[{"data":1,"prerenderedAt":-1},["ShallowReactive",2],{"skill-5cc6e05c-bd9d-4503-9eb5-2bdb5656da47":3,"$fFNWt6ICfDl40_qGrUts42zp7OZUptBe91WV1zhD7OUs":43},{"id":4,"title":5,"description":6,"categoryId":7,"moduleId":8,"tags":9,"prompt":10,"icon":11,"source":12,"sourceUrl":13,"authorId":14,"authorName":15,"isPublic":16,"stars":17,"runs":18,"createdAt":19,"updatedAt":19,"module":20,"category":27,"packages":34},"5cc6e05c-bd9d-4503-9eb5-2bdb5656da47","gcp-cloud-run","适用于构建生产级无服务器功能的专门技能","cat_coding_devops","mod_coding","sickn33,coding","---\nname: gcp-cloud-run\ndescription: Specialized skill for building production-ready serverless\n  applications on GCP. Covers Cloud Run services (containerized), Cloud Run\n  Functions (event-driven), cold start optimization, and event-driven\n  architecture with Pub\u002FSub.\nrisk: unknown\nsource: vibeship-spawner-skills (Apache 2.0)\ndate_added: 2026-02-27\n---\n\n# GCP Cloud Run\n\nSpecialized skill for building production-ready serverless applications on GCP.\nCovers Cloud Run services (containerized), Cloud Run Functions (event-driven),\ncold start optimization, and event-driven architecture with Pub\u002FSub.\n\n## Principles\n\n- Cloud Run for containers, Functions for simple event handlers\n- Optimize for cold starts with startup CPU boost and min instances\n- Set concurrency based on workload (start with 8, adjust)\n- Memory includes \u002Ftmp filesystem - plan accordingly\n- Use VPC Connector only when needed (adds latency)\n- Containers should start fast and be stateless\n- Handle signals gracefully for clean shutdown\n\n## Patterns\n\n### Cloud Run Service Pattern\n\nContainerized web service on Cloud Run\n\n**When to use**: Web applications and APIs,Need any runtime or library,Complex services with multiple endpoints,Stateless containerized workloads\n\n```dockerfile\n# Dockerfile - Multi-stage build for smaller image\nFROM node:20-slim AS builder\nWORKDIR \u002Fapp\nCOPY package*.json .\u002F\nRUN npm ci --only=production\n\nFROM node:20-slim\nWORKDIR \u002Fapp\n\n# Copy only production dependencies\nCOPY --from=builder \u002Fapp\u002Fnode_modules .\u002Fnode_modules\nCOPY src .\u002Fsrc\nCOPY package.json .\u002F\n\n# Cloud Run uses PORT env variable\nENV PORT=8080\nEXPOSE 8080\n\n# Run as non-root user\nUSER node\n\nCMD [\"node\", \"src\u002Findex.js\"]\n```\n\n```javascript\n\u002F\u002F src\u002Findex.js\nconst express = require('express');\nconst app = express();\n\napp.use(express.json());\n\n\u002F\u002F Health check endpoint\napp.get('\u002Fhealth', (req, res) => {\n  res.status(200).send('OK');\n});\n\n\u002F\u002F API routes\napp.get('\u002Fapi\u002Fitems\u002F:id', async (req, res) => {\n  try {\n    const item = await getItem(req.params.id);\n    res.json(item);\n  } catch (error) {\n    console.error('Error:', error);\n    res.status(500).json({ error: 'Internal server error' });\n  }\n});\n\n\u002F\u002F Graceful shutdown\nprocess.on('SIGTERM', () => {\n  console.log('SIGTERM received, shutting down gracefully');\n  server.close(() => {\n    console.log('Server closed');\n    process.exit(0);\n  });\n});\n\nconst PORT = process.env.PORT || 8080;\nconst server = app.listen(PORT, () => {\n  console.log(`Server listening on port ${PORT}`);\n});\n```\n\n```yaml\n# cloudbuild.yaml\nsteps:\n  # Build the container image\n  - name: 'gcr.io\u002Fcloud-builders\u002Fdocker'\n    args: ['build', '-t', 'gcr.io\u002F$PROJECT_ID\u002Fmy-service:$COMMIT_SHA', '.']\n\n  # Push the container image\n  - name: 'gcr.io\u002Fcloud-builders\u002Fdocker'\n    args: ['push', 'gcr.io\u002F$PROJECT_ID\u002Fmy-service:$COMMIT_SHA']\n\n  # Deploy to Cloud Run\n  - name: 'gcr.io\u002Fgoogle.com\u002Fcloudsdktool\u002Fcloud-sdk'\n    entrypoint: gcloud\n    args:\n      - 'run'\n      - 'deploy'\n      - 'my-service'\n      - '--image=gcr.io\u002F$PROJECT_ID\u002Fmy-service:$COMMIT_SHA'\n      - '--region=us-central1'\n      - '--platform=managed'\n      - '--allow-unauthenticated'\n      - '--memory=512Mi'\n      - '--cpu=1'\n      - '--min-instances=1'\n      - '--max-instances=100'\n      - '--concurrency=80'\n      - '--cpu-boost'\n\nimages:\n  - 'gcr.io\u002F$PROJECT_ID\u002Fmy-service:$COMMIT_SHA'\n```\n\n### Structure\n\nproject\u002F\n├── Dockerfile\n├── .dockerignore\n├── src\u002F\n│   ├── index.js\n│   └── routes\u002F\n├── package.json\n└── cloudbuild.yaml\n\n### Gcloud_deploy\n\n# Direct gcloud deployment\ngcloud run deploy my-service \\\n  --source . \\\n  --region us-central1 \\\n  --allow-unauthenticated \\\n  --memory 512Mi \\\n  --cpu 1 \\\n  --min-instances 1 \\\n  --max-instances 100 \\\n  --concurrency 80 \\\n  --cpu-boost\n\n### Cloud Run Functions Pattern\n\nEvent-driven functions (formerly Cloud Functions)\n\n**When to use**: Simple event handlers,Pub\u002FSub message processing,Cloud Storage triggers,HTTP webhooks\n\n```javascript\n\u002F\u002F HTTP Function\n\u002F\u002F index.js\nconst functions = require('@google-cloud\u002Ffunctions-framework');\n\nfunctions.http('helloHttp', (req, res) => {\n  const name = req.query.name || req.body.name || 'World';\n  res.send(`Hello, ${name}!