Deploy 5.Pull 2. Build

28. Deployment gcloud alpha builds submit \ --pack image=asia-northeast1-docker.pkg.dev/... jobs: deploy:

    # ... steps: # ... - uses: GoogleCloudPlatform/github-actions/setup-gcloud@master with: version: '314.0.0' project_id: <project name> service_account_key: ${{ secrets.SERVICE_ACCOUNT_KEY }} export_default_credentials: true GitHub Actions

29. Deployment GitHub Actions Cloud Run Cloud Build Artifact Registry 1.

    Hook 3. Push 4. Deploy 5.Pull 2. Build

30. Deployment gcloud alpha builds submit \ --pack image=asia-northeast1-docker.pkg.dev/... Buildpacks

31. Deployment gcloud alpha builds submit \ --pack image=asia-northeast1-docker.pkg.dev/... Buildpacks Source

    Code Image

32. Deployment gcloud alpha builds submit \ --pack image=asia-northeast1-docker.pkg.dev/... Buildpacks ✅

    Dockerfile Less!! ✅ Following Best Practice

33. Deployment GitHub Actions Cloud Run Cloud Build Artifact Registry 1.

    Hook 3. Push 4. Deploy 5.Pull 2. Build

34. Deployment GitHub Actions Cloud Run Cloud Build Artifact Registry 1.

    Hook 3. Push 4. Deploy 5.Pull 2. Build

35. Deployment gcloud run deploy "service-name" \ --image asia-northeast1-docker.pkg.dev/... \ --platform

    managed \ --region asia-northeast1 GitHub Actions

36. Deployment GitHub Actions Cloud Run Cloud Build Artifact Registry 1.

    Hook 3. Push 4. Deploy 5.Pull 2. Build

37. Agenda • What is Cloud Run • Architecture • Deployment

    • Monitoring • Tips

38. Monitoring Cloud Run Logging Monitoring Slack Metrics Log Alert

39. Monitoring Cloud Run Logging Monitoring Slack Metrics Log Alert

40. Monitoring Log Based Metrics

41. Monitoring Monitoring Dashboard

42. Monitoring Cloud Run Logging Monitoring Slack Metrics Log Alert

43. Monitoring Cloud Run Trace Trace Tracing

44. Monitoring Trace

45. Agenda • What is Cloud Run • Architecture • Deployment

    • Monitoring • Tips

46. Tips • Cold Start • Background Process

47. Tips • Cold Start • Background Process

48. Cold Start Initialization

49. Cold Start Initialization • Initializing Server • Connecting to Database

    • Register Tracer etc...

50. Cold Start Cloud Run starts to receive requests when listening

    on PORT Initialization Listen on PORT

51. Cold Start Run Firestore

52. Cold Start Run Firestore app, err := firebase.NewApp( ctx, config,

    ) // ... firestoreClient, err := app.Firestore(ctx) // ... server.ListenAndServe()

53. Cold Start Run Firestore Time app.Firestore(ctx) // Creating Firestore client

    server.ListenAndServe() // Listening on PORT Connecting to Firestore // Asynchronous!!

54. Cold Start Run Firestore Time app.Firestore(ctx) // Creating Firestore client

    server.ListenAndServe() // Listening on PORT Connecting to Firestore // Asynchronous Additional Latency!!

55. Cold Start Run Firestore app, err := firebase.NewApp( ctx, config,

    option.WithGRPCDialOption(grpc.WithBlock()), ) // ... firestoreClient, err := app.Firestore(ctx) // ... server.ListenAndServe()

56. Cold Start Run Firestore Time app.Firestore(ctx) // Creating Firestore client

    server.ListenAndServe() // Listening on PORT Connecting to Firestore // Synchronous

57. Tips • Cold Start • Background Process

58. Background Process ❌ Avoiding background activities https://cloud.google.com/run/docs/tips/general#avoiding_background_activities When an application

    running on Cloud Run finishes handling a request, the container instance's access to CPU will be disabled or severely limited. Therefore, you should not start background threads or routines that run outside the scope of the request handlers.

59. Background Process e.g.) Push notification Time Start handling a request

    Finish handling a request Start a background routine for the notification Finish a background routine for the notification

60. Background Process e.g.) Push notification Time Start handling a request

    Finish handling a request Start a background routine for the notification Finish a background routine for the notification CPU

61. Background Process e.g.) Push notification Time Start handling a request

    Finish handling a request Start a background routine for the notification Finish a background routine for the notification CPU

62. Background Process e.g.) Push notification Time Start handling a request

    Finish handling a request Start sending the notification Finish sending the notification CPU

63. Background Process e.g.) Push notification Time Start handling a request

    Finish handling a request Start sending the notification Finish sending the notification CPU Additional Latency!!

64. Background Process e.g.) Push notification Time Start handling a request

    Finish handling a request Push a queue to Cloud Tasks or Pub/Sub CPU

65. Architecture Run Scheduler Pub/Sub Mobile App External Service Web Hook

    API Mobile API Job API

66. Agenda • What is Cloud Run • Architecture • Deployment

    • Monitoring • Tips

67. Architecture Run Scheduler Pub/Sub Mobile App External Service Web Hook

    API Mobile API Job API

68. ࣮ફ Cloud Run GDG DevFest Yuki Ito