Gcp Cloud Run

1---2name: gcp-cloud-run3description: Specialized skill for building production-ready serverless4  applications on GCP. Covers Cloud Run services (containerized), Cloud Run5  Functions (event-driven), cold start optimization, and event-driven6  architecture with Pub/Sub.7risk: unknown8source: vibeship-spawner-skills (Apache 2.0)9date_added: 2026-02-2710---11 12# GCP Cloud Run13 14Specialized skill for building production-ready serverless applications on GCP.15Covers Cloud Run services (containerized), Cloud Run Functions (event-driven),16cold start optimization, and event-driven architecture with Pub/Sub.17 18## Principles19 20- Cloud Run for containers, Functions for simple event handlers21- Optimize for cold starts with startup CPU boost and min instances22- Set concurrency based on workload (start with 8, adjust)23- Memory includes /tmp filesystem - plan accordingly24- Use VPC Connector only when needed (adds latency)25- Containers should start fast and be stateless26- Handle signals gracefully for clean shutdown27 28## Patterns29 30### Cloud Run Service Pattern31 32Containerized web service on Cloud Run33 34**When to use**: Web applications and APIs,Need any runtime or library,Complex services with multiple endpoints,Stateless containerized workloads35 36```dockerfile37# Dockerfile - Multi-stage build for smaller image38FROM node:20-slim AS builder39WORKDIR /app40COPY package*.json ./41RUN npm ci --only=production42 43FROM node:20-slim44WORKDIR /app45 46# Copy only production dependencies47COPY --from=builder /app/node_modules ./node_modules48COPY src ./src49COPY package.json ./50 51# Cloud Run uses PORT env variable52ENV PORT=808053EXPOSE 808054 55# Run as non-root user56USER node57 58CMD ["node", "src/index.js"]59```60 61```javascript62// src/index.js63const express = require('express');64const app = express();65 66app.use(express.json());67 68// Health check endpoint69app.get('/health', (req, res) => {70  res.status(200).send('OK');71});72 73// API routes74app.get('/api/items/:id', async (req, res) => {75  try {76    const item = await getItem(req.params.id);77    res.json(item);78  } catch (error) {79    console.error('Error:', error);80    res.status(500).json({ error: 'Internal server error' });81  }82});83 84// Graceful shutdown85process.on('SIGTERM', () => {86  console.log('SIGTERM received, shutting down gracefully');87  server.close(() => {88    console.log('Server closed');89    process.exit(0);90  });91});92 93const PORT = process.env.PORT || 8080;94const server = app.listen(PORT, () => {95  console.log(`Server listening on port ${PORT}`);96});97```98 99```yaml100# cloudbuild.yaml101steps:102  # Build the container image103  - name: 'gcr.io/cloud-builders/docker'104    args: ['build', '-t', 'gcr.io/$PROJECT_ID/my-service:$COMMIT_SHA', '.']105 106  # Push the container image107  - name: 'gcr.io/cloud-builders/docker'108    args: ['push', 'gcr.io/$PROJECT_ID/my-service:$COMMIT_SHA']109 110  # Deploy to Cloud Run111  - name: 'gcr.io/google.com/cloudsdktool/cloud-sdk'112    entrypoint: gcloud113    args:114      - 'run'115      - 'deploy'116      - 'my-service'117      - '--image=gcr.io/$PROJECT_ID/my-service:$COMMIT_SHA'118      - '--region=us-central1'119      - '--platform=managed'120      - '--allow-unauthenticated'121      - '--memory=512Mi'122      - '--cpu=1'123      - '--min-instances=1'124      - '--max-instances=100'125      - '--concurrency=80'126      - '--cpu-boost'127 128images:129  - 'gcr.io/$PROJECT_ID/my-service:$COMMIT_SHA'130```131 132### Structure133 134project/135├── Dockerfile136├── .dockerignore137├── src/138│   ├── index.js139│   └── routes/140├── package.json141└── cloudbuild.yaml142 143### Gcloud_deploy144 145# Direct gcloud deployment146gcloud run deploy my-service \147  --source . \148  --region us-central1 \149  --allow-unauthenticated \150  --memory 512Mi \151  --cpu 1 \152  --min-instances 1 \153  --max-instances 100 \154  --concurrency 80 \155  --cpu-boost156 157### Cloud Run Functions Pattern158 159Event-driven functions (formerly Cloud Functions)160 161**When to use**: Simple event handlers,Pub/Sub message processing,Cloud Storage triggers,HTTP webhooks162 163```javascript164// HTTP Function165// index.js166const functions = require('@google-cloud/functions-framework');167 168functions.http('helloHttp', (req, res) => {169  const name = req.query.name || req.body.name || 'World';170  res.send(`Hello, ${name}!