Category Kubernetes Configuration

Terraform records the state of all the infrastructure it has created so that when the configuration is applied, it only makes the changes needed to get the infrastructure to the desired state. There could be no changes, the configuration could have been changed, or the infrastructure could have been changed outside Terraform, for example by someone issuing gcloud commands. Terraform will work out what needs to be done to get to the desired state.

By default, Terraform keeps this state on the machine that was used to apply the configuration. This means it cannot be shared. Alternatively, Terraform state can store the state of the infrastructure in a backend. In the case of Google Cloud, you can use a Cloud Storage bucket for this purpose.

Create a Cloud Storage bucket to store the Terraform state using gcloud in the management project. As bucket names need to be unique, using the project number as a suffix is a good way to ensure this.

Configure Identity Platform

In Chapter 7, you enabled Identity Platform. If you have created a new application project, you will need to enable it again in the project and make a note of the API key, as you will need to pass it to Terraform as a variable.

Setting Terraform Variables

Terraform uses variables to customize the configuration. These are defined in a terraform.tfvars file in the terraform directory. Many of these have defaults you can override, but you will need to set the following variables before deployment.

Create a terraform.tfvars file in the terraform directory with the following content:

Key	Example value	Description
domain	skillsmapper.org	The domain name to use for the environment
region	europe-west2	The region to deploy the environment to
billing_account	014…	The ID of the billing account associated with your projects
management_project_id	skillsmapper-management	The ID of the management project
application_project_id	skillsmapper-application	The ID of the application project
api_key	AIzaSyC…	The API key for Identity Platform
app_installation_id	skillsmapper	The ID of the app installation for GitHub used when setting up the factory
github_repo	https://github.com/SkillsMapper/skillsmapper.git	The name of the GitHub repository to use for the factory
github_token	ghp_…	The GitHub token to use for the factory

If you have set all the environment variables for other chapters in this book, you can generate the terraform.tfvars from the file terraform.tfvars.template in the example code:

envsubst
<
terraform.tfvars.template
>
terraform.tfvars

With this file created, you are ready to deploy using Terraform.

Google hosts two significant events annually: Google Cloud Next and Google I/O, each serving distinct audiences and covering unique areas of focus.

Google I/O, typically held in the second quarter, is a developer-oriented conference. It’s designed primarily for software engineers and developers utilizing Google’s consumer-oriented platforms, such as Android, Chrome, and Firebase, as well as Google Cloud. The event offers detailed technical sessions on creating applications across web, mobile, and enterprise realms using Google technologies. It’s also renowned for product announcements related to Google’s consumer platforms.

Conversely, Google Cloud Next is aimed at enterprise IT professionals and Google Cloud developers, taking place usually in the third quarter. Its focus revolves around Google Cloud Platform (GCP) and Google Workspace. The event provides insights into the latest developments and innovations in cloud technology. It also presents networking opportunities, a wealth of learning resources, and expert-led sessions dedicated to helping businesses leverage the power of the cloud for transformative operational changes. Its feel is notably more corporate than Google I/O.

Both conferences record the hundreds of talks presented and make them accessible on YouTube. This wealth of knowledge is a fantastic resource for keeping abreast of the latest developments in Google Cloud and gaining an in-depth understanding of technical areas.

In addition to these main events, numerous local events tied to Google Cloud Next and Google I/O are organized by local Google teams or community groups. These include Google I/O Extended and Google Cloud Next Developer Days, which offer a summary of the content from the larger events. The Google Events website is a reliable source to stay updated on upcoming happenings.

Summary

As you turn the last page of this book, my hope is that it has kindled a fire in you—a deep, consuming desire to explore the vast and fascinating world of Google Cloud, but more importantly, to build with it and innovate. If it has, then this book has served its purpose.

Remember, you are not alone on this journey. There’s an immense community of like-minded cloud enthusiasts and Google Cloud experts, eager to support and guide you on this path. They’re rooting for your success—so embrace their help!

Writing this book has been an enriching experience, filled with growth and discovery. I trust that you’ve found reading it just as enjoyable. I would be thrilled to hear about your unique experiences and journeys with Google Cloud. Your feedback on this book is not only welcome but greatly appreciated.

To share your thoughts and experiences, or simply reach out, please visit my website at https://danielvaughan.com.

As you venture further into the world of cloud computing, remember: every day brings new opportunities for growth and innovation. Embrace them with open arms.

Happy cloud computing, and here’s to the incredible journey that lies ahead!

