On this edition of Serverless Expeditions, we take a look at scheduling automated Cloud Run jobs with Cloud Scheduler.
Check out the video version of this blog post.
Source code for this blog post is available on GitHub under the "scheduled-cloud-run" folder.
Cloud Run is designed to host a containerised web service -- any language you like, as long as the service listens on port 8080 -- but your code can run on events other than a user visiting your site.
An example of this design pattern would be a nightly billing job: you want to process billing data nightly at 1am, but you don't want to be the person to click a button in the middle of the night.
If you wanted to implement such a receiving service in NodeJS, you could implement it like in our example code: at the top of the code, create and initialize an Express app that listens for incoming HTTP calls. Note that Cloud Scheduler uses the “text/plain” content type, so you'll have to tell body-parser to parse more than the default “application/json” type. The POST handler parses the minimum balance that was sent to it from Cloud Scheduler, and then sends that off to the billing method later in the code.
Cloud Scheduler is a managed service offered on Google Cloud, where you can create jobs on a cron schedule that either makes a HTTPS call, or publishes a Pub/Sub message. In this example, you can setup a scheduled job that runs at 1am every night by entering the cron value
0 1 * * * in the Frequency field, and setting the HTTP Target to be the URL of your Cloud Run service you created earlier.
However, you need to make sure that this billing service is private, and not accessible by anyone on the internet. To convert a public service to private, you need to remove the
allUsers member from the service -- that is, deny anyone from accessing it. To then allow Cloud Scheduler to access the service, create a new service account, assigning it the Cloud Run Invoker role. Then set that service account's email identifier in the Auth Header setting in Cloud Scheduler, under "Add OIDC token". OIDC, or OpenID Connect, is a small layer on top of OAuth that handles identity. This field tells Cloud Scheduler to use the new service account's identity for running the job.
The free tier of Cloud Scheduler allows you 3 jobs for free, no matter how many times the job is run. Each job after that is USD$0.10 each. You may also incur costs for excess Cloud Run execution time, database costs, etc.
By using Google Cloud managed services that connect to Cloud Run, you can build more complex architectures, and automate manual processes to make your developer live easier.
Serverless Expeditions is a fun and cheeky video series that looks at what serverless means and how to build serverless apps with Google Cloud.