One of my goals for the coming year is to gain a certification in Google Cloud.  After a few years of developing different applications within Google Cloud, this certification spoke to my skill set more than the other certifications.

Through this page, I'll best convey the information per the Exam Guide.

Section 1 - Design Highly scalable, available, and reliable cloud-native applications.

1.1 - Designing high-performing applications and APIs

Database Sharding - horiztonal partition of data held on a separate server to spread the load

Hot-Spotting - a problem that occurs when very close data is written within the same servers in database that distribute their data (Spanner, Filestore, BigTable, Firestore)

Storage Key Type
Big Table
  • Avoid Timestamps
  • Concatenate timestamp accompanied with a user id or other attribute to make the id unique
Spanner
  • Any value that increase sequentially comes a the end of the key
  • Incremented keys always go at the end of the composite key
  • Prepending the hash to the beginning of the composite keu
  • UUID
Firestore
  • Uses Scatter Algorithm to locate documents
  • Not Sequential
  • Creates IDs automatically
Cloud SQL
  • Keep These instances as small as possible
  • No more than 10k tables / instance

Free Your Developers

Nx Monorepo Starter alleviates developers from re-inventing deployments on popular Google Cloud Services, standardizes on libraries, and saves time for scaffolding projects.

View on Gumroad

1.2 - Designing Secure Applications

  • Implementing requirements that are relevant for application regulations (e.g. - data wipe out) - Google Cloud Storage Policies
  • Security Mechanisms that protect services and resources - IAM (Identity Access Management), Service Accounts, OAuth, JWT, Identity Aware Proxy (Need to apply access control on application level and not depend on network-level tools), Secret Manager, KMS, Hashicorp, Encryption at Rest
  • Security Mechanisms that secure/scan application binaries and manifest - Binary Authorization, Container Scanning
  • Storing and Rotating Application Secrets and keys (Cloud KMS)
  • Authenticating to Google Services (JWT, OAuth 2.0)
  • IAM Roles for users/groups/service accounts
  • Securing Service to Service communication - Service Mesh, K8's Network Policies, and Kubernetes Namespace) // TO DO
  • Running Services with least privileged access (Workload Identity) // TO DO
  • Certificate Base Authentication (SSL, mTLS) // TO DO

1.3 Managing Application data

Database Schema Type Indexing
Firestore Schemaless, document database known as collections. Hiearchal data with collections/subcollection. Control over the fields exist in a document Indexing: Automatic Indexing - Single Field on non-array and non-map field. Each map field creates one collection-scope ascending index and one desc index of non-array and non-map subfield. array - collection scope array contains index. Single-field collection group scope no maintained by default
Cloud Spanner Defined schema and types Best Practices Indexing eihter through Primary/Foreign keys or table interleaving
Cloud Big Table Schema Design Key value store non-relational Database. Datasets should existin in tables with similar schemas. Limit of 1,000 tables per instance. Only one index which is the row key
Cloud SQL SQL Database schema, recommends using smaller instances for data sharding where possible Indexes
  • Choosing Storage Options based on Use Case Considerations
Storage Considerations
Time Limited Access *Cloud Storage provides policies for data retrieval via Standard, Nearline, Coldline, and Archival Storage
Data Retention Cloud SQL Offers automatic backups, Spanner is multi-regional allows for multiple DBs across regions, Cloud Storage has policies to data retention
Structure vs. Unstructed Unstructured data can exist in Cloud Storage while structure can exist in any the above databases
Strong vs Eventual Consistency Strong Consistency offers up-to-date data but at the cost of high latency.
While Eventual consistency offers low latency but may reply to read requests with stale data since all nodes of the database may not have the updated data.
Frequency of Access Cloud Storage - Standard / Nearline / Coldline / Archival

1.4 - Application Modernization Considerations

Consideration Description
Strangler Fig A pattern that breaks down a monolith application to microservices in which monolith runs in parallel to new microservices. These monolith is incrementally refactored.
Decouple by Domain Driven Design Break Microservices up into the different domains helps understand how to break up monolith into microservices. Domain -> microservice
Database Transactions
Service Communication

Section 2 - Building and Testing Applications

Section 2.1 - Setting up your local environment

  • Emulating Google Cloud Services for local application development - BigTable DataStore, Firestore, Cloud Pub/Sub
gcloud components install pubsub-emulator

Section 2.2 - Writing Efficient Code

  • Algorithm Design
  • Modern Application patterns
  • Software Development Methodologies
  • Debugging and Profiling Code - CloudTrace, OpenTelemetry (distributed tracing using CloudTrace API), Cloud Debugger (snapshots / logpoints)

Need to set up a logging agent via the command

curl -sSO https://dl.google.com/cloudagents/add-logging-agent-repo.sh

bash add-logging-agent-repo.sh --also-install
Service Description
Cloud Trace Distributed service that allows us to collect and track information related to latency.
Debugging Allows for the abilitiy in the Cloud Code to create Log Points and Snapshots of application state.

