book

Building Serverless Applications with Google Cloud Run

Name: Building Serverless Applications with Google Cloud Run
Author: Wietse Venema
ISBN: 9781492057093

by Wietse Venema

December 2020

Intermediate to advanced

200 pages

4h 59m

English

O'Reilly Media, Inc.

Read now

Unlock full access

Includes

Sandbox

Foreword
Preface
Why I Wrote This BookWho This Book Is ForWhy Use the Go Language?Navigating This BookConventions Used in This BookUsing Code ExamplesO’Reilly Online LearningHow to Contact UsAcknowledgments
1. Introduction
Serverless ApplicationsA Simple Developer ExperienceAutoscalable Out of the BoxA Different Cost ModelServerless Is Not Functions as a ServiceGoogle CloudServerless on Google CloudCloud RunServiceContainer ImageScalability and Self-HealingHTTPS ServingMicroservices SupportIdentity, Authentication, and Access ManagementMonitoring and LoggingTransparent DeploymentsPay-Per-UseConcerns About ServerlessUnpredictable CostsHyper-ScalabilityWhen Things Go Really WrongSeparation of Compute and StorageOpen Source CompatibilitySummary
2. Understanding Cloud Run
Getting Started with Google CloudCostsInteracting with Google CloudGoogle Cloud ProjectsInstalling and Authenticating the SDKInstalling Beta ComponentsDeploying Your First ServiceDeploying the Sample ContainerRegionStructure of the HTTPS EndpointViewing Your Service in the Web ConsoleDeploying a New VersionRevisionUnderstanding Cloud RunContainer Life CycleCPU ThrottlingTask Scheduling and ThrottlingLoad Balancer and AutoscalerConcurrent Request LimitAutoscalerTuning the Concurrency SettingCold StartsDisposable ContainersIn-Memory FilesystemReady for RequestsCloud Run Key PointsChoosing a Serverless Compute Product on Google CloudCloud Functions: Glue CodeApp Engine: Platform as a ServiceKey DifferencesWhat Will the Future Look Like?Summary
3. Building Containers
Containers: A Hands-On ExplorationRunning an Interactive ShellOverriding the Default CommandRunning a ServerContainers from First PrinciplesInside a Container ImageThe Linux KernelContainer IsolationStarting a ContainerBuilding a Container with DockerDockerfile InstructionsInstalling Additional ToolingSmaller Is Better When Deploying to ProductionCreating Small Containers with DistrolessArtifact RegistryBuilding and Tagging the Container ImageAuthenticating and Pushing the Container ImageBuilding a Container Without a DockerfileGo Containers with koJava Containers with JibCloud Native BuildpacksCloud BuildRemote Docker BuildAdvanced BuildsRunning Arbitrary ProgramsConnecting with Version ControlShutting DownSummary
4. Working with a Relational Database
Introducing the Demo ApplicationCreating the Cloud SQL InstanceUnderstanding Cloud SQL ProxyConnecting and Loading the SchemaSecuring the Default UserConnecting Cloud Run to Cloud SQLDisabling the Direct ConnectionDeploying the Demo ApplicationConnection StringPublic and Private IPLimiting ConcurrencyTransaction ConcurrencyResource ContentionScaling Boundaries and Connection PoolingExternal Connection PoolA Real-World ExampleCloud SQL in ProductionMonitoringAutomatic Storage IncreaseHigh AvailabilityMaking Your Application Resilient Against Short DowntimeShutting DownSummary
5. Working with HTTP Sessions
How HTTP Sessions WorkStoring Sessions in Memorystore: A Hands-On ExplorationCreating a Memorystore InstanceWhat Is a VPC Connector?Creating a VPC ConnectorDeploying the Demo AppAlternative Session StoresSession AffinityUse CasesSession Affinity Is Not for Session DataShutting DownSummary
6. Service Identity and Authentication
Cloud IAM FundamentalsRolesPolicy BindingService AccountsCreating and Using a New Service AccountSending Authenticated Requests to Cloud RunDeploying a Private ServiceUsing an ID Token to Send Authenticated RequestsWhen Is an ID Token Valid?Programmatically Calling Private Cloud Run ServicesGoogle Frontend ServerA Story About Inter-Service LatencyDemo ApplicationEmbedded Read-Only SQL DatabaseRunning LocallyEdit, Compile, ReloadDeploying to Cloud RunUpdate the Frontend ConfigurationAdd Custom Service AccountsAdd IAM Policy BindingSummary
7. Task Scheduling
Cloud TasksHands-On Learning: A Demo ApplicationBuilding the Container ImagesCreating a Cloud Tasks QueueCreating Service AccountsDeploying the Worker ServiceDeploying the Task App ServiceConnecting the Task QueueScheduling a Task with the Cloud Tasks Client LibraryAutomatic ID TokenConnecting the WorkerTest the AppQueue ConfigurationRetry ConfigurationRate LimitingViewing and Updating Queue ConfigurationConsiderationsCloud Tasks Might Deliver Your Request TwiceLocal DevelopmentAlternativesSummary
8. Infrastructure as Code Using Terraform
What Is Infrastructure as Code?Why Infrastructure as Code?Serverless InfrastructureHow It WorksWhen Not to Use Infrastructure as CodeTerraformInstalling TerraformGetting Started with a Minimal ExampleThe Terraform WorkflowChange with Terraform: Adding the Access PolicyExpressing Dependencies with ReferencesSupplemental ResourcesSummary

