GOOGLE CLOUD PLATFORM

GCP-

Google Cloud Platform, offered by Google, is a suite of cloud computing services that runs on the same infrastructure that Google uses internally for its end-user products, such as Google Search, Gmail and YouTube.

What is Cloud Computing?

Cloud computing is the on-demand delivery of compute power, database storage, applications, and other IT resources through a cloud services platform via the internet with pay-as-you-go pricing. It is the use of remote servers on the internet to store, manage and process data rather than a local server or your personal computer.

Cloud computing allows companies to avoid or minimize up-front IT infrastructure costs to keep their applications up and running faster, with improved manageability and less maintenance, and that it enables IT teams, to adjust resources rapidly to meet fluctuating and unpredictable demand.

Cloud-computing providers offer their services according to different models, of which the three standard models per NIST (National Institute of Standards and Technology ) are :

• Infrastructure as a Service (IaaS)
• Platform as a Service (PaaS), and
• Software as a Service (SaaS)

Creating a Free Account

Now that we have learnt What is Google Cloud Platform, To gain access to these Services, you need to just create a free account on GCP. You get $300 worth credit to spend it over a period of 12 Months. You need to provide your card details, but you won’t be charged extra after your trial period ends or you have exhausted the $300 credit.

SERVICES OF GOOGLE CLOUD PLATFORM

Cloud services are difficult to understand in the abstract. So to help you comprehend Google Cloud Platform more explicitly, here are the major services that GCP operates:

• Google Compute Engine (GCE) competes directly against the service that put Amazon Web Services on the map: hosting virtual machines (VMs, servers that exist entirely as software).
• Google Kubernetes Engine (GKE, formerly Google Container Engine) is a platform for a more modern form of containerized application (housed in what are often still called "Docker containers"), which is engineered for deployment on cloud platforms.
• Google App Engine provides software developers with tools and languages such as Python, PHP, and now even Microsoft's .NET languages, for building and deploying a web application directly on Google's cloud. This is different from building the application locally and deploying it remotely on the cloud; this is "cloud-native" development: building, deploying, and evolving the application all remotely.
• Google Cloud Storage is GCP's object data store, meaning it accepts any quantity of data and represents that data to its user in whatever manner is most useful -- for example, as files, a database, a data stream, an unordered list of data, or as multimedia.

Google Compute Engine

Google Compute Engine is the Infrastructure as a Service component of Google Cloud Platform which is built on the global infrastructure that runs Google's search engine, Gmail, YouTube and other services. Google Compute Engine enables users to launch virtual machines on demand

Google Cloud's unmanaged compute service is Compute Engine. You can think of Compute Engine as providing an infrastructure as a service (IaaS), because the system provides a robust computing infrastructure, but you must choose and configure the platform components that you want to use. With Compute Engine, it's your responsibility to configure, administer, and monitor the systems. Google will ensure that resources are available, reliable, and ready for you to use, but it's up to you to provision and manage them. The advantage here is that you have complete control of the systems and unlimited flexibility.

When you build on Compute Engine, you can do the following:

• Use virtual machines (VMs), called instances, to build your application, much like you would if you had your own hardware infrastructure. You can choose from a variety of instance types to customize your configuration to meet your needs and your budget.
• Choose which global regions and zones to deploy your resources in, giving you control over where your data is stored and used.
• Choose which operating systems, development stacks, languages, frameworks, services, and other software technologies you prefer.
• Create instances from public or private images.
• Use Google Cloud storage technologies or any third-party technologies you prefer.
• Use Google Cloud Marketplace to quickly deploy pre-configured software packages. For example, you can deploy a LAMP or MEAN stack with just a few clicks.
• Create instance groups to more easily manage multiple instances together.
• Use autoscaling with an instance group to automatically add and remove capacity.
• Attach and detach disks as needed.
• Use SSH to connect directly to your instances.

