With the API Gateway working, you can now remove unauthenticated access to the Cloud Run services by revoking the roles/run.invoker role from allUsers from the Cloud Run service. This is because the API Gateway has the roles/run.invoker role to call the Cloud Run service on your behalf. This will also be the case for the […]
Deploying the UI Container to Cloud Run – API and User Interface with API Gateway and Cloud Storage
As the user interface container does not need any configuration, you do not need to configure any environment variables. It will also run without needing any additional permissions, so you do not need to configure any IAM roles. However, by default, it will use the default service account for the project which has more permissions […]
Google Firestore – Profile Service with Pub/Sub and Firestore
Firestore is a NoSQL document database that is built for automatic scaling, high performance, and ease of application development. Given the small amounts of data you’ll be storing for each user profile, Firestore is an excellent choice for your needs. Its serverless nature allows it to scale automatically according to demand, making it highly available […]
Requirements – Profile Service with Pub/Sub and Firestore
This chapter delves into the creation of a cloud native, event-driven microservice: the profile service. This profile service will build and continuously update user profiles based on changing facts from the fact service. The architecture will employ Google Pub/Sub for event notifications, Firestore as a serverless database to store user profiles, and Cloud Run for […]
Evaluation – Fact Service with Spring Boot, Cloud Run, and Cloud SQL
Now let’s look at how the solution will scale and how much it will cost. How Will This Solution Scale? This solution is designed with scalability in mind. First, the service itself has been designed to handle vertical scaling. This means that each instance’s capacity can be increased by augmenting memory and CPU resources. This […]
Creating a Secret in Secret Manager – Fact Service with Spring Boot, Cloud Run, and Cloud SQL
Before establishing a connection between the Cloud Run service and the Cloud SQL database, it’s necessary to create a secret in Secret Manager to safely store the database user’s password. Secret Manager is a secure and convenient solution provided by Google Cloud for managing sensitive information like passwords, API keys, and other secrets. It ensures […]
Implementation – Fact Service with Spring Boot, Cloud Run, and Cloud SQL
Let’s get hands-on and implement this project. Creating a New Spring Boot Project To create a new Spring Boot project, you can use the Spring Initializr. This is a web application that allows you to create a new Spring Boot project with several initial dependencies. You will use the following dependencies: This is a great […]
Cloud Run – Fact Service with Spring Boot, Cloud Run, and Cloud SQL
As you have seen in Chapter 6, Cloud Run is a flexible solution for running containers, and you will use it here again. My approach is to work my way down from the highest abstraction until I find a service that can work within the constraints I have identified, a process I call progressive decomposition, […]
Solution – Fact Service with Spring Boot, Cloud Run, and Cloud SQL
When choosing how to implement this requirement, you need to answer several questions: Where to run the compute? For this service, you have a long-running process, so it is not suitable for Cloud Functions. You will be using Java and Spring Boot in a container, so the startup time will be several seconds when using […]
Securing – Skill Service with Cloud Run
As in Chapter 5 with Cloud Functions, this Cloud Run service is currently using a default service account with broad permissions. Cloud Run is also allowing unauthenticated invocations of the service. This may be OK for testing, but in a production environment, you would want to secure the service, and you will see how to […]