Network Programming in .NET

Introduction: Why European Cloud Sovereignty Matters Now More Than Ever

In an era of increasing geopolitical tensions, data sovereignty concerns, and evolving international relations, European companies are reconsidering their dependence on US-based cloud providers. The EU’s growing emphasis on digital sovereignty, combined with uncertainties around US data access laws like the CLOUD Act and recent political developments, has made many businesses uncomfortable with storing sensitive data on American infrastructure.

For EU-based companies running containerized workloads on Google Cloud Run, there’s good news: migrating to European alternatives like Scaleway is surprisingly straightforward. This guide will walk you through the technical process of moving your Cloud Run services to Scaleway’s Serverless Containers—keeping your applications running while bringing your infrastructure back under European jurisdiction.

Why Scaleway?

Scaleway, a French cloud provider founded in 1999, offers a compelling alternative to Google Cloud Run:

• 🇪🇺 100% European: All data centers located in France, Netherlands, and Poland
• 📜 GDPR Native: Built from the ground up with European data protection in mind
• 💰 Transparent Pricing: No hidden costs, generous free tiers, and competitive rates
• 🔒 Data Sovereignty: Your data never leaves EU jurisdiction
• ⚡ Scale-to-Zero: Just like Cloud Run, pay only for actual usage
• 🌱 Environmental Leadership: Strong commitment to sustainable cloud infrastructure

Most importantly: Scaleway Serverless Containers are technically equivalent to Google Cloud Run. Both are built on Knative, meaning your containers will run identically on both platforms.

Prerequisites

Before starting, ensure you have:

• An existing Google Cloud Run service
• Windows machine with PowerShell
• gcloud CLI installed and authenticated
• A Scaleway account (free to create)
• Skopeo installed (we’ll cover this)

Understanding the Architecture

Both Google Cloud Run and Scaleway Serverless Containers work the same way:

1. You provide a container image
2. The platform runs it on-demand via HTTPS endpoints
3. It scales automatically (including to zero when idle)
4. You pay only for execution time

The migration process is simply:

1. Copy your container image from Google’s registry to Scaleway’s registry
2. Deploy it as a Scaleway Serverless Container
3. Update your DNS/endpoints

No code changes required—your existing .NET, Node.js, Python, Go, or any other containerized application works as-is.

Step 1: Install Skopeo (Lightweight Docker Alternative)

Since we’re on Windows and don’t want to run full Docker Desktop, we’ll use Skopeo—a lightweight tool designed specifically for copying container images between registries.

Install via winget:

powershell

winget install RedHat.Skopeo

Or download directly from: https://github.com/containers/skopeo/releases

Why Skopeo?

• No daemon required: No background services consuming resources
• Direct registry-to-registry transfer: Images never touch your local disk
• Minimal footprint: ~50MB vs. several GB for Docker Desktop
• Perfect for CI/CD: Designed for automation and registry operations

Configure Skopeo’s Trust Policy

Skopeo requires a policy file to determine which registries to trust. Create it:

powershell

# Create the config directory
New-Item -ItemType Directory -Force -Path "$env:USERPROFILE\.config\containers"
# Create a permissive policy that trusts all registries
@"
{
    "default": [
        {
            "type": "insecureAcceptAnything"
        }
    ],
    "transports": {
        "docker-daemon": {
            "": [{"type": "insecureAcceptAnything"}]
        }
    }
}
"@ | Out-File -FilePath "$env:USERPROFILE\.config\containers\policy.json" -Encoding utf8

For production environments, you might want a more restrictive policy that only trusts specific registries:

powershell

@"
{
    "default": [{"type": "reject"}],
    "transports": {
        "docker": {
            "gcr.io": [{"type": "insecureAcceptAnything"}],
            "europe-west2-docker.pkg.dev": [{"type": "insecureAcceptAnything"}],
            "rg.fr-par.scw.cloud": [{"type": "insecureAcceptAnything"}]
        }
    }
}
"@ | Out-File -FilePath "$env:USERPROFILE\.config\containers\policy.json" -Encoding utf8

Step 2: Find Your Cloud Run Container Image

Your Cloud Run service uses a specific container image. To find it:

Via gcloud CLI (recommended):

bash

gcloud run services describe YOUR-SERVICE-NAME \
  --region=YOUR-REGION \
  --project=YOUR-PROJECT \
  --format='value(spec.template.spec.containers[0].image)'
```
This returns the full image URL, something like:
```
europe-west2-docker.pkg.dev/your-project/cloud-run-source-deploy/your-service@sha256:abc123...

