Blog

Website Refactoring using Google Cloud Run

, John Comber

Introduction

A summary of refactoring this website and the resulting IaC template developed using GitHub Codespaces, GitHub Actions, Terraform, Google Artifact Registry and Google Cloud Run.

Previous Architecture

The content for this website was previously hosted using Wordpress running on Docker on a virtual machine in the IONOS cloud.

It was relatively easy to setup (for an IT worker) and provided an easy way to publish and edit content. However, that ease of setup came with the downside that it was necessary to regularly patch Wordpress and the underlying VM with security updates. When I was busy with client work this task got put to the bottom of the list and resulted in a security risk.

The VM also cost GBP 6 per month. While a relatively small sum it was adding up over the years.

New Architecture

The new architecture consists of:

  • GitHub Codespaces that provide an environment to run Terraform to provision the initial IaC Seed resources.
  • GitHub Actions that provide an environment to securely store secrets and run jobs that:
    • execute Terraform to provision the website / API resources.
    • execute Docker build, publish and Cloud Run deployment processes.
  • Google Artifact Registry to host the built Docker website / API container.
  • Google Cloud Run to execute to the website / API container.

Google Cloud Run

Google Cloud Run is a serverless container hosting service. It's great because cold start times are negligible and there is an option to configure it to only bill for the time when the container is being pulled and when requests are being processed. There are also monthly free allowances of vCPU seconds, memory GiB seconds and requests count. This is ideal for a low traffic website / API as the costs are nil or negligible.

Benefits

Google Cloud Run is serverless so I no longer have to do server side patching tasks.

I'm no longer paying a monthly fee to rent the virtual machine.

Updates to the website are pushed to GitHub and are then automatically deployed using a GitHub continuous delivery action.

Risks

Costs could become significant if the website / API sustains a prolonged DDoS attack. Google Cloud Armor could be implemented to mitigate this, however, the cost / benefit would have to be calculated. I've chosen the simple option of setting a monthly billing limit for the time being.

Template

I've written a template that has three steps:

  • Provision the IaC Seed resources (using the Google Terraform Bootstrap module) in Google Cloud.
  • Provision the website IaC resources in Google Cloud.
  • Build, publish and deploy website code to the Google Cloud Run instance. This is equally suitable for hosting a web API.

The template is contained in the GitHub repository below.

GitHub

https://github.com/iskarconsulting/google-cloud-run-template

Licence

MIT

ISKAR Consulting Ltd 2023. E&OE.