Quickhits Flashcards
APIs enabled by default (14 of them)
BigQuery APIBigQuery Storage APICloud Datastore APICloud Debugger APICloud Logging APICloud Monitoring APICloud SQLCloud StorageCloud Storage APICloud Trace APIGoogle Cloud APIsGoogle Cloud Storage JSON APIService Management APIService Usage API
Dataproc and Dataflow
Cloud Dataflow uses the Apache Beam framework and can process streamed data. Cloud Dataproc is for Spark/Hadoop and doesn’t handle streamed data.
get information about a GKE cluster
kubectl get deployment [Deployment Name] -o yaml
What do you use when dealing with stack traces
Stackdriver Error Reporting
Should you log to stdout and stderr on GCE for Stackdriver
No it is not the recommended way, write to a log file instead and configure Stackdriver to use that.
What role allows modification of an App engine cookie time
App Engine Admin
What is the maximum size of an object in GCS
5 TiB
What the limit to the size of object names.
This limit is 1024 bytes.
Maximum payload size for a GCS JSON API call
10MB.
What are the bandwidth limits for GCS
200 Gbps for each region from Cloud Storage to Google services. 50 Gbps per-project, per-region default bandwidth quota for Google services accessing a bucketEgress to Cloud CDN is exempt from these quotas.
GCS Minimum storage duration
Standard Storage : NoneNearline Storage : 30 daysColdline Storage : 90 daysArchive Storage : 365 days
GCS Retrieval Fees
Standard Storage : $0 per GBNearline Storage : $0.01 per GBColdline Storage : $0.02 per GBArchive Storage : $0.05 per GBAbout Doubles
Sample Storage Fees (differs by region)
Standard Storage: $0.023Nearline Storage: $0.013 1/2 standardColdline Storage: $0.006 .05 of NearlineArchive Storage: $0.0025 .05 of Archive
If you want to use JSON to send structure logging to Cloud Logging from the command line, what must you do
Pass –payload-type=json
How do you list the name of the currently active account
gcloud auth lists
How do you linke a project to a billing account?
gcloud beta billing links a project to a billing account, in GUI it is automatic
How are credentials pass to Cloud Functions
As Environment Variables - i.e. key value pairs
What is the minimum number of service accounts an instance needs
The default instance account can be removed from an instance leaving none
What was Cloud Logging previous known by?
previously Stackdriver Logs
What email address is used for the default App Engine service
PROJECT_ID@appspot.gserviceaccount.com
How many keys can you configure for a service account?
You may generate a small number of keys per service account to facilitate key rotation. Primarily used for outside services and so that you can rotate to new keys. 10 is the max.
How do you enable to Compute API
Via the command line but a quicker way is to navigate to the Compute Engine of the console which automatically enables the GCE API.
How do you configure authentication for using Cloud Shell
You do not have to configure authentication to be able to use Cloud Shell
How does the “Defaults” project affect API inheritance
‘There is no such thing as a “defaults” project
What does “Metadata-Flavor: Google” do
This header indicates that the request was sent with the intention of retrieving METADATE VALUES, rather than unintentionally from an insecure source, and lets the metadata server return the data you requested.
What does legacyBucketWriter do
Grants permission to create, replace, list and delete objects
What is the command for generating a Kubernetes Secret from a file of key value pairs
kubectl create secret generic –from-file=.env.staging
What is Data Studio
Visualize your data through highly configurable charts and tables.Easily connect to a variety of data sources.Tell your data story with charts, including line, bar, and pie charts, geo maps, area and bubble graphs, paginated data tables, pivot tables, and more.
What is a limitation of roles/compute.storageAdmin
Grants permissions to create, modify, and delete disks, images, and snapshots, but not view the contents of Storage Buckets
What does the following dokubectl diff -f ./my-manifest.yaml
Compares the current state of a cluster with the contents of the manifest file
Can you expand a IP-Subnet in GCP?
Yes you can, provided there aren’t conflicts. https://cloud.google.com/sdk/gcloud/reference/compute/networks/subnets/expand-ip-range
What is gvisor
gVisor is a userspace re-implementation of the Linux kernel API that does not need elevated privileges. In conjunction with a container runtime such as containerd , the userspace kernel re-implements the majority of system calls and services them on behalf of the host kernel.
What does Datastore Emulator do and how do you install it
Provides local emulation of the production Datastore environment, installed by gcloud components install cloud-datastore-emulator
How do you list the components available for installation in gcloud
gcloud components list
How can you manage GKE locally
By installing kubectl locallygcloud components install kubectl
What does roles/browser allow
To view the hierarchy of the GCP org structure
What does the following dokubectl config use-context
Allows you to access multiple clusters by using configuration files
What are some resource types that Deployment Manager can deploy
Compute EngineManaged InstancesGKEBigQueryCloud SQLAnd many more
How do you deploy a docker files
Create Docker image from it, upload to Container Registry then deploy from kubectl using that
What is Google Datastore
A time series NoSQL database
What does gcloud iam roles listdo?
