Deployment on GCP
Computing services such as virtual machine instances, container orchestration systems, serverless, etc., gain a lot of attention in the tech world, but storage and networking are also essential for almost all applications. Data storage is a broad topic covering a wide variety of storage mechanisms for different use cases. Networking is vital for service communication, and security is always important, though typically an afterthought.
As the technologies used to build distributed systems keep improving, data storage offerings continue to grow, evolve, and inspire new services. Having a better understanding of these different services can help us build better applications.
This course will help prepare you for the Google Professional Cloud Developer Certification exam, which requires a working knowledge of building cloud-native systems on GCP, and covers a wide variety of topics, from designing distributed systems to knowing how to create different storage resources.
This course focuses on the third section of the exam overview, concentrating specifically on the last four points, which cover data storage creation, networking, and security services.
- Create data storage resources
- Deploy and implement networking resources
- Automate resource provisioning with Deployment Manager
- Manage service accounts
- IT professionals who want to become cloud-native developers
- IT professionals preparing for Google’s Professional Cloud Developer exam
- Software development experience
- Proficient with at least one programming language
- SQL and NoSQL experience
- Networking experience (subnets, CIDR notation, and firewalls)
- Familiarity with infrastructure-as-code concepts
Hello and welcome. In this lesson, we're going to summarize the high points from the course. This lesson is going to be a rapid-fire review of the key takeaways and there's a lot to cover so let's get started.
Cloud Source Repositories are Google Cloud's hosted Git repository. Mirroring from GitHub and Bitbucket is supported. Integration with Cloud Build allows code changes to trigger build tasks, which can support a CI/CD pipeline, and integration with other services such as App Engine provides a mechanism for code deployments.
Cloud SQL is a relational database service supporting multiple database engines. Cloud SQL is a regional service with multi-zone data replication. Cloud SQL instances use single-zone or regional availability. Regional availability provides automatic failover between zones, which protects from zone-based failures. And instances can be linked to a VPC and it allows them a private IP address.
Cloud Datastore requires an index for every query. Indexes for each individual property are automatically generated for both ascending and descending data. Auto-generated indexes support simple queries. Complex queries require composite indexes which can be manually created or generated with the use of the local development datastore emulator. Indexes are defined in an index.yaml file and they are uploaded to Datastore using the gcloud SDK.
Big-query datasets are the top-level container in which tables, views, and access control is defined. Datasets belong to an immutable location set at creation.
Spanner is a Google-created, distributed, relational database system supporting SQL queries and strong consistency. A Spanner instance is an instance of the Spanner database engine, which consists of one or more nodes, each node being backed by multiple replicas. Reads and writes that take place inside of a transaction are strongly consistent. Instances can be regional or multi-regional. Reading stale data is something that is supported though not typically recommended, though for limited-use cases, such as in a multi-region environment, it is possible.
Cloud Storage supports multiple locations allowing for greater availability as well as multiple storage classes based on the expected data access frequency. This is a fairly simple service conceptually, however, it has a lot of use cases.
Pub/Sub topics are a named destination for messages that subscribers can then listen to and get the messages from. Topics are the entry point for Pub/Sub, making them a key concept. A single topic can have multiple subscriptions allowing the same message to be processed by multiple consumers.
VPC networks support subnets, which are regional resources that define an IP address range. Networks can support custom or auto mode. Auto mode generates the subnets in each region automatically. Custom mode requires subnets to be manually created. Firewall rules for VPC networks support incoming and outgoing traffic. The anatomy of a rule is slightly different for incoming versus outgoing. However, both have a priority and an action as well as protocols and ports. Incoming rules define a traffic destination target and a traffic source. Outgoing rules define a traffic source target and a destination address or address range.
Cloud DNS is a Google-managed domain name service supporting both public and private domains. Deployment Manager is a Google Cloud-specific infrastructure as code service, allowing resources to be defined in a configuration file. And configuration files are YAML files capable of leveraging both Jinja and Python templates. Creating a deployment is done by passing a configuration to the deployment's create function. Once created, it can be updated via the update function.
Service accounts are special accounts used by code to access Google Cloud Platform APIs. The current method for managing service account permissions is through the use of roles. Compute Engine instances still use access scopes. To bridge the two, the best practice is to set the access scope to the ultra-permissive cloud-platform scope and use roles to limit the permissions on that account. Service accounts used by GCP services such as Compute Engine use Google-managed keys. Code running outside of GCP can leverage user-managed keys which can be downloaded as JSON files and deployed alongside the code. And with that, we have reached the end of this lesson which means we have reached the end of this course.
Preparing for exams takes a lot of time and effort. Kudos to you for putting in the effort. I hope this course has helped towards that goal, and good luck when you take the exam. Also, feel free to reach out to me on Twitter and let me know how it went. Thank you so very much for watching and I will see you in another course.
Ben Lambert is a software engineer and was previously the lead author for DevOps and Microsoft Azure training content at Cloud Academy. His courses and learning paths covered Cloud Ecosystem technologies such as DC/OS, configuration management tools, and containers. As a software engineer, Ben’s experience includes building highly available web and mobile apps. When he’s not building software, he’s hiking, camping, or creating video games.