Code360 powered by Coding Ninjas X Naukri.com. Code360 powered by Coding Ninjas X Naukri.com
Table of contents
1.
Introduction
2.
Choosing between Cloud Run and Cloud Run for Anthos 
2.1.
Cloud Run
2.2.
Cloud Run for Anthos
3.
Resource model
4.
Cloud Run for Anthos in the console 
4.1.
Accessing Cloud Run for Anthos
5.
Cloud Run for Anthos fleet installation overview 
5.1.
Existing installations
5.2.
Migrate your workloads
5.3.
New installations
6.
Cloud Run for Anthos component permissions 
7.
Prerequisites for clusters on Google Cloud 
8.
Setting up the command-line environment
9.
Installing Cloud Run for Anthos on Google Cloud 
10.
Setting up Cloud Run for Anthos
10.1.
Setting up authentication with Workload Identity
10.2.
Configuring HTTPS and custom domains
10.3.
Setting up Anthos Service Mesh
10.4.
Setting up a multi-tenant environment
11.
Mapping custom domains 
11.1.
Add your DNS records to your domain registrar
11.2.
Adding verified domain owners to other users or service accounts
11.3.
Registering a domain with Cloud Domains within the Cloud Run for Anthos console
12.
Using test domains
12.1.
Using the nip.io test domain
12.2.
Using the external IP address
13.
Using managed TLS certificates and HTTPS
14.
From edge to mesh: Exposing service mesh applications through GKE Ingress
15.
Frequently Asked Questions
15.1.
What are Google Cloud Labs?
15.2.
What is the use of Qwiklabs?
15.3.
What is the full form of GCP?
15.4.
Is GCP PaaS or IaaS?
16.
Conclusion
Last Updated: Mar 27, 2024

Cloud Run for Anthos

Leveraging ChatGPT - GenAI as a Microsoft Data Expert
Speaker
Prerita Agarwal
Data Specialist @
23 Jul, 2024 @ 01:30 PM

Introduction

Cloud Run for Anthos is Google's managed and fully supported Knative offering. Cloud Run for Anthos abstracts away the complexity of Kubernetes, making it easy to deploy and build your serverless workloads across multi-cloud and hybrid environments. 

When you install Cloud Run for Anthos in your Anthos cluster, knative-serving namespaces are automatically created. Anthos Service Mesh by default installs in the istio-system namespace. The following components are deployed into one of those namespaces:

  • Components running in the knative-serving namespace: Activator, Auto-scaler, Controller, Webhook
  • Components running in the istio-system namespace: Cluster Local Gateway, Istio Ingress Gateway, Istiod

Choosing between Cloud Run and Cloud Run for Anthos 

While Cloud Run for Anthos provides a serverless development experience on a shared responsibility Anthos platform, Cloud Run is an entirely managed and serverless product. Using Cloud Run for Anthos, which is compatible with Anthos, you can quickly and consistently deploy your workloads across hybrid and multi-cloud systems. Additionally, switching from Cloud Run to Cloud Run for Anthos or vice versa is simple and doesn't need rewriting the application code.

To see the contrasts from a high-level architectural perspective.

Classification architecture of cloud run

Cloud Run

You can launch stateless containers using the Cloud Run platform without worrying about the underlying infrastructure. Depending on the amount of traffic to your app, your workloads are scaled out or into zero automatically. Pay-per-use rates for Cloud Run are rounded to the closest 100 milliseconds.

Cloud Run for Anthos

By abstracting away Kubernetes' complexity, Cloud Run for Anthos makes it simple to design and deploy programs across hybrid and multi-cloud environments. Google's managed and fully supported Knative service, Cloud Run for Anthos, provides serverless workloads on Kubernetes and is an open source project.

Get the tech career you deserve, faster!
Connect with our expert counsellors to understand how to hack your way to success
User rating 4.7/5
1:1 doubt support
95% placement record
Akash Pal
Senior Software Engineer
326% Hike After Job Bootcamp
Himanshu Gusain
Programmer Analyst
32 LPA After Job Bootcamp
After Job
Bootcamp

Resource model

The following diagram shows the Cloud Run for Anthos resource model:

Resource request model

The diagram shows a Google Cloud project containing two Cloud Run for Anthos services, Service A and Service B, each of which has several revisions.

In the diagram, Service A is receiving many requests, which results in the startup and running of several container instances. Note that Service B is not currently receiving requests, so no container instance is started yet.

