Google Cloud Certified Associate Cloud Engineer Study Guide E-Book

Table of Contents

Cover

Title Page

Copyright

Dedication

Acknowledgments

About the Authors

About the Technical Editors

Introduction

What Does This Book Cover?

Interactive Online Learning Environment and Test Bank

Exam Objectives

How to Contact the Publisher

Assessment Test

Answers to Assessment Test

Chapter 1: Overview of Google Cloud

Types of Cloud Services

Cloud Computing vs. Data Center Computing

Summary

Exam Essentials

Review Questions

Chapter 2: Google Cloud Computing Services

Computing Components of Google Cloud

Storage Components of Google Cloud

Networking Components of Google Cloud

Additional Components of Google Cloud

Summary

Exam Essentials

Review Questions

Chapter 3: Projects, Service Accounts, and Billing

How Google Cloud Organizes Projects and Accounts

Roles and Identities

Service Accounts

Billing

Enabling APIs

Summary

Exam Essentials

Review Questions

Chapter 4: Introduction to Computing in Google Cloud

Compute Engine

App Engine

Kubernetes Engine

Cloud Run

Cloud Functions

Summary

Exam Essentials

Review Questions

Chapter 5: Computing with Compute Engine Virtual Machines

Creating and Configuring Virtual Machines with the Console

Creating and Configuring Virtual Machines with Cloud SDK

Basic Virtual Machine Management

Guidelines for Planning, Deploying, and Managing Virtual Machines

Summary

Exam Essentials

Review Questions

Chapter 6: Managing Virtual Machines

Managing Single Virtual Machine Instances

Introduction to Instance Groups

Guidelines for Managing Virtual Machines

Summary

Exam Essentials

Review Questions

Chapter 7: Computing with Kubernetes

Introduction to Kubernetes Engine

Deploying Kubernetes Clusters

Deploying Application Pods

Monitoring Kubernetes

Summary

Exam Essentials

Review Questions

Chapter 8: Managing Standard Mode Kubernetes Clusters

Viewing the Status of a Kubernetes Cluster

Adding, Modifying, and Removing Nodes

Adding, Modifying, and Removing Pods

Adding, Modifying, and Removing Services

Creating Repositories in the Artifact Registry

Summary

Exam Essentials

Review Questions

Chapter 9: Computing with Cloud Run and App Engine

Overview of Cloud Run

Creating a Cloud Run Service

Creating a Cloud Run Job

App Engine Components

Deploying an App Engine Application

Scaling App Engine Applications

Splitting Traffic Between App Engine Versions

Summary

Exam Essentials

Review Questions

Chapter 10: Computing with Cloud Functions

Introduction to Cloud Functions

Cloud Functions Receiving Events from Cloud Storage

Cloud Functions Receiving Events from Pub/Sub

Summary

Exam Essentials

Review Questions

Chapter 11: Planning Storage in the Cloud

Types of Storage Systems

Storage Data Models

Choosing a Storage Solution: Guidelines to Consider

Summary

Exam Essentials

Review Questions

Chapter 12: Deploying Storage in Google Cloud

Deploying and Managing Cloud SQL

Deploying and Managing Firestore

Deploying and Managing BigQuery

Deploying and Managing Cloud Spanner

Deploying and Managing Cloud Pub/Sub

Deploying and Managing Cloud Bigtable

Deploying and Managing Cloud Dataproc

Managing Cloud Storage

Summary

Exam Essentials

Review Questions

Chapter 13: Loading Data into Storage

Loading and Moving Data to Cloud Storage

Importing and Exporting Data

Streaming Data to Cloud Pub/Sub

Summary

Exam Essentials

Review Questions

Chapter 14: Networking in the Cloud: Virtual Private Clouds and Virtual Private Networks

Creating a Virtual Private Cloud with Subnets

Deploying Compute Engine with a Custom Network

Creating Firewall Rules for a Virtual Private Cloud

Creating a Virtual Private Network

Summary

Exam Essentials

Review Questions

Chapter 15: Networking in the Cloud: DNS, Load Balancing, Google Private Access, and IP Addressing

Configuring Cloud DNS

Configuring Load Balancers

Google Private Access

Managing IP Addresses

Summary

Exam Essentials

Review Questions

Chapter 16: Deploying Applications with Cloud Marketplace and Cloud Foundation Toolkit

Deploying a Solution Using Cloud Marketplace

Building Infrastructure Using the Cloud Foundation Toolkit

Summary

Exam Essentials

Review Questions

Chapter 17: Configuring Access and Security

Managing Identity and Access Management

Managing Service Accounts

Summary

Exam Essentials

Review Questions

Chapter 18: Monitoring, Logging, and Cost Estimating

Cloud Monitoring

Cloud Logging

Using Cloud Trace and Google Cloud Status

Using the Pricing Calculator

Summary

Exam Essentials

Review Questions

Appendix: Answers to Review Questions

Chapter 1: Overview of Google Cloud

Chapter 2: Google Cloud Computing Services

Chapter 3: Projects, Service Accounts, and Billing

Chapter 4: Introduction to Computing in Google Cloud

Chapter 5: Computing with Compute Engine Virtual Machines

Chapter 6: Managing Virtual Machines

Chapter 7: Computing with Kubernetes

Chapter 8: Managing Standard Mode Kubernetes Clusters

Chapter 9: Computing with Cloud Run and App Engine

Chapter 10: Computing with Cloud Functions

Chapter 11: Planning Storage in the Cloud

Chapter 12: Deploying Storage in Google Cloud

Chapter 13: Loading Data into Storage

Chapter 14: Networking in the Cloud: Virtual Private Clouds and Virtual Private Networks

Chapter 15: Networking in the Cloud: DNS, Load Balancing, Google Private Access, and IP Addressing

Chapter 16: Deploying Applications with Cloud Marketplace and Cloud Foundation Toolkit

Chapter 17: Configuring Access and Security

Chapter 18: Monitoring, Logging, and Cost Estimating

Index

End User License Agreement

List of Tables

Chapter 12

TABLE 12.1 SQL data definition commands

TABLE 12.2

cbt

commands

Chapter 18

TABLE 18.1 Example Cloud Monitoring metrics

List of Illustrations

Chapter 2

FIGURE 2.1 VM instances running within a hypervisor

FIGURE 2.2 Containers running on a physical server

Chapter 3

FIGURE 3.1 You can create Cloud Identity accounts and manage Google Workspac...

FIGURE 3.2 Generic organization folder project

FIGURE 3.3 Example organization folder project

FIGURE 3.4 Organizational policies are managed in the IAM & Admin console.

FIGURE 3.5 Home page console

FIGURE 3.6 Navigation menu

FIGURE 3.7 Managing resources

FIGURE 3.8 Click Create Project.