9. Structured Logging and Tracing
Logging on Cloud RunViewing Logs in the Web ConsoleViewing Logs in the TerminalFinding Invisible LogsPlain-Text Logs Leave You Wanting MoreDemo ApplicationStructured LoggingClient LibrariesStructured Logging in Other LanguagesHow to Use Log LevelsCapturing PanicsLocal DevelopmentRequest ContextTrace ContextForwarding Trace IDPreparing All Incoming Requests with the Trace IDPassing Request Context to Outgoing RequestsViewing Trace Context in Cloud LoggingAdditional Resources About TracingLog-Based Metrics with Cloud MonitoringSummary
10. Cloud Run and Knative Serving
What Is Knative Serving?Cloud Run Is Not Managed Knative ServingKnative Serving on Google CloudUnderstanding KubernetesAPI ServerKubernetes ResourcesDatabaseControllersAdding Extensions to KubernetesRunning Knative Serving LocallyRunning a Local Kubernetes ClusterInstalling Minikube and kubectlStarting Your Local ClusterInstall the Knative OperatorStarting Minikube TunnelInstalling an HTTP Load BalancerConfiguring DNSDeploying a ServiceDeploying the Same Service to Cloud RunAlternative API ClientsShutting DownDiscussionServingMoving from Kubernetes to Cloud Run Is HarderService Identity and AuthenticationProprietary Managed ServicesSummary
Index

Content preview from Building Serverless Applications with Google Cloud Run

Chapter 6. Service Identity and Authentication

In this chapter, I’ll explore Cloud Identity and Access Management (IAM). This is the platform service that lets you control permissions in your Google Cloud project.

Especially if you are building a more serious application, you’ll want to make sure that every Cloud Run service in your system only has the permissions to do exactly what it needs to do. In information security, this is also known as the principle of least privilege. It helps to reduce the impact of a vulnerability in one part of the system.

You’ll start by learning the concepts, and to put them into practice, I’ll show you how to deploy another demo application. The demo application features two Cloud Run services: a frontend and a backend. The frontend serves public traffic, and the backend can be invoked only by the frontend. To round out the example, I will also demonstrate how to run both services locally.

Cloud IAM Fundamentals

In order to do something useful with your application, you’ll often need to call other Cloud APIs: you’ll want to add a task to Cloud Tasks, upload a file to Cloud Storage, or connect with a Cloud SQL database. The Google Cloud APIs are protected by Cloud IAM, which verifies the identity of the caller and checks if they have permission to call the endpoint.

Roles

Permissions are granular and determine what operations can be performed on a resource. Permissions are usually tied to a specific API endpoint, such as “list all objects in a ...

Become an O’Reilly member and get unlimited access to this title plus top books and audiobooks from O’Reilly and nearly 200 top publishers, thousands of courses curated by job role, 150+ live events each month,
and much more.

Read now

Unlock full access

More than 5,000 organizations count on O’Reilly

O’Reilly covers everything we've got, with content to help us build a world-class technology community, upgrade the capabilities and competencies of our teams, and improve overall team performance as well as their engagement.

Julian F.

Head of Cybersecurity

I wanted to learn C and C++, but it didn't click for me until I picked up an O'Reilly book. When I went on the O’Reilly platform, I was astonished to find all the books there, plus live events and sandboxes so you could play around with the technology.

Addison B.

Field Engineer

I’ve been on the O’Reilly platform for more than eight years. I use a couple of learning platforms, but I'm on O'Reilly more than anybody else. When you're there, you start learning. I'm never disappointed.

Amir M.

Data Platform Tech Lead

I'm always learning. So when I got on to O'Reilly, I was like a kid in a candy store. There are playlists. There are answers. There's on-demand training. It's worth its weight in gold, in terms of what it allows me to do.

Mark W.

Embedded Software Engineer

Hands-On Serverless Computing with Google Cloud

Publisher Resources

ISBN: 9781492057086Errata Page

Cloud Computing

Data Engineering

Data Science

AI & ML

Programming Languages

Software Architecture

IT/Ops

Security

Design