GCP Flashcards
What does IAM stand for
Identity and Access Management
IAM role types
- Primitive roles
- Predefined roles
- Custom roles
Types of primitive roles
- Owner
- Editor
- Viewer
Supported persistent disk types
- HDD
- SSD
- Local SSD
Command: copy files to and from Cloud Storage
gsutil cp
Service used for executing code in response to events
Cloud Functions
Command: list Kubernetes services
kubectl get svc
Command: run commands from inside a container that is running on Kubernetes
kubectl exec
Command: create new service account
gcloud iam service-accounts create ...
How to change an App Engine region
You cannot. Need to create a new project
Computer choices
- Compute engine
- Kubernetes engine
- App engine
- Cloud functions
- Cloud run
- Anthos
CIDR notation
used for specifying IP address ranges
Fully managed NoSQL database, limited query syntax
Cloud Datastore
Command: create Kubernetes cluster
gcloud container clusters create
Load balancers available
- HTTP(S) load balancer
- SSL Proxy
- TCP Proxy
- Network TCP/UDP load balancer
- internal TCP/UDP load balancer
Compute: manages app platform
App engine
Compute: event-driven, server-less functions
Cloud functions
Compute: server-less for containerised apps
Cloud run
Compute: VM, GPU, TPU, disks
Compute engine
Compute: manages Kubernetes/containers
Kubernetes engine
Compute: enterprise hybrid/multi-cloud platform
Anthos
Storage options
- Cloud storage
- Nearline
- Coldline
- Persistent disk
- Cloud filestore
Database options
- cloud bigtable
- cloud datastore
- cloud filestore
- cloud memorystore
- cloud spanner
- cloud SQL
Data & analytics options
- bigquery
- cloud dataflow
- cloud datalab
- cloud dataproc
- cloud pub/sub
Stackdriver options
- debugger
- error reporting
- logging
- monitoring
- profiler
- transparent SLIs
- trace
Cloud IAM members
- Google account
- service account
- Google group
- G Suite domain
- Cloud Identity domain
types of audit log for each project
- admin activity
- system events
- data access
Key-value pairs of configuration data that are accessible from code running in a Cloud Function
environment variables
Way to enable point-in-time recovery for MySQL databases on Cloud SQL
enable binary logging
Command: list networks
gcloud compute networks list
Name of a point-in-time backup of a persistent disk
Snapshot
Way to ensure the nodes in a Kubernetes Engine cluster are running the latest version of Kubernetes
enable ‘Automatic node upgrades’ option
Cloud storage metadata key to set the MIME type
Content-Type
Mechanism that allows you to extract data from logs and track it
Custom logging metric
Command: interact with Cloud Storage
gsutil
Way to run Compute Engine instance based on templates
managed instances groups
Command: copy files to and from Cloud Storage
gsutil cp
Special account used for authenticating between difference services
service account
Mounted directories accessible from inside containers
volumes
App Engine feature that allows fast rollbacks, A/B testing, canary deployments
traffic splitting
common protocol and port used to connect to a Windows instance
RDP over port 3389
RDP: remote desktop protocol
Name of the Kubernetes Deployment that ensures a single instance of a pod will run on each node
DaemonSet
Templates that Deployment Manager supports
YAML, jinja, python
Service that allows you to run a MySQL or Postgres database
Cloud SQL
kubectl flag that allows you to specify the JSON path of properties in JSON output
-o along with the jsonpath value
ex: kubectl get svc -o jsonpath
Compute Services that directly support running Docker containers
- Kubernetes engine
- App engine (flexible environment)
- Compute engine
- Cloud functions
Billing export formats
- BigQuery
- File export JSON
- File export csv
sparsely populated database
BigTable
Kubernetes resource that exposes deployments
service
interfaces for interacting with Google Cloud
- directly to the REST API
- cloud SDK
- client libraries
- console
Command: deploy a Cloud Function
gcloud functions deploy
Resource for storing sensitive information in Kubernetes
secrets
Command: create new Kubernetes Secret
kubectl create secret
Commonly paired database with App Engine
Cloud datastore
Command: add an IAM binding policy
`gcloud projects add-iam-policy-binding
Service that can ingest event streams. Commonly used with IoT
Pub/Sub
horizontally scalable SQL datapase
Cloud spanner
feature of Cloud Shell that allows you to browse to port 8080
web preview
Flag to use when deploying to app engine that will prevent the version from getting 100% of the traffic
--no-promote
open port 22 to the internet
gcloud compute firewall-rules create --network $SERVICES_NETWORK --allow tcp:22
Command: list gcloud configurations
gcloud config configurations list
mechanism that allow you to track custom information in code and save it to Stackdriver
custom monitoring metric
Command: set the CORS configuration on a bucket
gcloud cors set ...
