This course introduces you to fundamentals, practices, capabilities and tools applicable to modern cloud-native application development using Google Cloud Run. Through a combination of lectures, hands-on labs, and supplemental materials, you will learn how to design, implement, deploy, secure, manage, and scale applications on Google Cloud using Cloud Run.
Who is this course for?
Cloud developers, API developers, customers and partners
Cloud Run, Cloud Buildpacks, Cloud Workflows
- Familiarity with Linux commands and command line interface.
- Basic understanding of Google Cloud.
- Basic understanding of networking.
- Basic understanding of one or more programming languages like Go, Python, Java, Ruby, or Node.js.
- Basic understanding of shell scripts, YAML, JSON, HTTP, and TLS.
Delegates will learn how to
- Gain detailed understanding of Cloud Run, Google Cloud’s fully managed compute platform for deploying and scaling containerized applications quickly and securely.
- write and migrate code your way using your favorite languages (Go, Python, Java, Ruby, Node.js, and more).
- Secure service to service communication based on service identities and grant applications only the permissions they need.
- Learn how to build highly available applications with low end-user latency, globally.
- Learn how to connect to, and persist data in the managed database offerings on Google Cloud.
- Understand how abstracting away all infrastructure management
- creates a simple developer experience.
Module 1: Introducing Application Development with Cloud Run
- This module gives a general overview of Cloud Run. If you’re new to Cloud Run (or even to Google Cloud), this will be a great introduction.
- A general understanding of Cloud Run
- Understand how how high availability, low end-user latency and developer productivity are important architectural drivers for web based applications today
- Understand the advantages of serverless on Google Cloud.
Module 02: Understanding Cloud Run
- You can use any language, any library and any binary. Cloud Run expects your app (in a container image) to listen on a port and respond to HTTP requests.
- Use a docker repository on Artifact Registry to store your images: Cloud Run onlydeploys from there.
- Cloud Run uses autoscaling to handle all incoming requests
- Pay for use pricing model
- No background tasks: Container lifetime is only guaranteed while handling requests
- There is no persistent storage: Store data downstream
- Cloud Run is portable (containers and Knative)
- Understand Container Images and Containers
- Understand how Cloud Run is different from an always-on server
- Implement the deployment of a container image to Cloud Run (hands-on lab)
- Understand auto-scaling and on-demand containers
- 1 lab
Module 3: Building Container Images
- The contents of a container image (deep dive)
- There are two ways to build container images
- Buildpacks (hands-off)
- Docker (you’re in control)
- Cloud Run supports both source-based and a container image based workflow
- The most important considerations of building a secure container image
- Deeply understand what is inside a container image
- Package an application into a container image with Buildpacks (hands-on lab activity)
- Understand that Dockerfiles are a lower-level and more transparent alternative to Buildpacks
- 1 Lab
Module 4: Building Container Images
- Container lifecycle
- Idle vs serving
- Shutdown lifecycle hook
- Cold starts
- Min instances
- Container readiness
- The service resource and what it describes
- Configuring memory limits and CPU allocation
- Deploying a new revision
- Traffic steering (tagging, gradual rollouts)
- Understand the advantages of the shutdown lifecycle hook
- Understand how to avoid request queuing
- Implement new versions of an application (hands-on lab activity)
- Implement gradual traffic migration (hands-on lab activity)
- 1 Lab
Module 5: Configuring Service Identity and Authorization
- Cloud IAM
- Service account, policy binding, roles, types of members, resource hierarchy (in practice)
- Service accounts
- Cloud Run IAM roles
- Cloud Run
- Default service account
- Risks of using the default service account
- Understand that every action on a Cloud resource is actually an API call
- Understand how and why to limit the permissions in your Cloud Run service to only specific and necessary API calls
- Understand the process needed to make the default permissions of a Cloud API more secure
- Use the client libraries to call other Google Cloud services (hands-on lab activity)
- 1 Lab
Module 6: Serving Requests
- Custom Domains
- Global Load Balancer
- URL Map
- Backend services
- Benefits and drawbacks of GLB over custom domain
- Types of GLB Backends
- Multi-region load balancing
- Multi-regional applications challenges
- Cloud CDN
- Use Cloud CDN to improve the reliability and performance of an application
- Use path-based routing to combine multiple applications on one domain
- Route incoming requests to the Cloud Run service closest to clients
- 1 Lab
Module 7: Using Inbound and Outbound Access Control
- Ingress settings
- Cloud Armor
- Using Cloud IAM to protect services
- Understand how authenticated requests (IAM + OIDC tokens) work (builds on Module 5)
- VPC, VPC Access Connector
- Egress settings
- Connecting your project to resources with a private IP
- Implementing controls to prevent outbound traffic to dangerous or unwanted hosts
- Implementing filters for inbound traffic using content-based rules
- Implementing controlled access to only specific service accounts
- 1 Lab
Module 8: Persisting Data
- Understanding why you need to store data externally when running a workload on Cloud Run.
