Serverless on GCP using Cloud Functions

lostinopensource - Jun 24 - - Dev Community

Introduction:

This Post Introduce and Demonstrate how to deploy a stateless code/script on Google Cloud Platform Serverless Environment named Cloud Functions.

GCP Resources Used:

  1. Cloud Scheduler Job 2. Pub/Sub Topic 3. Cloud Function(1st Gen) 4. Two Service Accounts (for Infra and Cloud Function Runtime Service Account)

Tools Used:

  1. Terraform for IaaC 2. CI/CD - Github Actions

Conceptual Diagram:

Image description

As per above diagram the idea is to run a Event/trigger based Cloud function in following scenario:

When a Cloud Scheduler Job runs (automatically/force Run) it will send a message body to a Cloud Pub/Sub dedicated Topic which is having a Push based subscription with the 1st Gen Cloud Function .

As soon as the push based subscription gets active the entrypoint function defined in Cloud Function will get triggered and execute the Code Flow.

Security Practice:

  1. The GitHub action responsible for deploying the Infra and the Cloud function itself will be using GCP WIF Pool based authentication for more information see this: https://dev.to/iamgauravpande/enabling-workload-identity-federation-for-github-actions-on-gcp-h8g

  2. The Python code ran by Cloud Function will fetch its secret/token/password from Google Secret Manager Resource to avoid storing plaintext password on github repo.

NOTE: The Cloud Function source code along with Infra can be found at: https://github.com/iamgauravpande/serverless-on-gcp

. . . . . . . .
Terabox Video Player