Microservices on Cloud Run @ KAUCHE

Slide 1

Slide 1 text

Microservices on Cloud Run @ KAUCHE Yuki Ito (@mrno110) GCPUG Modern Architecture Talk

Slide 2

Slide 2 text

Kauche Architect Yuki Ito @mrno110

Slide 3

Slide 3 text

No content

Slide 4

Slide 4 text

Architecture Run Tasks Pub/Sub Mobile App External Service Mobile API Web Hook API Job API Scheduler

Slide 5

Slide 5 text

What is Cloud Run Cloud Run is a managed compute platform that enables you to run containers that are invocable via requests or events. Cloud Run is serverless: it abstracts away all infrastructure management... https://cloud.google.com/run/docs

Slide 6

Slide 6 text

Architecture - Key Concepts - ɾEverything runs on Cloud Run ɾEverything runs as an API (gRPC)

Slide 7

Slide 7 text

Architecture Run Tasks Pub/Sub Mobile App External Service Mobile API Web Hook API Job API Scheduler

Slide 8

Slide 8 text

Architecture Run Tasks Pub/Sub Mobile App External Service Mobile API Web Hook API Job API Scheduler

Slide 9

Slide 9 text

Architecture - Key Concepts - e.g.) VS. Cloud Functions Trigger Run Pub/Sub Functions Run Firestore Functions

Slide 10

Slide 10 text

Architecture Run Tasks Pub/Sub Mobile App External Service Mobile API Web Hook API Job API Scheduler

Slide 11

Slide 11 text

Architecture ✅ Everything is Managed as API De fi nitions ✅ Reuse same implementation logic as APIs ✅ Use same Monitoring environments

Slide 12

Slide 12 text

Architecture: 2020 ~ Run Customer App Customer gRPC

Slide 13

Slide 13 text

Architecture: 2022 ~ Customer App Customer gRPC Partner App Partner gRPC Envoy (API Gateway)

Slide 14

Slide 14 text

O ffl oading Cross-Cutting Concerns to the API Gateway ✓ Authentication / Authorization ✓ Transcoding ✓ Being Internet facing (TLS / Domain / CDN / IP ...) ✓ ...

Slide 15

Slide 15 text

API Gateway Pattern Customer App Customer gRPC Partner App Partner gRPC Envoy (API Gateway)

Slide 16

Slide 16 text

proxy-wasm https://github.com/proxy-wasm/spec/blob/c8 ff 5a8ac7b18a65360fe8ab843a6291b8947682/docs/WebAssembly-in-Envoy.md

Slide 17

Slide 17 text

e.g. Fetching access tokens from Google Cloud Metadata Server API Gateway Upstream Microservice Metadata Server Access Token Access Token Get Access Token Request

Slide 18

Slide 18 text

Architecture: 2022 ~ Customer App Customer gRPC Partner App Partner gRPC Envoy (API Gateway)

Slide 19

Slide 19 text

Network: Single Service

Slide 20

Slide 20 text

Network: Microservices

Slide 21

Slide 21 text

Network: Access Control

Slide 22

Slide 22 text

Access Control - Cloud Run - • Access Control with IAM • Restricting Ingress

Slide 23

Slide 23 text

Network: Shared VPC + Service Controls Perimeter

Slide 24

Slide 24 text

Architecture: 2022 ~ Customer App Customer gRPC Partner App Partner gRPC Envoy (API Gateway)