| ▲ | solatic 13 hours ago | |||||||
Cloud Run is fine if you're a small startup and you're thinking about your monthly bill in three-figure or even four-figure terms. Like most serverless solutions, it does not permit you to control egress traffic. There are no firewall controls exposed to you, so you can't configure something along the lines of "I know my service needs to connect to a database, that's permitted, all other egress attempts are forbidden", which is a foundational component of security architecture that understands that getting attacked is a matter of time and security is something you build in layers. EDIT: apparently I'm wrong on Cloud Run not being deployable within a VPC! See below. GCP and other cloud providers have plenty of storage products that only work inside a VPC. Cloud SQL. Memorystore. MongoDB Atlas (excluding the expensive and unscalable serverless option). Your engineers are probably going to want to use one or some of them. Eventually you will need a VPC. You will need to deploy compute inside the VPC. Managed Kubernetes solutions make that much easier. But 90% of startups fail, so 95% of startups will fail before they get to this point. YMMV. | ||||||||
| ▲ | jedi3335 13 hours ago | parent | next [-] | |||||||
Cloud Run has had network egress control for a while: https://cloud.google.com/run/docs/configuring/vpc-direct-vpc | ||||||||
| ||||||||
| ▲ | p_l 4 hours ago | parent | prev | next [-] | |||||||
kubernetes is how I keep compute costs in 2-3 digits :V | ||||||||
| ▲ | bspammer 13 hours ago | parent | prev [-] | |||||||
I’m surprised Cloud Run doesn’t let you do this. You can put an AWS lambda in a VPC no problem. | ||||||||