`);\n});\n```\n\n```javascript\n\u002F\u002F Pub\u002FSub Function\nconst functions = require('@google-cloud\u002Ffunctions-framework');\n\nfunctions.cloudEvent('processPubSub', (cloudEvent) => {\n  \u002F\u002F Decode Pub\u002FSub message\n  const message = cloudEvent.data.message;\n  const data = message.data\n    ? JSON.parse(Buffer.from(message.data, 'base64').toString())\n    : {};\n\n  console.log('Received message:', data);\n\n  \u002F\u002F Process message\n  processMessage(data);\n});\n```\n\n```javascript\n\u002F\u002F Cloud Storage Function\nconst functions = require('@google-cloud\u002Ffunctions-framework');\n\nfunctions.cloudEvent('processStorageEvent', async (cloudEvent) => {\n  const file = cloudEvent.data;\n\n  console.log(`Event: ${cloudEvent.type}`);\n  console.log(`Bucket: ${file.bucket}`);\n  console.log(`File: ${file.name}`);\n\n  if (cloudEvent.type === 'google.cloud.storage.object.v1.finalized') {\n    await processUploadedFile(file.bucket, file.name);\n  }\n});\n```\n\n```bash\n# Deploy HTTP function\ngcloud functions deploy hello-http \\\n  --gen2 \\\n  --runtime nodejs20 \\\n  --trigger-http \\\n  --allow-unauthenticated \\\n  --region us-central1\n\n# Deploy Pub\u002FSub function\ngcloud functions deploy process-messages \\\n  --gen2 \\\n  --runtime nodejs20 \\\n  --trigger-topic my-topic \\\n  --region us-central1\n\n# Deploy Cloud Storage function\ngcloud functions deploy process-uploads \\\n  --gen2 \\\n  --runtime nodejs20 \\\n  --trigger-event-filters=\"type=google.cloud.storage.object.v1.finalized\" \\\n  --trigger-event-filters=\"bucket=my-bucket\" \\\n  --region us-central1\n```\n\n### Cold Start Optimization Pattern\n\nMinimize cold start latency for Cloud Run\n\n**When to use**: Latency-sensitive applications,User-facing APIs,High-traffic services\n\n## 1. Enable Startup CPU Boost\n\n```bash\ngcloud run deploy my-service \\\n  --cpu-boost \\\n  --region us-central1\n```\n\n## 2. Set Minimum Instances\n\n```bash\ngcloud run deploy my-service \\\n  --min-instances 1 \\\n  --region us-central1\n```\n\n## 3. Optimize Container Image\n\n```dockerfile\n# Use distroless for minimal image\nFROM node:20-slim AS builder\nWORKDIR \u002Fapp\nCOPY package*.json .\u002F\nRUN npm ci --only=production\n\nFROM gcr.io\u002Fdistroless\u002Fnodejs20-debian12\nWORKDIR \u002Fapp\nCOPY --from=builder \u002Fapp\u002Fnode_modules .\u002Fnode_modules\nCOPY src .\u002Fsrc\nCMD [\"src\u002Findex.js\"]\n```\n\n## 4. Lazy Initialize Heavy Dependencies\n\n```javascript\n\u002F\u002F Lazy load heavy libraries\nlet bigQueryClient = null;\n\nfunction getBigQueryClient() {\n  if (!bigQueryClient) {\n    const { BigQuery } = require('@google-cloud\u002Fbigquery');\n    bigQueryClient = new BigQuery();\n  }\n  return bigQueryClient;\n}\n\n\u002F\u002F Only initialize when needed\napp.get('\u002Fapi\u002Fanalytics', async (req, res) => {\n  const client = getBigQueryClient();\n  const results = await client.query({...});\n  res.json(results);\n});\n```\n\n## 5. Increase Memory (More CPU)\n\n```bash\n# Higher memory = more CPU during startup\ngcloud run deploy my-service \\\n  --memory 1Gi \\\n  --cpu 2 \\\n  --region us-central1\n```\n\n### Optimization_impact\n\n- Startup_cpu_boost: 50% faster cold starts\n- Min_instances: Eliminates cold starts for traffic spikes\n- Distroless_image: Smaller attack surface, faster pull\n- Lazy_init: Defers heavy loading to first request\n\n### Concurrency Configuration Pattern\n\nProper concurrency settings for Cloud Run\n\n**When to use**: Need to optimize instance utilization,Handle traffic spikes efficiently,Reduce cold starts\n\n## Understanding Concurrency\n\n```bash\n# Default concurrency is 80\n# Adjust based on your workload\n\n# For I\u002FO-bound workloads (most web apps)\ngcloud run deploy my-service \\\n  --concurrency 80 \\\n  --cpu 1\n\n# For CPU-bound workloads\ngcloud run deploy my-service \\\n  --concurrency 1 \\\n  --cpu 1\n\n# For memory-intensive workloads\ngcloud run deploy my-service \\\n  --concurrency 10 \\\n  --memory 2Gi\n```\n\n## Node.js Concurrency\n\n```javascript\n\u002F\u002F Node.js is single-threaded but handles I\u002FO concurrently\n\u002F\u002F Use async\u002Fawait for all I\u002FO operations\n\n\u002F\u002F GOOD - async I\u002FO\napp.get('\u002Fapi\u002Fdata', async (req, res) => {\n  const [users, products] = await Promise.all([\n    fetchUsers(),\n    fetchProducts()\n  ]);\n  res.json({ users, products });\n});\n\n\u002F\u002F BAD - blocking operation\napp.get('\u002Fapi\u002Fcompute', (req, res) => {\n  const result = heavyCpuOperation(); \u002F\u002F Blocks other requests!