Load balancing

If your website or application is running on Compute Engine, the time might come when you're ready to distribute the workload across multiple instances. Server-side load balancing features provide you with the following options:

• Network load balancing lets you distribute traffic among server instances in the same region based on incoming IP protocol data, such as address, port, and protocol. Network load balancing is a great solution if, for example, you want to meet the demands of increasing traffic to your website.
• HTTP(S) load balancing enables you to distribute traffic across regions so you can ensure that requests are routed to the closest region or, in the event of a failure or over-capacity limitations, to a healthy instance in the next closest region. You can also use HTTP(S) load balancing to distribute traffic based on content type. For example, you might set up your servers to deliver static content, such as images and CSS, from one server and dynamic content, such as PHP pages, from a different server. The load balancer can direct each request to the server that provides each content type.

Google Cloud APIs

Google Cloud APIs are a key part of Google Cloud Platform, allowing you to easily add the power of everything from storage access to machine-learning-based image analysis to your Cloud Platform applications.

Cloud Billing documentation

A Cloud Billing account defines who pays for a given set of Google Cloud resources, and you can link the account to one or more projects. Your project usage is charged to the linked Cloud Billing account.To use Google Cloud services, you must have a valid Cloud Billing account linked to your projects. You must have a valid Cloud Billing account even if you are in your free trial period or if you choose to only use Google Cloud resources that are covered by the Always Free program.

You also need a Cloud Billing account to pay for your use of the Google Maps Platform APIs

GKE

Google Kubernetes Engine (GKE) provides a managed environment for deploying, managing, and scaling your containerized applications using Google infrastructure. The GKE environment consists of multiple machines (specifically, Compute Engine instances) grouped together to form a cluster.

Cluster orchestration with GKE

GKE clusters are powered by the Kubernetes open source cluster management system. Kubernetes provides the mechanisms through which you interact with your cluster. You use Kubernetes commands and resources to deploy and manage your applications, perform administration tasks, set policies, and monitor the health of your deployed workloads.

Kubernetes draws on the same design principles that run popular Google services and provides the same benefits: automatic management, monitoring and liveness probes for application containers, automatic scaling, rolling updates, and more. When you run your applications on a cluster, you're using technology based on Google's 10+ years of experience running production workloads in containers.

Kubernetes on Google Cloud

When you run a GKE cluster, you also gain the benefit of advanced cluster management features that Google Cloud provides. These include:

• Google Cloud's load-balancing for Compute Engine instances
• Node pools to designate subsets of nodes within a cluster for additional flexibility
• Automatic scaling of your cluster's node instance count
• Automatic upgrades for your cluster's node software
• Node auto-repair to maintain node health and availability
• Logging and monitoring with Google Cloud's operations suite for visibility into your cluster

Google Cloud SDK

Google Cloud SDK is a set of tools that you can use to manage resources and applications hosted on Google Cloud. These include the gcloud, gsutil, and bq command line tools. The gcloud command-line tool is downloaded along with the Cloud SDK; a comprehensive guide to the gcloud CLI can be found in gcloud command-line tool overview.

What is the gcloud command-line tool?

The gcloud command-line interface is the primary CLI tool to create and manage Google Cloud resources. You can use this tool to perform many common platform tasks either from the command line or in scripts and other automations.

For example, you can use the gcloud CLI to create and manage:

• Google Compute Engine virtual machine instances and other resources
• Google Cloud SQL instances
• Google Kubernetes Engine clusters
• Google Cloud Dataproc clusters and jobs
• Google Cloud DNS managed zones and record sets
• Google Cloud Deployment manager deployments

Google App Engine

App Engine is a fully managed, serverless platform for developing and hosting web applications at scale. You can choose from several popular languages, libraries, and frameworks to develop your apps, then let App Engine take care of provisioning servers and scaling your app instances based on demand.

What Is IAM?

AWS Identity and Access Management (IAM) is a web service that helps you securely control access to AWS resources. You use IAM to control who is authenticated (signed in) and authorized (has permissions) to use resources.