It lists the IAM roles available
What do these roles doCompute AdminCompute Image UserCompute Instance AdminCompute OS Admin LoginCompute Storage AdminCompute Security Admin
Compute Admin - Full controlCompute Image User - Permission to list and read images without having other permissions on the image. Compute Instance Admin - Permissions to create, modify, and delete virtual machine instances. This includes permissions to create, modify, and delete disks, and also to configure Shielded VM settings. Compute OS Admin Login - Access to log in to a Compute Engine instance as an administrator user. Compute Storage Admin - Permissions to create, modify, and delete disks, images, and snapshots. Compute Security Admin - Permissions to create, modify, and delete firewall rules and SSL certificates, and also to configure Shielded VM settings.
What is a Shielded VM
Shielded VMs are virtual machines (VMs) on Google Cloud hardened by a set of security controls that help defend against rootkits and bootkits.
Does GCP allow migration of App Engine Standard apps to a new zone/region
No, it does not. Each Cloud project can contain only a single App Engine application, and once created you cannot change the location of your App Engine application.
What does the following dogcloud iam roles describe
It list information about the role along with the included permissions
What 3 IAM roles can run BigQuery queries?
roles/bigquery.adminroles/bigquery.jobUserroles/bigquery.user
For compute engine, what is the combined total limit for all metadata entries?
512KB
Are metadata entries case sensative?
Yes
What are the size limits for metadata entries
metadata key - 128 bytesmetadata value - 256 KB
For metadata fields, what are valid boolean values
TRUE Y, Yes, 1FALSE N, No, 0
How do you delete a GAE
You don’t. The currently is no way to delete an existing app in GAE, or change its initial configuration, such as region. If such changes are needed you will have to spin up a new project.However you can disable the app by going top App Engine -> Settings -> Disable Application
What are the 7 layers for the OSI TCP/IP model
1) Physical2) Data Link3) Network4) Transport5) Session6) Presentation7) Application
Which App Engine flavor allows custom code
App Engine Flexible allows custom code and languages. Runs in a Docker Container
What is Cloud Run
a managed compute platform that enables you to run containers that are invocable via requests or events.
Does Cloud SQL support user defined functions
No, Cloud SQL does not support user defined functions but it does support user defined proceduresBigQuery does support user defined functions
Does BigQuery support UDF (User Defined Functions)
Yes, BigQuery does support UDFs.
What is Cloud Spanner
Spanner is a distributed, globally scalable SQL database service that decouples compute from storage,
How do you calculate number of IPs from a CIDR
Starting at 32, which gives 1 IP, the number of IPs double as the number decreases.32 - 131 - 230 - 429 - 828 - 1627 - 32
Can you set IAM permissions at the folder level in the organizational hierarchy?
Yes
Where would you migrate a Apache HBase workload to.
Cloud Bigtable, NoSQL database
BigtableBigQueryCloud Spanner
Cloud Bigtable. A fully managed, scalable NoSQL database BigQuery stores data using a columnar storage format that is optimized for analytical queries. (BI)Fully managed relational database with unlimited scale, strong consistency and up to 99.999% availability.
Cloud Run
For running managed highly scalable containerized applications
What would you use to migrate MySQL, PostgreSQL or SQL Server data bases to GCP
Database Migration Services
What does Striim do?
A service that provides automated connectors to build data streams from multiple sources into backend databases.
Datastream
a serverless change data capture (CDC) and replication service.Analogous to Apache Beam
gcloud command to expand a subnets IP range
gcloud compute networks subnets expand-ip-range NAME –prefix-length=PREFIX_LENGTH
BigQuery pricing
Analysis Pricing (data processing) and Storage pricing.Active storage $0.02 per GBLong-term storage $0.01 per GBQueries (on-demand)$5 per TBThe first 1 TB per month is free.Data IngestionBatch Loading Free using the shared slot pool.Streaming inserts (tabledata.insertAll) $0.01 per 200 MB. Individual rows are calculated using a 1 KB minimum size.BigQuery Storage Write API $0.025 per 1 GB The first 2 TB per month are free.Batch exports Free using the shared slot pool.Streaming reads (BigQuery Storage Read API) $1.1 per TB read 300 TB of data per month free
How much is BigQuery fixed rate pricing?
