Chapter 2

Services

Find out useful information and use advise about Google Cloud best services.

Compute Engine

Rerun the startup script

    sudo google_metadata_script_runner startup

View the result

    sudo journalctl -u google-startup-scripts.service

Cloud Run

Cloud Run

The The Google Cloud Toolbox A simple, opinionated and minimalist documentation site for google cloud.

Note

Cloud Run is a serveless for run containers, you can do over managed platform o GKE. IMO the best place for your workloads

Info
  • pay for use
  • min insances from 0
  • max instances
  • only internal traffic
  • eggress to VPC (all / internal)
  • great portability

Create

gcloud run deploy run-service --image gcr.io/...... --set-env-vars foo=lol --memory 1G --allow-unauthenticated --region europe-west1 --project myproject

delete

gcloud run services delete run-service --region europe-west1 --project=myProject --quiet

auth call to cloud run

curl -X GET -H "Authorization: Bearer $(gcloud auth print-identity-token)" https://hello-cloudunuri-uc.a.run.app
Tip

You can find example images here Google containers images repo

Tip

There is a very good list of resources in Awesome Cloud Run

Functions

Functions

Firebase

Schedulled function in europe

    exports.scheduledFunction = functions.region('europe-west1').pubsub.schedule('every 5 minutes').onRun((context) => {
        console.log('This will be run every 5 minutes!');
        return null;
    });

Registry

Registry

Upload an image to gcloud

    gcloud auth login
    gcloud auth configure-docker
    docker pull busybox
    docker tag busybox gcr.io/my-project/busybox
    docker push gcr.io/my-project/busybox

Firestore

Firestore

Note

Firestore can use directly from GCP but there is extra features if you use in Firebase

Rules

    rules_version = '2';
    service cloud.firestore {
        match /databases/{database}/documents {
            match /Users/{document} {
            allow create: 
            if request.auth.uid == document
                && request.resource.data.keys().hasAll(["name", "nick", "created_at"])
                && request.resource.data.keys().hasOnly(["name", "nick", "created_at"]);
            allow read: if request.auth.uid == document;
            allow update: 
            if request.auth.uid == document
                && (request.resource.data.diff(resource.data).affectedKeys()
                .hasOnly(["name", "nick"]));
            allow delete: if request.auth.uid == document; 
            }
        }
    }

Rules example for subscriptions

rules_version = '2';
service cloud.firestore {
  match /databases/{database}/documents {
    function hasBasicSubs() {
      return request.auth.token.stripeRole == "basic";
    }

    function hasPremiumSubs() {
      return request.auth.token.stripeRole == "premium";
    }

    match /content-basic/{doc} {
      allow read: if hasBasicSubs() || hasPremiumSubs(); 
    }
    match /content-premium/{doc} {
      allow read: if hasPremiumSubs(); 
    }

    match /customers/{uid} {
      allow read: if request.auth.uid == uid;

      match /checkout_sessions/{id} {
        allow read, write: if request.auth.uid == uid;
      }
      match /subscriptions/{id} {
        allow read: if request.auth.uid == uid;
      }
    }

    match /products/{id} {
      allow read: if true;
      allow write: if false;

      match /prices/{id} {
        allow read: if true;
        allow write: if false;
      }
    }
  }
}
Tip

Is allways a good idea manage the rules from code and store in a git repo and deploy with firebase cli

firebase init
firebase deploy