Slide 1

Slide 1 text

Modern Application Development Sandeep Parikh, Google

Slide 2

Slide 2 text

Monolith → Microservices

Slide 3

Slide 3 text

Containers Great!

Slide 4

Slide 4 text

Kubernetes Also great!

Slide 5

Slide 5 text

Kubernetes is for developers operators

Slide 6

Slide 6 text

Scheduling Lifecycle and health Naming and discovery Load balancing Storage volumes Logging and monitoring Identity and authorization Kubernetes for operators

Slide 7

Slide 7 text

Want to Write code Still Have to Build docker image locally Upload image to registry Deploy service Expose to the internet Setup logging & monitoring Scale workload... Kubernetes for developers

Slide 8

Slide 8 text

Let’s go back to the basics

Slide 9

Slide 9 text

What does it mean to be Cloud Native? Services over Servers Configuration over Convention Immutable over Maintained Automation over Manipulation

Slide 10

Slide 10 text

The basics of Serverless Operational Model No Infra Management Fully Managed Security Pay only for usage Programming Model Service-based Event-driven Open Stateless

Slide 11

Slide 11 text

Is this functions only? Not for applications? What about containers? Operational Model No Infra Management Fully Managed Security Pay only for usage Programming Model Service-based Event-driven Open Stateless

Slide 12

Slide 12 text

Containers Flexibility Serverless Velocity

Slide 13

Slide 13 text

Say hello to Cloud Run The next step in bringing serverless to containers

Slide 14

Slide 14 text

Cloud Run Just ‘deploy’ Any stateless container Any language, any library URL in seconds Focus on writing code Scale up fast Scale down to zero Pay for exact usage No servers to manage

Slide 15

Slide 15 text

Cloud Run use cases Public ● Website ● API endpoint ● Mobile backend ● Webhook Private ● Microservices ● Asynchronous tasks

Slide 16

Slide 16 text

Cloud Run Container to prod in seconds Natively Serverless One experience, where you want it

Slide 17

Slide 17 text

Cloud Run Container to prod in seconds Natively Serverless One experience, where you want it

Slide 18

Slide 18 text

Cloud Run on GKE Same great Cloud Run, but on Kubernetes More flexibility and control, operator required. Integrates with k8s-based policy, control & mgmt Custom nodes, hardware accelerators, VPC Build on your existing investment in Kubernetes

Slide 19

Slide 19 text

Cloud Run Fully serverless, no cluster Pay for what you use Cloud Run on GKE Serverless developer experience Runs in your GKE cluster Serverless containers, where you want them

Slide 20

Slide 20 text

Runs in your GKE cluster Provisioned resources Kubernetes operations Custom machine types Hardware accelerators (GPUs) Fully managed, no cluster Pay-per-use Minimal operations Limited instance size Autoscaling Stackdriver UI & CLI Custom URLs Knative Cloud Run Cloud Run on GKE

Slide 21

Slide 21 text

One experience, where you want it

Slide 22

Slide 22 text

Knative open source building blocks for serverless on Kubernetes

Slide 23

Slide 23 text

Activates & scales up/down based on requests Manages code and config revisions Service mesh integration for request path/service access control Custom domains, certificate management Orchestrates on/off cluster resources Bindings for event sources, triggers, and services Scales from few events to full streaming Builds on CloudEvents Reproducible builds Source to serving URL templates No need for Docker or cross-compilation Supports de-coupled CI/CD Support for policy and audit controls Knative components Serving Eventing Build

Slide 24

Slide 24 text

Cloud Run & Knative Portable via common API and runtime environment. Cloud Run implements Knative Serving and Knative Runtime Contract.

Slide 25

Slide 25 text

Products Google Cloud Run Red Hat OpenShift SAP Kyma Google Cloud Run on GKE IBM Cloud Kubernetes Service TriggerMesh Build Serving Kubernetes Platform Primitives Events ... Knative ecosystem

Slide 26

Slide 26 text

Service revisions using Cloud Run & Knative Revision 1 Revision 2 Revision 3 Configuration Route Service

Slide 27

Slide 27 text

2 1 3 Service rollouts using Cloud Run & Knative

Slide 28

Slide 28 text

Container runtime contract State Listen for HTTP requests on $PORT CPU outside of requests

Slide 29

Slide 29 text

Cloud Run & Knative in action

Slide 30

Slide 30 text

Office Space When bank transactions are computed with interest, the transaction value is rounded down and deposited into the bank’s account. The remainder is deposited into a separate, personal account.

Slide 31

Slide 31 text

Thank you! Find me @crcsmnky on Twitter or Github github.com/crcsmnky/cloud-run-office-space speakerdeck/crcsmnky/modern-app-dev-cloud-run

Slide 32

Slide 32 text

Cloud Run Details

Slide 33

Slide 33 text

Authorization

Slide 34

Slide 34 text

GCP Invoker permissions Service IAM Requests Auth check: "allUsers" "user:[email protected]" "serviceAccount:..."

Slide 35

Slide 35 text

Public service Frontend IAM: role: "roles/run.invoker" member: "allUsers"

Slide 36

Slide 36 text

Leverage "Invoker" IAM role and service identity. Private service to service Frontend Backend IAM: role: "roles/run.invoker" member: "serviceAccount:frontend@..." header:"Authorization: Bearer ID_TOKEN"

Slide 37

Slide 37 text

Push Events with Pub/Sub Pub/Sub push to Cloud Run URL with authentication token. Leverage "Invoker" IAM role to authorize push. No need to validate URL. Cloud Run Service Cloud Pub/Sub IAM: role: "roles/run.invoker" member: "serviceAccount:pubsub@..." gcloud alpha pubsub subscriptions create my-sub --topic my-topic --push-endpoint=https://service.run.app --push-auth-service-account=pubsub@...

Slide 38

Slide 38 text

Async tasks Cloud Tasks HTTP targets (Beta soon) push to Cloud Run URL with authentication token Leverage "Invoker" IAM role. Service Cloud Tasks IAM: role: "roles/run.invoker" member: "serviceAccount:tasks@..." HTTP target

Slide 39

Slide 39 text

Scheduled services Cloud Scheduler with authentication token Leverage "Invoker" IAM role. Service Cloud Scheduler IAM: role: "roles/run.invoker" member: "serviceAccount:scheduler@..."

Slide 40

Slide 40 text

Concurrency

Slide 41

Slide 41 text

Concurrency in Cloud Run Each Service is autoscaled to many container instances. Concurrency = "maximum number of requests that can be sent at the same time to a given container instance" AWS Lambda or Google Cloud Functions: only one request at a time to each instance, "concurrency = 1". With Cloud Run: set concurrency value from 1 to 80 (default: 80) → optimized resource consumption → optimized costs concurrency = 1 concurrency = 80

Slide 42

Slide 42 text

concurrency = 1 concurrency = 80 400 clients, making 3 req/sec

Slide 43

Slide 43 text

Other details

Slide 44

Slide 44 text

Monitoring & Logging ✓ Monitoring Out of the box: ✓ Error Reporting ✓ Logging Stackdriver

Slide 45

Slide 45 text

gVisor Container sandbox runtime gvisor.dev Secure container isolation. Most applications run well. Contact GCP support if you encounter a limitation due to unsupported system call. Container gVisor Host System calls Limited system calls Secure isolation }

Slide 46

Slide 46 text

Current limits ● Max to 1 vCPU and 2GB RAM ● No access to GPUs ● No Cloud SQL Coming Soon ● No VPC access Coming Soon → No Cloud Memorystore ● No Global Load Balancer Cloud Run on GKE Solution