Cloud Run for Anthos in the console 

In the Google Cloud dashboard, Cloud Run for Anthos is now accessible as a different experience from the managed Cloud Run product. For all of your Cloud Run for Anthos services, the new page offers you a product-specific experience. From a specific page, you now have full control and can carry out all previous creation, deployment, configuration, and management operations on your services.

Accessing Cloud Run for Anthos

The Cloud Run for Anthos menu is located under Anthos:

Cloud run anthos menu screenshot

You will find all of your Cloud Run for Anthos services listed in the new page:

screen shot for cloud run for anthos services

Cloud Run for Anthos fleet installation overview 

Through Anthos fleets and Anthos Service Mesh, Cloud Run for Anthos is supported on Anthos clusters.

Knative Serving is added to your cluster as part of the Cloud Run for Anthos installation, allowing you to connect to it and handle stateless workloads. See the Architectural overview for additional information on Cloud Run for Anthos.

Previous Cloud Run for Anthos "free trial" installations were made available in clusters as a "GKE add-on". The new Cloud Run for Anthos version must be installed as an Anthos fleet component with Anthos Service Mesh version 1.10 for Anthos versions 1.8 and later.

Existing installations

Before upgrading your clusters to Anthos version 1.8 or later, you must first migrate your current Cloud Run for Anthos installation to use an Anthos fleet and Anthos Service Mesh. For more information, check the cluster-specific guide:

  • GKE on Google Cloud upgrade to fleets
  • Fleets-ready Cloud Run for Anthos on VMware

Migrate your workloads

If Anthos do not meet your needs, you can migrate your existing Cloud Run for Anthos workloads to run on other products.

New installations

There are two general paths for how to install Cloud Run for Anthos depending on the location of your Anthos cluster:

On Google Cloud

For the Google Kubernetes Engine clusters in your Anthos fleet that are running on Google Cloud.

Outside Google Cloud

For the Anthos clusters in your fleet that are hosted and running outside Google Cloud. 

Cloud Run for Anthos component permissions 

Use this page to understand the RBAC permissions that the components of Cloud Run for Anthos hold to maintain access to the cluster. These permissions are necessary and enabled by default in Cloud Run for Anthos; do not attempt to disable them.

Component, namespace and service account table

Note that the cloud-run-operator service account has the same set of permissions as the controller. The operator is what deploys all Cloud Run for Anthos components, including custom resource definitions and controllers.

Prerequisites for clusters on Google Cloud 

Before you install Cloud Run for Anthos in your cluster on Google Cloud, you must first ensure that you follow the following requirements:

  • Understand and review the access permissions of components in Cloud Run for Anthos.
     
  • You must ensure that you have sufficient permissions in your Google Cloud project to meet the installation requirements for your Anthos fleet, Anthos cluster, and Anthos Service Mesh:
    • If you have the role of the owner for the Google Cloud project, then you have more than the permissions to create clusters, install, and then configure Cloud Run for Anthos.
    • It should be noted that all permission needs for installing and configuring Cloud Run for Anthos are also met by the Anthos Service Mesh permissions.
       
  • Using other roles and the minimum requirements:
    • You may also be able to fulfill the permission criteria, depending on your organization, by combining the preset roles listed below:
      • Google Cloud project permissions: Basic Editor Role
      • Anthos fleet permissions: GKE Hub Admin or a role that includes the following permissions:
        • gkehub.features.update
        • gkehub.features.create
      • Cluster permissions: 
        • Kubernetes Engine Cluster Admin
        • Kubernetes Engine Admin
           
  • An Anthos cluster with the following configuration is required:
    • A Google Kubernetes Engine cluster that is supported. Keep in mind that Windows Server node pools in GKE clusters are not supported.
    • Registered in your Anthos fleet
       
  • Anthos Service Mesh version 1.10 is installed.
    • A machine type with at least 4 vCPUs, such as e2-standard-4, is required by Anthos Service Mesh for your cluster. For further information on requirements, consult the installation instructions for Anthos Service Mesh.
       
  • The CLI environment must be set up.
     
  • The following APIs must be enabled in your Cloud project:
    • Google Kubernetes Engine API: Manage and build container-based applications.
    • Cloud Build API: Manage and create builds.
    • Container Registry API: Pull and push images in Container Registry.

Setting up the command-line environment

Set up Cloud Run for Anthos so that command-line tools can connect to it and communicate with it.