`);171});172```173 174```javascript175// Pub/Sub Function176const functions = require('@google-cloud/functions-framework');177 178functions.cloudEvent('processPubSub', (cloudEvent) => {179  // Decode Pub/Sub message180  const message = cloudEvent.data.message;181  const data = message.data182    ? JSON.parse(Buffer.from(message.data, 'base64').toString())183    : {};184 185  console.log('Received message:', data);186 187  // Process message188  processMessage(data);189});190```191 192```javascript193// Cloud Storage Function194const functions = require('@google-cloud/functions-framework');195 196functions.cloudEvent('processStorageEvent', async (cloudEvent) => {197  const file = cloudEvent.data;198 199  console.log(`Event: ${cloudEvent.type}`);200  console.log(`Bucket: ${file.bucket}`);201  console.log(`File: ${file.name}`);202 203  if (cloudEvent.type === 'google.cloud.storage.object.v1.finalized') {204    await processUploadedFile(file.bucket, file.name);205  }206});207```208 209```bash210# Deploy HTTP function211gcloud functions deploy hello-http \212  --gen2 \213  --runtime nodejs20 \214  --trigger-http \215  --allow-unauthenticated \216  --region us-central1217 218# Deploy Pub/Sub function219gcloud functions deploy process-messages \220  --gen2 \221  --runtime nodejs20 \222  --trigger-topic my-topic \223  --region us-central1224 225# Deploy Cloud Storage function226gcloud functions deploy process-uploads \227  --gen2 \228  --runtime nodejs20 \229  --trigger-event-filters="type=google.cloud.storage.object.v1.finalized" \230  --trigger-event-filters="bucket=my-bucket" \231  --region us-central1232```233 234### Cold Start Optimization Pattern235 236Minimize cold start latency for Cloud Run237 238**When to use**: Latency-sensitive applications,User-facing APIs,High-traffic services239 240## 1. Enable Startup CPU Boost241 242```bash243gcloud run deploy my-service \244  --cpu-boost \245  --region us-central1246```247 248## 2. Set Minimum Instances249 250```bash251gcloud run deploy my-service \252  --min-instances 1 \253  --region us-central1254```255 256## 3. Optimize Container Image257 258```dockerfile259# Use distroless for minimal image260FROM node:20-slim AS builder261WORKDIR /app262COPY package*.json ./263RUN npm ci --only=production264 265FROM gcr.io/distroless/nodejs20-debian12266WORKDIR /app267COPY --from=builder /app/node_modules ./node_modules268COPY src ./src269CMD ["src/index.js"]270```271 272## 4. Lazy Initialize Heavy Dependencies273 274```javascript275// Lazy load heavy libraries276let bigQueryClient = null;277 278function getBigQueryClient() {279  if (!bigQueryClient) {280    const { BigQuery } = require('@google-cloud/bigquery');281    bigQueryClient = new BigQuery();282  }283  return bigQueryClient;284}285 286// Only initialize when needed287app.get('/api/analytics', async (req, res) => {288  const client = getBigQueryClient();289  const results = await client.query({...});290  res.json(results);291});292```293 294## 5. Increase Memory (More CPU)295 296```bash297# Higher memory = more CPU during startup298gcloud run deploy my-service \299  --memory 1Gi \300  --cpu 2 \301  --region us-central1302```303 304### Optimization_impact305 306- Startup_cpu_boost: 50% faster cold starts307- Min_instances: Eliminates cold starts for traffic spikes308- Distroless_image: Smaller attack surface, faster pull309- Lazy_init: Defers heavy loading to first request310 311### Concurrency Configuration Pattern312 313Proper concurrency settings for Cloud Run314 315**When to use**: Need to optimize instance utilization,Handle traffic spikes efficiently,Reduce cold starts316 317## Understanding Concurrency318 319```bash320# Default concurrency is 80321# Adjust based on your workload322 323# For I/O-bound workloads (most web apps)324gcloud run deploy my-service \325  --concurrency 80 \326  --cpu 1327 328# For CPU-bound workloads329gcloud run deploy my-service \330  --concurrency 1 \331  --cpu 1332 333# For memory-intensive workloads334gcloud run deploy my-service \335  --concurrency 10 \336  --memory 2Gi337```338 339## Node.js Concurrency340 341```javascript342// Node.js is single-threaded but handles I/O concurrently343// Use async/await for all I/O operations344 345// GOOD - async I/O346app.get('/api/data', async (req, res) => {347  const [users, products] = await Promise.all([348    fetchUsers(),349    fetchProducts()350  ]);351  res.json({ users, products });352});353 354// BAD - blocking operation355app.get('/api/compute', (req, res) => {356  const result = heavyCpuOperation(); // Blocks other requests!357  