Introduction:
This Post Introduce and Demonstrate how to deploy a stateless code/script on Google Cloud Platform Serverless Environment named Cloud Functions.
GCP Resources Used:
- Cloud Scheduler Job 2. Pub/Sub Topic 3. Cloud Function(1st Gen) 4. Two Service Accounts (for Infra and Cloud Function Runtime Service Account)
Tools Used:
- Terraform for IaaC 2. CI/CD - Github Actions
Conceptual Diagram:
As per above diagram the idea is to run a Event/trigger based Cloud function in following scenario:
When a Cloud Scheduler Job runs (automatically/force Run) it will send a message body to a Cloud Pub/Sub dedicated Topic which is having a Push based subscription with the 1st Gen Cloud Function .
As soon as the push based subscription gets active the entrypoint function defined in Cloud Function will get triggered and execute the Code Flow.
Security Practice:
The GitHub action responsible for deploying the Infra and the Cloud function itself will be using GCP WIF Pool based authentication for more information see this: https://dev.to/iamgauravpande/enabling-workload-identity-federation-for-github-actions-on-gcp-h8g
The Python code ran by Cloud Function will fetch its secret/token/password from Google Secret Manager Resource to avoid storing plaintext password on github repo.
NOTE: The Cloud Function source code along with Infra can be found at: https://github.com/iamgauravpande/serverless-on-gcp