\n  res.json(result);\n});\n```\n\n## Python Concurrency with Gunicorn\n\n```dockerfile\nFROM python:3.11-slim\nWORKDIR \u002Fapp\nCOPY requirements.txt .\nRUN pip install --no-cache-dir -r requirements.txt\nCOPY . .\n\n# 4 workers for concurrency\nCMD exec gunicorn --bind :$PORT --workers 4 --threads 2 main:app\n```\n\n```python\n# main.py\nfrom flask import Flask\napp = Flask(__name__)\n\n@app.route('\u002Fapi\u002Fdata')\ndef get_data():\n    return {'status': 'ok'}\n```\n\n### Concurrency_guidelines\n\n- Concurrency=1: Only for CPU-bound or unsafe code\n- Concurrency=8 20: Memory-intensive workloads\n- Concurrency=80: Default, good for I\u002FO-bound\n- Concurrency=250: Maximum, for very lightweight handlers\n\n### Pub\u002FSub Integration Pattern\n\nEvent-driven processing with Cloud Pub\u002FSub\n\n**When to use**: Asynchronous message processing,Decoupled microservices,Event-driven architecture\n\n## Push Subscription to Cloud Run\n\n```bash\n# Create topic\ngcloud pubsub topics create orders\n\n# Create push subscription to Cloud Run\ngcloud pubsub subscriptions create orders-push \\\n  --topic orders \\\n  --push-endpoint https:\u002F\u002Fmy-service-xxx.run.app\u002Fpubsub \\\n  --ack-deadline 600\n```\n\n```javascript\n\u002F\u002F Handle Pub\u002FSub push messages\nconst express = require('express');\nconst app = express();\napp.use(express.json());\n\napp.post('\u002Fpubsub', async (req, res) => {\n  \u002F\u002F Verify the request is from Pub\u002FSub\n  if (!req.body.message) {\n    return res.status(400).send('Invalid Pub\u002FSub message');\n  }\n\n  try {\n    \u002F\u002F Decode message data\n    const message = req.body.message;\n    const data = message.data\n      ? JSON.parse(Buffer.from(message.data, 'base64').toString())\n      : {};\n\n    console.log('Processing order:', data);\n\n    await processOrder(data);\n\n    \u002F\u002F Return 200 to acknowledge\n    res.status(200).send('OK');\n  } catch (error) {\n    console.error('Processing failed:', error);\n    \u002F\u002F Return 500 to trigger retry\n    res.status(500).send('Processing failed');\n  }\n});\n```\n\n## Publishing Messages\n\n```javascript\nconst { PubSub } = require('@google-cloud\u002Fpubsub');\nconst pubsub = new PubSub();\n\nasync function publishOrder(order) {\n  const topic = pubsub.topic('orders');\n  const messageBuffer = Buffer.from(JSON.stringify(order));\n\n  const messageId = await topic.publishMessage({\n    data: messageBuffer,\n    attributes: {\n      type: 'order_created',\n      priority: 'high'\n    }\n  });\n\n  console.log(`Published message ${messageId}`);\n  return messageId;\n}\n```\n\n## Dead Letter Queue\n\n```bash\n# Create DLQ topic\ngcloud pubsub topics create orders-dlq\n\n# Update subscription with DLQ\ngcloud pubsub subscriptions update orders-push \\\n  --dead-letter-topic orders-dlq \\\n  --max-delivery-attempts 5\n```\n\n### Cloud SQL Connection Pattern\n\nConnect Cloud Run to Cloud SQL securely\n\n**When to use**: Need relational database,Migrating existing applications,Complex queries and transactions\n\n```bash\n# Deploy with Cloud SQL connection\ngcloud run deploy my-service \\\n  --add-cloudsql-instances PROJECT:REGION:INSTANCE \\\n  --set-env-vars INSTANCE_CONNECTION_NAME=\"PROJECT:REGION:INSTANCE\" \\\n  --set-env-vars DB_NAME=\"mydb\" \\\n  --set-env-vars DB_USER=\"myuser\"\n```\n\n```javascript\n\u002F\u002F Using Unix socket connection\nconst { Pool } = require('pg');\n\nconst pool = new Pool({\n  user: process.env.DB_USER,\n  password: process.env.DB_PASS,\n  database: process.env.DB_NAME,\n  \u002F\u002F Cloud SQL connector uses Unix socket\n  host: `\u002Fcloudsql\u002F${process.env.INSTANCE_CONNECTION_NAME}`,\n  max: 5,  \u002F\u002F Connection pool size\n  idleTimeoutMillis: 30000,\n  connectionTimeoutMillis: 10000,\n});\n\napp.get('\u002Fapi\u002Fusers', async (req, res) => {\n  const client = await pool.connect();\n  try {\n    const result = await client.query('SELECT * FROM users LIMIT 100');\n    res.json(result.rows);\n  } finally {\n    client.release();\n  }\n});\n```\n\n```python\n# Python with SQLAlchemy\nimport os\nfrom sqlalchemy import create_engine\n\ndef get_engine():\n    instance_connection_name = os.environ[\"INSTANCE_CONNECTION_NAME\"]\n    db_user = os.environ[\"DB_USER\"]\n    db_pass = os.environ[\"DB_PASS\"]\n    db_name = os.environ[\"DB_NAME\"]\n\n    engine = create_engine(\n        f\"postgresql+pg8000:\u002F\u002F{db_user}:{db_pass}@\u002F{db_name}\",\n        connect_args={\n            \"unix_sock\": f\"\u002Fcloudsql\u002F{instance_connection_name}\u002F.s.PGSQL.5432\"\n        },\n        pool_size=5,\n        max_overflow=2,\n        pool_timeout=30,\n        pool_recycle=1800,\n    )\n    return engine\n```\n\n### Best_practices\n\n- Use connection pooling (max 5-10 per instance)\n- Set appropriate idle timeouts\n- Handle connection errors gracefully\n- Consider Cloud SQL Proxy for local development\n\n### Secret Manager Integration\n\nSecurely manage secrets in Cloud Run\n\n**When to use**: API keys, database passwords,Service account keys,Any sensitive configuration\n\n```bash\n# Create secret\necho -n \"my-secret-value\" | gcloud secrets create my-secret --data-file=-\n\n# Mount as environment variable\ngcloud run deploy my-service \\\n  --update-secrets=API_KEY=my-secret:latest\n\n# Mount as file volume\ngcloud run deploy my-service \\\n  --update-secrets=\u002Fsecrets\u002Fapi-key=my-secret:latest\n```\n\n```javascript\n\u002F\u002F Access mounted as environment variable\nconst apiKey = process.env.API_KEY;\n\n\u002F\u002F Access mounted as file\nconst fs = require('fs');\nconst apiKey = fs.readFileSync('\u002Fsecrets\u002Fapi-key', 'utf8');\n\n\u002F\u002F Access via Secret Manager API (when not mounted)\nconst { SecretManagerServiceClient } = require('@google-cloud\u002Fsecret-manager');\nconst client = new SecretManagerServiceClient();\n\nasync function getSecret(name) {\n  const [version] = await client.accessSecretVersion({\n    name: `projects\u002F${projectId}\u002Fsecrets\u002F${name}\u002Fversions\u002Flatest`\n  });\n  return version.payload.data.toString();\n}\n```\n\n## Sharp Edges\n\n### \u002Ftmp Filesystem Counts Against Memory\n\nSeverity: HIGH\n\nSituation: Writing files to \u002Ftmp directory in Cloud Run\n\nSymptoms:\nContainer killed with OOM error.\nMemory usage spikes unexpectedly.\nFile operations cause container restarts.\n\"Container memory limit exceeded\" in logs.\n\nWhy this breaks:\nCloud Run uses an in-memory filesystem for \u002Ftmp. Any files written\nto \u002Ftmp consume memory from your container's allocation.\n\nCommon scenarios:\n- Downloading files temporarily\n- Creating temp processing files\n- Libraries caching to \u002Ftmp\n- Large log buffers\n\nA 512MB container that downloads a 200MB file to \u002Ftmp only has\n~300MB left for the application.\n\nRecommended fix:\n\n## Calculate memory including \u002Ftmp usage\n\n```yaml\n# cloudbuild.yaml\nsteps:\n  - name: 'gcr.io\u002Fcloud-builders\u002Fgcloud'\n    args:\n      - 'run'\n      - 'deploy'\n      - 'my-service'\n      - '--memory=1Gi'  # Include \u002Ftmp overhead\n      - '--image=gcr.io\u002F$PROJECT_ID\u002Fmy-service'\n```\n\n## Stream instead of buffering\n\n```python\n# BAD - buffers entire file in \u002Ftmp\ndef process_large_file(bucket_name, blob_name):\n    blob = bucket.blob(blob_name)\n    blob.download_to_filename('\u002Ftmp\u002Flarge_file')\n    with open('\u002Ftmp\u002Flarge_file', 'rb') as f:\n        process(f.read())\n\n# GOOD - stream processing\ndef process_large_file(bucket_name, blob_name):\n    blob = bucket.blob(blob_name)\n    with blob.open('rb') as f:\n        for chunk in iter(lambda: f.read(8192), b''):\n            process_chunk(chunk)\n```\n\n## Use Cloud Storage for large files\n\n```python\nfrom google.cloud import storage\n\ndef process_with_gcs(bucket_name, input_blob, output_blob):\n    client = storage.Client()\n    bucket = client.bucket(bucket_name)\n\n    # Process directly to\u002Ffrom GCS\n    input_blob = bucket.blob(input_blob)\n    output_blob = bucket.blob(output_blob)\n\n    with input_blob.open('rb') as reader:\n        with output_blob.open('wb') as writer:\n            for chunk in iter(lambda: reader.read(65536), b''):\n                processed = transform(chunk)\n                writer.write(processed)\n```\n\n## Monitor memory usage\n\n```python\nimport psutil\nimport logging\n\ndef log_memory():\n    memory = psutil.virtual_memory()\n    logging.info(f\"Memory: {memory.percent}% used, \"\n                f\"{memory.available \u002F 1024 \u002F 1024:.0f}MB available\")\n```\n\n### Concurrency=1 Causes Scaling Bottlenecks\n\nSeverity: HIGH\n\nSituation: Setting concurrency to 1 for request isolation\n\nSymptoms:\nAuto-scaling creates many container instances.\nHigh latency during traffic spikes.