FIGURE 3.9 New Project dialog box

FIGURE 3.10 A sample list of roles in Google Cloud

FIGURE 3.11 IAM permissions

FIGURE 3.12 Adding a user

FIGURE 3.13 Service accounts’ listing in the IAM & Admin console

FIGURE 3.14 The main Billing form listing existing billing accounts

FIGURE 3.15 The form to create a new billing account

FIGURE 3.16 The budget form enables you to have notices sent to you when cer...

FIGURE 3.17 Billing export form

FIGURE 3.18 Exporting to BigQuery

FIGURE 3.19 Exporting billing data to a file is now deprecated.

FIGURE 3.20 An example API services dashboard

FIGURE 3.21 Example services for Big Data operations

Chapter 4

FIGURE 4.1 A subset of operating system images available in Compute Engine

FIGURE 4.2 Creating a VM in Compute Engine

FIGURE 4.3 Part 1 of creating an instance in Compute Engine

FIGURE 4.4 Part 2 of creating an instance in Compute Engine

FIGURE 4.5 Configuring network properties in a Compute Engine instance

FIGURE 4.6 Configuring disks in a Compute Engine instance

FIGURE 4.7 Configuring security in a Compute Engine instance

FIGURE 4.8 Configuring management features in a Compute Engine instance

FIGURE 4.9 Configuring Sole Tenancy features in a Compute Engine instance

FIGURE 4.10 Creating a machine image

FIGURE 4.11 The current project name or the option to select one is displaye...

FIGURE 4.12 Choosing a project from existing projects in an account

FIGURE 4.13 Selecting a region in the Create VM form

FIGURE 4.14 Once a region is selected, you can choose a zone within that reg...

FIGURE 4.15 Choosing a custom machine type from the Machine Type drop-down m...

FIGURE 4.16 Customizing a VM by adjusting the number of CPUs and the amount ...

FIGURE 4.17 When using App Engine, the focus is on applications, not infrast...

FIGURE 4.18 The structure of an App Engine application

FIGURE 4.19 Kubernetes Engine supports clusters that you can manage using St...

FIGURE 4.20 Anthos supports the management of Kubernetes clusters in Google ...

FIGURE 4.21 When deploying an application to Cloud Run, you will specify a c...

FIGURE 4.22 Configuring a Cloud Function

Chapter 5

FIGURE 5.1 The main starting form of Google Cloud Console

FIGURE 5.2 The Project form lets you choose the project you want to work wit...

FIGURE 5.3 The starting panel for creating a VM

FIGURE 5.4 Part of the main configuration form for creating VMs in Compute E...

FIGURE 5.5 A partial list of regions providing Compute Engine services

FIGURE 5.6 A list of zones within the us-east1 region

FIGURE 5.7 A partial list of machine types available in the us-east1-b zone...

FIGURE 5.8 Virtual machines within a machine family are further organized in...

FIGURE 5.9 Form for configuring the boot disk of the VM

FIGURE 5.10 Identity And API Access and Firewall configurations

FIGURE 5.11 The first part of the Management tab of the VM creation form

FIGURE 5.12 You can place additional security controls on VMs.

FIGURE 5.13 Boot disk advanced configuration

FIGURE 5.14 Adding a new disk to a Compute Engine instance

FIGURE 5.15 Form for adding an existing disk to a VM

FIGURE 5.16 Options for network configuration of a VM

FIGURE 5.17 Sole tenancy configuration options

FIGURE 5.18 Cloud Shell is activated through Cloud Console.

FIGURE 5.19 Cloud Shell opens a command-line window in the browser.

FIGURE 5.20 Basic operations on VMs can be performed using a pop-up menu in ...

FIGURE 5.21 From the console, you can start an SSH session to log into a Lin...

FIGURE 5.22 A terminal window opens in a new browser window when using SSH-i...

FIGURE 5.23 The Observability tab of the VM Instance Details page

Chapter 6

FIGURE 6.1 The VM Instance panel in the Compute Engine section of Cloud Cons...

FIGURE 6.2 The list of commands available from the console for changing the ...

FIGURE 6.3 A warning message that may appear about stopping a VM

FIGURE 6.4 When VMs are stopped, the icon on the left changes and SSH is no ...

FIGURE 6.5 When VMs are stopped, Stop and Reset are no longer available, but...

FIGURE 6.6 Deleting an instance from the console will display a warning mess...

FIGURE 6.7 List of instances filtered by search criteria

FIGURE 6.8 GPU machine family supports a variety of GPU types, and a number ...

FIGURE 6.9 Some GPU options available in Compute Engine

FIGURE 6.10 Creating a snapshot using Cloud Console

FIGURE 6.11 Form for creating a snapshot

FIGURE 6.12 Images available. From here, you can create additional images....

FIGURE 6.13 Cloud Console form for creating an image

FIGURE 6.14 Options for the source of an image

FIGURE 6.15 When using an image as a source, you can choose a source image f...

FIGURE 6.16 When using a Cloud Storage file as a source, you browse your sto...

FIGURE 6.17 Instance group templates can be created in the console using a f...

Chapter 7

FIGURE 7.1 The Overview page of the Kubernetes Engine section of Cloud Conso...

FIGURE 7.2 When creating a GKE, you specify standard mode or autopilot mode....

FIGURE 7.3 Creating an autopilot GKE cluster

FIGURE 7.4 Networking options in autopilot mode

FIGURE 7.5 Advanced options in autopilot mode

FIGURE 7.6 Once the autopilot clusters are deployed, it will be listed on th...

FIGURE 7.7 Initial steps to configure a standard cluster

FIGURE 7.8 The Create Deployment option provides a form to specify a contain...

FIGURE 7.9 Configuring a deployment

Chapter 8

FIGURE 8.1 Navigation menu in Google Cloud Console

FIGURE 8.2 Selecting Kubernetes Engine from the navigation menu

FIGURE 8.3 Pinning a service to the top of the navigation menu

FIGURE 8.4 Example list of clusters in Kubernetes Engine

FIGURE 8.5 Click the name of a cluster to display its details.

FIGURE 8.6 The first part of the cluster Details page describes the configur...

FIGURE 8.7 Add-on and permission details for a cluster

FIGURE 8.8 Details about node pools in the cluster

FIGURE 8.9 Storage information about a cluster

FIGURE 8.10 Log of nodes in the cluster

FIGURE 8.11 Example details of a node running in a Kubernetes cluster

FIGURE 8.12 Pod status display, with the status Running

FIGURE 8.13 Details of a pod running on a node

FIGURE 8.14 Example output from the

gcloud container clusters list

command

FIGURE 8.15 Part 1 of the information displayed by the

gcloud container clus

...

FIGURE 8.16 Part 2 of the information displayed by the

gcloud container clus

...

FIGURE 8.17 Example output of the

get-credentials

command

FIGURE 8.18 Example output of the

kubectl get nodes

command

FIGURE 8.19 Example output of the

kubectl get pods

command

FIGURE 8.20 Partial listing of the details shown by the

kubectl describe nod

...

FIGURE 8.21 Partial listing of the details shown by the

kubectl describe pod

...

