Google Cloud Run

our first infra "flavor"

  • Cloud run for both frontend and backend. We configure GCP CDN in front of the frontend service type. The reason for cloud run for the frontend vs GCS is due to the need for redirects based on 404 so you can do proper client-side routing in a Single Page App. We run nginx in cloud run (all configured and managed for you) for this purpose. GCP’s solution is firebase sites which has its own separate integration into other GCP services (see https://www.reddit.com/r/googlecloud/comments/rvhki2/hosting_a_single_page_app_on_gcs_and_an_https/ or https://stackoverflow.com/questions/63006272/how-to-correctly-rewrite-urls-for-single-page-app-in-gcp-static-deployment)
  • Set up a storage bucket for public assets fronted by CDN for each app, as a place to put non-repo resources (e.g. fonts, PDFs, images). Eventually you may want to augment this with a CMS like Contentful.
  • GKE for running async workers (like a pub/sub queue worker) and for running scheduled tasks (cron tasks)
  • Support database and cache instances as resources for all environment types. Anything in cloud sql or cloud memorystore for engine and version are valid values. Each environment gets their own either database on the same instance (for review apps) or memory store instance
  • Production gets its own GCP project and db/memorystore instances (if configured)
  • Distinct VPC networks, cloud NAT, VPC connectors for serverless, service accounts for CI/running workloads - for each application
  • Managed cloud build YAML delivered to cloud build in your account, using secrets manager as configured for the app. Steps like linting/formatting/vuln scanning/binary authz/canary deploy all in the roadmap this year
  • We manage seeding and data migration as steps in environment creation/updates (for both dev environments and review/production). You can run any commands you want in the container for each service (which you write the Dockerfile for)
  • Secrets manager for config data in cloud run. GKE secrets/config for data in GKE. Uses GCP workload identity to assume app service accounts as needed without ever touching a key file
  • Audit logs for all SDLC lifecycle events (e.g. branch creation, env creation/modifications, CI/CD, dev environments, who did what)
  • K8s hosted (self-hostable on the roadmap) by us for running workspaces (cloud IDE) and toolboxes (cloud terminal for any environment)

Did this page help you?