Google cloud sdk – command and usages
we are going to see the different google cloud sdk commands and usage
| gcloud | used for spinning instances, App engine deployments All command and usage: https://cloud.google.com/sdk/docs/cheatsheet ex: gcloud project list |
| gsutil (google storage utility ) | This command used for interacting with google storage such as managing google Cloud Storage buckets and Objects https://cloud.google.com/storage/docs/gsutil |
| bq | This is used to interact with BigQuery, so you would use it for thing like runing queries and manipulating datasets https://cloud.google.com/bigquery/docs/reference/bq-cli-reference |
installing the cloud SDK
https://cloud.google.com/sdk/docs/install-sdk
Google Cloud Storage
Google Cloud Storage Important topics
- Storage Classes
- Standard: Best for short-term storage and frequently accessed data
- Nearline: Best for backups and data accessed less than once a month
- Coldline: Best for disaster recovery and data accessed less than once a quarter
- Archive: Best for long-term digital preservation of data accessed less than once a year
- A brief description of each storage class is provided. Nearline and Coldline should be considered for infrequently accessed data. Standard has the highest cost of storage but the lowest cost for operations and data retrieval is free which is not true for the other classes. Archive is a new storage class whose purpose is to maintain data for a long period (at least 365 days) and it is a good choice when you rarely access your data (once a year, for example). The default storage class can be overridden for individual objects when necessary.
- Identity and access Management (IAM) or Access Control Lists(ACLs) to control access to cloud storage objects
- Object life cycle Management rules to Automatically perform actions on objects when certain condition are met (Difference between IAM and ACL is IAM is bucket-level permission. ACL is Object level permission)
| IAM(Identity and access Management ) | ACL(Access Control Lists) |
| IAM is bucket-level permission/access | ACL is Object level permission |
Region: Data stored in a single region, but in multiple availability zones, for the second-best availability and lower storage cost than multi-regional
Multi-Region: Data is stored in multiple geographic regions giving the highest availability but also the highest storage cost
Dual-Region: Data stored in two different regions and in multiple availability zones.
What is object in google storage
The pieces of data that are stored in buckets are called objects. Objects are similar to files, but they include both the data/file and metadata. The metadata is key-value pairs, similar to bucket labels. Metadata consists of:
- Automatically populated metadata, such as the content type and version/generation number when versioning is enabled
- Custom metadata that you can set for use in your applications
You can store an unlimited amount of objects in a bucket, but each object must be unique within a bucket
IAM vs ACL
Cloud Storage utilizes multiple security models for controlling access.
Identity and Access Management (IAM): Grants coarse-grained object access to users at the bucket level. IAM allows you to control the operations a user can perform on a bucket, such as listing objects in a bucket, downloading objects in a bucket, or creating objects in a bucket. IAM is the same security system used by all resources in Google Cloud Platform, and works by assigning users and groups to roles that specify a list of permissions. IAM is the recommended way to control access to Cloud Storage, although it cannot handle all use cases, such as granting access to a single object in a bucket. Instead, it applies equally to all objects in a bucket.
Access Control Lists (ACL): Grants fine-grained object read and/or object metadata write access to users. ACLs can apply to individual objects in a bucket. ACLs can also apply to entire buckets. Objects and buckets automatically have predefined ACLs applied to them, but you can adjust the ACLs if the default does not suit your requirements.
Cloud Storage Object Lifecycle Management
- Every bucket has a default storage class. The default is used if you do not specify a storage class of objects when you first upload them to Cloud Storage. You can change a bucket’s default storage class, but that does not modify the storage class of objects already in the bucket. In fact, you cannot directly modify the storage class of an object in the Console.
- There are several scenarios that would benefit from having a way to automatically change an object’s storage class, such as for automatically archiving files by changing the storage class from Nearline to Coldline after three months. Object Lifecycle Management provides this capability and more. Object Lifecycle Management applies to all objects in a bucket and cannot be targeted at a subset of objects in a bucket.
- Be aware that Object Lifecycle Management may still perform actions based on the old configuration for up to 24 hours.
Google Compute Engine (provide virtual machine)
Ways to create virtual machine instances
following are the three ways, by using this way we can create/launch the virtual machine instances
- From scratch/console
- From templates
- From a machine image
Compute engine types
- General purpose Machine: – hosing website or running vitual desktop
- Compute Optimized Machine: – Media transcoading, running simulation
- Memory Optimized Machine: – suitable for creating inmemory databased
- Accelerator optimized machine:- come equiped with powerful GPU. useful for rendering or Machine Learning workload
- Custom Machines – crating custom machine as per requirement
Cloud Run – to run container
Cloud function: small amount of code or event based task
App: web based application
Compute/virtual machine discount
- SUSTAINED-USE DISCOUNT – if we use some kind of machine type then discount will apply
- COMMITTED-USE DISCOUNT – if we know our usage and year(1-3year) then we will pay of this time frame and we will get discount
- SPOT VITUAL MACHINE – useful for the batch job. not decidated machine shutdown any time.