\nIncreased cold starts.\nHigher costs from more instances.\n\nWhy this breaks:\nSetting concurrency to 1 means each container handles only one\nrequest at a time. During traffic spikes:\n\n- 100 concurrent requests = 100 container instances\n- Each instance has cold start overhead\n- More instances = higher costs\n- Scaling takes time, requests queue up\n\nThis should only be used when:\n- Processing is truly single-threaded\n- Memory-heavy per-request processing\n- Using thread-unsafe libraries\n\nRecommended fix:\n\n## Set appropriate concurrency\n\n```bash\n# For I\u002FO-bound workloads (most web apps)\ngcloud run deploy my-service \\\n  --concurrency=80 \\\n  --max-instances=100\n\n# For CPU-bound workloads\ngcloud run deploy my-service \\\n  --concurrency=4 \\\n  --cpu=2\n\n# Only use 1 when absolutely necessary\ngcloud run deploy my-service \\\n  --concurrency=1 \\\n  --max-instances=1000  # Be prepared for many instances\n```\n\n## Node.js - use async properly\n\n```javascript\n\u002F\u002F With high concurrency, ensure async operations\nconst express = require('express');\nconst app = express();\n\napp.get('\u002Fapi\u002Fdata', async (req, res) => {\n  \u002F\u002F All I\u002FO should be async\n  const data = await fetchFromDatabase();\n  const enriched = await enrichData(data);\n  res.json(enriched);\n});\n\n\u002F\u002F Concurrency 80+ is safe for async I\u002FO workloads\n```\n\n## Python - use async framework\n\n```python\nfrom fastapi import FastAPI\nimport asyncio\nimport httpx\n\napp = FastAPI()\n\n@app.get(\"\u002Fapi\u002Fdata\")\nasync def get_data():\n    # Async I\u002FO allows high concurrency\n    async with httpx.AsyncClient() as client:\n        response = await client.get(\"https:\u002F\u002Fapi.example.com\u002Fdata\")\n        return response.json()\n\n# Concurrency 80+ safe with async framework\n```\n\n## Calculate concurrency\n\n```\nconcurrency = memory_limit \u002F per_request_memory\n\nExample:\n- 512MB container\n- 20MB per request overhead\n- Safe concurrency: ~25\n```\n\n### CPU Throttled When Not Handling Requests\n\nSeverity: HIGH\n\nSituation: Running background tasks or processing between requests\n\nSymptoms:\nBackground tasks run extremely slowly.\nScheduled work doesn't complete.\nMetrics collection fails.\nConnection keep-alive breaks.\n\nWhy this breaks:\nBy default, Cloud Run throttles CPU to near-zero when not actively\nhandling a request. This is \"CPU only during requests\" mode.\n\nAffected operations:\n- Background threads\n- Connection pool maintenance\n- Metrics\u002Ftelemetry emission\n- Scheduled tasks within container\n- Cleanup operations after response\n\nRecommended fix:\n\n## Enable CPU always allocated\n\n```bash\n# CPU allocated even outside requests\ngcloud run deploy my-service \\\n  --cpu-throttling=false \\\n  --min-instances=1\n\n# Note: This increases costs but enables background work\n```\n\n## Use startup CPU boost for initialization\n\n```bash\n# Boost CPU during cold start only\ngcloud run deploy my-service \\\n  --cpu-boost \\\n  --cpu-throttling=true  # Default, throttle after request\n```\n\n## Move background work to Cloud Tasks\n\n```python\nfrom google.cloud import tasks_v2\nimport json\n\ndef create_background_task(payload):\n    client = tasks_v2.CloudTasksClient()\n    parent = client.queue_path(\n        \"my-project\", \"us-central1\", \"my-queue\"\n    )\n\n    task = {\n        \"http_request\": {\n            \"http_method\": tasks_v2.HttpMethod.POST,\n            \"url\": \"https:\u002F\u002Fmy-service.run.app\u002Fprocess\",\n            \"body\": json.dumps(payload).encode(),\n            \"headers\": {\"Content-Type\": \"application\u002Fjson\"}\n        }\n    }\n\n    client.create_task(parent=parent, task=task)\n\n# Handle response immediately, background via Cloud Tasks\n@app.post(\"\u002Fapi\u002Forder\")\nasync def create_order(order: Order):\n    order_id = await save_order(order)\n\n    # Queue background processing\n    create_background_task({\"order_id\": order_id})\n\n    return {\"order_id\": order_id, \"status\": \"processing\"}\n```\n\n## Use Pub\u002FSub for async processing\n\n```yaml\n# Move heavy processing to separate service\nsteps:\n  # Main service - responds quickly\n  - name: 'gcr.io\u002Fcloud-builders\u002Fgcloud'\n    args: ['run', 'deploy', 'api-service',\n           '--cpu-throttling=true']\n\n  # Worker service - processes messages\n  - name: 'gcr.io\u002Fcloud-builders\u002Fgcloud'\n    args: ['run', 'deploy', 'worker-service',\n           '--cpu-throttling=false',\n           '--min-instances=1']\n```\n\n### VPC Connector 10-Minute Idle Timeout\n\nSeverity: MEDIUM\n\nSituation: Cloud Run service connecting to VPC resources\n\nSymptoms:\nConnection errors after period of inactivity.