Bring your towel and join one of the fastest growing data communities. Welcome to our second-generation open source orchestration platform, a completely rethought approach to dataflow automation.

Prefect Community

Hey folks, I'm setting up my Prefect work pool in GCP Cloud Run and just wondering if there's any benefit to using a Worker + Work Pool style deployment over the Serverless Push setup?
I see that Worker + Work Pool means that I'll have a Cloud Run Service running as worker that will push work down to a Cloud Run Job, as opposed to Prefect just pushing work directly to a Cloud Run Job. I can't see any benefits/trade-offs discussed and just want to make sure I'm not missing anything here.

I think I read somewhere that worker + work pool for GCP Cloud Run is basically just more complicated without much benefit

We use serverless push and I really like it

Yeah I can't see much benefit, particularly given Cloud Run Service is always-on. I assume the cold start is the same given the end result is a Cloud Run Job either way.

I don’t think cold start is a factor for Cloud run jobs since it’s always building your container from scratch

But if that build time is what you mean by cold start then yeah 100%

Feel free to ping me if I can help you with specific questions. Would be great to keep in touch with someone working on the same setup!

Hi Connor, yes if you don't have any special infrastructure/security considerations, then I believe a push pool would be a great fit for what you're doing.  Thanks Matthew for fielding this Q, nicely done!

Hey thanks for the response <@U03FXCNMXGU>. I've been digging a little deeper into the docs and have determined that there may be benefit to me, what I've determined is:
• If I want to avoid creating service account keys and rather attaching a service account to my Cloud Run resource to manage auth that way, I'll need to use a Worker - Work Pool style instead of Serverless Push
• Serverless Push requires me to provide the work pool with GcpCredentials with a service account key (json or file) so that Cloud Run Jobs can be created
Do I have that right? I'd like to avoid creating and managing service account keys if I can

Yes that is one requirement of our push work pools: you'll have to give us service account keys so that we can call over from our infrastructure to the Cloud Run in your project.  With a worker &amp; work pool inside your GCP environment, you can use workload identity for the machine/container to have access to Cloud Run.  So you'll really just have to weigh the tradeoff of trusting us with a service account key versus managing your own workers.  We store block secrets encrypted with unique keys in GCP KMS, so they are not transmitted or stored in the clear except when we decrypt them to make the GCP Cloud Run API call.

Okay awesome, that makes total sense. Thanks heaps, much appreciated!