Introduction to Google Virtual Private Cloud (VPC)
- What is Google virtual private cloud is
- How to crate VPC networks
- How to connect or isolate a vpc
- How to share a VPC with other project
- VPC PEERING VS SHARED VPC
What is vpc and why we need it?
suppose we have two customers A and B. It is possible both customer using the virtual machine which is residing in the one physical server to separate this virtual machine into two separate network google provides the vpc.
VPC can further be divided into sub-netwotks(subnet). vpc are global
subnet assign to region. one subnet can be reside in usa and another in the china and another in the india this is possible but all this subnet belongs to one VPC. but if we want to separate it we can do that by creating different vpc for each subnet.
VPC – specify your own rule using
- CIDR RANGES/SUBNET
- CUTOM ROUTES
- FIREWALL RULES
How to connect two vpcs
we can connect two vpcs using vpc peering. Also we can share the vpc with other PROJECTS and other Teams
google private access: it will disable all internet access and allow to connect other gcp services. (it works on subnet level and not vpc level. we need to configure it in a subnet. )
VPC PEERING VS SHARED VPC
shared vpc – used when we want to shared the resource’s across multiple projects
Shared VPC is excellent for centralized management and resource sharing within GCP. VPC Peering is suitable for direct communication between separate VPCs, whether within the same or different AWS accounts
Load Balancing on Google Cloud
- What a cloud load balancer is
- The different types of load balancers available on GCP
- How to configure a load balancer
- How to access the logs and monitoring dashboards
WHAT IS LOAD BALANCER?
A load balancer provides a single point of entry for a group of resources. Load balancers are able to intelligently distribute requests. They can route traffic based on various criteria such as server Health, server capacity, geographic location or specific application needs. And this ensure that no individual part of your infrastructure get overwhelmed.
Load balancers can also help optimize your performance and reduce latency.
Load balancer can manage sessions persistence(load balancer can use cookies or look at a client ips, to ensure that the user session maintain correctly.
You can configure them to handle the initial SSL/TSL handshake with clients. Then they can decrypt the traffic, and forward it to the backend servers in unencrypted form. this helps to improve the backend server perfromance by eliminating unnecessary processing
Google loadbalancer also include useful integration like cloud cdn and cloud Armor
cloud CDN – used to cache your web services
Cloud Armor – used for to protect from Ddos attack
What are the different types Load balancer?
there are having access types this access type are two types of load balancer internal load balancer and external load balancer
To choose the correct load balancer you need to consider following for attributes
- Access (external or Internal)
- Scope (Global or Regional)
- Traffic Type (Http or https, ssl, tcp, ICMPv6)
- Termination (Proxy, passthrough)
Access – load balancer attribute
- Internal Load balancer : internal load balancer are assigned a private ip address and are only accessible from inside of google cloud
- External Load balancer: External Load balancer are assigned a public IP and can be accessed from anywhere on the internet.
Scope – load balancer attribute
Load balancer scope either REGIONAL OR GLOBAL. Regional load balancers are used to distribute you load across multiple zone . This means your service can survive a Zonal Outage.
Global Load balancer: Global balancer are used to distribute your load across multiple regions. that means your service can survive either a zonal or a regional outage.
Traffic Type – load balancer attribute
Each load balancer only works on a very specific type of network traffic. ex: http or https, ssl, TCP
In order to pick up the right kind of load balancer, you need to understand exactly what kind of traffic it will be handling
Termination – load balancer attribute
There are proxy load balancers and pass through load balancers.
Proxy load balancers terminate incoming client connections. That just means that the connection between the client and the load balancer is separate from the connection between the load balancer and the backend.
Basically, what this means it that proxies allow you to do some more advanced things. proxy, you can get away with just encrypting the connection between your client and the load balancer. The connection between your load balancer and backend can remain unencrypted. In a configuration like this, you would only need to manage a single SSL Certificate on the load balancer. As opposed to having to maintain multiple certificates. a different one on each backend instance.
Passthrough load balancers do not terminate client connections. Instead, they directly forward all packet from the client to the backend.
if we need to know the client ip then we need to use load passthrough load balancer.
How to choose the correct load balancer?
https://cloud.google.com/load-balancing/docs/choosing-load-balancer
Choose Correct Load Balancer – Use case #1
You want to build a publicly accessible website.
- The website needs to have multiple instances running on compute Engine.
- The VMs need to be hosted in the US, Europe, and China.
On the above requirement. Website is public so ACCESS attribute – External
Then it is website so we are accessing HTTP or HTTPS so traffic attribute is HTTP or HTTPS
And vms are in multiple regions so GLOBAL EXTERNAL LOAD BALANCER IS THE CORRECT FOR OUR REQUIREMENTS