\n\"Connection reset\" or \"Connection refused\" errors.\nSporadic failures to VPC resources.\nDatabase connections drop unexpectedly.\n\nWhy this breaks:\nCloud Run's VPC connector has a 10-minute idle timeout on connections.\nIf a connection is idle for 10 minutes, it's silently closed.\n\nAffects:\n- Database connection pools\n- Redis connections\n- Internal API connections\n- Any persistent VPC connection\n\nRecommended fix:\n\n## Configure connection pool with keep-alive\n\n```python\n# SQLAlchemy with connection recycling\nfrom sqlalchemy import create_engine\n\nengine = create_engine(\n    DATABASE_URL,\n    pool_size=5,\n    max_overflow=2,\n    pool_recycle=300,  # Recycle connections every 5 minutes\n    pool_pre_ping=True  # Validate connection before use\n)\n```\n\n## TCP keep-alive for custom connections\n\n```python\nimport socket\n\nsock = socket.socket(socket.AF_INET, socket.SOCK_STREAM)\nsock.setsockopt(socket.SOL_SOCKET, socket.SO_KEEPALIVE, 1)\nsock.setsockopt(socket.IPPROTO_TCP, socket.TCP_KEEPIDLE, 60)\nsock.setsockopt(socket.IPPROTO_TCP, socket.TCP_KEEPINTVL, 60)\nsock.setsockopt(socket.IPPROTO_TCP, socket.TCP_KEEPCNT, 5)\n```\n\n## Redis with connection validation\n\n```python\nimport redis\n\npool = redis.ConnectionPool(\n    host=REDIS_HOST,\n    port=6379,\n    socket_keepalive=True,\n    socket_keepalive_options={\n        socket.TCP_KEEPIDLE: 60,\n        socket.TCP_KEEPINTVL: 60,\n        socket.TCP_KEEPCNT: 5\n    },\n    health_check_interval=30\n)\nclient = redis.Redis(connection_pool=pool)\n```\n\n## Use Cloud SQL Proxy sidecar\n\n```yaml\n# Use Cloud SQL connector which handles reconnection\n# requirements.txt\ncloud-sql-python-connector[pg8000]\n```\n\n```python\nfrom google.cloud.sql.connector import Connector\nimport sqlalchemy\n\nconnector = Connector()\n\ndef getconn():\n    return connector.connect(\n        \"project:region:instance\",\n        \"pg8000\",\n        user=\"user\",\n        password=\"password\",\n        db=\"database\"\n    )\n\nengine = sqlalchemy.create_engine(\n    \"postgresql+pg8000:\u002F\u002F\",\n    creator=getconn\n)\n```\n\n### Container Startup Timeout (4 minutes max)\n\nSeverity: HIGH\n\nSituation: Deploying containers with slow initialization\n\nSymptoms:\nDeployment fails with \"Container failed to start\".\nService never becomes healthy.\n\"Revision failed to become ready\" errors.\nWorks locally but fails on Cloud Run.\n\nWhy this breaks:\nCloud Run expects your container to start listening on PORT within\n4 minutes (240 seconds). If it doesn't, the instance is killed.\n\nCommon causes:\n- Heavy framework initialization (ML models, etc.)\n- Waiting for external dependencies at startup\n- Large dependency loading\n- Database migrations on startup\n\nRecommended fix:\n\n## Enable startup CPU boost\n\n```bash\ngcloud run deploy my-service \\\n  --cpu-boost \\\n  --startup-cpu-boost\n```\n\n## Lazy initialization\n\n```python\nfrom functools import lru_cache\nfrom fastapi import FastAPI\n\napp = FastAPI()\n\n# Don't load at import time\nmodel = None\n\n@lru_cache()\ndef get_model():\n    global model\n    if model is None:\n        # Load on first request, not at startup\n        model = load_heavy_model()\n    return model\n\n@app.get(\"\u002Fpredict\")\nasync def predict(data: dict):\n    model = get_model()  # Loads on first call only\n    return model.predict(data)\n\n# Startup is fast - model loads on first request\n```\n\n## Start listening immediately\n\n```python\nimport asyncio\nfrom fastapi import FastAPI\nimport uvicorn\n\napp = FastAPI()\n\n# Global state for async initialization\ninitialized = asyncio.Event()\n\n@app.on_event(\"startup\")\nasync def startup():\n    # Start background initialization\n    asyncio.create_task(async_init())\n\nasync def async_init():\n    # Heavy initialization happens after server starts\n    await load_models()\n    await warm_up_connections()\n    initialized.set()\n\n@app.get(\"\u002Fready\")\nasync def ready():\n    if not initialized.is_set():\n        raise HTTPException(503, \"Still initializing\")\n    return {\"status\": \"ready\"}\n\n@app.get(\"\u002Fhealth\")\nasync def health():\n    # Always respond - health check passes\n    return {\"status\": \"healthy\"}\n```\n\n## Use multi-stage builds\n\n```dockerfile\n# Build stage - slow\nFROM python:3.11 as builder\nWORKDIR \u002Fapp\nCOPY requirements.txt .