FIGURE 8.22 Details of a cluster in Cloud Console

FIGURE 8.23 Details of a node pool in Cloud Console

FIGURE 8.24 Deployment list of a cluster

FIGURE 8.25 Multiple forms contain details of a deployment and include a men...

FIGURE 8.26 Details of a pod running in GKE

FIGURE 8.27 Set the number of replicas for a deployment.

FIGURE 8.28 Enable Autoscaling to automatically add and remove replicas as n...

FIGURE 8.29 Form to expose services running on pods

FIGURE 8.30 Form to specify parameters for rolling updates of code running i...

FIGURE 8.31 Deployment list along with a Deploy command to create new servic...

FIGURE 8.32 Form that lets you specify a new deployment for a service

FIGURE 8.33 Details of Services exposing a deployment

FIGURE 8.34 Navigate to the Service Details page to delete a service using t...

FIGURE 8.35 A listing of repositories in Artifact Registry

FIGURE 8.36 Creating a repository in Artifact Registry

FIGURE 8.37 Example instructions for configuring a Docker repository

Chapter 9

FIGURE 9.1 The form for creating a Cloud Run service

FIGURE 9.2 When creating a Cloud Run service, we can choose one of three ing...

FIGURE 9.3 Configuring container parameters in a Cloud Run service

FIGURE 9.4 Configuring connection parameters in a Cloud Run service

FIGURE 9.5 Configuring security parameters in a Cloud Run service

FIGURE 9.6 Creating a Cloud Run job

FIGURE 9.7 Configuring container parameters for a Cloud Run job

FIGURE 9.8 Configuring variables and secrets for a Cloud Run job

FIGURE 9.9 Configuring connection parameters for a Cloud Run job

FIGURE 9.10 Configuring security parameters for a Cloud Run job

FIGURE 9.11 The contents of an

app.yaml

file for a Python 3 application

Chapter 10

FIGURE 10.1 Opening the Cloud Functions console

FIGURE 10.2 The Create Function button in Cloud Console

FIGURE 10.3 Creating a function in the console

FIGURE 10.4 List of functions in the console

FIGURE 10.5 Selecting a trigger from options in Cloud Console

FIGURE 10.6 Creating a Pub/Sub topic while creating a Cloud Function

Chapter 11

FIGURE 11.1 Configuration parameters for a Memorystore Redis cache

FIGURE 11.2 Form to create a persistent disk

FIGURE 11.3 Form to create a storage bucket from the console. Advanced optio...

FIGURE 11.4 The list of buckets includes a link to define or modify life cyc...

FIGURE 11.5 When creating a life cycle policy, click the Add Rule option, wh...

FIGURE 11.6 Listing of buckets in Cloud Storage Browser

FIGURE 11.7 Cloud SQL provides MySQL, PostgreSQL, and SQL Server instances....

FIGURE 11.8 Configuration form for a MySQL instance

FIGURE 11.9 Configuration form for a SQL Server instance

FIGURE 11.10 Configuration form for a PostgreSQL instance

FIGURE 11.11 The Cloud Spanner configuration form in Cloud Console

FIGURE 11.12 BigQuery user interface for creating and querying data

FIGURE 11.13 Form to create a data set in BigQuery

FIGURE 11.14 The Firestore user interface allows you to choose between Nativ...

FIGURE 11.15 Choosing a storage location

FIGURE 11.16 Configuration form for Bigtable

Chapter 12

FIGURE 12.1 Creating a MySQL instance

FIGURE 12.2 A listing of MySQL instances

FIGURE 12.3 Command-line prompt to work with MySQL after connecting using

gc

...

FIGURE 12.4 Listing the contents of a table in MySQL

FIGURE 12.5 Partial listing of MySQL Instance Details page with vertical men...

FIGURE 12.6 Create Backup button

FIGURE 12.7 Assign a description to a backup and create it.

FIGURE 12.8 Listing of backups available for this instance

FIGURE 12.9 Enabling automatic backups in Cloud Console

FIGURE 12.10 Adding data to a Firestore collection

FIGURE 12.11 Viewing data in Firestore, Native mode

FIGURE 12.12 The BigQuery console

FIGURE 12.13 Example query with estimated amount of data scanned

FIGURE 12.14 Using the Pricing Calculator to estimate the cost of a query

FIGURE 12.15 A listing of job statuses in BigQuery

FIGURE 12.16 Creating a Cloud Spanner instance

FIGURE 12.17 Create a database within a Cloud Spanner instance.

FIGURE 12.18 Creating a table using a DDL template

FIGURE 12.19 DDL templates available to help you create database objects in ...

FIGURE 12.20 Details of the table created in Spanner

FIGURE 12.21 Log of changes to Spanner table

FIGURE 12.22 From the Show Info panel, you can view and manage Spanner-relat...

FIGURE 12.23 Creating a Pub/Sub topic

FIGURE 12.24 List of subscriptions

FIGURE 12.25 Subscription details

FIGURE 12.26 Creating a subscription to a topic

FIGURE 12.27 The options for creating a subscription

FIGURE 12.28 A list of subscriptions

FIGURE 12.29 Creating a Bigtable instance

FIGURE 12.30 Instance details, including performance data

FIGURE 12.31 Choose an infrastructure for your cluster, either Compute Engin...

FIGURE 12.32 Creating a Dataproc cluster on Compute Engine

FIGURE 12.33 Creating a Dataproc cluster on Google Kubernetes Engine

FIGURE 12.34 Submitting a job and choosing a job type

FIGURE 12.35 Creating a workflow template

FIGURE 12.36 Serverless options allow you to run jobs without configuring cl...

FIGURE 12.37 Operations you can perform on buckets in Cloud Storage

Chapter 13

FIGURE 13.1 The first step in loading data into Cloud Storage is to create a...

FIGURE 13.2 Defining a regional bucket in us-west1

FIGURE 13.3 Choosing a storage class and access control method

FIGURE 13.4 The Bucket Details page shows information on Objects, Configurat...

FIGURE 13.5 Upload Files prompts you for a folder using the client device’s ...

FIGURE 13.6 Objects can be moved by using the move command in the Operations...

FIGURE 13.7 When moving an object in the console, you will be prompted for a...

FIGURE 13.8 Listing of database instances on the Cloud SQL page of the conso...

FIGURE 13.9 The Instance Details page has Import and Export tabs.

FIGURE 13.10 Exporting a database requires you to specify a bucket for stori...

FIGURE 13.11 Importing a database requires you to specify a path to the buck...

FIGURE 13.12 Details about a database instance generated by the

gcloud sql i

...

FIGURE 13.13 Detailed list of a BigQuery table

FIGURE 13.14 Choosing a target location for a BigQuery export

FIGURE 13.15 Specifying the output parameters for a BigQuery export operatio...

FIGURE 13.16 When viewing a data set, you have the option to create a table....

