-
GCP Cloud-Native
CI/CD pipeline from writing code to deploying and monitoring on GKE or Cloud Run
-
GKE networking model
Because Pod IP addresses are routable within the VPC network, Pods can receive traffic, by default, from the following resources:
-
VPC networks
In Google Cloud, a subnet is a regional resource that has a defined range of IP addresses associated with it. Two VMs in the same zone and on the same network communicate for free, but machines in different zones, even if those zones are in the same region, are charged a network egress fee. If said machines are in…
-
Logs Router
Once the log router has been configured, all logs are automatically exported to the sink.
-
MED
This is useful whenever you have more than one connection exiting from your VPC (HA VPN), and you want to select the preferred way. A MED’s behavior is similar to that of a metric, so a lower value is preferred over a higher value.
-
Cloud CDN
Cloud CDN is Google Cloud’s web acceleration Content Delivery Network platform that helps you cache regularly accessed static content closer to your users. Cloud CDN is optimized for serving a mix of static and dynamic latency-sensitive web assets, such as CSS, JavaScript, HTML, and image files. Media CDN is Google Cloud’s media delivery CDN platform that complements…
-
Set up Prometheus monitoring
Instrument service to expose telemetry: Configure Prometheus to ingest metrics:
-
Predefined GKE roles
IAM provides predefined roles that grant access to specific Google Cloud resources and prevent unauthorized access to other resources. Role Title Description Lowest resource roles/container.admin Kubernetes Engine Admin Provides access to full management of clusters and their Kubernetes API objects.To set a service account on nodes, you must also have the Service Account User role (roles/iam.serviceAccountUser) on…
-
GKE Access control
When you create a Google Cloud project, you are the only user on the project. By default, no other users have access to your project or its resources, including Google Kubernetes Engine (GKE) resources. GKE supports multiple options for managing access to resources within your project and its clusters using role-based access control (RBAC).
-
Managed Service for Prometheus
Google Cloud Managed Service for Prometheus is Google Cloud’s fully managed, multi-cloud, cross-project solution for Prometheus metrics. It lets you globally monitor and alert on your workloads, using Prometheus, without having to manually manage and operate Prometheus at scale. kubectl edit Prometheus prometheus-kube-prometheus-prometheus :