Search icon CANCEL
Arrow left icon
Explore Products
Best Sellers
New Releases
Books
Videos
Audiobooks
Learning Hub
Conferences
Free Learning
Arrow right icon
Arrow up icon
GO TO TOP
Google Cloud Certified Professional Cloud Developer Exam Guide

You're reading from   Google Cloud Certified Professional Cloud Developer Exam Guide Modernize your applications using cloud-native services and best practices

Arrow left icon
Product type Paperback
Published in Sep 2021
Publisher Packt
ISBN-13 9781800560994
Length 382 pages
Edition 1st Edition
Arrow right icon
Author (1):
Arrow left icon
Sebastian Moreno Sebastian Moreno
Author Profile Icon Sebastian Moreno
Sebastian Moreno
Arrow right icon
View More author details
Toc

Table of Contents (21) Chapters Close

Preface 1. Section 1: Welcome to the Google Cloud Developers' Guide
2. Chapter 1: Google Cloud Platform Developer Fundamentals FREE CHAPTER 3. Chapter 2: Security Fundamentals and Best Practices 4. Section 2: Developing and Modernizing Applications on Google Cloud Platform
5. Chapter 3: Application Modernization Using Google Cloud 6. Chapter 4: Using Cloud Functions and Google App Engine 7. Chapter 5: Virtual Machines and Container Applications on Google Cloud Platform 8. Chapter 6: Managing APIs on Google Cloud Platform 9. Section 3: Storage Foundations
10. Chapter 7: Handling Unstructured Data 11. Chapter 8: Databases and Event Messages in Google Cloud 12. Chapter 9: Data Management and Database Strategies 13. Chapter 10: Optimizing Applications with Caching Strategies on Google Cloud Platform 14. Section 4: SRE for Developers
15. Chapter 11: Logging on Google Cloud Platform 16. Chapter 12: Cloud Monitoring, Tracing, and Debugging 17. Section 5: Analyzing a Sample Case Study
18. Chapter 13: HipLocal Sample Case Study Preparation 19. Chapter 14: Questions and Answers 20. Other Books You May Enjoy

Don't waste your time – use cloud management services and securely run your applications

In this section, we review some of the existing services to which we can delegate specific responsibilities so that we can focus development efforts on what really matters, which is business logic.

We will also review how we can communicate with these services in a secure way through service accounts, and how to ensure communication between services.

Don't reinvent the wheel

GCP offers multiple services that allow us to perform tasks just by invoking the available APIs without having to code a solution completely from scratch.

In this section, we will review 10 of the most used services in GCP. In later chapters, we will review each of these services in detail. The services are as follows:

  • Cloud storage
  • Pub/Sub
  • Cloud SQL
  • Firestore
  • Memorystore
  • Compute Engine
  • Google Kubernetes Engine
  • Google Secret Manager
  • Cloud logging
  • Cloud monitoring

Cloud Storage is an object store that allows unlimited storage of information in different regions, storage classes (the possibility of reducing costs, changing the pricing model, and the availability of the objects required by the solution), and life cycle policy configuration for existing files. It also allows access to information in a granular way and the hosting of static data web applications.

Pub/Sub is a serverless messaging service under the publisher/subscriber pattern, used for communication between two services in a reliable and decoupled way. It has automatic autoscaling and allows messages to be stored for up to 7 days in case of subscriber failures.

Cloud SQL is a self-managed solution for Online Transactional Processing (OLTP) databases such as MySQL, PostgreSQL, and SQL Server. It allows you to configure the type of machine on which the databases will run, create read-only replicas, and generate backups on a scheduled basis.

Firestore is a serverless NoSQL database solution that allows you to store information in the form of documents based on keys and values, allowing you to access the information very quickly.

Memorystore is an in-memory database solution for technologies such as Redis and Memcached, used when you want to optimize the use of resources, reduce costs, and increase performance in calls to data sources that have zero or very low modification frequency.

Compute Engine is the IaaS solution for getting virtual machines on-demand using the GCP infrastructure.

Google Kubernetes Engine is the self-managed solution for Kubernetes clusters. It offers management of the master node in a totally self-administered way, and provides a host of configuration and monitoring options through the GCP console.

Google Secret Manager is a secret storage solution. It is used in order to comply with security standards, obtaining the secrets to use in on-demand applications instead of hardcoded values.

Cloud Logging is the logging and visualization solution. It allows you to store an unlimited number of logs and query the logs.

Cloud Monitoring is the solution for viewing metrics and scheduling alerts.

These are some of the most used services on GCP. In all, over 100 services are available for delegating different responsibilities within the solution design of your application, allowing you to focus on the development of business logic and the delivery of value to the end user.

Accessing services in a secure way

When we delegate the responsibilities of our solution to one or more services, we must have a way of communicating securely from our application to each of those services.

For the consumption of services and APIs in GCP, two types of authentication are used.

If the application needs to consume GCP services such as Cloud Storage, authentication is carried out through OIDC, or OpenID Connect, an identity layer that utilizes the OAuth 2.0 protocol for authorization, allowing the identity of the consumer to be verified.

If the application is to consume any of the Google APIs hosted on googleapis.com, OAuth 2.0 is used, the standard protocol to manage authentication and authorization.

However, in most cases, it will not be necessary to use either of these protocols and connecting to any of the services will be possible simply by using the libraries of the available programming languages and a service account with the necessary permissions.

A service account is an account that is used by services to consume other services, unlike users who use a username and password. Roles are assigned to the service account (this process is called binding), which has one or more permissions already defined in order to facilitate the consumption of services.

If it is necessary to consume a service from a resource in a GCP project, simply access the project's metadata and select the service account to use. This will allow the service to have access to the service account private key path through the GOOGLE_APPLICATION_CREDENTIALS environment variable and the client library will handle the authentication using the private key and sign the access token.

On the other hand, if the application needs to consume a GCP service and the application is not inside a GCP project, it is necessary to generate a private key of that particular service account, download it, and save it safely in the resource. You can then expose it in your application through the GOOGLE_APPLICATION_CREDENTIALS environment variable:

Figure 1.9 – Service account

Figure 1.9 – Service account

In this way, it is possible to consume the different GCP services both for resources within the platform itself and as resources in other clouds or in environments within their own data centers.

You have been reading a chapter from
Google Cloud Certified Professional Cloud Developer Exam Guide
Published in: Sep 2021
Publisher: Packt
ISBN-13: 9781800560994
Register for a free Packt account to unlock a world of extra content!
A free Packt account unlocks extra newsletters, articles, discounted offers, and much more. Start advancing your knowledge today.
Unlock this book and the full library FREE for 7 days
Get unlimited access to 7000+ expert-authored eBooks and videos courses covering every tech area you can think of
Renews at €18.99/month. Cancel anytime