- Connect with Cloud SQL from Cloud Run
- Understand how it works (managed Cloud SQL Proxy)
- Managing concurrency as a way to safeguard performance (understand why and when)
- Connecting with Memorystore
- VPC Connector
- Challenges with scaling Memorystore (throughput)
- Briefly introduce Cloud Storage, Firestore and Cloud Spanner, while reinforcing how the client libraries use the built-in service account to connect (Module 5 is prerequisite knowledge).
- Multi-region data storage (and what Spanner and Firestore can do for you)
- Understand how to connect your application with Cloud SQL to store relational data
- Use a VPC Connector to reach a private Memorystore instance
- Understand how to connect with Cloud Storage, Spanner and Firestore
- 1 Lab
Module 9: Implementing Service-to-Service Communication
- Understanding Cloud Pub/Sub
- Understanding topics, push subscriptions
- Idempotency (Handling retries and at-least-once invocation)
- Event ID, design for resume, or use a lease
- Handling undeliverable messages
- How to asynchronously schedule a background task on a different service
- Cloud Tasks, and when to choose it over Cloud Pub/Sub
- Benefits of using Pub/Sub to pass messages over making sync RPC requests
- Learn about services in Google Cloud with a built-in integration to push events to Pub/Sub (Cloud Build, Artifact Registry, Cloud Storage, IOT Core, BigQuery)
- Cloud Scheduler to invoke services on a schedule.
- EventArc, and how to consume Audit logs
- What to expect now, and how EventArc will develop over time
- Using Cloud Pub/Sub to send messages between services
- Discovering the URL of other Cloud Run services
- Receiving events from other Google Cloud services
- Processing background tasks asynchronously
- 1 Lab
Module 10: Orchestrating and Automating Serverless Workflows
- Conceptual overview of Cloud Workflows
- Invoking and passing parameters
- Understand steps and jumps
- Defining, using and passing values with variables
- Using the switch statement to add logic
- Workflow visualization
- Calling HTTPS endpoints
- Calling an authenticated Cloud Run service
- Example: polling API for completion
- Understand the capabilities of Cloud Workflows
- Learn how to model a simple workflow with steps and conditional jumps
- Integrating Cloud Run with Cloud Workflows
- Understand how to invoke workflows
Frequently asked questionsSee all of our FAQs
How can I create an account on myQA.com?
There are a number of ways to create an account. If you are a self-funder, simply select the "Create account" option on the login page.
If you have been booked onto a course by your company, you will receive a confirmation email. From this email, select "Sign into myQA" and you will be taken to the "Create account" page. Complete all of the details and select "Create account".
If you have the booking number you can also go here and select the "I have a booking number" option. Enter the booking reference and your surname. If the details match, you will be taken to the "Create account" page from where you can enter your details and confirm your account.
Find more answers to frequently asked questions in our FAQs: Bookings & Cancellations page.
How do QA’s virtual classroom courses work?
Our virtual classroom courses allow you to access award-winning classroom training, without leaving your home or office. Our learning professionals are specially trained on how to interact with remote attendees and our remote labs ensure all participants can take part in hands-on exercises wherever they are.
We use the WebEx video conferencing platform by Cisco. Before you book, check that you meet the WebEx system requirements and run a test meeting (more details in the link below) to ensure the software is compatible with your firewall settings. If it doesn’t work, try adjusting your settings or contact your IT department about permitting the website.
Learn more about our Virtual Classrooms.
How do QA’s online courses work?
QA online courses, also commonly known as distance learning courses or elearning courses, take the form of interactive software designed for individual learning, but you will also have access to full support from our subject-matter experts for the duration of your course. When you book a QA online learning course you will receive immediate access to it through our e-learning platform and you can start to learn straight away, from any compatible device. Access to the online learning platform is valid for one year from the booking date.
All courses are built around case studies and presented in an engaging format, which includes storytelling elements, video, audio and humour. Every case study is supported by sample documents and a collection of Knowledge Nuggets that provide more in-depth detail on the wider processes.
Learn more about QA’s online courses.
When will I receive my joining instructions?
Joining instructions for QA courses are sent two weeks prior to the course start date, or immediately if the booking is confirmed within this timeframe. For course bookings made via QA but delivered by a third-party supplier, joining instructions are sent to attendees prior to the training course, but timescales vary depending on each supplier’s terms. Read more FAQs.
When will I receive my certificate?
Certificates of Achievement are issued at the end the course, either as a hard copy or via email. Read more here.