FIGURE 13.17 Creating a table in BigQuery

FIGURE 13.18 Data can be imported from multiple kinds of locations.

FIGURE 13.19 File format options for importing

FIGURE 13.20 Listing of Spanner instances

FIGURE 13.21 Import/Export page

FIGURE 13.22 Export options for Cloud Spanner

FIGURE 13.23 Import options for Cloud Spanner

FIGURE 13.24 Export page for Cloud Bigtable

Chapter 14

FIGURE 14.1 The VPC Network page of Cloud Console

FIGURE 14.2 Creating a VPC in Cloud Console, part 1

FIGURE 14.3 Creating a custom subnet

FIGURE 14.4 Creating a VPC in Cloud Console, part 2

FIGURE 14.5 Listing of VPCs and subnets

FIGURE 14.6 Preliminary options to create an instance in Cloud Console

FIGURE 14.7 Networking configuration options

FIGURE 14.8 Options to add a custom network interface

FIGURE 14.9 List of firewall rules in the VPC section of Cloud Console

FIGURE 14.10 Creating a firewall rule

FIGURE 14.11 List of target types

FIGURE 14.12 List of source filter types

FIGURE 14.13 Listing of the firewall rule created using the earlier configur...

FIGURE 14.14 Hybrid Connectivity section of Cloud Console

FIGURE 14.15 Creating a VPN connection, part 1

FIGURE 14.16 Creating a high availability VPN

FIGURE 14.17 Configuring tunnels in an HA VPN

Chapter 15

FIGURE 15.1 Network Services Cloud DNS page

FIGURE 15.2 Creating a public DNS zone

FIGURE 15.3 Additional configuration options for private DNS zones

FIGURE 15.4 List of DNS zones

FIGURE 15.5 List of records in a DNS zone

FIGURE 15.6 Creating an A record set

FIGURE 15.7 Creating a CNAME record

FIGURE 15.8 Network Services, Load Balancing section

FIGURE 15.9 Create A Load Balancer options

FIGURE 15.10 Creating a TCP balancer

FIGURE 15.11 Configuring the back end

FIGURE 15.12 Creating a health check

FIGURE 15.13 Configuring the front end

FIGURE 15.14 VPC Network IP Address page

FIGURE 15.15 Reserving a static IP address

Chapter 16

FIGURE 16.1 Cloud Marketplace main page

FIGURE 16.2 Filtering by category

FIGURE 16.3 Big Data options available in Cloud Marketplace

FIGURE 16.4 Operating systems available in Cloud Marketplace

FIGURE 16.5 Developer tools available in Cloud Marketplace

FIGURE 16.6 Overview page of a WordPress solution

FIGURE 16.7 Pricing estimates for the WordPress solution

FIGURE 16.8 Tutorial and support information

FIGURE 16.9 Launch a Cloud Marketplace solution from the overview page of th...

FIGURE 16.10 The launch page for a WordPress solution in Cloud Marketplace

FIGURE 16.11 Additional network parameters

FIGURE 16.12 Links to related documentation are available on the deployment ...

FIGURE 16.13 Cloud Deployment Manager launching WordPress

FIGURE 16.14 Information about the deployed WordPress instance

Chapter 17

FIGURE 17.1 Permissions listing filtered by member

FIGURE 17.2 List of identities assigned to Cloud Build Service Account and C...

FIGURE 17.3 The Add option in IAM opens this page, where you can assign one ...

FIGURE 17.4 The drop-down list in the Select A Role field shows available ro...

FIGURE 17.5 A partial listing of permissions using the

gcloud iam roles desc

...

FIGURE 17.6 Using Cloud Console to view a partial listing of permissions ava...

FIGURE 17.7 Creating a role in Cloud Console

FIGURE 17.8 List of available permissions filtered by role

FIGURE 17.9 The permissions section of the Create Role page with permissions...

FIGURE 17.10 Access Scopes section in VM instance detail edit page

FIGURE 17.11 A partial list of services and scopes that can be individually ...

FIGURE 17.12 Creating a service account in the console

FIGURE 17.13 Section of Edit Instance page showing the Service Account param...

FIGURE 17.14 List of service accounts that can be assigned to the instance

FIGURE 17.15 Default listing of the Cloud Logging page

Chapter 18

FIGURE 18.1 Partial view of Cloud Monitoring Overview page

FIGURE 18.2 Available dashboards in Cloud Monitoring

FIGURE 18.3 Cloud Storage monitoring dashboard

FIGURE 18.4 Creating your own dashboard begins with choosing a chart.

FIGURE 18.5 Adding a line chart to display mean CPU utilization

FIGURE 18.6 Main page of Metric Explorer

FIGURE 18.7 Metrics available for Cloud Storage Buckets

FIGURE 18.8 Line chart of object count metric for Cloud Storage buckets

FIGURE 18.9 Alerting main page of Cloud Logging

FIGURE 18.10 Creating a policy for a Pub/Sub backlog

FIGURE 18.11 Configuring an alert

FIGURE 18.12 Alert trigger options

FIGURE 18.13 Creating notification channels for an alert

FIGURE 18.14 Log Explorer page of the Cloud Logging console

FIGURE 18.15 Time restriction options in Log Explorer

FIGURE 18.16 Resource filtering options in Log Explorer

FIGURE 18.17 Severity filtering options in Log Explorer

FIGURE 18.18 Queries in Log Explorer can be as simple as keyword searches.