The use of a Mac or Linux operating system is assumed for these stages. You must modify the commands if you're running Microsoft Windows.

There are some jobs that need the command-line tools, even though you can opt to operate Cloud Run for Anthos using the console.

The CLI tools for Cloud Run for Anthos must be installed and set up as follows:

  • Install then initialize Google CLI.
  • Configure the Google Cloud CLI defaults:
  • Set your default Google Cloud project:
gcloud config set project PROJECT_ID

 

  • Replace PROJECT_ID with the ID of your Cloud project.
  • Set the target platform:
gcloud config set run/platform gke

 

  • Set the location of your cluster:
gcloud config set run/cluster_location ZONE_REGION

 

  • Replace ZONE_REGION with the region or zone of your cluster.
  • If you created and use a new namespace other than the default namespace, you can set that namespace as the default in Google Cloud CLI so that it's used each time you run a command:
gcloud config set run/namespace NAMESPACE

 

  • Replace NAMESPACE with the name of the namespace that you want the gcloud CLI tool to use by default.
  • Install the kubectl command-line tool:
gcloud components install kubectl

 

  • Optional: Ensure that all previously installed components are up-to-date:
gcloud components update

Installing Cloud Run for Anthos on Google Cloud 

To install the default components of Cloud Run for Anthos:

  • Enable Cloud Run for Anthos in your Anthos fleet:
gcloud container fleet cloudrun enable --project=PROJECT_ID


Replace PROJECT_ID with the ID of your Cloud project. Optional: Verify that the Cloud Run for Anthos feature component is enabled:

View if the Cloud Run for Anthos component is Enabled in the Google Cloud console:

features page
  • For each Anthos cluster where you want to install Cloud Run for Anthos, run the corresponding command:
gcloud container fleet cloudrun apply --gke-cluster=CLUSTER_LOCATION/CLUSTER_NAME


Replace the following:

CLUSTER_LOCATION with the zone or region in which your cluster is located.

CLUSTER_NAME with the ID of your cluster or the fully qualified identifier for the cluster.
 

  • Verify that Cloud Run for Anthos has been enabled in your cluster, Click on the name of your cluster to open the details pane. Example:
     
cluster details pane

Setting up Cloud Run for Anthos

Setting up authentication with Workload Identity

You can use Workload Identity to authenticate your Cloud Run for Anthos services to Google Cloud APIs and services. You must set up Workload Identity before you deploy services to your cluster, otherwise, each service that exists on your cluster prior to enabling Workload Identity needs to be migrated.

Configuring HTTPS and custom domains

You can use the following techniques to activate HTTPS and set a custom domain: Using HTTPS Mapping custom domains and controlled TLS certificates

Setting up Anthos Service Mesh

Use the In-cluster control plane options, which include instructions on how to set up a private, internal network, to establish Anthos Service Mesh options for Cloud Run for Anthos. Businesses that offer internal apps to their employees, as well as services utilized by clients that are not a part of the Cloud Run for Anthos cluster, can both benefit from the deployment of services on an internal network. With this configuration, the service can communicate with other network resources using a secure, internal (RFC 1918) IP address that is not accessible to the general public.

Setting up a multi-tenant environment

In multi-tenant use cases, you will need to deploy and manage Cloud Run for Anthos services to a Google Kubernetes Engine cluster that is outside your current project. 

Mapping custom domains 

To map your custom domain, utilize the command-line tools or the Google Cloud console.

Generally, to set up a custom domain:

  • Optional: Your load balancer's IP address should be reserved.
  • In Cloud Run for Anthos, map your services or the cluster to the specific domain.
  • In your domain registrar, update your DNS records.

Add your DNS records to your domain registrar

You must update your DNS records at your domain registrar after mapping your service to a custom domain in Cloud Run for Anthos. The DNS records you must supply are generated and displayed as a convenience by Cloud Run for Anthos. For the mapping to take effect, you must add these records at your domain registrar that point to the Cloud Run for Anthos service.

Adding verified domain owners to other users or service accounts

A user can only verify a domain to their own account when they do so. It follows that no one else can add any more domain mappings that use that domain. You must add them as verified owners in order to allow other users to upload mappings that make use of that domain.

