VMs Flashcards
Instance Templates allow you to Define machine type, image, labels, startup script and other properties
Instance Templates allow you to Define machine type, image, labels, startup script and other properties
Instance Templates: used to create VM instances and managed instance groups Provides a convenient way to create similar instances
Instance Templates: used to create VM instances and managed instance groups Provides a convenient way to create similar instances
Instance Templates CANNOT be updated To make a change, copy an existing template and modify it
CANNOT be updated To make a change, copy an existing template and modify it
Custom Images:
- Helps reduce launch time
- Can be created from an instance, a persistent disk, a snapshot, another image, or a file in Cloud
- Storage Can be shared across projects
- Hardening an Image - Customize images to your corporate security standards
Preemptable VM
- Short-lived cheaper (upto 80%) compute instances
- Can be stopped by GCP any time (preempted) within 24 hours
- Instances get 30 second warning (to save anything they want to save)
Use Preemptable VMS if:
Your applications are fault tolerant
You are very cost sensitive
Your workload is NOT immediate Example: Non immediate batch processing jobs
Restrictions for Preemptable VMS:
NOT always available
NO SLA and CANNOT be migrated to regular VMs
NO Automatic Restarts
Free Tier credits not applicable
How do you accelerate math intensive and graphics-intensive workloads for AI/ML etc?
- Add a GPU to your virtual machine:
- High performance for math intensive and graphics-intensive workloads
- Higher Cost
- (REMEMBER) Use images with GPU libraries (Deep Learning) installed OTHERWISE, GPU will not be used
!!! Instances are Zonal, Images are global, Instance templates are global !!!
!!! Instances are Zonal, Images are global, Instance templates are global !!!
What are the pre-requisites to be able to create a VM instance?
- Project
- Billing
- Compute Engine APIs must be enabled
What would you use if you Want dedicated hardware for your compliance, licensing and management needs?
Sole Tenant Node
Command Line commands:
Cloud Storage - gsutil
Cloud BigQuery - bq
Cloud Bigtable - cbt
Kubernetes - kubectl (in addition to Gcloud which is used to manage clusters)
How do you initialize gcloud?
gcloud init
How do you list all properties on active configuration
gcloud config list
Scenario: You are working on multiple projects from the same machine. You would want to be able to execute commands using different configurations. How do you simplify this?
gcloud config configurations create/delete/describe/activate/list
Instance Groups
Group of VM instances managed as a single entity
Manage group of similar VMs having similar lifecycle as ONE UNIT Two Types of Instance
-managed and unmanaged
Managed : Identical VMs created using a template: Features: Auto scaling, auto healing and managed releases
Unmanaged : Different configuration for VMs in same group:
Does NOT offer auto scaling, auto healing & other services
NOT Recommended unless you need different kinds of VMs
Dataflow- transfers data from one service to another such as from a pub/sub to bigQuery etc
pub/sub > dataflow > bigQuery
Dataflow- transfers data from one service to another such as from a pub/sub to bigQuery etc
pub/sub > dataflow > bigQuery
Cloud Pub/Sub is a queuing service that is used to ingest data and store it until it can be processed. Bigtable is a NoSQL database, not a queueing service. Cloud Dataflow is a stream and batch processing service, not a queueing service. Cloud Dataproc is a managed Spark/Hadoop service.
Cloud Pub/Sub is a queuing service that is used to ingest data and store it until it can be processed. Bigtable is a NoSQL database, not a queueing service. Cloud Dataflow is a stream and batch processing service, not a queueing service. Cloud Dataproc is a managed Spark/Hadoop service.
IaaS -Infrasructure as a service
PaaS - platform as a service
SaaS- software as a service
IaaS (Infrastructure as a Service): IaaS products allow organizations to manage their business resources — such as their network, servers, and data storage — on the cloud.
PaaS (Platform as a Service): PaaS products allow businesses and developers to host, build, and deploy consumer-facing apps.
SaaS (Software as a Service): By far the most common cloud service, SaaS products offer both consumers and businesses cloud-based tools and applications for everyday use
IAM
Resources inherit the policies of their parent resource. For instance, if you set a policy at the organization level, it is automatically inherited by all its children projects. And this inheritance is transitive, which means that all the resources in those projects inherit the policy too.
There’s one important rule to keep in mind. The policies implemented at a higher level in this hierarchy can’t take away access that’s granted at lower level. For example, suppose that a policy applied on the “bookshelf” project gives user Pat the right to modify a Cloud Storage bucket. But a policy at the organization level says that Pat can only view Cloud Storage buckets, not change them. The more generous policy takes effect. Keep this in mind as you design your policies.
3 types of IAM roles: primitive, predefined and custom
Primitive roles are broad. You apply them to a GCP project, and they affect all resources in that project. IAM primitive roles offer fixed, coarse-grained levels of access. Fortunately, GCP IAM provides finer-grained types of roles.
IAM predefined roles apply to a particular GCP service in a project
IAM custom roles let you define a precise set of permissions. custom roles can only be used at the project or organization levels. They can’t be used at the folder level
Service Accounts control server-to-server interactions
Used to authenticate from one service to another ● Used to control privileges used by resources . ● Identified with an email address: ex. PROJECT_NUMBER-compute@developer.gserviceaccount.com
Service Accounts control server-to-server interactions
Used to authenticate from one service to another ● Used to control privileges used by resources . ● Identified with an email address: ex. PROJECT_NUMBER-compute@developer.gserviceaccount.com