FIGURE 18.19 A log entry expanded by one level

FIGURE 18.20 A log entry with the protoPayload structure expanded

FIGURE 18.21 Details of the

requestMetadata

section of a log message

FIGURE 18.22 Overview status of Google Cloud services

FIGURE 18.23 More detailed view of American service status

FIGURE 18.24 Google Cloud Pricing Calculator

FIGURE 18.25 Partial list of services available in the Pricing Calculator

FIGURE 18.26 Example price estimate for five e2-standard-2 VMs

Guide

Cover

Table of Contents

Title Page

Copyright

Dedication

Acknowledgments

About the Authors

Introduction

Begin Reading

Appendix: Answers to Review Questions

Index

End User License Agreement

Pages

iii

iv

v

vii

ix

xxi

xxii

xxiii

xxiv

xxv

xxvi

xxvii

xxviii

xxix

xxx

xxxi

xxxii

xxxiii

xxxiv

xxxv

xxxvi

xxxvii

xxxviii

xxxix

1

2

3

4

5

6

7

8

9

10

11

12

13

14

15

17

18

19

20

21

22

23

24

25

26

27

28

29

30

31

32

33

34

35

36

37

38

39

40

41

42

43

44

45

46

47

48

49

50

51

52

53

54

55

56

57

58

59

60

61

62

63

64

65

66

67

68

69

70

71

72

73

74

75

76

77

78

79

80

81

82

83

84

85

86

87

88

89

90

91

92

93

94

95

96

97

98

99

101

102

103

104

105

106

107

108

109

110

111

112

113

114

115

116

117

118

119

120

121

122

123

124

125

126

127

128

129

130

131

132

133

134

135

136

137

138

139

140

141

142

143

144

145

146

147

148

149

150

151

152

153

154

155

157

158

159

160

161

162

163

164

165

166

167

168

169

170

171

172

173

174

175

176

177

179

180

181

182

183

184

185

186

187

188

189

190

191

192

193

194

195

196

197

198

199

200

201

202

203

204

205

206

207

208

209

210

211

212

213

215

216

217

218

219

220

221

222

223

224

225

226

227

228

229

230

231

232

233

234

235

237

238

239

240

241

242

243

244

245

246

247

248

249

250

251

252

253

254

255

256

257

258

259

260

261

262

263

264

265

266

267

268

269

270

271

272

273

274

275

276

277

278

279

280

281

282

283

285

286

287

288

289

290

291

292

293

294

295

296

297

298

299

300

301

302

303

304

305

306

307

308

309

310

311

312

313

314

315

316

317

318

319

320

321

322

323

324

325

326

327

328

329

330

331

332

333

334

335

336

337

338

339

340

341

342

343

344

345

346

347

349

350

351

352

353

354

355

356

357

358

359

360

361

362

363

364

365

366

367

368

369

370

371

372

373

375

376

377

378

379

380

381

382

383

384

385

386

387

388

389

390

391

392

393

394

395

396

397

399

400

401

402

403

404

405

406

407

408

409

410

411

412

413

414

415

416

417

418

419

420

421

422

423

425

426

427

428

429

430

431

432

433

434

435

436

437

438

439

440

441

442

443

444

445

446

447

448

449

450

451

452

453

454

455

456

457

458

459

460

461

462

463

464

465

466

467

468

469

470

471

472

473

474

475

476

477

478

479

480

481

482

483

484

485

486

487

488

489

490

491

492

493

494

495

496

497

498

499

500

501

502

503

504

505

506

507

508

509

510

511

512

513

515

516

517

518

519

520

521

522

523

524

525

526

527

528

529

530

Google Cloud Certified Associate Cloud EngineerStudy Guide

Second Edition

Copyright © 2023 by Dan Sullivan. All rights reserved.

Published by John Wiley & Sons, Inc., Hoboken, New Jersey.

Published simultaneously in Canada and the United Kingdom.

ISBN: 978-1-119-87144-6ISBN: 978-1-119-87145-3 (ebk.)ISBN: 978-1-119-87146-0 (ebk.)

No part of this publication may be reproduced, stored in a retrieval system, or transmitted in any form or by any means, electronic, mechanical, photocopying, recording, scanning, or otherwise, except as permitted under Section 107 or 108 of the 1976 United States Copyright Act, without either the prior written permission of the Publisher, or authorization through payment of the appropriate per-copy fee to the Copyright Clearance Center, Inc., 222 Rosewood Drive, Danvers, MA 01923, (978) 750-8400, fax (978) 750-4470, or on the web at www.copyright.com. Requests to the Publisher for permission should be addressed to the Permissions Department, John Wiley & Sons, Inc., 111 River Street, Hoboken, NJ 07030, (201) 748-6011, fax (201) 748-6008, or online at www.wiley.com/go/permission.

Trademarks: Wiley, the Wiley logo, and the Sybex logo are trademarks or registered trademarks of John Wiley & Sons, Inc. and/or its affiliates in the United States and other countries and may not be used without written permission. Google Cloud is a trademark of Google, LLC. All other trademarks are the property of their respective owners. John Wiley & Sons, Inc. is not associated with any product or vendor mentioned in this book.

Limit of Liability/Disclaimer of Warranty: While the publisher and author have used their best efforts in preparing this book, they make no representations or warranties with respect to the accuracy or completeness of the contents of this book and specifically disclaim any implied warranties of merchantability or fitness for a particular purpose. No warranty may be created or extended by sales representatives or written sales materials. The advice and strategies contained herein may not be suitable for your situation. You should consult with a professional where appropriate. Further, readers should be aware that websites listed in this work may have changed or disappeared between when this work was written and when it is read. Neither the publisher nor authors shall be liable for any loss of profit or any other commercial damages, including but not limited to special, incidental, consequential, or other damages.

For general information on our other products and services or for technical support, please contact our Customer Care Department within the United States at (800) 762-2974, outside the United States at (317) 572-3993 or fax (317) 572-4002.

Wiley also publishes its books in a variety of electronic formats. Some content that appears in print may not be available in electronic formats. For more information about Wiley products, visit our web site at www.wiley.com.

Library of Congress Control Number: 2022945006

Cover image: © Jeremy Woodhouse/Getty ImagesCover design: Wiley

to Katherine

Acknowledgments

I am fortunate to have had the opportunity to work with the Wiley team once again. Jim Minatel, associate publisher at John Wiley & Sons; Pete Gaughan, managing editor; and Lily Miller, project manager, are a pleasure to work with and were essential to getting this second edition completed. I'd also like to thank Carole Jelen, VP of Waterside Productions, for all her help with yet another successful writing project.

Thank you to Kelly Kermode, Ammett Williams, and Robert Hales for their technical editing work. Google Cloud is complex and there are many opportunities for me to make mistakes or not explain something very well. Ammett's, Kelly's, and Robert's insight and knowledge have made this a better book.

About the Authors

Dan Sullivan is a cloud and data architect specializing in Google Cloud, data architecture, data modeling, and machine learning. Dan is the author of Google Cloud Certified Professional Architect Study Guide, 2nd edition (Sybex, 2022); Official Google Cloud Certified Professional Data Engineer Study Guide (Sybex, 2020); NoSQL for Mere Mortals (Addison-Wesley Professional, 2015); and several LinkedIn Learning and Udemy courses on Google Cloud, databases, data science, and machine learning.

About the Technical Editors

Ammett Williams is a very simple and avid daydreamer who has more than 16 years of experience in the IT industry. Ammett has created the platform called Start Cloud Now with the aim to inspire others along their IT career path.

Ammett holds several IT certifications including CCIE #43569, CISSP, AWS, and a few Google Cloud professional level certs. In the daytime he is disguised as a Developer Relations Engineer @ Google. He can also be found online on LinkedIn www.linkedin.com/in/ammett and twitter @ammettw.

Kelly Kermode is a self-professed renaissance gal with an insatiable penchant for learning. Kelly works as a cloud architect and engineer while residing in Grand Rapids, Michigan. With over 30 years of training and coaching experience, Kelly loves to think big and explore ways to think outside the box. From Bolivia to California to Michigan to South Africa, Kelly loves to share her love for collaborative problem-solving, architected solutions, data visualization, and geo-literacy. She leads consulting workshops, provides coaching, conducts technical bootcamps, and facilitates custom professional team development. Kelly is a Google Professional Cloud Architect, Google Cloud Certified Associate Cloud Engineer, member of the Google Earth Education Advisory Board, Google Innovator and Certified Trainer. In her free time, Kelly enjoys spending time with her two kids, reading, cooking, pottery, and gardening. Site: kellykermode.com and twitter: @coachk.

