Google Cloud Associate Cloud Engineer — Question 73

You want to deploy an application on Cloud Run that processes messages from a Cloud Pub/Sub topic. You want to follow Google-recommended practices. What should you do?

Answer options

• A. 1. Create a Cloud Function that uses a Cloud Pub/Sub trigger on that topic. 2. Call your application on Cloud Run from the Cloud Function for every message.
• B. 1. Grant the Pub/Sub Subscriber role to the service account used by Cloud Run. 2. Create a Cloud Pub/Sub subscription for that topic. 3. Make your application pull messages from that subscription.
• C. 1. Create a service account. 2. Give the Cloud Run Invoker role to that service account for your Cloud Run application. 3. Create a Cloud Pub/Sub subscription that uses that service account and uses your Cloud Run application as the push endpoint.
• D. 1. Deploy your application on Cloud Run on GKE with the connectivity set to Internal. 2. Create a Cloud Pub/Sub subscription for that topic. 3. In the same Google Kubernetes Engine cluster as your application, deploy a container that takes the messages and sends them to your application.

Correct answer: C

Explanation

Option C is correct because it follows the recommended practice of using a service account to manage permissions and allows Cloud Pub/Sub to push messages directly to your Cloud Run application. Option A is incorrect as it introduces an unnecessary Cloud Function layer. Option B requires pulling messages rather than using push, which is less efficient. Option D complicates the architecture by involving GKE, which is not needed for this use case.