How We Use Cloud Run and its Friends

Slide 1

Slide 1 text

How We Use Cloud Run and its Friends! Yuki Ito (@mrno110) Kauche Tech Talk

Slide 2

Slide 2 text

Kauche Architect Yuki Ito @mrno110

Slide 3

Slide 3 text

No content

Slide 4

Slide 4 text

Agenda ɾWhat is Cloud Run ɾArchitecture ɾObservability

Slide 5

Slide 5 text

Agenda ɾWhat is Cloud Run ɾArchitecture ɾObservability

Slide 6

Slide 6 text

What is Cloud Run Cloud Run is a managed compute platform that enables you to run containers that are invocable via requests or events. Cloud Run is serverless: it abstracts away all infrastructure management... https://cloud.google.com/run/docs

Slide 7

Slide 7 text

Agenda ɾWhat is Cloud Run ɾArchitecture ɾObservability

Slide 8

Slide 8 text

Agenda ɾWhat is Cloud Run ɾArchitecture ɾObservability

Slide 9

Slide 9 text

Architecture Run Tasks Pub/Sub Mobile App External Service Mobile API Web Hook API Job API Scheduler

Slide 10

Slide 10 text

Architecture - Key Concepts - ɾEverything runs on Cloud Run ɾEverything runs as a API

Slide 11

Slide 11 text

Architecture - Key Concepts - e.g.) VS. Cloud Functions Trigger Run Pub/Sub Functions Run Firestore Functions

Slide 12

Slide 12 text

Architecture Run Tasks Pub/Sub Mobile App External Service Mobile API Web Hook API Job API Scheduler

Slide 13

Slide 13 text

Architecture ✅ Everything is Managed by API De fi nitions ✅ Reuse same implementation logic as APIs ✅ Use same Monitoring environments

Slide 14

Slide 14 text

Architecture Run Tasks Pub/Sub Mobile App External Service Mobile API Web Hook API Job API Scheduler

Slide 15

Slide 15 text

Job Run Pub/Sub

Slide 16

Slide 16 text

Job resource "google_pubsub_topic" "foo" { name = "foo" } resource "google_pubsub_subscription" "job-foo" { name = "job-foo" topic = google_pubsub_topic.foo.name push_config { push_endpoint = "" } }

Slide 17

Slide 17 text

Job Run Pub/Sub 💀 ❌ ✅

Slide 18

Slide 18 text

Job Run Pub/Sub Service Account

Slide 19

Slide 19 text

Job Run Pub/Sub OIDC Token (JWT)

Slide 20

Slide 20 text

Job resource "google_project_iam_member" "pubsub-is-sa-token-creator" { project = "" role = "roles/iam.serviceAccountTokenCreator" member = "serviceAccount:service-@gcp-sa-pubsub... } roles/iam.serviceAccountTokenCreator

Slide 21

Slide 21 text

Job resource "google_service_account" "job-api-invoker" { // ... account_id = "job-api-invoker" } resource "google_pubsub_subscription" "job-foo" { name = "job-foo" topic = google_pubsub_topic.foo.name push_config { push_endpoint = "" oidc_token { service_account_email = "job-api-invoker@..." audience = "" } } }

Slide 22

Slide 22 text

Job Run Pub/Sub Public Keys OIDC Token (JWT) JWKS 🔑 JWT Veri fi cation

Slide 23

Slide 23 text

Job Run Pub/Sub 💀 ❌ ✅

Slide 24

Slide 24 text

Architecture Run Tasks Pub/Sub Mobile App External Service Mobile API Web Hook API Job API Scheduler

Slide 25

Slide 25 text

Agenda ɾWhat is Cloud Run ɾArchitecture ɾObservability

Slide 26

Slide 26 text

Agenda ɾWhat is Cloud Run ɾArchitecture ɾObservability

Slide 27

Slide 27 text

Observability • Logging • Trace • Monitoring Dashboard

Slide 28

Slide 28 text

Observability • Logging • Trace

Slide 29

Slide 29 text

Logging • Request logs • Container logs https://cloud.google.com/run/docs/logging Cloud Run has two types of logs: automatically sent to Cloud Logging

Slide 30

Slide 30 text

Logging • Request logs • Container logs https://cloud.google.com/run/docs/logging Cloud Run has two types of logs: automatically sent to Cloud Logging

Slide 31

Slide 31 text

Logging Cloud Run generates Request Logs

Slide 32

Slide 32 text

Logging Cloud Run generates Request Logs Not enough...

Slide 33

Slide 33 text

Logging • Request logs • Container logs https://cloud.google.com/run/docs/logging Cloud Run has two types of logs: automatically sent to Cloud Logging

Slide 34

Slide 34 text

Logging Container (Application) logs

Slide 35

Slide 35 text

Logging Container (Application) logs Structured Log

Slide 36

Slide 36 text

Logging Request Logs + Container Logs https://cloud.google.com/run/docs/logging#correlate-logs Correlating

Slide 37

Slide 37 text

Logging Correlating Request Logs Container Logs

Slide 38

Slide 38 text

Logging Correlating

Slide 39

Slide 39 text

Logging Container (Application) logs { "message": "grpc request", "logger": "grpc.request_logger", "method": "/customer.v1.CustomerService/GetXXX", "level": "info", "timestamp": 1613885945098.689 "logging.googleapis.com/trace": "projects/.../traces/xxx", } https://cloud.google.com/logging/docs/structured-logging

Slide 40

Slide 40 text

Logging Container X-Cloud-Trace-Context: projects/.../traces/xxx Header

Slide 41

Slide 41 text

Logging Correlating

Slide 42

Slide 42 text

Logging Correlating Request Logs Container Logs

Slide 43

Slide 43 text

Observability • Logging • Trace

Slide 44

Slide 44 text

Observability • Logging • Trace

Slide 45

Slide 45 text

Trace Cloud Trace

Slide 46

Slide 46 text

Trace OpenTelemetry OpenTelemetry is a collection of tools, APIs, and SDKs. Use it to instrument, generate, collect, and export telemetry data (metrics, logs, and traces) to help you analyze your software’s performance and behavior. https://opentelemetry.io/

Slide 47

Slide 47 text

Trace OpenTelemetry

Slide 48

Slide 48 text

Trace OpenCensus

Slide 49

Slide 49 text

Trace OpenTelemetry + OpenCensus (Bridge)

Slide 50

Slide 50 text

Agenda ɾWhat is Cloud Run ɾArchitecture ɾObservability

Slide 51

Slide 51 text

Architecture Run Tasks Pub/Sub Mobile App External Service Mobile API Web Hook API Job API Scheduler

Slide 52

Slide 52 text

AD https://kauche.connpass.com/event/252043/ 7/20 (Wed)