One of my goals for the coming year is to gain a certification in Google Cloud. After a few years of developing different applications within Google Cloud, this certification spoke to my skill set more than the other certifications.
Through this page, I'll best convey the information per the Exam Guide.
Love Web Development?
Angular, Google Cloud, C#, Node, NestJs?
Section 1 - Design Highly scalable, available, and reliable cloud-native applications.
1.1 - Designing high-performing applications and APIs
- Microservices
- Scaling Velocity Characteristics IaaS, CaaS, PaaS
- Geographic Distribution: Latency, Regional Services, Zonal Services
- Defining a High Write Applications
Database Sharding - horiztonal partition of data held on a separate server to spread the load
Hot-Spotting - a problem that occurs when very close data is written within the same servers in database that distribute their data (Spanner, Filestore, BigTable, Firestore)
| Storage | Key Type |
|---|---|
| Big Table |
|
| Spanner |
|
| Firestore |
|
| Cloud SQL |
|
- User Session Management - Firestore Manage Cookies and Manage User Sessions
- Caching Solutions - Memorystore - Low Latency, Regional Support
- Deploying and Securing API Services - Not sure if they are talking about Google Service APIs and enabling the Credentials , or utilizing the SDKs to talk to APIs and Services via a Service Account.
- Loosely Coupled Asynchronous Applications - Pub/Sub, Kafka, and Cloud Tasks
- Graceful Shutdown on platform Termination
Free Your Developers
Nx Monorepo Starter alleviates developers from re-inventing deployments on popular Google Cloud Services, standardizes on libraries, and saves time for scaffolding projects.
View on Gumroad1.2 - Designing Secure Applications
- Implementing requirements that are relevant for application regulations (e.g. - data wipe out) - Google Cloud Storage Policies
- Security Mechanisms that protect services and resources - IAM (Identity Access Management), Service Accounts, OAuth, JWT, Identity Aware Proxy (Need to apply access control on application level and not depend on network-level tools), Secret Manager, KMS, Hashicorp, Encryption at Rest
- Security Mechanisms that secure/scan application binaries and manifest - Binary Authorization, Container Scanning
- Storing and Rotating Application Secrets and keys (Cloud KMS)
- Authenticating to Google Services (JWT, OAuth 2.0)
- IAM Roles for users/groups/service accounts
- Securing Service to Service communication - Service Mesh, K8's Network Policies, and Kubernetes Namespace)
- Running Services with least privileged access (Workload Identity)
Workload Identity allows a Kubernetes Service account to act as an IAM Service account.
1.3 Managing Application data
- Defining Database Schemas for Google-Managed DBs (Firestore, Cloud Spanner, Cloud Bigtable, Cloud SQL)
| Database | Schema Type | Indexing |
|---|---|---|
Firestore |
Schemaless, document database known as collections. Hiearchal data with collections/subcollection. Control over the fields exist in a document | Indexing: Automatic Indexing - Single Field on non-array and non-map field. Each map field creates one collection-scope ascending index and one desc index of non-array and non-map subfield. array - collection scope array contains index. Single-field collection group scope no maintained by default |
Cloud Spanner |
Defined schema and types Best Practices | Indexing either through Primary/Foreign keys or table interleaving |
Cloud Big Table |
Schema Design Key value store non-relational Database. Datasets should exist in tables with similar schemas. Limit of 1,000 tables per instance. | Only one index which is the row key |
Cloud SQL |
SQL Database schema, recommends using smaller instances for data sharding where possible | Indexes |
- Choosing Storage Options based on Use Case Considerations
| Storage Considerations | |
|---|---|
Time Limited Access |
Cloud Storage provides policies for data retrieval via Standard, Nearline, Coldline, and Archival Storage |
Data Retention |
Cloud SQL Offers automatic backups, Spanner is multi-regional allows for multiple DBs across regions, Cloud Storage has policies to data retention |
Structured vs. Unstructured |
Unstructured data can exist in Cloud Storage while structure can exist in any the above databases |
Strong vs Eventual Consistency |
Strong Consistency offers up-to-date data but at the cost of high latency. While Eventual consistency offers low latency but may reply to read requests with stale data since all nodes of the database may not have the updated data. |
Frequency of Access |
Cloud Storage - Standard / Nearline / Coldline / Archival |
1.4 - Application Modernization Considerations
- Using Managed Services
- Refactoring monolith to microservices
| Consideration | Description |
|---|---|
| Strangler Fig | A pattern that breaks down a monolith application to microservices in which monolith runs in parallel to new microservices. These monolith is incrementally refactored. |
| Decouple by Domain Driven Design | Break Microservices up into the different domains helps understand how to break up monolith into microservices. Domain -> microservice |
| Database Transactions | Operations that happen atomically. If one of he operations fails, the other operations in the transaction fail. |
| Service Communication | Retry logic should be handled when communicating with other services. Using exponential backoff could help delay while waiting for the requested service to heal. |
Section 2 - Building and Testing Applications
Section 2.1 - Setting up your local environment
- Emulating Google Cloud Services for local application development - BigTable DataStore, Firestore, Cloud Pub/Sub