res.json(result);358});359```360 361## Python Concurrency with Gunicorn362 363```dockerfile364FROM python:3.11-slim365WORKDIR /app366COPY requirements.txt .367RUN pip install --no-cache-dir -r requirements.txt368COPY . .369 370# 4 workers for concurrency371CMD exec gunicorn --bind :$PORT --workers 4 --threads 2 main:app372```373 374```python375# main.py376from flask import Flask377app = Flask(__name__)378 379@app.route('/api/data')380def get_data():381    return {'status': 'ok'}382```383 384### Concurrency_guidelines385 386- Concurrency=1: Only for CPU-bound or unsafe code387- Concurrency=8 20: Memory-intensive workloads388- Concurrency=80: Default, good for I/O-bound389- Concurrency=250: Maximum, for very lightweight handlers390 391### Pub/Sub Integration Pattern392 393Event-driven processing with Cloud Pub/Sub394 395**When to use**: Asynchronous message processing,Decoupled microservices,Event-driven architecture396 397## Push Subscription to Cloud Run398 399```bash400# Create topic401gcloud pubsub topics create orders402 403# Create push subscription to Cloud Run404gcloud pubsub subscriptions create orders-push \405  --topic orders \406  --push-endpoint https://my-service-xxx.run.app/pubsub \407  --ack-deadline 600408```409 410```javascript411// Handle Pub/Sub push messages412const express = require('express');413const app = express();414app.use(express.json());415 416app.post('/pubsub', async (req, res) => {417  // Verify the request is from Pub/Sub418  if (!req.body.message) {419    return res.status(400).send('Invalid Pub/Sub message');420  }421 422  try {423    // Decode message data424    const message = req.body.message;425    const data = message.data426      ? JSON.parse(Buffer.from(message.data, 'base64').toString())427      : {};428 429    console.log('Processing order:', data);430 431    await processOrder(data);432 433    // Return 200 to acknowledge434    res.status(200).send('OK');435  } catch (error) {436    console.error('Processing failed:', error);437    // Return 500 to trigger retry438    res.status(500).send('Processing failed');439  }440});441```442 443## Publishing Messages444 445```javascript446const { PubSub } = require('@google-cloud/pubsub');447const pubsub = new PubSub();448 449async function publishOrder(order) {450  const topic = pubsub.topic('orders');451  const messageBuffer = Buffer.from(JSON.stringify(order));452 453  const messageId = await topic.publishMessage({454    data: messageBuffer,455    attributes: {456      type: 'order_created',457      priority: 'high'458    }459  });460 461  console.log(`Published message ${messageId}`);462  return messageId;463}464```465 466## Dead Letter Queue467 468```bash469# Create DLQ topic470gcloud pubsub topics create orders-dlq471 472# Update subscription with DLQ473gcloud pubsub subscriptions update orders-push \474  --dead-letter-topic orders-dlq \475  --max-delivery-attempts 5476```477 478### Cloud SQL Connection Pattern479 480Connect Cloud Run to Cloud SQL securely481 482**When to use**: Need relational database,Migrating existing applications,Complex queries and transactions483 484```bash485# Deploy with Cloud SQL connection486gcloud run deploy my-service \487  --add-cloudsql-instances PROJECT:REGION:INSTANCE \488  --set-env-vars INSTANCE_CONNECTION_NAME="PROJECT:REGION:INSTANCE" \489  --set-env-vars DB_NAME="mydb" \490  --set-env-vars DB_USER="myuser"491```492 493```javascript494// Using Unix socket connection495const { Pool } = require('pg');496 497const pool = new Pool({498  user: process.env.DB_USER,499  password: process.env.DB_PASS,500  database: process.env.DB_NAME,501  // Cloud SQL connector uses Unix socket502  host: `/cloudsql/${process.env.INSTANCE_CONNECTION_NAME}`,503  max: 5,  // Connection pool size504  idleTimeoutMillis: 30000,505  connectionTimeoutMillis: 10000,506});507 508app.get('/api/users', async (req, res) => {509  const client = await pool.connect();510  try {511    const result = await client.query('SELECT * FROM users LIMIT 100');512    res.json(result.rows);513  } finally {514    client.release();515  }516});517```518 519```python520# Python with SQLAlchemy521import os522from sqlalchemy import create_engine523 524def get_engine():525    instance_connection_name = os.environ["INSTANCE_CONNECTION_NAME"]526    db_user = os.environ["DB_USER"]527    db_pass = os.environ["DB_PASS"]528    db_name = os.environ["DB_NAME"]529 530    engine = create_engine(531        f"postgresql+pg8000://{db_user}:{db_pass}@/{db_name}",532        connect_args={533            "unix_sock": f"/cloudsql/{instance_connection_name}/.s.PGSQL.5432"534        },535        pool_size=5,536        max_overflow=2,537        pool_timeout=30,538        pool_recycle=1800,539    )540    return engine541```542 543### Best_practices544 545- Use connection pooling (max 5-10 per instance)546- Set appropriate idle timeouts547- Handle connection errors gracefully548- Consider Cloud SQL Proxy for local development549 550### Secret Manager Integration551 552Securely manage secrets in Cloud Run553 554**When to use**: API keys, database passwords,Service account keys,Any sensitive configuration555 556```bash557# Create secret558echo -n "my-secret-value" | gcloud secrets create my-secret --data-file=-559 560# Mount as environment variable561gcloud run deploy my-service \562  --update-secrets=API_KEY=my-secret:latest563 564# Mount as file volume565gcloud run deploy my-service \566  --update-secrets=/secrets/api-key=my-secret:latest567```568 569```javascript570// Access mounted as environment variable571const apiKey = process.env.API_KEY;572 573// Access mounted as file574const fs = require('fs');575const apiKey = fs.readFileSync('/secrets/api-key', 'utf8');576 577// Access via Secret Manager API (when not mounted)578const { SecretManagerServiceClient } = require('@google-cloud/secret-manager');579const client = new SecretManagerServiceClient();580 581async function getSecret(name) {582  const [version] = await client.accessSecretVersion({583    name: `projects/${projectId}/secrets/${name}/versions/latest`584  });585  return version.payload.data.toString();586}587```588 589## Sharp Edges590 591### /tmp Filesystem Counts Against Memory592 593Severity: HIGH594 595Situation: Writing files to /tmp directory in Cloud Run596 597Symptoms:598Container killed with OOM error.599Memory usage spikes unexpectedly.600File operations cause container restarts.601"Container memory limit exceeded" in logs.602 603Why this breaks:604Cloud Run uses an in-memory filesystem for /tmp. Any files written605to /tmp consume memory from your container's allocation.606 607Common scenarios:608- Downloading files temporarily609- Creating temp processing files610- Libraries caching to /tmp611- Large log buffers612 613A 512MB container that downloads a 200MB file to /tmp only has614~300MB left for the application.615 616Recommended fix:617 618## Calculate memory including /tmp usage619 620```yaml621# cloudbuild.yaml622steps:623  - name: 'gcr.io/cloud-builders/gcloud'624    args:625      - 'run'626      - 'deploy'627      - 'my-service'628      - '--memory=1Gi'  # Include /tmp overhead629      - '--image=gcr.io/$PROJECT_ID/my-service'630```631 632## Stream instead of buffering633 634```python635# BAD - buffers entire file in /tmp636def process_large_file(bucket_name, blob_name):637    blob = bucket.blob(blob_name)638    blob.download_to_filename('/tmp/large_file')639    with open('/tmp/large_file', 'rb') as f:640        process(f.read())641 642# GOOD - stream processing643def process_large_file(bucket_name, blob_name):644    blob = bucket.blob(blob_name)645    with blob.open('rb') as f:646        for chunk in iter(lambda: f.read(8192), b''):647            process_chunk(chunk)648```649 650## Use Cloud Storage for large files651 652```python653from google.cloud import storage654 655def process_with_gcs(bucket_name, input_blob, output_blob):656    client = storage.Client()657    bucket = client.bucket(bucket_name)658 659    # Process directly to/from GCS660    input_blob = bucket.blob(input_blob)661    output_blob = bucket.blob(output_blob)662 663    with input_blob.open('rb') as reader:664        with output_blob.open('wb') as writer:665            for chunk in iter(lambda: reader.read(65536), b''):666                processed = transform(chunk)667                writer.write(processed)668```669 670## Monitor memory usage671 672```python673import psutil674import logging675 676def log_memory():677    memory = psutil.virtual_memory()678    logging.info(f"Memory: {memory.percent}% used, "679                f"{memory.available / 1024 / 1024:.0f}MB available")680```681 682### Concurrency=1 Causes Scaling Bottlenecks683 684Severity: HIGH685 686Situation: Setting concurrency to 1 for request isolation687 688Symptoms:689Auto-scaling creates many container instances.690High latency during traffic spikes.691Increased cold starts.692Higher costs from more instances.693 694Why this breaks:695Setting concurrency to 1 means each container handles only one696request at a time. During traffic