Robert Hales is an instructor from Western New York with over four years of training experience. Robert holds several Google, AWS, and Microsoft certifications and is a certified instructor in each domain. Robert is a US army veteran and loves to find ways to help other veterans get into the IT field. You can follow Robert on LinkedIn at www.linkedin.com/in/eventhorizonlearning.

Introduction

Google Cloud is a leading public cloud that provides its users with some of the same software, hardware, and networking infrastructure used to power Google services. Businesses, organizations, and individuals can launch servers in minutes, store petabytes of data, and implement global virtual clouds with Google Cloud. It includes an easy-to-use console interface, command-line tools, and application programming interfaces (APIs) for managing resources in the cloud. Users can work with general resources, such as virtual machines (VMs) and persistent disks, or opt for highly focused services for Internet of Things (IoT), machine learning, media, and other specialized domains.

Deploying and managing applications and services in Google Cloud requires a clear understanding of the way Google structures user accounts and manages identities and access controls; you also need to understand the advantages and disadvantages of using various services. Certified Associate Cloud Engineers have demonstrated the knowledge and skills needed to deploy and operate infrastructure, services, and networks in Google Cloud.

This study guide is designed to help you understand Google Cloud in depth so that you can meet the needs of those operating resources in Google Cloud. Yes, this book will, of course, help you pass the Associate Cloud Engineer certification exam, but this is not an exam cram guide. You will learn more than is required to pass the exam; you will understand how to meet the day-to-day challenges faced by cloud engineers, including choosing services, managing users, deploying and monitoring infrastructure, and helping map business requirements into cloud-based solutions.

Each chapter in this book covers a single topic and includes an “Exam Essentials” section that outlines key information you should know to pass the certification exam. There are also exercises to help you review and reinforce your understanding of the chapter's topic. Sample questions are included at the end of each chapter so that you can get a sense of the types of questions you will see on the exam. The book also includes flashcards and practice exams that cover all topics you'll learn about with this guide.

What Does This Book Cover?

This book describes products and services in Google Cloud. It does not include G Suite administration topics.

Chapter 1

: Overview of Google Cloud Platform

  In the opening chapter, we look into the types of services provided by Google Cloud, which include compute, storage, and networking services as well as specialized services, such as machine learning products. This chapter also describes some of the key differences between cloud computing and data center or on-premises computing.

Chapter 2

: Google Cloud Computing Services

  This chapter provides an overview of infrastructure services such as computing, storage, and networking. It introduces the concept of identity management and related services. It also introduces DevOps topics and tools for deploying and monitoring applications and resources. Google Cloud includes a growing list of specialized services, such as machine learning and natural language processing services. Those are briefly discussed in this chapter. The chapter introduces Google Cloud's organizational structure, with a look at regions and zones.

Chapter 3

: Projects, Service Accounts, and Billing

  One of the first things you will do when starting to work with Google Cloud is to set up your accounts. In this chapter, you will learn how resources in accounts are organized into organizations, folders, and projects. You will learn how to create and edit these structures. You will also see how to enable APIs for particular projects as well as manage user identities and their access controls. This chapter describes how to create billing accounts and link them to projects. You will also learn how to create budgets and define billing alerts to help you manage costs.

Chapter 4

: Introduction to Computing in Google Cloud

  In this chapter, you will see the variety of options available for running applications and services in Google Cloud. Options include Compute Engine, which provides VMs running Linux or Windows operating systems. Cloud Run and App Engine are platform as a service (PaaS) options that allows developers to run their applications without having to concern themselves with managing VMs. If you will be running multiple applications and services, you may want to take advantage of containers, which are a lightweight alternative to VMs. You will learn about containers and how to manage them with Kubernetes Engine. This chapter also introduces Cloud Functions, which is for event-driven, short-running tasks such as triggering the processing of an image loaded into Cloud Storage.

Chapter 5

: Computing with Compute Engine Virtual Machines

  In this chapter, you will learn how to configure VMs, including selecting CPU, memory, storage options, and operating system images. You will learn how to use Google Cloud Console and Cloud Shell to work with VMs. In addition, you will see how to install the command-line interface and SDK, which you will use to start and stop VMs. The chapter also describes how to enable network access to VMs.

Chapter 6

: Managing Virtual Machines

  In the previous chapter, you learned how to create VMs, and in this chapter you will learn how to manage individual and groups of VMs. You will start by managing a single instance of a VM using the Google Cloud console and then perform the same operations using Cloud Shell and the command line. You will also learn how to view currently running VMs. Next, you'll learn about instance groups, which allow you to create sets of VMs that you can manage as a single unit. In the section on instance groups, you will learn the difference between managed and unmanaged instance groups. You will also learn about preemptible instances, which are low-cost VMs that may be shut down by Google. You will learn about the cost–benefit trade-offs of preemptible instances. Finally, the chapter closes with guidelines for managing VMs.

Chapter 7

: Computing with Kubernetes

  This chapter introduces Kubernetes Engine, Google's managed Kubernetes service. Kubernetes is a container orchestration platform created and released as open source by Google. In this chapter, you will learn the basics of containers, container orchestration, and the Kubernetes architecture. The discussion will include an overview of Kubernetes objects such as pods, services, volumes, and namespaces, as well as Kubernetes controllers such as ReplicaSets, Deployments, and Jobs.Next, the chapter turns to deploying a Kubernetes cluster using Google Cloud console, Cloud Shell, and SDK. You will also see how to deploy pods, which includes downloading an existing Docker image, building a Docker image, creating a pod, and then deploying an application to the Kubernetes cluster. Of course, you will need to know how to monitor a cluster of servers. This chapter provides a description of how to set up monitoring and logging with Cloud Operations, which is Google's application, service, container, and infrastructure monitoring service.

Chapter 8

: Managing Standard Mode Kubernetes Clusters

  In this chapter you will learn the basics of managing a Kubernetes cluster, including viewing the status of the cluster, viewing the contents of the image repository, viewing details about images in the repository, and adding, modifying, and removing nodes, pods, and services. As in the chapter on managing VMs, in this chapter you will learn how to perform management operations with the three management tools: Google Cloud console, Cloud Shell, and SDK. The chapter concludes with a discussion of guidelines and good practices for managing a Kubernetes cluster.

Chapter 9

: Computing with Cloud Run and App Engine

  Cloud Run and App Engine are part of Google Cloud's serverless offerings. This chapter introduces Cloud Run, a service for running containers in the cloud. You will learn about the difference between Cloud Run Services and Cloud Run Jobs. Cloud Run will likely replace App Engine as the preferred choice for running containers in a serverless service, but App Engine is still in use and will be covered in this book. You will learn about App Engine components such as applications, services, versions, and instances. The chapter also covers how to define configuration files and specify dependencies of an application. In this chapter, you will learn how to view App Engine resources using Google Cloud console, Cloud Shell, and SDK. The chapter also describes how to distribute workload by adjusting traffic with splitting parameters. You will also learn about autoscaling in App Engine.

