Introduce Cloud Run

1bfc6e2ed04a895bb36f36b86828b689?s=47 Yuki Ito
October 18, 2020

Introduce Cloud Run

1bfc6e2ed04a895bb36f36b86828b689?s=128

Yuki Ito

October 18, 2020
Tweet

Transcript

  1. ࣮ફ Cloud Run GDG DevFest Yuki Ito

  2. Agenda • What is Cloud Run • Architecture • Deployment

    • Monitoring • Tips
  3. Agenda • What is Cloud Run • Architecture • Deployment

    • Monitoring • Tips
  4. What is Cloud Run Cloud Run is a managed compute

    platform that enables you to run stateless containers that are invocable via web requests... Cloud Run is serverless: it abstracts away all infrastructure management... https://cloud.google.com/run/docs
  5. What is Cloud Run on GKE (Anthos) + Fully Managed

  6. What is Cloud Run on GKE (Anthos) + Fully Managed

  7. Agenda • What is Cloud Run • Architecture • Deployment

    • Monitoring • Tips
  8. None
  9. Architecture Run Scheduler Pub/Sub Mobile App External Service Web Hook

    API Mobile API Job API
  10. Key Concepts • Everything runs on Run •Everything is API

  11. Key Concepts Run e.g.) Cloud Functions Trigger Pub/Sub Functions Run

    Firestore Functions
  12. Architecture Run Scheduler Pub/Sub Mobile App External Service Web Hook

    API Mobile API Job API
  13. Architecture ✅ Using same API interceptors ✅ Managed by API

    Definitions ✅ Using same Monitoring environments
  14. Architecture Run Scheduler Pub/Sub Mobile App External Service Web Hook

    API Mobile API Job API
  15. Job Run Pub/Sub

  16. Job resource "google_pubsub_topic" "foo" { name = "foo" } resource

    "google_pubsub_subscription" "job-foo" { name = "job-foo" topic = google_pubsub_topic.foo.name push_config { push_endpoint = "<cloud run endpoint uri>" } }
  17. Job Run ❌ ✅ Pub/Sub

  18. Job Run Pub/Sub Service Account

  19. Job Run Pub/Sub OIDC Token (JWT)

  20. Job resource "google_project_iam_member" "pubsub-is-sa-token-creator" { project = "<project name>" role

    = "roles/iam.serviceAccountTokenCreator" member = "serviceAccount:service-<project number>@gcp-sa-pubsub... } roles/iam.serviceAccountTokenCreator
  21. Job resource "google_service_account" "job-api-invoker" { // ... account_id = "job-api-invoker"

    } resource "google_pubsub_subscription" "job-foo" { name = "job-foo" topic = google_pubsub_topic.foo.name push_config { push_endpoint = "<cloud run endpoint uri>" oidc_token { service_account_email = "job-api-invoker@..." audience = "<audience>" } } }
  22. Job Run Pub/Sub OIDC Token (JWT) IdP JWKS Verification

  23. Job Run ❌ ✅ Pub/Sub

  24. Architecture Run Scheduler Pub/Sub Mobile App External Service Web Hook

    API Mobile API Job API
  25. Agenda • What is Cloud Run • Architecture • Deployment

    • Monitoring • Tips
  26. Deployment GitHub Actions Cloud Run Cloud Build Artifact Registry 1.

    Hook 3. Push 4. Deploy 5.Pull 2. Build
  27. Deployment GitHub Actions Cloud Run Cloud Build Artifact Registry 1.

    Hook 3. Push 4. Deploy 5.Pull 2. Build
  28. Deployment gcloud alpha builds submit \ --pack image=asia-northeast1-docker.pkg.dev/... jobs: deploy:

    # ... steps: # ... - uses: GoogleCloudPlatform/github-actions/setup-gcloud@master with: version: '314.0.0' project_id: <project name> service_account_key: ${{ secrets.SERVICE_ACCOUNT_KEY }} export_default_credentials: true GitHub Actions
  29. Deployment GitHub Actions Cloud Run Cloud Build Artifact Registry 1.

    Hook 3. Push 4. Deploy 5.Pull 2. Build
  30. Deployment gcloud alpha builds submit \ --pack image=asia-northeast1-docker.pkg.dev/... Buildpacks

  31. Deployment gcloud alpha builds submit \ --pack image=asia-northeast1-docker.pkg.dev/... Buildpacks Source

    Code Image
  32. Deployment gcloud alpha builds submit \ --pack image=asia-northeast1-docker.pkg.dev/... Buildpacks ✅

    Dockerfile Less!! ✅ Following Best Practice
  33. Deployment GitHub Actions Cloud Run Cloud Build Artifact Registry 1.