Section 2.3 Testing Considerations

  • Unit Testing
  • Integration Testing
  • Performance Testing
  • Load Testing

Section 2.4 Building

  • Source Control Management
  • Creating Secure Container Images from Code
  • Developing CI pipeline using (Cloud Build, Container Registry) that construct deployment artifacts

Section 3: Deploying Applications

3.1 Recommend appropriate deployment strategies using the appropriate tools (e.g., Cloud Build, Spinnaker, Tekton, Anthos Configuration Manager) for the target compute environment (e.g., Compute Engine, Google Kubernetes Engine). Considerations include:

3.2 Deploying applications and services on Compute Engine. Considerations include:

  • Installing an application into a virtual machine (VM)
  • Managing service accounts for VMs
  • Bootstrapping applications
  • Exporting application logs and metrics
  • Managing Compute Engine VM images and binaries

3.3 Deploying applications and services to Google Kubernetes Engine (GKE). Considerations include:

  • Deploying a containerized application to GKE
  • Managing Kubernetes RBAC and Google Cloud IAM relationships
  • Configuring Kubernetes namespaces
  • Defining workload specifications (e.g., resource requirements)
  • Building a container image using Cloud Build
  • Configuring application accessibility to user traffic and other services
  • Managing container life cycle
  • Define Kubernetes resources and configurations

3.4 Deploying a Cloud Function. Considerations include:

  • Cloud Functions that are triggered via an event from Google Cloud services (e.g., Pub/Sub, Cloud Storage objects)
  • Cloud Functions that are invoked via HTTP
  • Securing Cloud Functions

3.5 Using service accounts. Considerations include:

  • Creating a service account according to the principle of least privilege
  • Downloading and using a service account private key file

Section 4: Integrating Google Cloud Services

4.1 Integrating an application with data and storage services. Considerations include:

  • Read/write data to/from various databases (e.g., SQL)
  • Connecting to a data store (e.g., Cloud SQL, Cloud Spanner, Firestore, Cloud Bigtable)
  • Writing an application that publishes/consumes data asynchronously (e.g., from Pub/Sub)
  • Storing and retrieving objects from Cloud Storage

4.2 Integrating an application with compute services. Considerations include:

  • Implementing service discovery in GKE and Compute Engine
  • Reading instance metadata to obtain application configuration
  • Authenticating users by using OAuth2.0 Web Flow and Identity-Aware Proxy
  • Authenticating to Cloud APIs with Workload Identity

4.3 Integrating Cloud APIs with applications. Considerations include:

  • Enabling a Cloud API
  • Making API calls using supported options (e.g., Cloud Client Library, REST API or gRPC, APIs Explorer) taking into consideration:
  • Batching requests
  • Restricting return data
  • Paginating results
  • Caching results
  • Error handling (e.g., exponential backoff)
  • Using service accounts to make Cloud API calls

Section 5: Managing application performance monitoring

5.1 Managing Compute Engine VMs. Considerations include:

  • Debugging a custom VM image using the serial port
  • Diagnosing a failed Compute Engine VM startup
  • Sending logs from a VM to Cloud Logging
  • Viewing and analyzing logs
  • Inspecting resource utilization over time

5.2 Managing Google Kubernetes Engine workloads. Considerations include:

  • Configuring logging and monitoring
  • Analyzing container life cycle events (e.g., CrashLoopBackOff, ImagePullErr)
  • Viewing and analyzing logs
  • Writing and exporting custom metrics
  • Using external metrics and corresponding alerts
  • Configuring workload autoscaling

5.3 Troubleshooting application performance. Considerations include:

  • Creating a monitoring dashboard
  • Writing custom metrics and creating log-based metrics
  • Using Cloud Debugger
  • Reviewing stack traces for error analysis
  • Exporting logs from Google Cloud
  • Viewing logs in the Google Cloud Console
  • Reviewing application performance (e.g., Cloud Trace, Prometheus, OpenTelemetry)
  • Monitoring and profiling a running application
  • Using documentation, forums, and Google Cloud support