\nRUN pip wheel --no-cache-dir --wheel-dir \u002Fwheels -r requirements.txt\n\n# Runtime stage - fast startup\nFROM python:3.11-slim\nWORKDIR \u002Fapp\nCOPY --from=builder \u002Fwheels \u002Fwheels\nRUN pip install --no-cache \u002Fwheels\u002F* && rm -rf \u002Fwheels\nCOPY . .\nCMD [\"uvicorn\", \"main:app\", \"--host\", \"0.0.0.0\", \"--port\", \"8080\"]\n```\n\n## Run migrations separately\n\n```bash\n# Don't migrate on startup - use Cloud Build\nsteps:\n  # Run migrations first\n  - name: 'gcr.io\u002Fcloud-builders\u002Fgcloud'\n    entrypoint: 'bash'\n    args:\n      - '-c'\n      - |\n        gcloud run jobs execute migrate-job --wait\n\n  # Then deploy\n  - name: 'gcr.io\u002Fcloud-builders\u002Fgcloud'\n    args: ['run', 'deploy', 'my-service', ...]\n```\n\n### Second Generation Execution Environment Differences\n\nSeverity: MEDIUM\n\nSituation: Migrating to or using Cloud Run second-gen execution environment\n\nSymptoms:\nNetwork behavior changes.\nDifferent syscall support.\nFile system behavior differences.\nContainer behaves differently than in first-gen.\n\nWhy this breaks:\nCloud Run's second-generation execution environment uses a different\nsandbox (gVisor) with different characteristics:\n\n- More Linux syscalls supported\n- Full \u002Fproc and \u002Fsys access\n- Different network stack\n- No automatic HTTPS redirect\n- Different tmp filesystem behavior\n\nRecommended fix:\n\n## Explicitly set execution environment\n\n```bash\n# First generation (legacy)\ngcloud run deploy my-service \\\n  --execution-environment=gen1\n\n# Second generation (recommended for most)\ngcloud run deploy my-service \\\n  --execution-environment=gen2\n```\n\n## Handle network differences\n\n```python\n# Second-gen doesn't auto-redirect HTTP to HTTPS\nfrom fastapi import FastAPI, Request\nfrom fastapi.responses import RedirectResponse\n\napp = FastAPI()\n\n@app.middleware(\"http\")\nasync def redirect_https(request: Request, call_next):\n    # Check X-Forwarded-Proto header\n    if request.headers.get(\"X-Forwarded-Proto\") == \"http\":\n        url = request.url.replace(scheme=\"https\")\n        return RedirectResponse(url, status_code=301)\n    return await call_next(request)\n```\n\n## GPU access (second-gen only)\n\n```bash\n# GPUs only available in second-gen\ngcloud run deploy ml-service \\\n  --execution-environment=gen2 \\\n  --gpu=1 \\\n  --gpu-type=nvidia-l4\n```\n\n## Check execution environment\n\n```python\nimport os\n\ndef get_execution_environment():\n    # Second-gen has different \u002Fproc structure\n    try:\n        with open('\u002Fproc\u002Fversion', 'r') as f:\n            version = f.read()\n            if 'gVisor' in version:\n                return 'gen2'\n    except:\n        pass\n    return 'gen1'\n```\n\n### Request Timeout Configuration Mismatch\n\nSeverity: MEDIUM\n\nSituation: Long-running requests or background processing\n\nSymptoms:\nRequests terminated before completion.\n504 Gateway Timeout errors.\nProcessing stops unexpectedly.\nInconsistent timeout behavior.\n\nWhy this breaks:\nCloud Run has multiple timeout configurations that must align:\n- Request timeout (default 300s, max 3600s for HTTP, 60m for gRPC)\n- Client timeout\n- Downstream service timeouts\n- Load balancer timeout (for external access)\n\nRecommended fix:\n\n## Set consistent timeouts\n\n```bash\n# Increase request timeout (max 3600s for HTTP)\ngcloud run deploy my-service \\\n  --timeout=900  # 15 minutes\n```\n\n## Handle long-running with webhooks\n\n```python\nfrom fastapi import FastAPI, BackgroundTasks\nimport httpx\n\napp = FastAPI()\n\n@app.post(\"\u002Fprocess\")\nasync def process(data: dict, background_tasks: BackgroundTasks):\n    task_id = create_task_id()\n\n    # Start background processing\n    background_tasks.add_task(\n        long_running_process,\n        task_id,\n        data,\n        data.get(\"callback_url\")\n    )\n\n    # Return immediately\n    return {\"task_id\": task_id, \"status\": \"processing\"}\n\nasync def long_running_process(task_id, data, callback_url):\n    result = await heavy_computation(data)\n\n    # Callback when done\n    if callback_url:\n        async with httpx.AsyncClient() as client:\n            await client.post(callback_url, json={\n                \"task_id\": task_id,\n                \"result\": result\n            })\n```\n\n## Use Cloud Tasks for reliable long-running\n\n```python\nfrom google.cloud import tasks_v2\n\ndef create_long_running_task(data):\n    client = tasks_v2.CloudTasksClient()\n    parent = client.queue_path(PROJECT, REGION, \"long-tasks\")\n\n    task = {\n        \"http_request\": {\n            \"http_method\": tasks_v2.HttpMethod.POST,\n            \"url\": \"https:\u002F\u002Fworker.run.app\u002Fprocess\",\n            \"body\": json.dumps(data).encode(),\n            \"headers\": {\"Content-Type\": \"application\u002Fjson\"}\n        },\n        \"dispatch_deadline\": {\"seconds\": 1800}  # 30 min\n    }\n\n    return client.create_task(parent=parent, task=task)\n```\n\n## Streaming for long responses\n\n```python\nfrom fastapi import FastAPI\nfrom fastapi.responses import StreamingResponse\n\n@app.get(\"\u002Flarge-report\")\nasync def large_report():\n    async def generate():\n        for chunk in process_large_data():\n            yield chunk\n\n    return StreamingResponse(generate(), media_type=\"text\u002Fplain\")\n```\n\n## Validation Checks\n\n### Hardcoded GCP Credentials\n\nSeverity: ERROR\n\nGCP credentials must never be hardcoded in source code\n\nMessage: Hardcoded GCP service account credentials. Use Secret Manager or Workload Identity.\n\n### GCP API Key in Source Code\n\nSeverity: ERROR\n\nAPI keys should use Secret Manager\n\nMessage: Hardcoded GCP API key. Use Secret Manager.\n\n### Credentials JSON File in Repository\n\nSeverity: ERROR\n\nService account JSON files should not be in source control\n\nMessage: Credentials file detected. Add to .gitignore and use Secret Manager.\n\n### Running as Root User\n\nSeverity: WARNING\n\nContainers should not run as root for security\n\nMessage: Dockerfile runs as root. Add USER directive for security.\n\n### Missing Health Check in Dockerfile\n\nSeverity: INFO\n\nCloud Run uses HTTP health checks, Dockerfile HEALTHCHECK is optional\n\nMessage: No HEALTHCHECK in Dockerfile. Cloud Run uses its own health checks.\n\n### Hardcoded Port in Application\n\nSeverity: WARNING\n\nPort should come from PORT environment variable\n\nMessage: Hardcoded port. Use PORT environment variable for Cloud Run.\n\n### Large File Writes to \u002Ftmp\n\nSeverity: WARNING\n\n\u002Ftmp uses container memory, large writes can cause OOM\n\nMessage: \u002Ftmp writes consume memory. Consider Cloud Storage for large files.\n\n### Synchronous File Operations\n\nSeverity: WARNING\n\nSync file ops block the event loop in async apps\n\nMessage: Synchronous file operations. Use async versions for better concurrency.\n\n### Global Mutable State\n\nSeverity: WARNING\n\nGlobal state issues with concurrent requests\n\nMessage: Global mutable state may cause issues with concurrent requests.\n\n### Thread-Unsafe Singleton Pattern\n\nSeverity: WARNING\n\nSingletons need thread safety for concurrency > 1\n\nMessage: Singleton pattern - ensure thread safety if using concurrency > 1.\n\n## Collaboration\n\n### Delegation Triggers\n\n- user needs AWS serverless -> aws-serverless (Lambda, API Gateway, SAM)\n- user needs Azure containers -> azure-functions (Azure Container Apps, Functions)\n- user needs database design -> postgres-wizard (Cloud SQL design, AlloyDB)\n- user needs authentication -> auth-specialist (Firebase Auth, Identity Platform)\n- user needs AI integration -> llm-architect (Vertex AI, Cloud Run + LLM)\n- user needs workflow orchestration -> workflow-automation (Cloud Workflows, Eventarc)\n\n## When to Use\nUse this skill when the request clearly matches the capabilities and patterns described above.\n\n## Limitations\n- Use this skill only when the task clearly matches the scope described above.\n- Do not treat the output as a substitute for environment-specific validation, testing, or expert review.\n- Stop and ask for clarification if required inputs, permissions, safety boundaries, or success criteria are missing.\n","","imported","https:\u002F\u002Fgithub.com\u002Fsickn33\u002Fantigravity-awesome-skills","user_system_seed","SkillOPIC",true,191,1576,"2026-05-16 13:19:43",{"id":8,"name":21,"slug":22,"icon":23,"description":24,"sort":25,"createdAt":26},"编程开发","coding","mdi-code-braces","代码生成、调试、审查，提升开发效率",2,"2026-05-16 12:53:40",{"id":7,"name":28,"slug":29,"icon":30,"description":31,"moduleId":8,"sort":32,"skillCount":33,"createdAt":26},"DevOps","devops","mdi-cog-outline","CI\u002FCD、容器化、部署运维",3,162,[35],{"id":36,"skillId":4,"version":37,"fileName":38,"fileSize":39,"filePath":40,"fileHash":41,"manifest":42,"createdAt":19},"82dbdaba-cc15-4b56-b295-c8ef7f56361d","1.0.0","gcp-cloud-run.zip",11058,"uploads\u002Fskills\u002F5cc6e05c-bd9d-4503-9eb5-2bdb5656da47\u002Fgcp-cloud-run.zip","1571f6e2e71b79a98fec16bbaaf6c04684fef522bd67a0e959d822ce37456429","[{\"path\":\"SKILL.md\",\"isDirectory\":false,\"size\":32863}]",{"code":44,"message":45,"data":46},200,"success",{"items":47,"stats":48,"page":51},[],{"averageRating":49,"totalRatings":49,"ratingCounts":50},0,[49,49,49,49,49],{"limit":52,"offset":49,"hasMore":53,"nextOffset":52,"ratedOnly":16},15,false]