Via Google Cloud Console:

1. Navigate to Cloud Run in the console
2. Click your service
3. Go to the “Revisions” tab
4. Look for “Container image URL”

The @sha256:... digest is important—it ensures you’re copying the exact image currently running in production.

Step 3: Set Up Scaleway Container Registry

Create a Scaleway Account

1. Sign up at https://console.scaleway.com/
2. Complete email verification
3. Navigate to the console

Create a Container Registry Namespace

1. Go to Containers → Container Registry
2. Click Create namespace
3. Choose a region (Paris, Amsterdam, or Warsaw)
   • Important: Choose the same region where you’ll deploy your containers
4. Enter a namespace name (e.g., my-containers, production)
   • Must be unique within that region
   • Lowercase, numbers, and hyphens only
5. Set Privacy to Private
6. Click Create

Your registry URL will be: rg.fr-par.scw.cloud/your-namespace

Create API Credentials

1. Click your profile → API Keys (or visit https://console.scaleway.com/iam/api-keys)
2. Click Generate API Key
3. Give it a name (e.g., “container-migration”)
4. Save the Secret Key securely—it’s only shown once
5. Note both the Access Key and Secret Key

Step 4: Copy Your Container Image

Now comes the magic—copying your container directly from Google to Scaleway without downloading it locally.

Authenticate and Copy:

powershell

# Set your Scaleway secret key as environment variable (more secure)
$env:SCW_SECRET_KEY = "your-scaleway-secret-key-here"
# Copy the image directly between registries
skopeo copy `
  --src-creds="oauth2accesstoken:$(gcloud auth print-access-token)" `
  --dest-creds="nologin:$env:SCW_SECRET_KEY" `
  docker://europe-west2-docker.pkg.dev/your-project/cloud-run-source-deploy/your-service@sha256:abc123... `
  docker://rg.fr-par.scw.cloud/your-namespace/your-service:latest
```
### What's Happening:
- `--src-creds`: Authenticates with Google using your gcloud session
- `--dest-creds`: Authenticates with Scaleway using your API key
- Source URL: Your Google Artifact Registry image
- Destination URL: Your Scaleway Container Registry
The transfer happens directly between registries—your Windows machine just orchestrates it. Even a multi-GB container copies in minutes.
### Verify the Copy:
1. Go to https://console.scaleway.com/registry/namespaces
2. Click your namespace
3. You should see your service image listed with the `latest` tag
## Step 5: Deploy to Scaleway Serverless Containers
### Create a Serverless Container Namespace:
1. Navigate to **Containers** → **Serverless Containers**
2. Click **Create namespace**
3. Choose the **same region** as your Container Registry
4. Give it a name (e.g., `production-services`)
5. Click **Create**
### Deploy Your Container:
1. Click **Create container**
2. **Image source**: Select "Scaleway Container Registry"
3. Choose your namespace and image
4. **Configuration**:
   - **Port**: Set to the port your app listens on (usually 8080 for Cloud Run apps)
   - **Environment variables**: Copy any env vars from Cloud Run
   - **Resources**:
     - Memory: Start with what you used in Cloud Run
     - vCPU: 0.5-1 vCPU is typical
   - **Scaling**:
     - **Min scale**: `0` (enables scale-to-zero, just like Cloud Run)
     - **Max scale**: Set based on expected traffic (e.g., 10)
5. Click **Deploy container**
### Get Your Endpoint:
After deployment (1-2 minutes), you'll receive an HTTPS endpoint:
```
https://your-container-namespace-xxxxx.functions.fnc.fr-par.scw.cloud

This is your public API endpoint—no API Gateway needed, SSL included for free.

Step 6: Test Your Service

powershell

# Test the endpoint
Invoke-WebRequest -Uri "https://your-container-url.functions.fnc.fr-par.scw.cloud/your-endpoint"

Your application should respond identically to how it did on Cloud Run.

Understanding the Cost Comparison

Google Cloud Run Pricing (Typical):

• vCPU: $0.00002400/vCPU-second
• Memory: $0.00000250/GB-second
• Requests: $0.40 per million
• Plus: API Gateway, Load Balancer, or other routing costs

Scaleway Serverless Containers:

• vCPU: €0.00001/vCPU-second (€1.00 per 100k vCPU-s)
• Memory: €0.000001/GB-second (€0.10 per 100k GB-s)
• Requests: Free (no per-request charges)
• HTTPS endpoint: Free (included)
• Free Tier: 200k vCPU-seconds + 400k GB-seconds per month

Example Calculation:

For an API handling 1 million requests/month, 200ms average response time, 1 vCPU, 2GB memory:

Google Cloud Run:

• vCPU: 1M × 0.2s × $0.000024 = $4.80
• Memory: 1M × 0.2s × 2GB × $0.0000025 = $1.00
• Requests: 1M × $0.0000004 = $0.40
• Total: ~$6.20/month

Scaleway:

• vCPU: 200k vCPU-s → Free (within free tier)
• Memory: 400k GB-s → Free (within free tier)
• Total: €0.00/month

Even beyond free tiers, Scaleway is typically 30-50% cheaper, with no surprise charges.