gcloud components install pubsub-emulator
- Creating GCP Projects
- Using the CLI and Shell Tools
- Using Developer tooling (Cloud Code, Skaffold)
Section 2.2 - Writing Efficient Code
- Algorithm Design
- Modern Application patterns
- Software Development Methodologies
- Debugging and Profiling Code - CloudTrace, OpenTelemetry (distributed tracing using CloudTrace API), Cloud Debugger (snapshots / logpoints)
Need to set up a logging agent via the command
curl -sSO https://dl.google.com/cloudagents/add-logging-agent-repo.sh
bash add-logging-agent-repo.sh --also-install
| Service | Description |
|---|---|
| Cloud Trace | Distributed service that allows us to collect and track information related to latency. |
| Debugging | Allows for the abilitiy in the Cloud Code to create Log Points and Snapshots of application state. |
Section 2.3 Testing Considerations
- Unit Testing
- Integration Testing
- Performance Testing
- Load Testing
| Testing | Description |
|---|---|
Unit Testing |
Tests that are performed on a particular component that performs a single acxtion verifying if the task is successful |
Integration Testing |
Verifying that two components interaction works correctly |
Load Testing |
Determines if the application can work with maximum call capacity |
E2E |
Tests that run through a users workflow without the need for manual testing |
Performance |
Tests the stability, speed, scalability and responsiveness of an application |
Section 2.4 Building
- Source Control Management
- Creating Secure Container Images from Code
- Developing CI pipeline using (Cloud Build, Container/Artifact Registry) that construct deployment artifacts
| Building | Description |
|---|---|
| Source Control | Google Cloud Source repositories or mirror a GitHub/Bitbucket repository |
| Container Images | FILL THIS IN |
| CI Pipeline | Utilize Cloud Build to create a Dockage image to be pushed into the Container Registry |
Section 3: Deploying Applications
3.1 Recommend appropriate deployment strategies using the appropriate tools (e.g., Cloud Build, Spinnaker, Tekton, Anthos Configuration Manager) for the target compute environment (e.g., Compute Engine, Google Kubernetes Engine). Considerations include:
3.2 Deploying applications and services on Compute Engine. Considerations include:
- Installing an application into a virtual machine (VM)
- Managing service accounts for VMs
- Bootstrapping applications
- Exporting application logs and metrics
- Managing Compute Engine VM images and binaries
3.3 Deploying applications and services to Google Kubernetes Engine (GKE). Considerations include:
- Deploying a containerized application to GKE
- Managing Kubernetes RBAC and Google Cloud IAM relationships
- Configuring Kubernetes namespaces
- Defining workload specifications (e.g., resource requirements)
- Building a container image using Cloud Build
- Configuring application accessibility to user traffic and other services
- Managing container life cycle
- Define Kubernetes resources and configurations
3.4 Deploying a Cloud Function. Considerations include:
- Cloud Functions that are triggered via an event from Google Cloud services (e.g., Pub/Sub, Cloud Storage objects)
- Cloud Functions that are invoked via HTTP
- Securing Cloud Functions
3.5 Using service accounts. Considerations include:
- Creating a service account according to the principle of least privilege
- Downloading and using a service account private key file
Section 4: Integrating Google Cloud Services
4.1 Integrating an application with data and storage services. Considerations include:
- Read/write data to/from various databases (e.g., SQL)
- Connecting to a data store (e.g., Cloud SQL, Cloud Spanner, Firestore, Cloud Bigtable)
- Writing an application that publishes/consumes data asynchronously (e.g., from Pub/Sub)
- Storing and retrieving objects from Cloud Storage
4.2 Integrating an application with compute services. Considerations include:
- Implementing service discovery in GKE and Compute Engine
- Reading instance metadata to obtain application configuration
- Authenticating users by using OAuth2.0 Web Flow and Identity-Aware Proxy
- Authenticating to Cloud APIs with Workload Identity
4.3 Integrating Cloud APIs with applications. Considerations include:
- Enabling a Cloud API
- Making API calls using supported options (e.g., Cloud Client Library, REST API or gRPC, APIs Explorer) taking into consideration:
- Batching requests
- Restricting return data
- Paginating results
- Caching results
- Error handling (e.g., exponential backoff)
- Using service accounts to make Cloud API calls
Section 5: Managing application performance monitoring
5.1 Managing Compute Engine VMs. Considerations include:
- Debugging a custom VM image using the serial port
- Diagnosing a failed Compute Engine VM startup
- Sending logs from a VM to Cloud Logging
- Viewing and analyzing logs
- Inspecting resource utilization over time
5.2 Managing Google Kubernetes Engine workloads. Considerations include:
- Configuring logging and monitoring
- Analyzing container life cycle events (e.g., CrashLoopBackOff, ImagePullErr)
- Viewing and analyzing logs
- Writing and exporting custom metrics
- Using external metrics and corresponding alerts
- Configuring workload autoscaling
5.3 Troubleshooting application performance. Considerations include:
- Creating a monitoring dashboard
- Writing custom metrics and creating log-based metrics
- Using Cloud Debugger
- Reviewing stack traces for error analysis
- Exporting logs from Google Cloud
- Viewing logs in the Google Cloud Console
- Reviewing application performance (e.g., Cloud Trace, Prometheus, OpenTelemetry)
- Monitoring and profiling a running application
- Using documentation, forums, and Google Cloud support