Recommender is a service that automatically provides recommendations and insights for using resources on Google Cloud, based on heuristic methods, machine learning, and current resource usage. Each recommendation includes a link you can click to put the recommendation into effect for your service.
This guide shows how to use Recommender to optimize Cloud Run services for security and costs.
Optimize cost
Recommender optimizes costs for billing.
Optimize billing
Recommender automatically looks at traffic received by your Cloud Run service over the past month, and will recommend switching from request-based billing to instance-based billing, if this is cheaper. For more details, see billing settings.
Optimize security
Recommender increases security by optimizing:
- Service accounts for a Cloud Run service so the service account has the minimal set of required permissions.
Security of the following items in environment variables:
- Passwords
- API keys
- Google Application Credentials
Google does not examine the values contained in those environment variables. Rather, we do a case insensitive check on the variable key names, as shown in the following patterns:
- The environment variable key is a case insensitive variant of
API KEY, such asAPI_KEY,api_key,APIKEY, orapikey - The environment variable ends in a case insensitive variant of
PASSWORD, such asPASSWORDorpassword - The environment variable is
GOOGLE_APPLICATION_CREDENTIALS
Security issues addressed by Recommender
The following table shows what Recommender detects and helps you address:
| Recommendation | Actions |
|---|---|
| Service account might have more permissions than are required. | Recommender leads you to configure a new service account that has the minimal set of required permissions. |
| Environment variable might contain a password. | Recommender leads you to move the password to Secret Manager. |
| Environment variable might contain an API key. | Recommender leads you to move the API key to Secret Manager. |
| Environment variable might contain Google Application Credentials. | Recommender leads you to replace this with service identity instead. |
Recommendation availability after deployment
Recommender automatically provides recommendations for a service after it has been deployed, after a period of time has elapsed, typically one day. After this period of time, recommendations for the service are displayed with the service in the Cloud Run service list in the Google Cloud console and in the Recommendation Hub.
Alternate ways of using recommendations
In addition to the use of recommendations covered on this page inside the Cloud Run UI, recommendations are also available through the following:
View and accept recommendations for Cloud Run
To view and accept a recommendation in the Cloud Run user interface:
Locate services in the list that have something in the Recommendations column.
Click the Security icon for your service under the column heading Recommendations, to display the recommendation pane for your service.
In the pane, read the insight about your service and the recommendation.
If you accept the recommendation, click the button at the bottom of the pane to make the changes suggested by the recommendation.
Follow the instructions and documentation to change your Cloud Run service as needed.
View recommendations in Recommendation Hub
To view recommendations in Recommendation Hub:
For more information, see the Recommendation Hub Getting started page.
Dismissing a recommendation
Click Dismiss if you want to dismiss the recommendation without applying it. This prevents the recommendation for that function from appearing again for 30 days.
Optimize Cloud Run apps with Gemini assistance
You can get AI-powered help from Gemini Cloud Assist chat to enhance performance and security. With Gemini Cloud Assist, you can proactively address potential issues and vulnerabilities in your cloud infrastructure, ensuring a robust and stable environment for your applications and services.
To use Gemini Cloud Assist from the Google Cloud console, do the following:
- Ensure that Gemini Cloud Assist is set up for your Google Cloud user account and project.
Set up your Cloud Run development environment in your Google Cloud project and ensure you have the appropriate deployment permissions.
Go to the Cloud Run page in the Google Cloud console.
In the console toolbar, select a Google Cloud project. Use a project associated with a project ID you submitted after you were granted access to Gemini Cloud Assist.
Click spark Open or close Gemini AI chat.
The Gemini panel opens.
If necessary, click Accept if you agree to the terms.
If you have a question about a specific application, provide context by going to the page that shows your resource before asking your question. When generating a response, Gemini includes information about the current console page and project.
Enter a prompt in the Gemini panel.
The following table provide some example prompts for using Gemini Cloud Assist with Cloud Run.
Prompt Type of response "How to save cost on my Cloud Run service without sacrificing performance for service example-service?"Best practices for saving costs on your service without sacrificing performance. "How can I make my Cloud Run service more reliable and prevent downtime?" Suggestions for enhancing reliability and minimizing downtime for your service. "How can I better secure my Cloud Run services?" List of recommendations for increasing the security of your Cloud Run service. "For Black Friday/Cyber Monday, I need my workloads to handle high traffic. How should I prepare?" Suggested comprehensive strategy encompassing capacity planning, reliability testing, and robust operational practices. "How can I improve my service's performance for my Cloud Run service example-service?"Considerations for improving the performance of your app. "My Cloud Run service "svc1" has been performing slow this week. Can you see if there's a reason?" Instructions on how to investigate the issue using the tools available in the Google Cloud console, specifically within the Logs Explorer page of Logging. "How can I make my Cloud Run service bill cheaper?" Provides several cost-optimization strategies.
For more details, see the following resources:
- Learn how to write better prompts.
- Learn how to use the Gemini Cloud Assist panel.
- Read Use Gemini for AI assistance and development.
- Learn how Gemini for Google Cloud uses your data.