Application Development with Cloud Run 1.0

• Familiarity with Linux commands and command line interface.
• Basic understanding of Google Cloud.
• Basic understanding of networking.
• Basic understanding of one or more programming languages like Go, Python, Java, Ruby, or Node.js.
• Basic understanding of shell scripts, YAML, JSON, HTTP, and TLS.

• Gain detailed understanding of Cloud Run, Google Cloud’s fully managed compute platform for deploying and scaling containerized applications quickly and securely.
• write and migrate code your way using your favorite languages (Go, Python, Java, Ruby, Node.js, and more).
• Secure service to service communication based on service identities and grant applications only the permissions they need.
• Learn how to build highly available applications with low end-user latency, globally.
• Learn how to connect to, and persist data in the managed database offerings on Google Cloud.
• Understand how abstracting away all infrastructure management
• creates a simple developer experience.

Module 1: Introducing Application Development with Cloud Run

Topics

• This module gives a general overview of Cloud Run. If you’re new to Cloud Run (or even to Google Cloud), this will be a great introduction.

Objectives

• A general understanding of Cloud Run
• Understand how how high availability, low end-user latency and developer productivity are important architectural drivers for web based applications today
• Understand the advantages of serverless on Google Cloud.

Module 02: Understanding Cloud Run

Topics

• You can use any language, any library and any binary. Cloud Run expects your app (in a container image) to listen on a port and respond to HTTP requests.
• Use a docker repository on Artifact Registry to store your images: Cloud Run onlydeploys from there.
• Cloud Run uses autoscaling to handle all incoming requests
• Pay for use pricing model
• No background tasks: Container lifetime is only guaranteed while handling requests
• There is no persistent storage: Store data downstream
• Cloud Run is portable (containers and Knative)

Objectives

• Understand Container Images and Containers
• Understand how Cloud Run is different from an always-on server
• Implement the deployment of a container image to Cloud Run (hands-on lab)
• Understand auto-scaling and on-demand containers

Activities

• 1 lab

Module 3: Building Container Images

Topics

• The contents of a container image (deep dive)
• There are two ways to build container images
  • Buildpacks (hands-off)
  • Docker (you’re in control)
• Cloud Run supports both source-based and a container image based workflow
• The most important considerations of building a secure container image

Objectives

• Deeply understand what is inside a container image
• Package an application into a container image with Buildpacks (hands-on lab activity)
• Understand that Dockerfiles are a lower-level and more transparent alternative to Buildpacks

Activities

• 1 Lab

Module 4: Building Container Images

Topics

• Container lifecycle
  • Idle vs serving
  • Shutdown lifecycle hook
• Cold starts
  • Min instances
• Container readiness
• The service resource and what it describes
• Configuring memory limits and CPU allocation
• Deploying a new revision
• Traffic steering (tagging, gradual rollouts)

Objectives

• Understand the advantages of the shutdown lifecycle hook
• Understand how to avoid request queuing
• Implement new versions of an application (hands-on lab activity)
• Implement gradual traffic migration (hands-on lab activity)

Activities

• 1 Lab

Module 5: Configuring Service Identity and Authorization

Topics

• Cloud IAM
  • Service account, policy binding, roles, types of members, resource hierarchy (in practice)
  • Service accounts
  • Cloud Run IAM roles
• Cloud Run
  • Default service account
  • Risks of using the default service account

Objectives

• Understand that every action on a Cloud resource is actually an API call
• Understand how and why to limit the permissions in your Cloud Run service to only specific and necessary API calls
• Understand the process needed to make the default permissions of a Cloud API more secure
• Use the client libraries to call other Google Cloud services (hands-on lab activity)

Activities

• 1 Lab

Module 6: Serving Requests

Topics

• Custom Domains
• Global Load Balancer
  • URL Map
  • Frontend
  • Backend services
• Benefits and drawbacks of GLB over custom domain
• Types of GLB Backends
• Multi-region load balancing
• Multi-regional applications challenges
• Cloud CDN

Objectives

• Use Cloud CDN to improve the reliability and performance of an application
• Use path-based routing to combine multiple applications on one domain
• Route incoming requests to the Cloud Run service closest to clients

Activities

• 1 Lab

Module 7: Using Inbound and Outbound Access Control

Topics

• Ingress settings
• Cloud Armor
• Using Cloud IAM to protect services
  • Understand how authenticated requests (IAM + OIDC tokens) work (builds on Module 5)
• VPC, VPC Access Connector
• Egress settings

Objectives

• Connecting your project to resources with a private IP
• Implementing controls to prevent outbound traffic to dangerous or unwanted hosts
• Implementing filters for inbound traffic using content-based rules
• Implementing controlled access to only specific service accounts

Activities

• 1 Lab

Module 8: Persisting Data

Topics

• Understanding why you need to store data externally when running a workload on Cloud Run.
• Connect with Cloud SQL from Cloud Run
  • Understand how it works (managed Cloud SQL Proxy)
• Managing concurrency as a way to safeguard performance (understand why and when)
• Connecting with Memorystore
• VPC Connector
  • Challenges with scaling Memorystore (throughput)
• Briefly introduce Cloud Storage, Firestore and Cloud Spanner, while reinforcing how the client libraries use the built-in service account to connect (Module 5 is prerequisite knowledge).
• Multi-region data storage (and what Spanner and Firestore can do for you)

Objectives

• Understand how to connect your application with Cloud SQL to store relational data
• Use a VPC Connector to reach a private Memorystore instance
• Understand how to connect with Cloud Storage, Spanner and Firestore

Activities

• 1 Lab

Module 9: Implementing Service-to-Service Communication

Topics

• Understanding Cloud Pub/Sub
  • Understanding topics, push subscriptions
  • Idempotency (Handling retries and at-least-once invocation)
    • Event ID, design for resume, or use a lease
  • Handling undeliverable messages
• How to asynchronously schedule a background task on a different service
• Cloud Tasks, and when to choose it over Cloud Pub/Sub
• Benefits of using Pub/Sub to pass messages over making sync RPC requests
• Learn about services in Google Cloud with a built-in integration to push events to Pub/Sub (Cloud Build, Artifact Registry, Cloud Storage, IOT Core, BigQuery)
• Cloud Scheduler to invoke services on a schedule.
• CloudEvents
• EventArc, and how to consume Audit logs
  • What to expect now, and how EventArc will develop over time

Objectives

• Using Cloud Pub/Sub to send messages between services
• Discovering the URL of other Cloud Run services
• Receiving events from other Google Cloud services
• Processing background tasks asynchronously

Activities

• 1 Lab

Module 10: Orchestrating and Automating Serverless Workflows

Topics

• Conceptual overview of Cloud Workflows
• Invoking and passing parameters
• Understand steps and jumps
• Defining, using and passing values with variables
• Using the switch statement to add logic
• Workflow visualization
• Calling HTTPS endpoints
• Calling an authenticated Cloud Run service
• Example: polling API for completion

Objectives

• Understand the capabilities of Cloud Workflows
• Learn how to model a simple workflow with steps and conditional jumps
• Integrating Cloud Run with Cloud Workflows
• Understand how to invoke workflows