Key Differences to Be Aware Of

Similarities (Good News):

✅ Both use Knative under the hood ✅ Both support HTTP, HTTP/2, WebSocket, gRPC ✅ Both scale to zero automatically ✅ Both provide HTTPS endpoints ✅ Both support custom domains ✅ Both integrate with monitoring/logging

Differences:

• Cold start: Scaleway takes ~2-5 seconds (similar to Cloud Run)
• Idle timeout: Scaleway scales to zero after 15 minutes (vs. Cloud Run’s varies)
• Regions: Limited to EU (Paris, Amsterdam, Warsaw) vs. Google’s global presence
• Ecosystem: Smaller ecosystem than GCP (but rapidly growing)

When Scaleway Makes Sense:

• ✅ Your primary users/customers are in Europe
• ✅ GDPR compliance is critical
• ✅ You want to avoid US jurisdiction over your data
• ✅ You prefer transparent, predictable pricing
• ✅ You don’t need GCP-specific services (BigQuery, etc.)

When to Consider Carefully:

• ⚠️ You need global edge distribution (though you can use CDN)
• ⚠️ You’re heavily integrated with other GCP services
• ⚠️ You need GCP’s machine learning services
• ⚠️ Your customers are primarily in Asia/Americas

Additional Migration Considerations

Environment Variables and Secrets:

Scaleway offers Secret Manager integration. Copy your Cloud Run secrets:

1. Go to Secret Manager in Scaleway
2. Create secrets matching your Cloud Run environment variables
3. Reference them in your container configuration

Custom Domains:

Both platforms support custom domains. In Scaleway:

1. Go to your container settings
2. Add custom domain
3. Update your DNS CNAME to point to Scaleway’s endpoint
4. SSL is handled automatically

Databases and Storage:

If you’re using Cloud SQL or Cloud Storage:

• Databases: Consider Scaleway’s Managed PostgreSQL/MySQL or Serverless SQL Database
• Object Storage: Scaleway Object Storage is S3-compatible
• Or: Keep using GCP services (cross-cloud is possible, but adds latency)

Monitoring and Logging:

Scaleway provides Cockpit (based on Grafana):

• Automatic logging for all Serverless Containers
• Pre-built dashboards
• Integration with alerts and metrics
• Similar to Cloud Logging/Monitoring

The Broader Picture: European Digital Sovereignty

This migration isn’t just about cost savings or technical features—it’s about control.

Why EU Companies Are Moving:

1. Legal Protection: GDPR protections are stronger when data never leaves EU jurisdiction
2. Political Risk: Reduces exposure to US government data requests under CLOUD Act
3. Supply Chain Resilience: Diversification away from Big Tech dependency
4. Supporting European Tech: Strengthens the European cloud ecosystem
5. Future-Proofing: As digital sovereignty regulations increase, early movers are better positioned

The Economic Argument:

Every euro spent with European cloud providers:

• Stays in the European economy
• Supports European jobs and innovation
• Builds alternatives to US/Chinese tech dominance
• Strengthens Europe’s strategic autonomy

Conclusion: A Straightforward Path to Sovereignty

Migrating from Google Cloud Run to Scaleway Serverless Containers is technically simple—often taking just a few hours for a typical service. The containers are identical, the pricing is competitive, and the operational model is the same.

But beyond the technical benefits, there’s a strategic argument: as a European company, every infrastructure decision is a choice about where your data lives, who has access to it, and which ecosystem you’re supporting.

Scaleway (and other European cloud providers) aren’t perfect replacements for every GCP use case. But for containerized APIs and web services—which represent the majority of Cloud Run workloads—they’re absolutely production-ready alternatives that keep your infrastructure firmly within European jurisdiction.

In 2026’s geopolitical landscape, that’s not just a nice-to-have—it’s increasingly essential.

Resources

• Scaleway Serverless Containers: https://www.scaleway.com/en/serverless-containers/
• Scaleway Documentation: https://www.scaleway.com/en/docs/
• Skopeo Documentation: https://github.com/containers/skopeo
• European Cloud Providers: Research Scaleway, OVHcloud, Hetzner, and others
• EU Digital Sovereignty: European Commission digital strategy resources

Have you migrated your infrastructure back to Europe? Share your experience in the comments below.