logo

Google Cloud Platform

GCP Services for application development

  • CI/CD:
    • Cloud Build: uses Docker to execute builds. For each build step, Cloud Build executes a Docker container as an instance of docker run.
    • Artifact Registry: for storing different kinds of artifacts, including container images.
    • Cloud Deploy: Rollouts.
  • Runtime:
    • Cloud Run: the latest iteration on the "serverless" concept, based on (Docker) containers; under the hood, Cloud Run is actually using Knative; the other serverless products are Cloud Function and App Engine.
    • GCE
    • GKE
  • API Gateway: looks like a replacement for Cloud Endpoint.
  • Pub/Sub

GCE

General: n2 > e2. E2 VMs are more tightly packed into physical cores and the idea is to continiously monitor the VM’s usage and “live migrate” it to another hypervisor as and when needed.

Every virtual machine (VM) instance stores its metadata on a metadata server. Your VM automatically has access to the metadata server API without any additional authorization. Metadata is stored as key:value pairs.

Why Googles uses Power?

From this article

Google found that the performance of its web search algorithm, the heart and soul of the company, scaled well with both the number of cores and the number of threads available to it. IBM's POWER9 processor is a many-core, many-thread beast. Variants of the chip range from 12 to 24 cores, with eight threads per core for the 12-core version and four threads per core for the 24-core version. Intel's chips support only two threads per core via hyperthreading.

However

They're not well suited for workloads that don't benefit from more threads, which is why the market-share ceiling for POWER isn't all that high.

GKE

GKE migrated from calico (dataplane v1, based on iptables) to cilium (dataplane v2, based on eBPF, pod: anetd). As packets arrive at a GKE node, eBPF programs installed in the kernel decide how to route and process the packets. Unlike packet processing with iptables, eBPF programs can use Kubernetes-specific metadata in the packet. This lets GKE Dataplane V2 process network packets in the kernel more efficiently and report annotated actions back to user space for logging.

GKE Dataplane V2 does not use kube-proxy: GKE Dataplane V2 uses cilium instead of kube-proxy to implement Kubernetes Services.

https://cloud.google.com/kubernetes-engine/docs/concepts/dataplane-v2#kube-proxy

GKE additional features comparing to open source k8s: networking, backup, auth, configmanagement, addon (log, metric), configsync

CLI

gcloud

gcloud auth login (no --update-adc) would populate your user credentials into a sqlitedb under .config/gcloud/

If you use gcloud cli, by default it'll use those creds it finds there.

gsutil

Not the recommended CLI for Cloud Storage. Use gcloud storage commands in the Google Cloud CLI instead.

Storage

  • local SSD: attached to a specific VM, fast, data may be lost.
  • PD Persistent disks: durable network storage devices that your instances can access like physical disks. use case: accessed by a single VM, or content does not change (attach it to a read-only disk to hundreds of VMs) can be HDD (pd-standard) or SSD (pd-balanced, pd-ssd, pd-extreme)
  • managed filestorage: filestore

BeyondCorp

Enables employees to work from untrusted networks without the use of a VPN.

"BeyondCorp Enterprise is a modern zero trust platform which allows your employees and extended workforce to access applications in the cloud or on-premises and work from anywhere without a traditional remote-access VPN."

https://cloud.google.com/beyondcorp

Infra Manager

Using Terraform.

Cloud Build

Using Tekton under the hood.

Cloud Storage FUSE

Msount and access Cloud Storage buckets as local file systems.

logo
PRIVACY POLICYABOUT中文