Cloud

-------

IAAS

PAAS

SAAS

AWS

GCP

Azure

GCP Services
-------------------------

Compute
- Compute Engine
- App Engine
- Kubernetes Engine
- Cloud Functions
- Cloud Run

Storage & Database services

- Cloud Storage
- Cloud SQL
- Spanner
- Cloud BigTable
- Cloud Datastore

Identity & Security

- Cloud IAM
- KMS

Networking
- VPC
- Cloud Endpoints
- CDN
- Firewall
- Load balancing
- Cloud VPN
- Cloud Interconnect
- Direct peering

Management
- Monitoring, Logging, Debugger
- Stack Driver

Regions
--------------
- 24 regions
- Regions are independent geographic areas that consist of zones
 Zones
--------------
- actual data center
- A zone is a deployment area for Google Cloud resources within a
region

Project
---------------
- all the resources are tied up with a Project
- a project organizes all the resources i.e. users, billing, VM,
storage buckets, database etc.

Access the Google account & manage the resources

-------------------------------------------------

1. using the console - GUI

2. using Cloud SDK - CLI tool

- use Cloud Shell - is vm with pre-installed tools i.e. cloud
sdk, docker, maven, gradle, etc.

- use your own VM - install all the tools on your own vm

- use your own system

3. Cloud API

Compute Engine
----------------------
- abstracts underlying hardware
- you can create VM using this service with specific machine type /
storage / firewall rules etc.
- specify region / zone
- specify OS using "machine image"

- name, lable
- choose region & zone
- machine type
- boot disk
- size of the disk?
- which machine image?
- firewall rules
- startup script

sudo apt update

sudo apt install apache2
sudo systemctl status apache2

cd /var/www/html
sudo chown -R $USER /var/www
echo "Welcome to My App" > index.html
 #! /bin/bash
apt update
apt -y install apache2
cat <<EOF > /var/www/html/index.html
<html><body><h1>Hello World</h1>
<p>This page was created from a startup script.</p>
</body></html>
EOF

Disks
----------
- persistant disk
- standard persistent
- SSD persistant
- balanced persistant

- local disk

- RAM disk / in-memory disk

- in-memory file system

Machine Image
----------------------
- A machine image is a Compute Engine resource that stores all
the configuration, metadata, permissions, and data from one or more
disks required to create a virtual machine (VM) instance

Snapshot
-----------------
- reflects the contents of the persistent disk
- backup
- lower cost than images
- smaller size than image size (because snapshot doesnt contain
OS)
- differential backups (only the data changed since the last
snapshot is re-created)
- snapshots can be shared between projects
- can be created for running disk (even they are attached to
running instances)

Image (Custom Image)

-----------------
- same as snapshot, but includes operating system and boot loader
- good for re-using the "compute engine instance state"
- can't be created for running instances
- available accross diff projects

Instance Template
--------------------
- it is a template for configuration of VM instance
- specify machine type, boot disk, additional disks, image,
firewall, other properties
- you can use this template to create individual vm or group of
vms (instance groups)
 Instance Group
--------------------
- collection/group of mulitple vm instances
1. managed instance group (MIG)
- autoscaling
- automatically grow/shrink the number of
instances based on some criteria
- autohealing
- we can setup health checks, if health check
fails, then MIG will recreate
that VM

- load balancing
- distribute the traffic accross all the
instances

2. unmanaged instance group

- create vm using gcloud command

- ssh the vm using cloud shell
- stop / start / restart / delete vm using gcloud
- create a disk & attach to vm using gcloud command
- create a snapshot using gcloud
- create custom image, machine image using gcloud
- create vm using custom image / machine image using gcloud

App Engine
-----------------
- PAAS
- abstracts infra
- you have control and focus on your application level
- GCP manages the infra & runtime required for your code
- you can host diff versions of your app
- traffic splitting - route the traffic to diff app versions
- fully managed service

- Standard Environment
- suitable for apps written in specific language versions
- instance startup time is in seconds
- scale to zero
- deployment time is in seconds

- flexible environment
- minimum 1 instance
- instances are restarted on weekly basis, google will manage the
OS updates/security patches
- you can SSH in to the VM instances

Compute Engine
- IAAS
- abstracts the physical infra
 - you have control on your components i.e. VM, machine type, boot disk,
firewall etc.
- create instance groups, manage auto scaling, auto healing, etc.

