Course Outline

Module 1

Introducing Application Development with Cloud Run

Objectives:

  • A general understanding of Cloud Run
  • Understand how how high availability, low end-user latency and developer productivity are important architectural drivers for web based applications today
  • Understand the advantages of serverless on Google Cloud.

    Topics Covered
  • This module gives a general overview of Cloud Run. If you’re new to Cloud Run (or even to Google Cloud), this will be a great introduction.

Module 2

Understanding Cloud Run

Objective:

  • Understand Container Images and Containers
  • Understand how Cloud Run is different from an always-on server
  • Implement the deployment of a container image to Cloud Run (hands-on lab)
  • Understand auto-scaling and on-demand containers

Topics Covered

  • You can use any language, any library and any binary. Cloud Run expects your app (in a container image) to listen on a port and respond to HTTP requests.

  • Use a docker repository on Artifact Registry to store your images: Cloud Run only deploys from there.

  • Cloud Run uses autoscaling to handle all incoming requests

  • Pay for use pricing model

  • No background tasks: Container lifetime is only guaranteed while handling requests

  • There is no persistent storage: Store data downstream

  • Cloud Run is portable (containers and Knative) 

Module 3

Building Container Images

Objective:

  • Deeply understand what is inside a container image
  • Package an application into a container image with Buildpacks (hands-on lab activity)
  • Understand that Dockerfiles are a lower-level and more transparent alternative to Buildpacks

Topics Covered

  • The contents of a container image (deep dive)

  • There are two ways to build container images: Buildpacks (hands-off) and Docker (you’re in control).

  • Cloud Run supports both source-based and a container image based workflow

  • The most important considerations of building a secure container image.

Module 4

Developing with Cloud Run

Objectives:

  • Understand the advantages of the shutdown lifecycle hook
  • Understand how to avoid request queuing
  • Implement new versions of an application (hands-on lab activity)
  • Implement gradual traffic migration (hands-on lab activity)

Topics Covered

  • Container lifecycle: Idle vs serving and Shutdown lifecycle hook

  • Cold starts: Min instances

  • Container readiness

  • The service resource and what it describes

  • Configuring memory limits and CPU allocation

  • Deploying a new revision

  • Traffic steering (tagging, gradual rollouts) 

Module 5

Configuring Service Identity and Authorization

Objectives:

  • Understand that every action on a Cloud resource is actually an API call
  • Understand how and why to limit the permissions in your Cloud Run service to only specific and necessary API calls
  • Understand the process needed to make the default permissions of a Cloud API more secure
  • Use the client libraries to call other Google Cloud services (hands-on lab activity)

Topics Covered

Cloud IAM

  • Service account, policy binding, roles, types of members, resource hierarchy (in practice)
  • Service accounts
  • Cloud Run IAM roles 

Cloud Run

  • Default service account
  • Risks of using the default service account 

Module 6

Serving Requests

Objectives:

  • Use Cloud CDN to improve the reliability and performance of an application
  • Use path-based routing to combine multiple applications on one domain
  • Route incoming requests to the Cloud Run service closest to clients

Topics Covered

  • Custom Domains

  • Global Load Balancer (URL Map, Frontend, Backend services)

  • Benefits and drawbacks of GLB over custom domain

  • Types of GLB Backends

  • Multi-region load balancing

  • Multi-regional applications challenges

  • Cloud CDN 

Module 7

Using Inbound and Outbound Access Control

Objectives:

  • Connecting your project to resources with a private IP
  • Implementing controls to prevent outbound traffic to dangerous or unwanted hosts
  • Implementing filters for inbound traffic using content-based rules
  • Implementing controlled access to only specific service accounts 

Topics Covered:

  • Ingress settings
  • Cloud Armor
  • Using Cloud IAM to protect services: Understand how authenticated requests (IAM + OIDC tokens) work (builds on Module 5)
  • VPC, VPC Access Connector
  • Egress settings 

Module 8

Persisting Data

Objectives:

  • Understand how to connect your application with Cloud SQL to store relational data
  • Use a VPC Connector to reach a private Memorystore instance
  • Understand how to connect with Cloud Storage, Spanner and Firestore 

Topics Covered

  • Understanding why you need to store data externally when running a workload on Cloud Run.

  • Connect with Cloud SQL from Cloud Run: Understand how it works (managed Cloud SQL Proxy)

  • Managing concurrency as a way to safeguard performance (understand why and when)

  • Connecting with Memorystor

  • VPC Connector:  Challenges with scaling Memorystore (throughput)

  • Briefly introduce Cloud Storage, Firestore and Cloud Spanner, while reinforcing how the client libraries use the built-in service account to connect (Module 5 is prerequisite knowledge).

  • Multi-region data storage (and what Spanner and Firestore can do for you) 

Module 9

Implementing Service-to-Service Communication

Objectives:

  • Using Cloud Pub/Sub to send messages between services
  • Discovering the URL of other Cloud Run services
  • Receiving events from other Google Cloud services
  • Processing background tasks asynchronously 

Topics Covered

  • Understanding Cloud Pub/Sub

  • Understanding topics, push subscriptions

  • Idempotency (Handling retries and at-least-once invocation. Event ID, design for resume, or use a lease.

  • Handling undeliverable message

  • How to asynchronously schedule a background task on a different service

  • Cloud Tasks, and when to choose it over Cloud Pub/Sub

  • Benefits of using Pub/Sub to pass messages over making sync RPC requests

  • Learn about services in Google Cloud with a built-in integration to push events to Pub/Sub (Cloud Build, Artifact Registry, Cloud Storage, IOT Core, BigQuery)

  • Cloud Scheduler to invoke services on a schedule.

  • CloudEvents

  • EventArc, and how to consume Audit logs.  What to expect now, and how EventArc will develop over time 

Module 10

Orchestrating and Automating Serverless Workflows

Objectives:

  • Understand the capabilities of Cloud Workflows
  • Learn how to model a simple workflow with steps and conditional jumps
  • Integrating Cloud Run with Cloud Workflows
  • Understand how to invoke workflows 

Topics Covered

  • Conceptual overview of Cloud Workflows

  • Invoking and passing parameters

  • Understand steps and jumps

  • Defining, using and passing values with variables

  • Using the switch statement to add logic

  • Workflow visualization

  • Calling HTTPS endpoints

  • Calling an authenticated Cloud Run service

  • Example: polling API for completion