Cloud Run has redefined the serverless paradigm a few years ago. Cloud Run has also made a promise: portability on any Kubernetes cluster with Knative installed on top of them. I demonstrated this portability which is great!

Knative and Cloud Run implement the same APIs and the same principle: You create a container, you deploy it, and it scales automatically according to your traffic.

To ensure and to achieve this scalability, Cloud Run and Knative come with a major constraint in the container paradigm

The container must be stateless. You can’t mount a volume on your container

So, today (July…

Google is a large company with a large number of applications that you can reach by APIs. To leverage and duplicate the power of each of these products, you can plug them together and create something bigger! However, it’s not so simple: each product is well documented but the authentication part to connect them is blurry, out of date or missing.

Generate Access Token

Thankfully, when you want to plug Google Workspace products and Google Cloud APIs, it’s quite easy with out-of-the-box methods.

When you use App Script, you have a single method to call to generate an access token (OAuth token)


Function as a Service, or FaaS, has been a cornerstone in app development. Popularized by AWS Lambda service, all the major Cloud Providers offer their version, with different features. And they also extend this principle to containers, with Cloud Run on Google Cloud for example.

On Google Cloud, Cloud Functions is the FaaS service and, to use it, you have to enforce a predefined code structure. In Python, to handle HTTP requests, the function signature is the following

def my_function(request):
return "response", 200 #http code

FaaS common issues

When you deploy a function, it’s “only one function”, to achieve only one task…

The cloud cost is one of the most scary aspect: you pay for what you use! To prevent any overcost, one of best practices is to estimate roughly the cost of a project and to set a budget alert on it.

On Google Cloud, you can achieve that on the billing page, in the Budget & Alerts section.

You need to have the Billing Admin role to access it. In an organization, there are different user profiles and all can’t be Billing Admin:

  • The cloud billing can be a sensitive information and the Billing Admin role allows a full view…

The secrets are the ultimate piece to protect: password, API Keys, private keys, root certificates,… There are several types of secrets but all needs to be kept safe and private. On Google Cloud, Secret Manager service helps to achieve this by keeping the secrets encrypted and protected by IAM.

IAM secret protection

Out of the box, Secret Manager offers a fine grained policy to grant access on individual secrets to enforce the least privilege principle. Like this, only the accounts (user account, or service account) that need to access to some secrets are allowed to reach them, but they can’t access the other…

The cloud has many benefits and one of them is the innovation speed with the motto “Fail fast, iterate faster”. Indeed, the cloud providers propose tons of services to easily test and experiment, when the same would be expensive, or impossible, on premise environment.

  • Create a cluster with Hadoop or Kubernetes
  • Use graphic accelerator for AI training
  • Deploy a global application,…

The cloud platforms are wonderful sandboxes where you can spend hours to experiment and try out. However, resources aren’t free!

There is periodic bad news on specialized websites about bad uses (or misuse) that led to huge bills.


I tried in Node (and I'm bad in Node) and I can propose you this piece of working code

const {WorkflowsClient} = require('@google-cloud/workflows');
const client = new WorkflowsClient();
const [workflows] = await client.listWorkflows({
parent: client.locationPath("<PROJECT_ID>", "us-central1"),
for (const workflow of workflows) {`name: ${}`);
const {ExecutionsClient} = require('@google-cloud/workflows');
const execclient = new ExecutionsClient();
const [resp] = await execclient.createExecution({
parent: client.workflowPath("<PROJECT_ID>", "us-central1", "run-long-process"),
execution: {
argument: '{"wait":5}'
});`name: ${}`);

Cloud components are useful and powerful. However, they are all disconnected from the others and when you want to deploy a full pipeline, you need to glue them. You can achieve this with PubSub and Cloud Functions.
However, it quickly becomes a spaghetti design with a lot of topics and functions. Having a centralized place to see, manage and configure your pipeline workflow could be great!

Google Workflows

Google Workflows takes place here. It has been announced since summer 2020 at Cloud Next on Air and is now generally available (GA) since January 2021. It’s a fully managed solution with a pay-as-you-use…

Security on Google Cloud is paramount but it’s strangely an unpopular topic. Actually, the security is often a boring topic! To fill the gap, I wrote articles about the 2 limits of IAM services and about workarounds and new use cases offer by Service Account Credential API. In both cases, my main concern was still the same: to avoid the users to download service account key files to improve the security.

However, the latest blog post on accessing Drive API of Gabe Weiss uses service account key files. That’s why I reached him out and the discussion was very interesting.

Gabe use case

With a difficult year 2020, companies are more focused on what they spend, and, because the cloud becomes bigger and bigger every year in companies, the cloud billing is getting a lot of interest.
For all the companies, the ideal model is to pay only what they use; and not more. The serverless products perfectly fit this expectation.

However, some services can’t adopt this model, especially for technical reason. Relational databases for example are liked for their low latency achieved thank to, at least, 2 factors

  • Instances are always running to avoid cold start
  • Indexes are kept in memory, and…

guillaume blaquiere

GDE Google Cloud Platform, scrum master, speaker, writer and polyglot developer, Google Cloud platform 3x certified, serverless addict and Go fan.

Get the Medium app

A button that says 'Download on the App Store', and if clicked it will lead you to the iOS App store
A button that says 'Get it on, Google Play', and if clicked it will lead you to the Google Play store