    Hook 3. Push 4. Deploy 5.Pull 2. Build
  34. Deployment GitHub Actions Cloud Run Cloud Build Artifact Registry 1.

    Hook 3. Push 4. Deploy 5.Pull 2. Build
  35. Deployment gcloud run deploy "service-name" \ --image asia-northeast1-docker.pkg.dev/... \ --platform

    managed \ --region asia-northeast1 GitHub Actions
  36. Deployment GitHub Actions Cloud Run Cloud Build Artifact Registry 1.

    Hook 3. Push 4. Deploy 5.Pull 2. Build
  37. Agenda • What is Cloud Run • Architecture • Deployment

    • Monitoring • Tips
  38. Monitoring Cloud Run Logging Monitoring Slack Metrics Log Alert

  39. Monitoring Cloud Run Logging Monitoring Slack Metrics Log Alert

  40. Monitoring Log Based Metrics

  41. Monitoring Monitoring Dashboard

  42. Monitoring Cloud Run Logging Monitoring Slack Metrics Log Alert

  43. Monitoring Cloud Run Trace Trace Tracing

  44. Monitoring Trace

  45. Agenda • What is Cloud Run • Architecture • Deployment

    • Monitoring • Tips
  46. Tips • Cold Start • Background Process

  47. Tips • Cold Start • Background Process

  48. Cold Start Initialization

  49. Cold Start Initialization • Initializing Server • Connecting to Database

    • Register Tracer etc...
  50. Cold Start Cloud Run starts to receive requests when listening

    on PORT Initialization Listen on PORT
  51. Cold Start Run Firestore

  52. Cold Start Run Firestore app, err := firebase.NewApp( ctx, config,

    ) // ... firestoreClient, err := app.Firestore(ctx) // ... server.ListenAndServe()
  53. Cold Start Run Firestore Time app.Firestore(ctx) // Creating Firestore client

    server.ListenAndServe() // Listening on PORT Connecting to Firestore // Asynchronous!!
  54. Cold Start Run Firestore Time app.Firestore(ctx) // Creating Firestore client

    server.ListenAndServe() // Listening on PORT Connecting to Firestore // Asynchronous Additional Latency!!
  55. Cold Start Run Firestore app, err := firebase.NewApp( ctx, config,

    option.WithGRPCDialOption(grpc.WithBlock()), ) // ... firestoreClient, err := app.Firestore(ctx) // ... server.ListenAndServe()
  56. Cold Start Run Firestore Time app.Firestore(ctx) // Creating Firestore client

    server.ListenAndServe() // Listening on PORT Connecting to Firestore // Synchronous
  57. Tips • Cold Start • Background Process

  58. Background Process ❌ Avoiding background activities https://cloud.google.com/run/docs/tips/general#avoiding_background_activities When an application

    running on Cloud Run finishes handling a request, the container instance's access to CPU will be disabled or severely limited. Therefore, you should not start background threads or routines that run outside the scope of the request handlers.
  59. Background Process e.g.) Push notification Time Start handling a request

    Finish handling a request Start a background routine for the notification Finish a background routine for the notification
  60. Background Process e.g.) Push notification Time Start handling a request

    Finish handling a request Start a background routine for the notification Finish a background routine for the notification CPU
  61. Background Process e.g.) Push notification Time Start handling a request

    Finish handling a request Start a background routine for the notification Finish a background routine for the notification CPU
  62. Background Process e.g.) Push notification Time Start handling a request

    Finish handling a request Start sending the notification Finish sending the notification CPU
  63. Background Process e.g.) Push notification Time Start handling a request

    Finish handling a request Start sending the notification Finish sending the notification CPU Additional Latency!!
  64. Background Process e.g.) Push notification Time Start handling a request

    Finish handling a request Push a queue to Cloud Tasks or Pub/Sub CPU
  65. Architecture Run Scheduler Pub/Sub Mobile App External Service Web Hook

    API Mobile API Job API
  66. Agenda • What is Cloud Run • Architecture • Deployment

    • Monitoring • Tips
  67. Architecture Run Scheduler Pub/Sub Mobile App External Service Web Hook

    API Mobile API Job API
  68. ࣮ફ Cloud Run GDG DevFest Yuki Ito