Chapter 10

: Computing with Cloud Functions

  Cloud Functions is for event-driven, serverless computations. This chapter introduces Cloud Functions and shows you how to use it to receive events, evoke services, and return results. Next, you'll see use cases for Cloud Functions, such as integrating with third-party APIs and event-driven processing. You will learn about Google's Pub/Sub service for publication- and subscription-based processing and how to use Cloud Functions with Pub/Sub. Cloud Functions are well suited to respond to events in Cloud Storage. The chapter describes Cloud Storage events and how to use Cloud Functions to receive and respond to those events. You will learn how to use Cloud Operations to monitor and log details of Cloud Function executions. Finally, the chapter concludes with a discussion of guidelines for using and managing Cloud Functions.

Chapter 11

: Planning Storage in the Cloud

  Having described various compute options in Google Cloud, it is time to turn your attention to storage. This chapter describes characteristics of storage systems, such as their time to access, persistence, and data model. In this chapter, you will learn about differences between caches, persistent storage, and archival storage. You will learn about the cost–benefit trade-offs of using regional and multiregional persistent storage and using nearline versus Coldline and archival storage. The chapter includes details on the various Google Cloud storage options, including Cloud Storage for blob storage; Cloud SQL and Spanner for relational data; Firestore and Bigtable, for NoSQL storage; BigQuery for analytic data; and Cloud Firebase for mobile application data. The chapter includes detailed guidance on choosing a data store based on requirements for consistency, availability, transaction support, cost, latency, and support for various read/write patterns.

Chapter 12

: Deploying Storage in Google Cloud Platform

  In this chapter, you will learn how to create databases, add data, list records, and delete data from each of Google Cloud's storage systems. The chapter starts by introducing Cloud SQL, a managed database service that offers SQL Server, MySQL, and PostgreSQL managed instances. You will also learn how to create databases in Cloud Firestore, BigQuery, Bigtable, and Spanner. Next, you will turn your attention to Cloud Pub/Sub for storing data in message queues, followed by a discussion of Cloud Dataproc, a managed Hadoop and Spark cluster service, for processing big data sets. In the next section, you will learn about Cloud Storage for objects. The chapter concludes with guidance on how to choose a data store for a particular set of requirements.

Chapter 13

: Loading Data into Storage

  There are a variety of ways of getting data into Google Cloud. This chapter describes how to use the command-line SDK to load data into Cloud SQL, Cloud Storage, Firestore, BigQuery, Bigtable, and Dataproc. It also describes bulk importing and exporting from those same services. Next, you will learn about two common data loading patterns: moving data from Cloud Storage and streaming data to Cloud Pub/Sub.

Chapter 14

: Networking in the Cloud: Virtual Private Clouds and Virtual Private Networks

  In this chapter, you'll turn your attention to networking with an introduction to basic networking concepts, including the following:

IP addresses

CIDR blocks

Networks and subnetworks

Virtual private clouds (VPCs)

Routing and rules

Virtual private networks (VPNs)

Cloud DNS

Cloud Routers

Cloud Interconnect

External peering

After being introduced to key networking concepts, you will learn how to create a VPC. Specifically, this includes defining a VPC, specifying firewall rules, creating a VPN, and working with load balancers. You will learn about different types of load balancers and when to use them.

Chapter 15

: Networking in the Cloud: DNS, Load Balancing, Google Private Access, and IP Addressing

  In this chapter, you will learn about common network management tasks such as defining subnetworks, adding subnets to a VPC, managing CIDR blocks, and reserving IP addresses. You will learn how to preform each of these tasks using Cloud Console, Cloud Shell, and Cloud SDK.

Chapter 16

: Deploying Applications with Cloud Marketplace and Cloud Foundation Toolkit

  Google Cloud Marketplace is Google Cloud's marketplace of preconfigured stacks and services. This chapter introduces Cloud Marketplace and describes some applications and services currently available. You will learn how to browse Cloud Marketplace, deploy applications from Cloud Marketplace, and shut down Cloud Marketplace applications. The chapter also discusses Deployment Manager templates that automate the deployment of an application and launch a Deployment Manager template to provision Google Cloud resources and configure an application automatically.

Chapter 17

: Configuring Access and Security

  This chapter introduces identity management. In particular, you will learn about identities, roles, and assigning and removing identity roles. This chapter also introduces service accounts and how to create them, assign them to VMs, and work with them across projects. You will also learn how to view audit logs for projects and services. The chapter concludes with guidelines for configuring access control security.

Chapter 18

: Monitoring, Logging, and Cost Estimating

  In the final chapter, we will discuss Cloud Operations alerts, logging, distributed tracing, and application debugging. Each of the corresponding Google Cloud services is designed to enable more efficient, functional, and reliable services. The chapter concludes with a review of the Pricing Calculator, which is helpful for estimating the cost of resources in Google Cloud.

Interactive Online Learning Environment and Test Bank

Like all exams, the Associate Cloud Engineer certification from Google Cloud is updated periodically and may eventually be retired or replaced. At some point after Google Cloud is no longer offering this exam, the old editions of our books and online tools will be retired. If you have purchased this book after the exam was retired, or are attempting to register in the Sybex online learning environment after the exam was retired, please know that we make no guarantees that this exam's online Sybex tools will be available once the exam is no longer available.

Studying the material in the Google Cloud Certified Associate Cloud Engineer Study Guide, Second Edition is an important part of preparing for the Associate Cloud Engineer certification exam, but we provide additional tools to help you prepare. The online Test Bank will help you understand the types of questions that will appear on the certification exam.

The sample tests in the Test Bank include all the questions in each chapter as well as the questions from the assessment test. In addition, there are two practice exams with 50 questions each. You can use these tests to evaluate your understanding and to identify areas where you may require additional study.

The flashcards in the Test Bank will push the limits of what you should know for the certification exam. There are 100 questions provided in digital format. Each flashcard has one question and one correct answer.

The online glossary is a searchable list of key terms introduced in this exam guide that you should know for the Associate Cloud Engineer certification exam.

To start using these to study for the Google Certified Associate Cloud Engineer exam, go to www.wiley.com/go/sybextestprep and register your book to receive your unique PIN. Once you have the PIN, return to www.wiley.com/go/sybextestprep, find your book and click Register or Login, and follow the link to register a new account or add this book to an existing account.

Exam policies can change from time to time. We highly recommend that you check https://cloud.google.com/certification for the most up-to-date information when you begin your preparation, when you register, and again a few days before your scheduled exam date.

Exam Objectives

The Associate Cloud Engineer certification is designed for people who create, deploy, and manage enterprise applications and infrastructure in Google Cloud. An Associate Cloud Engineer is comfortable working with Cloud Console, Cloud Shell, and Cloud SDK. Such individuals also understand products offered as part of Google Cloud and their appropriate use cases.