When you first create an AWS account, you begin with a single sign-in identity that has complete access to all AWS services and resources in the account. This identity is called the AWS account root user and is accessed by signing in with the email address and password that you used to create the account. We strongly recommend that you do not use the root user for your everyday tasks, even the administrative ones. Instead, adhere to the best practice of using the root user only to create your first IAM user. Then securely lock away the root user credentials and use them to perform only a few account and service management tasks.

IAM ROLES

An IAM role is very similar to a user, in that it is an identity with permission policies that determine what the identity can and cannot do in AWS. However, a role does not have any credentials (password or access keys) associated with it. Instead of being uniquely associated with one person, a role is intended to be assumable by anyone who needs it. An IAM user can assume a role to temporarily take on different permissions for a specific task. A role can be assigned to a federated user who signs in by using an external identity provider instead of IAM. AWS uses details passed by the identity provider to determine which role is mapped to the federated user.

IAM USERS

An IAM user is an entity that you create in AWS. The IAM user represents the person or service who uses the IAM user to interact with AWS. A primary use for IAM users is to give people the ability to sign in to the AWS Management Console for interactive tasks and to make programmatic requests to AWS services using the API or CLI. A user in AWS consists of a name, a password to sign into the AWS Management Console, and up to two access keys that can be used with the API or CLI. When you create an IAM user, you grant it permissions by making it a member of a group that has appropriate permission policies attached (recommended), or by directly attaching policies to the user. You can also clone the permissions of an existing IAM user, which automatically makes the new user a member of the same groups and attaches all the same policies.

VPC Network Peering

Google Cloud VPC Network Peering allows internal IP address connectivity across two Virtual Private Cloud (VPC) networks regardless of whether they belong to the same project or the same organization.

VPC Network Peering enables you to connect VPC networks so that workloads in different VPC networks can communicate internally. Traffic stays within Google's network and doesn't traverse the public internet.

VPC Network Peering is useful for:

• SaaS (Software-as-a-Service) ecosystems in Google Cloud. You can make services available privately across different VPC networks within and across organizations.
• Organizations with several network administrative domains can peer with each other.

If you have multiple network administrative domains within your organization, VPC Network Peering allows you to make services available across VPC networks by using internal IP addresses. If you offer services to other organizations, VPC Network Peering allows you to make those services available by using internal IP addresses to those organizations. The ability to offer services across organizations is useful if you want to offer services to other enterprises, and it is also useful if you own or control more than one organization.

VPC Network Peering gives you several advantages over using external IP addresses or VPNs to connect networks, including:

• Network Latency: Connectivity that uses only internal addresses provides lower latency than connectivity that uses external addresses.
• Network Security: Service owners do not need to have their services exposed to the public Internet and deal with its associated risks.
• Network Cost: Google Cloud charges egress bandwidth pricing for networks using external IPs to communicate even if the traffic is within the same zone. If however, the networks are peered they can use internal IPs to communicate and save on those egress costs. Regular network pricing still applies to all traffic.

TASK OVERVIEW

• Create multiple projects namely developer and production
• Create VPC network for both the projects
• Create a link between both the VPC networks using VPC Peering.
• Create a Kubernetes Cluster in developer project and launch any web application with the Load balancer.
• Create a SQL server in the production project and create a database.
• Connect the SQL database to the web application launched in the Kubernetes cluster.

we need to first create new projects on Google Cloud either through GUI or CLI or gcloud SDK.I am using the GUI to create two projects, one for the development environment and the other for the production environment.

Now we have to create two VPC, one for the Development Environment and the other for the Production Environment. Creating the Virtual Private Cloud network helps secure our resources on GCP.

VPC Network Peering between Prod and Dev

A VPC peering connection is a networking connection between two VPCs that enables you to route traffic between them using private IPv4 addresses or IPv6 addresses.