spikes:697 698- 100 concurrent requests = 100 container instances699- Each instance has cold start overhead700- More instances = higher costs701- Scaling takes time, requests queue up702 703This should only be used when:704- Processing is truly single-threaded705- Memory-heavy per-request processing706- Using thread-unsafe libraries707 708Recommended fix:709 710## Set appropriate concurrency711 712```bash713# For I/O-bound workloads (most web apps)714gcloud run deploy my-service \715  --concurrency=80 \716  --max-instances=100717 718# For CPU-bound workloads719gcloud run deploy my-service \720  --concurrency=4 \721  --cpu=2722 723# Only use 1 when absolutely necessary724gcloud run deploy my-service \725  --concurrency=1 \726  --max-instances=1000  # Be prepared for many instances727```728 729## Node.js - use async properly730 731```javascript732// With high concurrency, ensure async operations733const express = require('express');734const app = express();735 736app.get('/api/data', async (req, res) => {737  // All I/O should be async738  const data = await fetchFromDatabase();739  const enriched = await enrichData(data);740  res.json(enriched);741});742 743// Concurrency 80+ is safe for async I/O workloads744```745 746## Python - use async framework747 748```python749from fastapi import FastAPI750import asyncio751import httpx752 753app = FastAPI()754 755@app.get("/api/data")756async def get_data():757    # Async I/O allows high concurrency758    async with httpx.AsyncClient() as client:759        response = await client.get("https://api.example.com/data")760        return response.json()761 762# Concurrency 80+ safe with async framework763```764 765## Calculate concurrency766 767```768concurrency = memory_limit / per_request_memory769 770Example:771- 512MB container772- 20MB per request overhead773- Safe concurrency: ~25774```775 776### CPU Throttled When Not Handling Requests777 778Severity: HIGH779 780Situation: Running background tasks or processing between requests781 782Symptoms:783Background tasks run extremely slowly.784Scheduled work doesn't complete.785Metrics collection fails.786Connection keep-alive breaks.787 788Why this breaks:789By default, Cloud Run throttles CPU to near-zero when not actively790handling a request. This is "CPU only during requests" mode.791 792Affected operations:793- Background threads794- Connection pool maintenance795- Metrics/telemetry emission796- Scheduled tasks within container797- Cleanup operations after response798 799Recommended fix:800 801## Enable CPU always allocated802 803```bash804# CPU allocated even outside requests805gcloud run deploy my-service \806  --cpu-throttling=false \807  --min-instances=1808 809# Note: This increases costs but enables background work810```811 812## Use startup CPU boost for initialization813 814```bash815# Boost CPU during cold start only816gcloud run deploy my-service \817  --cpu-boost \818  --cpu-throttling=true  # Default, throttle after request819```820 821## Move background work to Cloud Tasks822 823```python824from google.cloud import tasks_v2825import json826 827def create_background_task(payload):828    client = tasks_v2.CloudTasksClient()829    parent = client.queue_path(830        "my-project", "us-central1", "my-queue"831    )832 833    task = {834        "http_request": {835            "http_method": tasks_v2.HttpMethod.POST,836            "url": "https://my-service.run.app/process",837            "body": json.dumps(payload).encode(),838            "headers": {"Content-Type": "application/json"}839        }840    }841 842    client.create_task(parent=parent, task=task)843 844# Handle response immediately, background via Cloud Tasks845@app.post("/api/order")846async def create_order(order: Order):847    order_id = await save_order(order)848 849    # Queue background processing850    create_background_task({"order_id": order_id})851 852    return {"order_id": order_id, "status": "processing"}853```854 855## Use Pub/Sub for async processing856 857```yaml858# Move heavy processing to separate service859steps:860  # Main service - responds quickly861  - name: 'gcr.io/cloud-builders/gcloud'862    args: ['run', 'deploy', 'api-service',863           '--cpu-throttling=true']864 865  # Worker service - processes messages866  - name: 'gcr.io/cloud-builders/gcloud'867    args: ['run', 'deploy', 'worker-service',868           '--cpu-throttling=false',869           '--min-instances=1']870```871 872### VPC Connector 10-Minute Idle Timeout873 874Severity: MEDIUM875 