Google Cloud’s Qwiklabs or Google Cloud Skills Boost offers an online learning environment featuring practical training labs for those seeking to deepen their understanding of Google Cloud. Each lab hones in on a particular topic, and with step-by-step instructions, guides you in interacting with Google Cloud resources directly via your web browser. Labs span from beginner to advanced levels, and topics cover machine learning, security, infrastructure, and application development. Qwiklabs is a great platform for acquiring new skills and reinforcing ones previously learned through other methods, such as Google Cloud’s certification programs.

While Qwiklabs usually requires paid access and operates on credits, they often run promotions offering free credits or access to select courses.

Tip

As of this writing, Google offers an annual subscription named Google Innovators Plus. For $299, you receive a year’s unlimited access to Google Skills Boost, cloud expert consultations, and $500 of Google Cloud credit. The package also includes a voucher for a Google Cloud Professional Certification exam (valued at $200), and if you pass, you’re granted an additional $500 of Google Cloud credit. The cloud credit from this subscription proved invaluable for funding my Google Cloud projects while writing this book: it was unquestionably a sound investment for me.

A monthly subscription option is also available for $29/month. However, this package doesn’t include the cloud credit and exam voucher benefits.

Non-Google Communities

Other non-Google platforms offer valuable content and engaging discussions:

Google Cloud Collective on Stack Overflow

A community on Stack Overflow where developers can post queries, share knowledge, and help resolve Google Cloud–related issues. It’s a reputable place for technical discussions and detailed problem-solving.

Google Cloud on Reddit

This subreddit is a vibrant community of Google Cloud users. Members can share their experiences, ask questions, discuss the latest trends, or even vent their frustrations about Google Cloud. It offers a mix of technical, business, and general content about Google Cloud.

Google Cloud community on Medium

This Medium publication provides a variety of articles about Google Cloud written by the community. Topics range from tutorials and use cases to insights and trends. It’s a great place to consume long-form content related to Google Cloud.

To help you gain a comprehensive understanding of Google Cloud, a wide array of online resources is available. Your learning journey could continue with the following:

Official Google Cloud documentation

This is a powerful tool offering in-depth coverage of all the services.

Google Cloud blog

This provides timely news, helpful tips, and insider tricks.

Google Cloud community

This forum is a space for discussions on various Google Cloud topics.

Developer center and community

This resource is specifically designed for the Google Cloud Developer community, offering events and articles tailored to their interests.

Remember, these are just the tip of the iceberg; a multitude of other resources are also at your disposal.

YouTube

Google, being the owner of YouTube, ensures the platform is a valuable source of freely available content related to Google Cloud. Here are a few standout channels and playlists:

Google Cloud Tech

This is the primary channel for all the latest updates on Google Cloud, including the This Week in Cloud series with recent developments.

Serverless Expeditions playlist

A comprehensive video series on serverless development on Google Cloud. It aligns well with this book, featuring a significant focus on Cloud Run.

Google Cloud Events

This channel hosts recordings from Google Cloud Next conferences and other events. It’s a valuable resource since many of these talks come directly from the product developers themselves.

Google for Developers

Here, you can find recordings from Google I/O and other developer events. While not exclusively focused on Google Cloud, it provides a wide range of developer-oriented content.

Podcasts

For those who prefer audio content, there are several Google Cloud–related podcasts worth mentioning:

Google Cloud Platform Podcast

A weekly podcast that keeps you updated with the latest developments in Google Cloud. It also boasts an extensive back catalogue of episodes, offering insights into various aspects of Google Cloud.

Google Cloud Reader

A unique podcast that summarizes and presents the best articles from the Google Cloud blog on a weekly basis. It’s a great resource to keep up with important Google Cloud discussions without having to read through every article.

Kubernetes Podcast

Although it’s not exclusively about Google Cloud, this podcast produced by Google offers comprehensive information about Kubernetes, a crucial component in many Google Cloud services. This podcast is informative and handy for anyone wanting to deepen their understanding of Kubernetes and its applications in cloud environments.

If you have diligently worked through this book, I suggest starting with the Associate Cloud Engineer exam, progressing to the Professional Cloud Architect, and thereafter, tailoring your certification journey based on your interests and career aspirations. Although there is no rigid sequence for taking the exams, there is some overlap between them, and the more you undertake, the easier they become. For instance, once you’ve prepared for the Professional Architect exam, the Professional Developer exam does not require a great deal of additional preparation. Following is the full list of certifications available at the time of writing:

Cloud Digital Leader

Focuses on a foundational understanding of Google Cloud’s capabilities and their benefits to organizations

Associate Cloud Engineer

Highlights the hands-on skills needed for managing operations within Google Cloud

Professional Cloud Architect

Concentrates on the design, management, and orchestration of solutions using a comprehensive range of Google Cloud products and services