$2500 per month, does not include storage
What does a GKE DaemonSet, do.
A DaemonSet ensures that all (or some) Nodes run a copy of a Pod. As nodes are added to the cluster, Pods are added to them.
What is GKE StatefulSet
StatefulSet is the workload API object used to manage stateful applications and provide storage persistence for your workload
What is a GKE Ingress Object?
An API object that manages external access to the services in a cluster, typically HTTP. May provide load balancing, SSL termination and name-based virtual hosting.
Whats the difference between GKE AutoPilot and GKE Standard
Autopilot: GKE provisions and manages the cluster’s underlying infrastructure, including nodes and node pools, giving you an optimized cluster with a hands-off experience.Standard: You manage the cluster’s underlying infrastructure, giving you node configuration flexibility.
What are the 4 types of Cloud Storage Triggers
google.storage.object.finalize (default)google.storage.object.deletegoogle.storage.object.archivegoogle.storage.object.metadataUpdate
How do you grant access to Pub/Sub
Pub/Sub uses Identity and Access Management (IAM) for access control.Grant access on a per-topic or per-subscription basis, rather than for the whole Cloud project.Grant access with limited capabilities, such as to only publish messages to a topic, or to only consume messages from a subscription, but not to delete the topic or subscription.Grant access to all Pub/Sub resources within a project to a group of developers.
What is the gcloud command for creating a DB
gcloud sql instances create INSTANCE
Does BigQuery Data Transfer Service for Cloud Storage support versioning
No, if you include a generation number in the Cloud Storage URI, then the load job fails.
Is loading a compressed JSON file into BigQUery, faster or slower than loading an uncompressed file
It is slower, BigQuery cannot read compressed data in parallel.
What is the format for data and timestamp fields when loading CSV and JSON files into BigQuery?
YYYY-MM-DD and hh:mm:ss
What is the maximum gzip file size for loading into BigQuery?
4 GB.
What are the 4 emulators available to Google Cloud SDK
BigTable, Datastore, Firestore, and Cloud Pub/SubExample commandsgcloud components install cloud-datastore-emulatorgcloud beta emulators datastore start [flags]
What is Data Studio
Data Studio is a free tool that turns your data into informative, easy to read, easy to share, and fully customizable dashboards and reports. Use the drag and drop report editor
Does a server behind a GFE HTTPS load balancer require a valid certificate
NoWhen a GFE connects to backends that are within Google Cloud, the GFE accepts any certificate your backends present. GFEs do not perform certificate validation. For example, the certificate is treated as valid even in the following circumstances:The certificate is self-signed.The certificate is signed by an unknown certificate authority (CA).The certificate has expired or is not yet valid.The CN and subjectAlternativeName attributes don’t match a Host header or DNS PTR record.
Which Cloud Storage classes offer low latency
All storage classes offer low latency (time to first byte typically tens of milliseconds) and high durability.
What are GKE Deployments
GKE Deployments are a declaration of what you want. Functionally, a Deployment uses ReplicaSets to make sure that the right configuration and number of pods are deployed to the cluster.
What are the three deployment lifecycles
A Deployments lifecycle can be in one of three states: progressing, completed, or failed.
Are predefined roles fine-grained?
Yes, predefined roles are fine-grained enough to set permissions for specific roles requiring sensitive data access.
Which is faster, BigQuery or BigTable?
Bigtable because it provides high-speed reads and writes, accommodates a simple schema, and is cost-effective
What is Cloud Foundation Toolkit (CFT)?
It provides a series of reference templates for Deployment Manager and Terraform which reflect Google Cloud best practices.
What are the 3 ways to protect a budget and what are their uses
1) Set up budgets and alerts in your project.Will notify but not prevent excessive resource consumption.2) QuotasQuotas will prevent resource consumption from exceeding specified limits.3) Export the billing reports, and analyze them with BigQueryAllows for analyzing the root cause for going over the budget but will not prevent overspend.
What is the maximum cache size for Apigee Edge
512KB
What is the maximum cache size for Cloud CDN
5TB
When would you use Identity-Aware Proxy (IAP)
Use IAP when you want to enforce access control policies for applications and resources. IAP works with signed headers or the App Engine standard environment Users API to secure your app.
What benefits does Virtual Private Network Service Controls provide
1) Can create granular access control policies in Google Cloud based on attributes like user identity and IP address.2) Can define a security perimeter around Google Cloud resources such as Cloud Storage buckets, Bigtable instances, and BigQuery datasets to constrain data within a VPC and control the flow of data.3) Can enforce a security posture across numerous Google Cloud services and projects.
How do you init a gcloud without it opening a web browser
Pass the –console-only flaggcloud init –console-only
