I'd suggest you break down the problem. There are a few different elements to what you want.
- error checking on a schedule
- in the case an error is detected,
- send an alert
- also update a KVM in Apigee
I think if you want something to run every 15 minutes, a good tool for that is Google Cloud Scheduler. You can set it up with a schedule that says "do this thing every 15 minutes". But what is the thing that scheduler does? One good approach is to define the "check" in a Cloud Run job (hint here). Then set the scheduler to execute that job every 15 minutes. I do something similar to this, with an Apigee maintenance job, that runs nightly on my system. (Currently it just culls older revisions of API proxies, but I could have it do other things too)
Regarding the things you want to do when detecting an error condition, if I understand correctly, you said you want the tool to send an alert, and also update a KVM. "Send an alert" is sort of generic. I guess that could be
- posting a message to a slack channel, or a Google chat room
- sending an email
- sending an SMS
- posting a message to a Google Pub/Sub topic
- invoking a webhook
- or something else ...
And to update a KVM, you can use the KVM administrative API directly, or use a wrapper proxy built in Apigee (example here) to help out. Either way, sending an HTTP POST request to some endpoint, would allow you to update the KVM.
Because your cloud run job can be based on any language or platform, you can write this up as a shell script, powershell, nodejs script, java program, C# program, python, or whatever you like . And just deploy that as a job into cloud run. I do this, like so:
gcloud run jobs deploy ${JOB_NAME} \
--source . \
--tasks 1 \
--set-env-vars ENVVAR1="whatever you like here" \
--max-retries 1 \
--region ${REGION} \
--project=${PROJECT_ID} \
--service-account ${JOB_SA_EMAIL}
One more thing, regarding security: If your job interacts with Google systems, like Pub/Sub, Apigee, etc, via REST APIs, then the job will need to obtain an access token. Because a cloud run job runs on Google compute infrastructure, you can easily get a token at runtime, by sending a GET request to the metadata token dispensary endpoint. This will work only if your system is running on a google compute engine instance. (which includes Cloud Run, GKE, etc).
GET http://metadata.google.internal/computeMetadata/v1/instance/service-accounts/default/token
If you configure your job to run as a specific Service Account, and then grant the Service Account the right roles (for doing things like Pub/Sub or updating an Apigee KVM), then ... the token you receive back from that GET call, will be suitable for invoking all of those Googleapis. In nodejs you can do this:
const url = `http://metadata.google.internal/computeMetadata/v1/instance/service-accounts/default/token`,
method = "GET",
headers = { "Metadata-Flavor": "Google" },
body = null;
return fetch(url, { method, headers, body })
.then(async (res) => [res.status, await res.json()])
.then(([status, payload]) => {
if (status != 200) {
return Promise.reject(
new Error(`cannot retrieve access_token (status: ${status})`)
);
}
return payload;
});
Full working example here.
LinkedIn
Twitter
