Creating Google Cloud Functions

Introduction

In this tutorial, we learn how to create Google Cloud Functions using GCP Console, gcloud CLI, and Terraform. We will cover:

Enable Cloud Functions
- Go to GCP Console, click on Cloud Functions
- Enable Cloud Functions for the project
Create Function
- Click CREATE FUNCTION
- Name: first-function
- Region: us-central1 (cost-effective)
Trigger Options
- Simplest: HTTP trigger
- URL available for triggering function
- Choose between public and private (authentication settings)
- Disable HTTP or HTTPS if needed (keep secure by default)
Settings
- Runtime, build, connections, security settings
- Service accounts
- API key in Secret Manager
Deployment
- Enable Cloud Build API if warned
- Language: Node.js and Python
- Write code in Console or upload as zip
- Check for third-party modules in package.json
Invoke Function
- Deploy function
- Find URL under trigger
- Use curl to call function (returns Hello World)
Authentication and Permissions
- Invoke function using ID token
- Requires cloudfunctions.functions.invoke permission

Create Secure Function
- Name: secure-function
- Keep default params, click deploy
- Invoke requires bearer token in Authorization header
Using gcloud CLI
- Ensure gcloud CLI is installed
- Add functionality to specific function relationships
- Example: function-a calls function-b
- Use service accounts and roles accordingly
Example Workflow Setting
- Create function-a with function update: Hello from Function A!
- Add function-a as Principal with Cloud Functions Invoker role
- Create function-b, use GoogleAuth module
- Deploy and invoke with curl returns Hello from Function A

Create API Key in Secret Manager
- Name: api-key, Value: devops123
Grant Access via Service Account
- Create account: secret-function
- Assign project-level permissions
- Add service account email to api-key as Principal
- Role: Secret Manager Secret Accessor
Create and Deploy Function
- Name: secret-function
- Disable authentication
- Under advanced settings, choose service account, map secret
- Use fs module to read and return the secret
- Deploy and invoke with curl returns devops123

Setup GitHub Repository
- Name: functions, create folder: git-function
- Define function in index.js and package.json
Mirror to Google Cloud Source Repository
- Connect external repository
- Authenticate and select repository
- Initialize and deploy function using gcloud functions deploy
Redeploy on Changes
- Mirror syncs automatically
- Manually sync if needed
- Use gcloud command to redeploy without runtime and trigger
CI/CD Pipelines
- Create build trigger in Cloud Build
- Use mirrored repo and define cloudbuild.yaml
- Assign necessary permissions to Cloud Build service account
- Commit and push changes to trigger build
- Deploy function with changes and test

Setup Terraform
- Enable Cloud Build and Cloud Functions API
Terraform Code in main.tf
- Declare project id and timestamp
- Use Terraform Google provider, specify project and region
- Create a zip archive and upload to GS bucket
- Create a Cloud Function with required configurations
- Optionally make it public
Deploy and Invoke Function
- Initialize and apply Terraform configurations
- Obtain URL and invoke function

Create Pub/Sub Topic
- Name: lesson-106
Create Function
- Name: pubsub-function
- Select Pub/Sub trigger, topic: lesson-106
- Define function (e.g., log message)
- Deploy and test by publishing a message

Bucket Creation
- Create bucket lesson-106
Create Function
- Name: gs-function
- Trigger on file upload to bucket
- Define function to log file name
- Upload file to test and check logs

Enable Services
- Enable API Gateway API, Service Management API, Service Control API
Create Backend Function and Service Accounts
- Function name: backend-function
- Service accounts: backend-function, api-gateway
- Assign Cloud Functions Invoker role to api-gateway
Create API Gateway
- Name: my-gateway, create OpenAPI Spec
- Point to backend function, configure path
- Use URL to invoke function