876Situation: Cloud Run service connecting to VPC resources877 878Symptoms:879Connection errors after period of inactivity.880"Connection reset" or "Connection refused" errors.881Sporadic failures to VPC resources.882Database connections drop unexpectedly.883 884Why this breaks:885Cloud Run's VPC connector has a 10-minute idle timeout on connections.886If a connection is idle for 10 minutes, it's silently closed.887 888Affects:889- Database connection pools890- Redis connections891- Internal API connections892- Any persistent VPC connection893 894Recommended fix:895 896## Configure connection pool with keep-alive897 898```python899# SQLAlchemy with connection recycling900from sqlalchemy import create_engine901 902engine = create_engine(903    DATABASE_URL,904    pool_size=5,905    max_overflow=2,906    pool_recycle=300,  # Recycle connections every 5 minutes907    pool_pre_ping=True  # Validate connection before use908)909```910 911## TCP keep-alive for custom connections912 913```python914import socket915 916sock = socket.socket(socket.AF_INET, socket.SOCK_STREAM)917sock.setsockopt(socket.SOL_SOCKET, socket.SO_KEEPALIVE, 1)918sock.setsockopt(socket.IPPROTO_TCP, socket.TCP_KEEPIDLE, 60)919sock.setsockopt(socket.IPPROTO_TCP, socket.TCP_KEEPINTVL, 60)920sock.setsockopt(socket.IPPROTO_TCP, socket.TCP_KEEPCNT, 5)921```922 923## Redis with connection validation924 925```python926import redis927 928pool = redis.ConnectionPool(929    host=REDIS_HOST,930    port=6379,931    socket_keepalive=True,932    socket_keepalive_options={933        socket.TCP_KEEPIDLE: 60,934        socket.TCP_KEEPINTVL: 60,935        socket.TCP_KEEPCNT: 5936    },937    health_check_interval=30938)939client = redis.Redis(connection_pool=pool)940```941 942## Use Cloud SQL Proxy sidecar943 944```yaml945# Use Cloud SQL connector which handles reconnection946# requirements.txt947cloud-sql-python-connector[pg8000]948```949 950```python951from google.cloud.sql.connector import Connector952import sqlalchemy953 954connector = Connector()955 956def getconn():957    return connector.connect(958        "project:region:instance",959        "pg8000",960        user="user",961        password="password",962        db="database"963    )964 965engine = sqlalchemy.create_engine(966    "postgresql+pg8000://",967    creator=getconn968)969```970 971### Container Startup Timeout (4 minutes max)972 973Severity: HIGH974 975Situation: Deploying containers with slow initialization976 977Symptoms:978Deployment fails with "Container failed to start".979Service never becomes healthy.980"Revision failed to become ready" errors.981Works locally but fails on Cloud Run.982 983Why this breaks:984Cloud Run expects your container to start listening on PORT within9854 minutes (240 seconds). If it doesn't, the instance is killed.986 987Common causes:988- Heavy framework initialization (ML models, etc.)989- Waiting for external dependencies at startup990- Large dependency loading991- Database migrations on startup992 993Recommended fix:994 995## Enable startup CPU boost996 997```bash998gcloud run deploy my-service \999  --cpu-boost \1000  --startup-cpu-boost1001```1002 1003## Lazy initialization1004 1005```python1006from functools import lru_cache1007from fastapi import FastAPI1008 1009app = FastAPI()1010 1011# Don't load at import time1012model = None1013 1014@lru_cache()1015def get_model():1016    global model1017    if model is None:1018        # Load on first request, not at startup1019        model = load_heavy_model()1020    return model1021 1022@app.get("/predict")1023async def predict(data: dict):1024    model = get_model()  # Loads on first call only1025    return model.predict(data)1026 1027# Startup is fast - model loads on first request1028```1029 1030## Start listening immediately1031 1032```python1033import asyncio1034from fastapi import FastAPI1035import uvicorn1036 1037app = FastAPI()1038 1039# Global state for async initialization1040initialized = asyncio.Event()1041 1042@app.on_event("startup")1043async def startup():1044    # Start background initialization1045    asyncio.create_task(async_init())1046 1047async def async_init():1048    # Heavy initialization happens after server starts1049    await load_models()1050    await warm_up_connections()1051    initialized.set()1052 1053@app.get("/ready")1054async def ready():1055    if not initialized.is_set():1056        raise HTTPException(503, "Still initializing")1057    return {"status": "ready"}1058 1059@app.get("/health")1060async def health():1061    # Always respond - health check passes1062    return {"status": "healthy"}1063```1064 1065## Use multi-stage builds1066 1067```dockerfile1068# Build stage - slow1069FROM python:3.11 as builder1070WORKDIR /app1071COPY requirements.txt .1072RUN pip wheel --no-cache-dir --wheel-dir /wheels -r requirements.txt1073 1074# Runtime stage - fast startup1075FROM python:3.11-slim1076WORKDIR /app1077COPY --from=builder /wheels /wheels1078RUN pip install --no-cache /wheels/* && rm -rf /wheels1079COPY . .1080CMD ["uvicorn", "main:app", "--host", "0.0.0.0", "--port", "8080"]1081```1082 1083## Run migrations separately1084 1085```bash1086# Don't migrate on startup - use Cloud Build1087steps:1088  # Run migrations first1089  - name: 'gcr.io/cloud-builders/gcloud'1090    entrypoint: 'bash'1091    args:1092      - '-c'1093      - |1094        gcloud run jobs execute migrate-job --wait1095 1096  # Then deploy1097  - name: 'gcr.io/cloud-builders/gcloud'1098    args: ['run', 'deploy', 'my-service', ...]1099```1100 1101### Second Generation Execution Environment Differences1102 1103Severity: MEDIUM1104 1105Situation: Migrating to or using Cloud Run second-gen execution environment1106 1107Symptoms:1108Network behavior changes.1109Different syscall support.1110File system behavior differences.1111Container behaves differently than in first-gen.1112 1113Why this breaks:1114Cloud Run's second-generation execution environment uses a different1115sandbox (gVisor) with different characteristics:1116 1117- More Linux syscalls supported1118- Full /proc and /sys access1119- Different network stack1120- No automatic HTTPS redirect1121- Different tmp filesystem behavior1122 1123Recommended fix:1124 1125## Explicitly set execution environment1126 1127```bash1128# First generation (legacy)1129gcloud run deploy my-service \1130  --execution-environment=gen11131 1132# Second generation (recommended for most)1133gcloud run deploy my-service \1134  --execution-environment=gen21135```1136 1137## Handle network differences1138 1139```python1140# Second-gen doesn't auto-redirect HTTP to HTTPS1141from fastapi import FastAPI, Request1142from fastapi.responses import RedirectResponse1143 1144app = FastAPI()1145 1146@app.middleware("http")1147async def redirect_https(request: Request, call_next):1148    # Check X-Forwarded-Proto header1149    if request.headers.get("X-Forwarded-Proto") == "http":1150        url = request.url.replace(scheme="https")1151        return RedirectResponse(url, status_code=301)1152    return await call_next(request)1153```1154 1155## GPU access (second-gen only)1156 1157```bash1158# GPUs only available in second-gen1159gcloud run deploy ml-service \1160  --execution-environment=gen2 \1161  --gpu=1 \1162  --gpu-type=nvidia-l41163```1164 1165## Check execution environment1166 1167```python1168import os1169 1170def get_execution_environment():1171    # Second-gen has different /proc structure1172    try:1173        with open('/proc/version', 'r') as f:1174            version = f.read()1175            if 'gVisor' in version:1176                return 'gen2'1177    except:1178        pass1179    return 'gen1'1180```1181 1182### Request Timeout Configuration Mismatch1183 1184Severity: MEDIUM1185 1186Situation: Long-running requests or background processing1187 1188Symptoms:1189Requests terminated before completion.1190504 Gateway Timeout errors.1191Processing stops unexpectedly.1192Inconsistent timeout behavior.1193 1194Why this breaks:1195Cloud Run has multiple timeout configurations that must align:1196- Request timeout (default 300s, max 3600s for HTTP, 60m for gRPC)1197- Client timeout1198- Downstream service timeouts1199- Load balancer timeout (for external access)1200 1201Recommended fix:1202 1203## Set consistent timeouts1204 1205```bash1206# Increase request timeout (max 3600s for HTTP)1207gcloud run deploy my-service \1208  --timeout=900  # 15 minutes1209```1210 1211## Handle long-running with webhooks1212 1213```python1214from fastapi import FastAPI, BackgroundTasks1215import httpx1216 1217app = FastAPI()1218 1219@app.post("/process")1220async def process(data: dict, background_tasks: BackgroundTasks):1221    task_id = create_task_id()1222 1223    # Start background processing1224    background_tasks.add_task(1225        long_running_process,1226        task_id,1227        data,1228        data.get("callback_url")1229    )1230 1231    # Return immediately1232    return {"task_id": task_id, "status": "processing"}1233 1234async def