service that supports monitoring, logging, and debugging
stackdriver
the flag to use that will allow you to determine the price of a bigQuery query without actually running the query
dry-run
name of Kubernetes controller that provides declarative updates for pods
deployments
App Engine app.yaml handler property that allows directories to be static
static_dir
Command: list the current configuration for gcloud
glcoud config list
one-click way to install common applications to Compute Engine instances
Cloud Launcher
Command: make a bucket
gsutil mb gs://bucket-name/
way to group different instances together
unmanaged instance groups
Command: list Kubernetes deployments
kubectl get deployments
available operating systems to use on a Kubernetes Engine node
COS (container-optomized) OS or Ubuntu
Command: update a Kubernetes deployment that was created with kubectl create
kubectl apply
Scaling modes supported by App Engine
Manual, Automatic
and Basic (only in standard environment)
type of short-lived, reduced price instance commonly used for batch processing
preemptible instances
feature that allows you to set the exact amount of memory and CPU
custom machine type
Load balancer used for TCP traffic with SSL offload
SSL Proxy
Command: deploy an App Engine application
gcloud app deploy app.yaml
Command: list subnets
gcloud compute networks subnets list
Common protocol and port used to connect to Linux instances
SSH port 22
Command: get Pod logs in Kubernetes
kubectl get logs
Types of App engine environments
standard and flexible
Command: create a Cloud Function
gcloud functions deploy
Fully manages version of Redis
cloud memorystore
downloadable key allowing code to authenticate against google cloud services
service account key
when creating firewall rules, the lower the number, the ___ the priority
higher
a way to analyze spending data
billing exports sent to bigquery
types of available roles
primitive (owner, editor, viewer), predefined, custom
Command: enable api
gcloud services enable [ID]
Command: list projects
gcloud projects list
Command: create a Deployment Manager deployment
gcloud deployment-manager deployments create
feature of Cloud Storage that allows object to be accessed temporarily
signed URLs
App Engine traffic can be split by
cookies, IP address, random
Command: update a Deployement Manager deployment
gcloud deployment-manager deployments update
Command: list buckets
gsutil ls
Meaning of 0.0.0.0/0
all IP addresses that exist
means of dynamically identifying instances to apply firewall rules
network tags
NoSQL’s realtime database
firebase realtime database
where SSH keys for connecting to Compute Engine instances are stored
project or instance metadata
load balancer to use for global HTTP(S) traffic
HTTP(S) load balancer
tool that warns you when you’re spending too much
billing alerts
feature that allows you to see all network traffic
flow logs
kubernetes concept that represents the smallest unit of deployment
pod
tool that helps estimate costs
pricing calculator
how to write to stackdriver logs from a cloud function
use the logging package or write to standard out
the load balancer to use for TCP traffic without SSL offload
TCP proxy
Command: create a new Spanner database
gcloud spanner database create
where do container images need to exist for kubernetes to work with them?
a container registry
key-value pairs that you can set and interact with in a Compute Engine instance
metadata
fully managed platform that supports running web applications inside a Docker container
app engine, flexible environment
Compute Engine metadata key that allows you to run code at startup
start-up script
Command: want to deploy a new instance that uses the centos 7 family. command to determine the family names
gcloud compute images list
load balancer for external TCP load balancer with SSL offload
SSL proxy
Which services for IoT solution, thousands of devices that need to send periodic time series data for processing
pub/sub, bigtable
Which database service for: product catalog of 500 products, no experience with SQL or schema migrations, want NoSQL option
cloud datastore
easiest way to ensure that the nodes in your kubernetes cluster are always up-to-date with the latest stable version of Kubernetes
enable the automatic node upgrades setting
You’ve found that your Linux server keeps running low on memory. It’s currently using 8 Gigs of memory, and you want to increase it to 16. What is the simplest way to do that?
