You're reading from Google Cloud Certified Professional Cloud Developer Exam Guide Modernize your applications using cloud-native services and best practices

Product type Paperback

Published in Sep 2021

Publisher Packt

ISBN-13 9781800560994

Length 382 pages

Edition 1st Edition

Tools

Google App Engine

Concepts

Cloud Native

Author (1):

Sebastian Moreno

View More author details

Table of Contents (21) Chapters

Preface

1. Section 1: Welcome to the Google Cloud Developers' Guide

2. Chapter 1: Google Cloud Platform Developer Fundamentals FREE CHAPTER

3. Chapter 2: Security Fundamentals and Best Practices

4. Section 2: Developing and Modernizing Applications on Google Cloud Platform

5. Chapter 3: Application Modernization Using Google Cloud

6. Chapter 4: Using Cloud Functions and Google App Engine

7. Chapter 5: Virtual Machines and Container Applications on Google Cloud Platform

8. Chapter 6: Managing APIs on Google Cloud Platform

9. Section 3: Storage Foundations

10. Chapter 7: Handling Unstructured Data

11. Chapter 8: Databases and Event Messages in Google Cloud

12. Chapter 9: Data Management and Database Strategies

13. Chapter 10: Optimizing Applications with Caching Strategies on Google Cloud Platform

14. Section 4: SRE for Developers

15. Chapter 11: Logging on Google Cloud Platform

16. Chapter 12: Cloud Monitoring, Tracing, and Debugging

17. Section 5: Analyzing a Sample Case Study

18. Chapter 13: HipLocal Sample Case Study Preparation

19. Chapter 14: Questions and Answers

20. Other Books You May Enjoy

Don't waste your time – use cloud management services and securely run your applications

In this section, we review some of the existing services to which we can delegate specific responsibilities so that we can focus development efforts on what really matters, which is business logic.

We will also review how we can communicate with these services in a secure way through service accounts, and how to ensure communication between services.

Don't reinvent the wheel

GCP offers multiple services that allow us to perform tasks just by invoking the available APIs without having to code a solution completely from scratch.

In this section, we will review 10 of the most used services in GCP. In later chapters, we will review each of these services in detail. The services are as follows:

Cloud storage
Pub/Sub
Cloud SQL
Firestore
Memorystore
Compute Engine
Google Kubernetes Engine
Google Secret Manager
Cloud logging
Cloud monitoring

Cloud Storage is an object store that allows unlimited storage of information in different regions, storage classes (the possibility of reducing costs, changing the pricing model, and the availability of the objects required by the solution), and life cycle policy configuration for existing files. It also allows access to information in a granular way and the hosting of static data web applications.

Pub/Sub is a serverless messaging service under the publisher/subscriber pattern, used for communication between two services in a reliable and decoupled way. It has automatic autoscaling and allows messages to be stored for up to 7 days in case of subscriber failures.

Cloud SQL is a self-managed solution for Online Transactional Processing (OLTP) databases such as MySQL, PostgreSQL, and SQL Server. It allows you to configure the type of machine on which the databases will run, create read-only replicas, and generate backups on a scheduled basis.

Firestore is a serverless NoSQL database solution that allows you to store information in the form of documents based on keys and values, allowing you to access the information very quickly.

Memorystore is an in-memory database solution for technologies such as Redis and Memcached, used when you want to optimize the use of resources, reduce costs, and increase performance in calls to data sources that have zero or very low modification frequency.

Compute Engine is the IaaS solution for getting virtual machines on-demand using the GCP infrastructure.

Google Kubernetes Engine is the self-managed solution for Kubernetes clusters. It offers management of the master node in a totally self-administered way, and provides a host of configuration and monitoring options through the GCP console.

Google Secret Manager is a secret storage solution. It is used in order to comply with security standards, obtaining the secrets to use in on-demand applications instead of hardcoded values.

Cloud Logging is the logging and visualization solution. It allows you to store an unlimited number of logs and query the logs.

Cloud Monitoring is the solution for viewing metrics and scheduling alerts.

These are some of the most used services on GCP. In all, over 100 services are available for delegating different responsibilities within the solution design of your application, allowing you to focus on the development of business logic and the delivery of value to the end user.

Accessing services in a secure way

When we delegate the responsibilities of our solution to one or more services, we must have a way of communicating securely from our application to each of those services.

For the consumption of services and APIs in GCP, two types of authentication are used.

If the application needs to consume GCP services such as Cloud Storage, authentication is carried out through OIDC, or OpenID Connect, an identity layer that utilizes the OAuth 2.0 protocol for authorization, allowing the identity of the consumer to be verified.

If the application is to consume any of the Google APIs hosted on googleapis.com, OAuth 2.0 is used, the standard protocol to manage authentication and authorization.

However, in most cases, it will not be necessary to use either of these protocols and connecting to any of the services will be possible simply by using the libraries of the available programming languages and a service account with the necessary permissions.

A service account is an account that is used by services to consume other services, unlike users who use a username and password. Roles are assigned to the service account (this process is called binding), which has one or more permissions already defined in order to facilitate the consumption of services.

If it is necessary to consume a service from a resource in a GCP project, simply access the project's metadata and select the service account to use. This will allow the service to have access to the service account private key path through the GOOGLE_APPLICATION_CREDENTIALS environment variable and the client library will handle the authentication using the private key and sign the access token.

On the other hand, if the application needs to consume a GCP service and the application is not inside a GCP project, it is necessary to generate a private key of that particular service account, download it, and save it safely in the resource. You can then expose it in your application through the GOOGLE_APPLICATION_CREDENTIALS environment variable:

Figure 1.9 – Service account

In this way, it is possible to consume the different GCP services both for resources within the platform itself and as resources in other clouds or in environments within their own data centers.