App Engine
---------------
- PAAS
- abstracts the infra
- you have more control on your application code
- app engine manages the infra & runtime required for your code
- standard & flexible environments

Kubernetes engine
--------------------
- CAAS
- abstrats VM
- provides more control on containers
- allows developers to package and deploy applications into docker
containers
- GKE manages underlying 'VM clusters' and 'kubernetes installation'

Cloud Run
-----------
- fully managed serverless service
- abstracts away all the infra management

Cloud Function
--------------------
- FAAS
- you write simple functions that are triggered against some events
-

storage options
--------------------

1. Object storage
- 'Cloud Storage'
- images, web assests, libraries
- videos
- data lakes

2. Block Storage
- Persistent Disk
- attached to VM
- sharing read-only data accross mulitple machines
- storage for databases

- Local Disk
- hot caching

3. File storage
- 'Cloud FileStore'
- fully managed file system storage
- network attached file system

VM drawbacks
 ---------------------
- since VM contain OS, your applications will be platform dependent
- bloats images size to GB

Container
-------------
- a container image is a lightweight, stand-alone, executable packages
that include everything needed to run the code, i.e.
code, runtime, system tools, system libraries, etc.

Kubernetes
-----------------

Google Kubernetes Engine

--------------------------------
- CAAS
- Kubernetes is production grade open-source container orchestration
service for automating deployments, scaling, managed
containerized workloads

- Cluster
- fleet of VM / nodes
- ** type of clusters

- Node
- VM
- worker node
- actually runs your tasks

- **the nodes can be on-prem or cloud VMs on which the containers

are run
- **Node OS Image

- master node
- controls multiple worker nodes

- node pool
- a group of nodes instances / VM that have same machine type

- POD
- Pods are the isolated units used by kubernetes to run the
container
- wrapper around the container
- sandbox environment for the containers

- docker image

- container

- container registry

- POD specification file

Cloud Storage
------------------

- website content
- static content
- video streaming
- storing data for archiving and disaster recovery
- logs

- scalable to exabytes
- very high availability
- storage classes
- Standard
- hot data,
- very frequently accessible
- data-intensive computations
- Availability SLA 99.90%

- Nearline
- infrequently accessed data i.e. backup
- min storage duration is 30 days
- Availability SLA 99.00%

- Coldline
- infrequently accessed data that you read once a quarter
- min storage duration is 90 days
- Availability SLA 99.00%

- Archive
- min storage duration is 365 days

- life cycle management

- object versioning

- all the objects are stored in a 'bucket'

- **gsutil is a CLI tool specifically used to access 'cloud storage'

Cloud SQL
----------------
- structured or relational database service
- fully managed service of either MySQL or PostgreSQL db
- 30 TB, 40000 IOPS
- scale up to 415 GB RAM and 64 processors
- Read Replica
- automatic backup / manual backups

Cloud Spanner
-----------------
- horizontal scalability
- provides petabyte of storage capacity
 - database placement i.e. replicated accross the resions in
multiple zones

Cloud FireStore
---------------------
- fully managed NoSQL database service

Cloud BigTable
-----------------
- fully managed NoSQL database service
- petabyte scale storage
- very low latency i.e. single digit latency
- HBase API
- write intensive applications

Cloud MemoryStore
----------------------
- in-memory data store service
- mostly used for caching

VPC
--------

Dedicated Interconnect
- direct connection to Google
- don't use public internet

Partner Interconnect

Cloud VPN

Direct Peering

Carrier Peering

IAM
--------
who ? - person, group, application

can do what? - specific privileges or actions

on which resources? - GCP services

cloud IAM is composed of below Objects :

- organization, folders, projects, resources, roles, members

Organization Node
- root node for Google cloud resources
- roles
 - Admin
- project creator

Organization level
|-->Admin
|-->Viewer
|
Folder level
|-->admin
|-->Creator
|-->Viewer
|
Project level
|-->Creator
|-->Deleter
|

Role
----------
1. basic roles
- broader
- applicable to project level
- fixed
- owner = full administrative access
- editor = modify & delete access
- viewer = view access
- billing administrator = doesn't have access to any
resource

- every project can have multiple owners, editors, viewer,

billing administrators

2. predefined roles
- applicable at resource level
- provide members with granular access to specific
resources

3. custom roles

Members
--------------
- Google Account i.e. Pradeeps's account
- represents a developer, administrator, or any person who
interacts with GCP

- Service Account
- belongs to an application

- Google Groups
- group of google accounts & service accounts

- GSuite domain
Monitoring services
-----------------------