Stop the instance and change the machine type.
use case for enabling flow logs
security team wants to audit network traffic inside your network
Command: deploy change to deployment created with gcloud deployment-manager deployments create
gcloud deployment-manager deployments update
Command: looking for the IP address of a specific instance that is running in your default zone.
glcoud compute instances list with filter and format flags
jsonpath is used with kubectl
Command: fastest way to switch to the correct configuration after running commands against the wrong project
glcoud config configurations list, then gcloud config configurations activate
You’re running an n-tier application on Compute Engine with an Apache web server serving up web requests. You want to consolidate all of your logging into Stackdriver. What’s the best approach to get the Apache logs into Stackdriver?
Install the Stackdriver monitoring and logging agents on the instance.
Command: simplest way to deploy keys of team’s public SSH keys onto all of the instances of a particular project?
Add all of the keys into a file that’s formatted according to the requirements. Use gcloud compute project-into add-metadata to upload the keys
Command: how to ensure there are always 4 idle instance? (running App Engine app with Autoscaling)
set the min_idle_instances property in app.yaml
Command: best way to generate a signed URL?
Create a service account and JSON key. USe gsutil signrl -d 10m, and pass the JSON key and bucket
10m for 10 minutes
Command: set default Compute Engine zone
glcoud config set compute/zone us-east1-c
What is require by Google Cloud in order to enable and use resources
Project. All resources belong to a project
Are Project ID globally unique
yes
Are project ID immutable
yes
Are project names unique
no
are project names mutable
yes
are project number globally unique
yes
are project number chosen by user
no, assigned by gcp
are project number immutable
yes
are folders required for projects
No, but they help group projects and policies.
Use cases for choosing pre-defined roles
- lowers business risk of accidental or deliberate damage to vital data and systems
- increases overall system and data security
- finer granularity on permission is considered a best practice
- using coarse permission may allow or cause users to violate regulations
Who can change the billing account for an existing proejct
owner on the project and a billing administrator on the destination billing account
who can manage billing accounts and add projects to them
billing administrator
Compute option: flexible, zero-ops platform for building apps
app engine
Compute option: virtual machines running in Google’s global data centers
compute engine
Compute option: logical infrastructure powered by Kubernetes
Kubernetes engine
Database options: relational
Cloud SQL, Cloud spanner
database option: non-relational
cloud datastore, cloud bigtable
data storage option: object
cloud storage
data storage option: warehouse
bigquery
data storage: need fully managed MySQL and POstgreSQL database service
Cloud SQL
data storage: need scalable, fully managed enterprise data warehouse (EDW) with SQL and fast ad-hoc queries
BigQuery
data storage: need mission-critical, relational database service with transactional consistency, global scale, high availability
Cloud Spanner
data storage: need scalable, fully manage NoSQL wide-column database that is suitable for both low-latency single-point lookups and precalculated analytics
cloud BigTable
Cloud Storage classes, from cheapest to most expensive storage price
- Coldline
- Nearline
- Regional
- Multi-regional
Cloud Storage classes, from cheapest to most expensive retrieval price
- Multi-regional
- Regional
- Nearline
- Coldline
Cloud storage classes
- Multi-regional
- Regional
- Nearline
- Coldline
Cloud storage class: most frequently accessed
mutli-regional
Cloud storage class: accessed frequently within a region
regional
Cloud storage class: accessed less than once a month
nearline
Cloud storage calss: accessed less than once a year
coldline
Kubernetes controller ensures that a copy of a pod runs on nodes in the cluster, allowing for node management
Deployment
Disadvantages of using the App Engine standard environment
- no custom runtimes
- limited support for third-party binaries
- limited ability to write to disk
Kubernetes controller uses desired state configuration and allows us to specify the number of pod instances running on a cluster
Deployment
Kubernetes nodes run services that allow pods to ___
communicate without using their individual IP address
Google Cloud Price Calculator can …
- allow us to determine areas to cut back
- allow us to determine areas to rework codebase
- ensures services are affordable to use at scale
Storage solution: suitable fro unstructured data
cloud storage
optimal compute solution when:
- workloads require high performance
- workloads that will use preemptible instances
- workloads requiring control of the operating system
Compute Engine
Storage solution:
- fully managed
- NoSQL database built on Cloud BigTable
Cloud Datastore
When to use unmanaged instance groups?
instances in the group need different configurations
Advantage of using flexible environment with App Engine
can customize the runtime
Advatages of App engine standard environment
- managed runtimes
- inexpensive
- fast startup