long_running_process(task_id, data, callback_url):1235    result = await heavy_computation(data)1236 1237    # Callback when done1238    if callback_url:1239        async with httpx.AsyncClient() as client:1240            await client.post(callback_url, json={1241                "task_id": task_id,1242                "result": result1243            })1244```1245 1246## Use Cloud Tasks for reliable long-running1247 1248```python1249from google.cloud import tasks_v21250 1251def create_long_running_task(data):1252    client = tasks_v2.CloudTasksClient()1253    parent = client.queue_path(PROJECT, REGION, "long-tasks")1254 1255    task = {1256        "http_request": {1257            "http_method": tasks_v2.HttpMethod.POST,1258            "url": "https://worker.run.app/process",1259            "body": json.dumps(data).encode(),1260            "headers": {"Content-Type": "application/json"}1261        },1262        "dispatch_deadline": {"seconds": 1800}  # 30 min1263    }1264 1265    return client.create_task(parent=parent, task=task)1266```1267 1268## Streaming for long responses1269 1270```python1271from fastapi import FastAPI1272from fastapi.responses import StreamingResponse1273 1274@app.get("/large-report")1275async def large_report():1276    async def generate():1277        for chunk in process_large_data():1278            yield chunk1279 1280    return StreamingResponse(generate(), media_type="text/plain")1281```1282 1283## Validation Checks1284 1285### Hardcoded GCP Credentials1286 1287Severity: ERROR1288 1289GCP credentials must never be hardcoded in source code1290 1291Message: Hardcoded GCP service account credentials. Use Secret Manager or Workload Identity.1292 1293### GCP API Key in Source Code1294 1295Severity: ERROR1296 1297API keys should use Secret Manager1298 1299Message: Hardcoded GCP API key. Use Secret Manager.1300 1301### Credentials JSON File in Repository1302 1303Severity: ERROR1304 1305Service account JSON files should not be in source control1306 1307Message: Credentials file detected. Add to .gitignore and use Secret Manager.1308 1309### Running as Root User1310 1311Severity: WARNING1312 1313Containers should not run as root for security1314 1315Message: Dockerfile runs as root. Add USER directive for security.1316 1317### Missing Health Check in Dockerfile1318 1319Severity: INFO1320 1321Cloud Run uses HTTP health checks, Dockerfile HEALTHCHECK is optional1322 1323Message: No HEALTHCHECK in Dockerfile. Cloud Run uses its own health checks.1324 1325### Hardcoded Port in Application1326 1327Severity: WARNING1328 1329Port should come from PORT environment variable1330 1331Message: Hardcoded port. Use PORT environment variable for Cloud Run.1332 1333### Large File Writes to /tmp1334 1335Severity: WARNING1336 1337/tmp uses container memory, large writes can cause OOM1338 1339Message: /tmp writes consume memory. Consider Cloud Storage for large files.1340 1341### Synchronous File Operations1342 1343Severity: WARNING1344 1345Sync file ops block the event loop in async apps1346 1347Message: Synchronous file operations. Use async versions for better concurrency.1348 1349### Global Mutable State1350 1351Severity: WARNING1352 1353Global state issues with concurrent requests1354 1355Message: Global mutable state may cause issues with concurrent requests.1356 1357### Thread-Unsafe Singleton Pattern1358 1359Severity: WARNING1360 1361Singletons need thread safety for concurrency > 11362 1363Message: Singleton pattern - ensure thread safety if using concurrency > 1.1364 1365## Collaboration1366 1367### Delegation Triggers1368 1369- user needs AWS serverless -> aws-serverless (Lambda, API Gateway, SAM)1370- user needs Azure containers -> azure-functions (Azure Container Apps, Functions)1371- user needs database design -> postgres-wizard (Cloud SQL design, AlloyDB)1372- user needs authentication -> auth-specialist (Firebase Auth, Identity Platform)1373- user needs AI integration -> llm-architect (Vertex AI, Cloud Run + LLM)1374- user needs workflow orchestration -> workflow-automation (Cloud Workflows, Eventarc)1375 1376## When to Use1377Use this skill when the request clearly matches the capabilities and patterns described above.1378 1379## Limitations1380- Use this skill only when the task clearly matches the scope described above.1381- Do not treat the output as a substitute for environment-specific validation, testing, or expert review.1382- Stop and ask for clarification if required inputs, permissions, safety boundaries, or success criteria are missing.