Google Cloud, as any cloud provider, needs to expand and open new regions (view the history on Wikipedia). Today 28 regions are up and running, any 6 are coming.

New datacenter means new hardware installation and configuration. Then, the hardware continues to live for a while up to its replacement (obsolete).
And here come my wondering:

And especially when you don’t choose the underlying hardware, like with serverless products. Let’s have a test with BigQuery!

Separation of storage and processing

BigQuery design separates…


In cloud environments, it’s common to create and destroy resources as we need them. It’s also common to strongly separate the resources for security or confidentiality reasons; or simply to limit the blast radius in case of incidents.
On Google Cloud, creating several projects, one per customer, each with the same app deployed is a common pattern, especially when you have project-dependent resources, such as App Engine or Firestore/Datastore.

That’s for the design, but on day 2, you need to monitor your applications, dispatched in different projects.

In my case…


Cloud Run has redefined the serverless paradigm a few years ago. Cloud Run has also made a promise: portability on any Kubernetes cluster with Knative installed on top of them. I demonstrated this portability which is great!

Knative and Cloud Run implement the same APIs and the same principle: You create a container, you deploy it, and it scales automatically according to your traffic.

To ensure and to achieve this scalability, Cloud Run and Knative come with a major constraint in the container paradigm

So, today (July…


Google is a large company with a large number of applications that you can reach by APIs. To leverage and duplicate the power of each of these products, you can plug them together and create something bigger! However, it’s not so simple: each product is well documented but the authentication part to connect them is blurry, out of date or missing.

Generate Access Token

Thankfully, when you want to plug Google Workspace products and Google Cloud APIs, it’s quite easy with out-of-the-box methods.

When you use App Script, you have a single method to call to generate an access token (OAuth token)

ScriptApp.getOAuthToken();


Function as a Service, or FaaS, has been a cornerstone in app development. Popularized by AWS Lambda service, all the major Cloud Providers offer their version, with different features. And they also extend this principle to containers, with Cloud Run on Google Cloud for example.

On Google Cloud, Cloud Functions is the FaaS service and, to use it, you have to enforce a predefined code structure. In Python, to handle HTTP requests, the function signature is the following

def my_function(request):
...
return "response", 200 #http code

FaaS common issues

When you deploy a function, it’s “only one function”, to achieve only one task…


The cloud cost is one of the most scary aspect: you pay for what you use! To prevent any overcost, one of best practices is to estimate roughly the cost of a project and to set a budget alert on it.

On Google Cloud, you can achieve that on the billing page, in the Budget & Alerts section.

You need to have the Billing Admin role to access it. In an organization, there are different user profiles and all can’t be Billing Admin:

  • The cloud billing can be a sensitive information and the Billing Admin role allows a full view…


The secrets are the ultimate piece to protect: password, API Keys, private keys, root certificates,… There are several types of secrets but all needs to be kept safe and private. On Google Cloud, Secret Manager service helps to achieve this by keeping the secrets encrypted and protected by IAM.

IAM secret protection

Out of the box, Secret Manager offers a fine grained policy to grant access on individual secrets to enforce the least privilege principle. Like this, only the accounts (user account, or service account) that need to access to some secrets are allowed to reach them, but they can’t access the other…


The cloud has many benefits and one of them is the innovation speed with the motto “Fail fast, iterate faster”. Indeed, the cloud providers propose tons of services to easily test and experiment, when the same would be expensive, or impossible, on premise environment.

  • Create a cluster with Hadoop or Kubernetes
  • Use graphic accelerator for AI training
  • Deploy a global application,…

The cloud platforms are wonderful sandboxes where you can spend hours to experiment and try out. However, resources aren’t free!

Even…


I tried in Node (and I'm bad in Node) and I can propose you this piece of working code

const {WorkflowsClient} = require('@google-cloud/workflows');
const client = new WorkflowsClient();
const [workflows] = await client.listWorkflows({
parent: client.locationPath("<PROJECT_ID>", "us-central1"),
});
for (const workflow of workflows) {
console.info(`name: ${workflow.name}`);
}
const {ExecutionsClient} = require('@google-cloud/workflows');
const execclient = new ExecutionsClient();
const [resp] = await execclient.createExecution({
parent: client.workflowPath("<PROJECT_ID>", "us-central1", "run-long-process"),
execution: {
argument: '{"wait":5}'
}
});
console.info(`name: ${resp.name}`);


Cloud components are useful and powerful. However, they are all disconnected from the others and when you want to deploy a full pipeline, you need to glue them. You can achieve this with PubSub and Cloud Functions.
However, it quickly becomes a spaghetti design with a lot of topics and functions. Having a centralized place to see, manage and configure your pipeline workflow could be great!

Google Workflows

Google Workflows takes place here. It has been announced since summer 2020 at Cloud Next on Air and is now generally available (GA) since January 2021. It’s a fully managed solution with a pay-as-you-use…

guillaume blaquiere

GDE Google Cloud Platform, scrum master, speaker, writer and polyglot developer, Google Cloud platform 3x certified, serverless addict and Go fan.

Get the Medium app

A button that says 'Download on the App Store', and if clicked it will lead you to the iOS App store
A button that says 'Get it on, Google Play', and if clicked it will lead you to the Google Play store