Professional Cloud Database Engineer

Addresses the design, management, and troubleshooting of Google Cloud databases, with an emphasis on data migrations

Professional Cloud Developer

Emphasizes the design, build, test, and deployment cycle of applications operating on Google Cloud

Professional Data Engineer

Designed for professionals constructing and securing data processing systems

Professional Cloud DevOps Engineer

Covers DevOps, SRE, CI/CD, and observability aspects within Google Cloud

Professional Cloud Security Engineer

Prioritizes the security of Google Cloud, its applications, data, and users

Professional Cloud Network Engineer

Concentrates on the design, planning, and implementation of Google Cloud networks, having significant overlap with security concepts

Professional Google Workspace Administrator

Targets professionals managing and securing Google Workspace, formerly known as G Suite

Professional Machine Learning Engineer

Serves those involved in the design, construction, and operationalization of machine learning models on Google Cloud

The exams are not easy—that is what makes them valuable—but they are not impossible either. Different people will have different preferences for how to prepare. When I have prepared for exams, I prefer to do a little, often: an hour of reading or watching a video in the morning followed by an hour of hands-on experimentation in the evening. I find that this helps me to retain the information and to build up my knowledge over time. As I get closer to the exam, I do more practice exams; Google provides example questions for each in the exam guide, to get used to the style of questions and identify any gaps in knowledge to work on.

I have a ritual of booking my exam for 10 AM and having Starbucks tea and fruit toast followed by a walk before the exam. I arrive or set up in plenty of time, so I am relaxed. When the exam starts, I recommend reading questions very carefully, as there is often a small detail that makes all the difference to the answer.

Sometimes a difficult question can use up time; in this case, I flag it and move on. I also flag any questions I am not completely sure about and come back later. At the end of the exam, I am usually much more confident about my answers.

Often, there will be a piece of information in one question that may unlock a difficult question earlier on. Most importantly, if you are not sure, make a guess. You will not be penalized for a wrong answer, but you will be penalized for not answering a question.

When you finish and submit your exam, you will get a provisional pass or fail. Google does not give you a score or a breakdown to tell you which questions you got wrong (like AWS, for example). You will get an email a few days later with your final result. You may also receive a code to redeem for a gift from Google (at the time of writing and depending on the exam), which is a nice touch. You can also list your certification in the Google Cloud Certified Directory. For example, you can see my profile in the Directory site.

Tip

Resist the temptation to use exam dumps for preparation. These question compilations are often shared in violation of the exam’s confidentiality agreement and tend to be outdated and misleading. The optimal way to prepare is to tap into the vast amount of learning material available, get hands-on experience, and take the official practice exams.

I’ve interviewed candidates who relied on exam dumps, and it’s usually clear: they struggle with basic questions. These exams are meant to gauge your understanding and proficiency with the platform, not rote memorization of facts. Encountering a familiar question in the exam is not as gratifying as being able to answer based on a solid understanding and practical experience.

It is a great feeling when you pass, and if you find the experience useful, there are many other specialties. One thing to note is that certification expires after two years, so if you do many exams at once, you will need to do them all again in two years to stay certified. The exception is that the Cloud Digital Leader and Associate Cloud Engineer certifications are valid for three years. Good luck on your certification journey!

This book has aimed to lay a solid foundation for you to build upon. If you’ve come this far, you have covered a lot of ground, but there’s still much more to learn.

Fortunately, there’s a vast community of people who are eager for you to succeed and willing to lend a hand. Regardless of how good the platform is, the applications that run on it are only as good as the people who build them. The most daunting task any platform faces is not just attracting skilled individuals but also nurturing their success. This is true for Google Cloud as well; a scarcity of necessary skills can make organizations apprehensive about adopting the platform.

In 2021, for instance, Google pledged to equip 40 million people with Google Cloud skills. That is a huge number, equivalent to the entire population of California. From my perspective, Google is addressing this by promoting four key areas for Google Cloud learning:

• Professional certification
• Online learning resources
• Community groups
• Conferences and events

Professional Certification

Google, in line with other cloud providers, offers certifications on many facets of Google Cloud. These certifications are structured into general certifications and specialist certifications, which align with the common job roles in the industry.

Each certification requires passing an exam that is normally two hours long. The exam typically consists of 50–60 multiple-choice or multiple-select questions. However, don’t be fooled into thinking that the exams are easy. The questions are designed to test your knowledge and understanding of the platform, often requiring you to make a judgment on the best answer from several possible options. The questions are not designed to trick you but to make you think. They are not designed to test your ability to remember facts but to test your ability to apply your knowledge to solve problems.