Registering a domain with Cloud Domains within the Cloud Run for Anthos console

To register a domain with Cloud Domains from within the Cloud Run for Anthos console:

  1. Move to the Cloud Run for Anthos domain mappings page:
  2. Click Register domain.
  3. Complete the registration process following the steps for registering a domain.
  4. Complete the steps, to map your domain to Cloud Run for Anthos and then add DNS records at your domain registrar. 

Using test domains

The nip.io base domain is the default setting for the services that you deploy to your Cloud Run for Anthos clusters. As a result, you don't need to do any further settings to start testing your services and sending requests.

Using the nip.io test domain

  1. In the console, move to the Cloud Run for Anthos page.
  2. In the list, choose the service for which you want to get the URL.
  3. Close to the top of the page, the URL is shown.
  4. For e.g.: http://my-service.default.kuberun.11.111.11.11.nip.io
     
service URL


Where default is the namespace, my-service is the name of the Cloud Run for Anthos service, and 11.111.11.11 is the IP address of your external load balancer.

Using the external IP address

You may also manually set up an alternate DNS wildcard service to access your services using the external IP address of your load balancer or by using cURL instructions.

From the Google Cloud panel, obtain the load balancer's external IP address as follows:

  1. Move to the GKE page in the console:
     
  2. Choose Services and ingress.
     
  3. Identify the service that is your cluster's Istio ingress. The type of service shall be External load balancer, and the Name shall be istio-ingressgateway.
     
  4. Once you have found your cluster's Istio ingress service, copy its Endpoint. This would be the IP address without the port number. For e.g., you might see 00.000.00.000:11 listed as an endpoint, but you only need to copy 00.000.00.000.

Using managed TLS certificates and HTTPS

If you want to use HTTPS,

  • You should keep hearing from your container on $PORT.
     
  • You have to decide how you will distribute TLS certificates:
     
  • Use managed TLS certificates, which can be used to create and renew TLS certificates as needed automatically. This article details the functionality of the supported Google Kubernetes Engine versions, which are available.
     
  • You are in charge of obtaining and renewing your own certifications, so use your own. You must use your own credentials in some circumstances, as detailed under Limitations.
     
  • In order to use the managed certificates feature if you are utilizing managed certificates, you must additionally map your custom domain.

From edge to mesh: Exposing service mesh applications through GKE Ingress

An application communication layer that is standardized, observable, and security-enhanced is provided by the managed service mesh called Anthos Service Mesh, which is based on Istio. A service mesh offers clients talking in the mesh a comprehensive communications platform, whether you use Anthos Service Mesh, Traffic Director, or Istio. However, how to link clients outside the mesh to applications hosted in the mesh continues to be a problem.

Depending on the client's location, numerous ways to expose an application to users exist. However, by fusing Cloud Load Balancing with Anthos Service Mesh, we may link load balancers with a service mesh and expose an application to clients.

Frequently Asked Questions

What are Google Cloud Labs?

The Google Cloud Self-Paced Labs are interactive labs that take place online. These laboratories include a series of guidelines that lead through a real-world, scenario-based use case in real-time.

What is the use of Qwiklabs?

To provide you the opportunity to work on several cloud platforms and gain practical experience, Qwiklabs offers temporary credentials to both Google Cloud Platform and Amazon Web Services.

What is the full form of GCP?

The Google Cloud Platform (GCP) is a collection of cloud computing services that Google offers. It employs the same internal Infrastructure as Google for its consumer products, including Google Search, Gmail, Drive, and YouTube.

Is GCP PaaS or IaaS?

Despite starting only with PaaS, GCP now offers IaaS. The Infrastructure as a Service (IaaS) product Google Compute Engine (GCE) enables users to run workloads on Google's actual Infrastructure.

Conclusion

We covered the Cloud run for Anthos in this article. We hope this article helps you to learn something new. And if you're interested in learning more, see our posts on AWS vs. Azure and Google CloudGoogle BigQueryAWS Vs Azure Vs Google Cloud: The Platform of Your Choice?Java knowledge for your first coding job.

We hope that this blog has helped you enhance your knowledge regarding Migrate to Containers, and if you would like to learn more, check out our articles on Google Cloud Certification. You can refer to our guided paths on the Coding Ninjas Studio platform to learn more about DSADBMSCompetitive ProgrammingPythonJavaJavaScript, etc. To practice and improve yourself in the interview, you can also check out Top 100 SQL problemsInterview experienceCoding interview questions, and the Ultimate guide path for interviews. Do upvote our blog to help other ninjas grow. 

Thank you image
Live masterclass