Cloud Run

Question 1

What is Cloud Run?

Answer 1

Cloud Run is a serverless CaaS solution.

Question 2

What are the 2 ways to run your application on Cloud Run?

Answer 2

You can run your application as as Service or as a Job.

Question 3

What are the feature differences between a Service and a Job?

Answer 3

The only difference is that a Job cannot run continuously like a Service that has CPU always allocated.

Question 4

What is the billing structure for a Service?

Answer 4

A Service is billed differently depending on which CPU mode is selected.

If CPU is only allocated when processing requests, you are billed for CPU, memory, and per request.
If CPU is always on, you are billed for CPU and memory.

The former is priced a bit higher than the latter, but is not always on. This could help offset costs.

Question 5

What is the billing structure for a Job?

Answer 5

A Job is billed the same way as a Service with CPU always allocated.

Question 6

Since Cloud Run is built on Knative, it is important to understand it. Give a quick summary of the components that make up Knative.

Answer 6

Knative is software that allows you to build and deploy serverless applications on Kubernetes.

Knative has 3 components:
1. Build
2. Serving
3. Eventing

We will only focus on the Serving component.
The Serving component is made up of 4 subcomponents:
1. Service
2. Route
3. Configuration
4. Revision

The Service component is responsible for creating and managing the Route and Configuration. The Route component maps a network endpoint to one or more Revisions. The Configuration component creates and manages Revisions. A Revision is an immutable snapshot version of one or more containers and configuration data.

Question 7

Cloud Run supports container images built for which OS architecture?

Answer 7

Linux 64-bit

Question 8

What are the different ways to deploy an application as a Cloud Run Service?

Answer 8

1. Container images in Artifact Registry or Docker Hub
2. Continuous deployment from GitHub which requires Cloud Build
3. Source code by using gcloud run deploy <service-name> --source <source-path>

When you deploy from source, if a Dockerfile exists, it will be used. If not, a buildpack will be used.

Question 9

If a Cloud Run Service has multiple containers, can they all receive traffic?

Answer 9

No. There is only one container that defines a port and that is where traffic is routed.

Question 10

Which service account does Cloud Run use by default?

Answer 10

The Compute Engine service account which has an editor role.

Question 11

Does Cloud Run support gRPC?

Question 12

Is Cloud Run a global or regional resource?

Answer 12

Cloud Run is a regional resource and its instances are spread across multiple zones within a region.

Question 13

What are the different stages in the lifecycle of a Cloud Run instance and do they consume CPU?

Answer 13

1. Startup
2. Processing requests
3. Idle
4. Shutdown
5. Forced termination

Startup consumes CPU.

Processing Requests consumes CPU.

Idle does not consume CPU when “CPU is only allocated when processing requests” mode is on. Else, consumes CPU.

Shutdown consumes CPU.

Forced termination consumes CPUand does not allow you to terminate your application gracefully.

Question 14

Is it possible to gracefully shutdown an application during a Forced Termination?

Answer 14

No. A Forced Termination occurs when an application crashes or memory limits are exceed and cannot be handled gracefully. During Shutdown however, a SIGTERM signal is sent to the application which gives you 10 seconds to handle it and implement a graceful shutdown.

Question 15

At what CPU utilization does Cloud Run create a new instance?

Answer 15

Whenever an existing instance reaches 60% CPU utilization

Question 16

When you deploy a container image for the first time to Cloud Run, a service, and its first revision is created. Each service has a unique and permanent HTTPS endpoint URL that does not
change over time.

Question 17

Does Cloud Run support concurrency?

Answer 17

Yes. Each instance can be configured to handle up to 1000 requests at the same time.

Question 18

What is the billing structure of a Cloud Run Service that has CPU only allocated when processing requests but has 1 minimum instance running at all times?

Answer 18

The minimum instance is billed at the same rate as CPU is always on, but the other instances are billed at the same rate as CPU is only allocated when processing requests.

Question 19

Does Cloud Run pull container images from a repository every time it needs to scale out instances?

Answer 19

No. When Cloud Run pulls a container image for the first time, it creates a copy locally and uses it when scaling out instances.

Question 20

When using a Dockerfile that defines environment variables to build and deploy a container on Cloud Run, and Cloud Run also specifies its own environment variables, which environment variables will be used?

Answer 20

The environment variables defined by Cloud Run will be used. This is because Cloud Run environment variables override the environment variables defined in the Dockerfile.

Question 21

What are the 2 primary ways for accessing managed secrets when using Cloud Run?

Answer 21

1. Environment variables
2. Volumes

Secrets accessed as environment variables are static and an application will not be able to retrieve a newer version after startup. Therefore, secrets accessed as environment variables are normally pinned to a version.

Secrets accessed through a volume are dynamic and an application will always fetch the latest version by reading the secret (file) from the volume.

Remember, a volume is an external directory that is mounted to an internal directory inside your container.

Question 22

Does Cloud Run require a container image from Artifact Registry or Docker Hub to deploy an application?

Answer 22

Yes. In fact, even if you deploy from source, gcloud automatically stores the built image in Artifact Registry. However, since Cloud Run caches the image when deploying it, you can delete the image from Artifact Registry after it is deployed to prevent storage costs associated with Artifacr Registry.

Question 23

If there is a need to route the same client to the same instance, which Cloud Run feature could you use?

Answer 23

You can enable Session Affinity. Keep in mind, this is done on a best effort basis. You should also be aware that using Session Affinity with split traffic can lead to unique routing behavior. Make sure to read the documentation.

Question 24

If there is a need to route your egress traffic from your Cloud Run service to an internal GCP service (internal IP address) that uses your VPC Network (Memorystore), what are the 2 different ways to do so?

Answer 24

1. Serverless VPC Access connectors
2. Direct VPC

Serverless VPC Access allows Cloud Functions, Cloud Run, and App Engine standard environment apps to access resources in a VPC network using the internal IP addresses of those resources.

Direct VPC is more efficient but might require more configuration and appears to be a newer technology.

Question 25

The two types of tokens you can fetch with the metadata server are as follows:

OAuth 2.0 access tokens, which are used to call most Google API Client Libraries.
ID tokens, which are used to call other Cloud Run services or Cloud Functions, or to invoke any service to validate an ID token.