A third-party provider administers these exams. Professional-level exams are priced at $200 plus tax (as of the time of writing); the Associate Cloud Engineer costs $125 and the Cloud Digital Leader is around $90. All these exams can be undertaken either at a testing center or from the comfort of your home, with a remote proctor overseeing the process via your webcam. Further information about the exams and registration can be found on the certification site.

The Cloud Digital Leader certification serves as the entry point. It is a foundational-level exam intended for individuals with no prior Google Cloud experience. It is a good place to start if you are new to Google Cloud; this certification is often pursued by less technical people wishing to grasp the basic understanding of Google Cloud. Nonetheless, it requires a surprisingly broad understanding of the diverse products and services Google Cloud provides.

The Associate Cloud Engineer certification is the next tier, aimed at individuals with 6+ months of Google Cloud experience. It is a good starting point for developers or administrators and covers the basics of Google Cloud, requiring a comprehensive understanding of the various products and services offered by Google Cloud. This exam also includes the most hands-on skills, such as gcloud commands, while remaining multiple choice. Even though it is promoted as an associate rather than a professional-level qualification, there is a substantial amount of material to cover, and the knowledge gap is not as large as it might initially seem.

In this book, you have covered content applicable to the Associate Cloud Engineer exam, Professional Cloud Architect, and Professional Cloud Developer. You also touched on aspects of the Professional Cloud DevOps Engineer in Chapters 12 and 13. The Professional Cloud Architect certification covers the broadest scope of the Google Cloud Platform and is often deemed the most challenging of the exams. All professional-level exams recommend over a year of Google Cloud experience.

Here, you have seen a mixture of cloud native and traditional technologies. Although GKE Autopilot is not serverless, it is cloud native. As demand increases, more instances of the fact service will be created by the horizontal autoscaler. As more instances are scheduled, the GKE Autopilot cluster will automatically add additional nodes to deal with the extra pods.

GKE Autopilot also appears considerably faster to service requests than the same container running on Cloud Run. This could be down to the way networking is configured, with requests reaching the service by a more direct route.

This solution will not scale to zero in the same way as Cloud Run, and there will always need to be one pod running to service requests (if individual instances are still running in a single pod). Remember, however, that if demand suddenly increases, it will take a few minutes for both the GKE Autopilot cluster to provision the extra resources required for running the post and then for the pods to start.

While the service can be scaled almost indefinitely, the real bottleneck is the Cloud SQL database, which is not cloud native. There are two related limitations. The first is that the database cannot be dynamically scaled. You have to specify the tier of the machine used for the database, and while this can be changed manually with a database restart, it cannot change automatically in response to load. More importantly, there is a limit to the number of database connections from the instances of the services.

This means that if the instances increase without limit, they will exhaust the number of connections available to the database and fail to connect. For this reason, it is important to limit the number of instances so that the number (instances × connections per instance) is below the maximum number of connections available to the database.

However, you have seen that with some minor adjustments, you can allow the fact service to work with Google Cloud Spanner, a cloud native database with the potential to scale far beyond the limitations of Cloud SQL, creating a full cloud native solution.

How Much Will This Solution Cost?

Unlike Cloud Run, GKE Autopilot does not have a cost per request; you will be billed for the pods running on the cluster and a cluster management fee per hour. At the time of writing, the first 720 hours of cluster management per month are included per account, so you effectively get one cluster free.

The cost of pods is based on the amount of CPU, memory, and ephemeral storage requested by scheduled pods. This is billed per second. The most significant cost is for CPU. Therefore, it is very important to make sure the resources you request for your pod are adequate but not excessive. Remember that a Kubernetes pod can use additional resources up to the limit specified; the requested resources are the ones that are reserved.

As each pod is charged per second, it does not make sense to keep a pod running for a second longer than it needs to. Therefore, using horizontal autoscaling to dynamically increase and decrease the number of running pods to fit demand will help keep costs down.

The cost of Cloud Spanner in this minimal configuration is under $100 per month. That is still ten times the cost of a minimal Cloud SQL instance. However, another advantage of the cloud is that it allows you to experiment with services like advanced databases for short periods, without the massive outlay of money or effort you would have if you were to experiment on-premises. On the cloud, you just switch off the service again and stop paying, so if you wanted to try Spanner for an hour for a few cents, you can.

Summary

This chapter should have given you a glimpse at how you can go further in Google Cloud. However, it is a powerful platform with many services and features. There is a lot more to learn.

For this project, you used the following services directly:

• GKE Autopilot is used as the container runtime to run the container.
• Cloud SQL is used as the database backend for the application.
• Cloud Secrets Manager is used to securely store the database password.
• Cloud Spanner is used as an alternative database backend for the application.

Chapter 15 wraps up your Google Cloud journey and looks at some options for further learning.