Google Cloud Platform: Difference between revisions

Basics

See here

• Regions (Asia, Australia, Europe, North America, South America)
  • Collection of zones (isolated) eg "asia-east-a"
  • Redundancy, lower latency when close to use
  • Zones are a single failure domain with a region: FT application should be deployed over mulitople zones
  • At least 3 zones per region
• Software/Hardware -> Services
  • Global Resources, eg disk images
  • Multiregional Resources, Container Registry, Cloud Storage. Reduntant and distributed within/across regions.
  • Regional Resources, eg static external IPs, App Engine resources. Redultantly deployed over multiple zones.
  • Zonal resources, eg VM instances, their disks
• Project: all resources must belong to one
  • Can't share between projects without VPC (Virtual Private Cloud)
  • Name, Project ID, Project Number
  • Most resource names are unique to a project

Common Dependaencies for all services:

• Identity data plane for authentication and authorization
• Internal services that provide logging, metadata storage, and workflow management
• Access to Google Cloud APIs depends on DNS, globally-distributed load balancers, and points of presence (PoPs)
• The configuration of global resources: For example, IAM policies, global firewall rules, global load balancer configurations, and Pub/Sub topics are stored in replicated databases
• When Google Cloud services makes requests to customer-controlled endpoints, for example, Cloud EKM fetching customer keys, or Pub/Sub delivering messages, those requests depend on our global network infrastructure to access those customer-controlled endpoints.

Quotas, to protect users and services form unforseen spikes or limit unforseen costs.

• Rate Quatoa: limit the number of requests that can be made to an AP or service
• Allocation Quota: eg number of VMs used by a project at a given time
• Concurrent Quota: used to restrict number of concurrent operations in flight at any given time. Eg for long running operations that are expected to last an hour.

Other

• Organisation -> Folders -> Projects -> Resources
• gcloud config set project npgs-test-1

IAM:

• Permissions -> roles -> members
• Policy: collection of bindings of members to roles
• Identities: Google accounts created outside of of GCP (not just gamil)
  • Google accounts (engineers, administrators, etc)
  • Service accounts (applications, services, VMs. Authentication by account keys)
  • Google Groups (Collection of Google and service accounts)
  • allAuthenticatedUsers
  • allUsers

Google Cloud Storage:

• Standard: Most common, optimised for performance and HF access
• Nearline: Fast, durable for data accessed < once per month
• Coldline: Less than once per quarter
• Archive: Less than once per year

Delete a Project:

• IAM and admin -> Settings -> Project -> Shutdown

• Google CLI: Locally installable client or via Web
  • eg: gcloud compute instance create