The exam will test your knowledge of the following:

Planning a cloud solution using one or more Google Cloud services

Creating a cloud environment for an organization

Deploying applications and infrastructure

Using monitoring and logging to ensure availability of cloud solutions

Setting up identity management, access controls, and other security measures

Objective Map

The following are specific objectives defined by Google at https://cloud.google.com/certification/guides/cloud-engineer.

Section 1: Setting up a cloud solution environment

1.1 Setting up cloud projects and accounts. Activities include:

Creating a resource hierarchy

Applying organizational policies to the resource hierarchy

Granting members IAM roles within a project

Managing users and groups in Cloud Identity (manually and automated)

Enabling APIs within projects

Provisioning and setting up products in Google Cloud's operations suite

1.2 Managing billing configuration. Activities include:

Creating one or more billing accounts

Linking projects to a billing account

Establishing billing budgets and alerts

Setting up billing exports

1.3 Installing and configuring the command-line interface (CLI), specifically Cloud SDK (e.g., setting the default project)

Section 2: Planning and configuring a cloud solution

2.1 Planning and estimating Google Cloud product use using the Pricing Calculator 

2.2 Planning and configuring compute resources. Considerations include: 

Selecting appropriate compute choices for a given workload (e.g., Compute Engine, Google Kubernetes Engine, Cloud Run, Cloud Functions)

Using preemptible VMs and custom machine types as appropriate

2.3 Planning and configuring data storage options. Considerations include:

Product choice (e.g., Cloud SQL, BigQuery, Firestore, Cloud Spanner, Cloud Bigtable)

Choosing storage options (e.g., Zonal persistent disk, Regional balanced persistent disk, Standard, Nearline, Coldline, Archive)

2.4 Planning and configuring network resources. Tasks include:

Differentiating load balancing options

Identifying resource locations in a network for availability

Configuring Cloud DNS

Section 3: Deploying and implementing a cloud solution

3.1 Deploying and implementing Compute Engine resources. Tasks include:

Launching a compute instance using Cloud Console and Cloud SDK (

gcloud

) (e.g., assign disks, availability policy, SSH keys)

Creating an autoscaled managed instance group using an instance template

Generating/uploading a custom SSH key for instances

Installing and configuring the Cloud Monitoring and Logging Agent

Assessing compute quotas and requesting increases

3.2 Deploying and implementing Kubernetes Engine resources. Tasks include:

Installing and configuring the command line interface (CLI) for Kubernetes (

kubectl

)

Deploying a Google Kubernetes Engine cluster with different configurations including AutoPilot, regional clusters, private clusters, etc.

Deploying a containerized application to Google Kubernetes Engine

Configuring Kubernetes Engine monitoring and logging

3.3 Deploying and implementing Cloud Run and Cloud Functions resources. Tasks include, where applicable:

Deploying an application and updating scaling configuration, versions, and traffic splitting

Deploying an application that receives Google Cloud events (e.g., Pub/Sub events, Cloud Storage object change notification events)

3.4 Deploying and implementing data solutions. Tasks include:

Initializing data systems with products (e.g., Cloud SQL, Firestore, BigQuery, Cloud Spanner, Cloud Pub/Sub, Cloud Bigtable, Dataproc, Dataflow, Cloud Storage)

Loading data (e.g., command line upload, API transfer, import/export, load data from Cloud Storage, streaming data to Pub/Sub)

3.5 Deploying and implementing networking resources. Tasks include:

Creating a VPC with subnets (e.g., custom-mode VPC, shared VPC)

Launching a Compute Engine instance with custom network configuration (e.g., internal-only IP address, Google private access, static external and private IP address, network tags)

Creating ingress and egress firewall rules for a VPC (e.g., IP subnets, network tags, service accounts)

Creating a VPN between a Google VPC and an external network using Cloud VPN

Creating a load balancer to distribute application network traffic to an application (e.g., global HTTP(S) load balancer, Global SSL Proxy load balancer, Global TCP Proxy load balancer, regional network load balancer, regional internal load balancer)

3.6 Deploying a solution using Cloud Marketplace. Tasks include:

Browsing the Cloud Marketplace catalog and viewing solution details

Deploying a Cloud Marketplace solution

3.7 Implementing resources via infrastructure as code. Tasks include:

Building infrastructure via Cloud Foundation Toolkit templates and implementing best practices

Installing and configuring Config Connector in Google Kubernetes Engine to create, update, delete, and secure resources

Section 4: Ensuring successful operation of a cloud solution

4.1 Managing Compute Engine resources. Tasks include:

Managing a single VM instance (e.g., start, stop, edit configuration, or delete an instance)

Remotely connecting to the instance

Attaching a GPU to a new instance and installing necessary dependencies

Viewing current running VM inventory (instance IDs, details)

Working with snapshots (e.g., create a snapshot from a VM, view snapshots, delete a snapshot)

Working with images (e.g., create an image from a VM or a snapshot, view images, delete an image)

Working with instance groups (e.g., set autoscaling parameters, assign instance template, create an instance template, remove an instance group)

Working with management interfaces (e.g., Google Cloud console, Cloud Shell, Cloud SDK)

4.2 Managing Kubernetes Engine resources. Tasks include:

Viewing current running cluster inventory (nodes, pods, services)

Browsing Docker images and viewing their details in Artifact Registry

Working with nodes pools (e.g., add, edit, or remove a node pool)

Working with pods (e.g., add, edit, or remove pods)

Working with services (e.g., add, edit, or remove a service)

Working with stateful applications (e.g., persistent volumes, stateful sets)

Managing Horizontal and Vertical autoscaling configurations

Working with management interfaces (e.g., Google Cloud console, Cloud Shell, Cloud SDK, kubectl)

4.3 Managing Cloud Run resources. Tasks include:

Adjusting application traffic-splitting parameters

Setting scaling parameters for autoscaling instances

Determining whether to run Cloud Run (fully managed) or Cloud Run for Anthos

4.4 Managing storage and database solutions. Tasks include:

Managing and securing objects in and between Cloud Storage buckets

Setting object life cycle management policies for Cloud Storage buckets

Executing queries to retrieve data from data instances (e.g., Cloud SQL, BigQuery, Cloud Spanner, Datastore, Cloud Bigtable)

Estimating costs of data storage resources

Backing up and restoring database instances (e.g., Cloud SQL, Datastore)

Reviewing job status in Dataproc, Dataflow, or BigQuery

4.5 Managing networking resources. Tasks include:

Adding a subnet to an existing VPC

Expanding a subnet to have more IP addresses

Reserving static external or internal IP addresses

Working with CloudDNS, CloudNAT, Load Balancers and firewall rules

4.6 Monitoring and logging. Tasks include:

Creating Cloud Monitoring alerts based on resource metrics