Week 2: Deploying Applications to Google Cloud

by
Contents hide
1 DEPLOYING APPLICATIONS TO GOOGLE CLOUD
2 DESIGNING RELIABLE SYSTEMS
3 SECURITY
4 MAINTENANCE AND MONITORING
Spread the love

Google Cloud systems would make it easy to choose the deployment option for one’s application, keeping in mind the standards one would want their applications to meet, such as performance, security, and reliability.

Learning Objectives:

  • Choose suitable Google Cloud deployment services for application needs.
  • Set up Instance Templates and Groups to manage dynamic workload within a scalable, resilient infrastructure.
  • Orchestrate microservice deployment using Kubernetes and Google Kubernetes Engine (GKE) for smoother container management.
  • Fully automate Platform as a Service (PaaS) deployment with App Engine, thus minimizing infrastructure management.
  • Create serverless functions using Cloud Functions to run codes without managing servers.
  • Design services according to availability, durability, and scale requirements. By this, it assures reliability and performance as well.
  • Implement fault-tolerant systems by eliminating all failure aspects such as single points of failure, correlated failures, and cascading failures.
  • Avoid overload failures through design patterns such as circuit breakers and truncated exponentials for backoff.
  • Design highly available data storage embedded with lazy deletion practices for the integrity of data.
  • Devise disaster scenarios and articulate disaster recovery responses, accompanied by understanding cost-benefit analysis of the risks involved while trying to minimize impacts.
  • Design projects assuring security following best practice, such as separation of concerns, least privilege principle, and conducting regular security audits.
  • Using Cloud Security Command Center helps find vulnerabilities and makes the cloud environment more secure.
  • Simplicity is achieved by goring down cloud governance with organizational policies and folders to streamline resources management.
  • Secure personal access with IAM roles, Identity-Aware Proxy and Identity.

DEPLOYING APPLICATIONS TO GOOGLE CLOUD

1. You’ve been asked to write a program that uses Vision API to check for inappropriate content in photos that are uploaded to a Cloud Storage bucket. Any photos that are inappropriate should be deleted. What might be the simplest, cheapest way to deploy in this program?

  • GKE
  • App Engine
  • Compute Engine
  • Cloud Functions (CORRECT)

Correct: If there is anything best for simplicity and cost-efficiency, it’s Cloud Functions: designed to accomplish specific, single-function tasks such as image analysis, then the functions would be event triggered (e.g., action in Cloud Storage) as well. The pay-as-you-go model is by the number of requests, processing time units (which are measured in intervals of 100 ms), and other resources consumed; hence, it is the optimum model in terms of cost compared to other services. Besides, Cloud Functions provides a free tier, auto-scaling, high availability, and built-in fault tolerance, which makes it suited for many use cases.

2. You have containerized multiple applications using Docker and have deployed them using Compute Engine VMs. You want to save on costs and simplify container management. What might you do?

  • Write Terraform scripts for all deployment.
  • Rewrite the applications to run in App Engine.
  • Rewrite the applications to run in Cloud Functions.
  • Migrate the containers to GKE. (CORRECT)

Correct: As the applications are containerized, GKE will improve the resource efficiency supremely which can be an added advantage in terms of keeping the cost low. With containerization, the major portion of container management has been automated like scaling, deployment, monitoring, and hence fits into this solution as well as it’s very promising in providing strong orchestration, high availability, and improved resource utilization providing optimized as well as cost-effective infrastructure for containerized applications.

3. You need to deploy an existing application that was written in .NET version 4. The application requires Windows servers, and you don’t want to change it. Which should you use?

  • GKE
  • Cloud Functions
  • App Engine
  • Compute Engine (CORRECT)

Correct: Being totally controlled by Compute Engine machines makes this lift-and-shift approach very applicable. In other words, operations use every kind of operating system related to virtual machines. No repackage of applications is needed to lift existing workloads into the cloud. This is the most effective way of migrating any such existing workloads into the cloud with little to no change.

DESIGNING RELIABLE SYSTEMS

1. You’re creating a service and you want to protect it from being overloaded by too many client retries in the event of a partial outage. Which design pattern would you implement?

  • Circuit breaker (CORRECT)
  • Lazy caching
  • Overload feedback repudiation
  • Truncated exponential backoff

Correct: The circuit breaker pattern prevents request to those operations that are suspected to fail, thus protecting the resources in a partial outage. It stops all further attempts in accessing the failing resource. As a result, it reduces the chance of cascading failures and ensures systems stability and resilience during the partial outages.

2. You need a relational database for a system that requires extremely high availability (99.999%). The system must run uninterrupted even in the event of a regional outage. Which database would you choose?

  • BigQuery
  • Spanner (CORRECT)
  • Firestore
  • Cloud SQL

Correct: Cloud Spanner even has the pedigree of a global relational database, and it has all these high availability requirements met. It is capable of giving monthly uptime ≥99.999% for multi-regional instances, thus ensuring its really performance-reliable features in the geographically distributed environments. Hence, it is carved out of the best applications for those requiring strong consistency, scalability, and fault tolerance.

SECURITY

1. What do you have to do to enable encryption when using Cloud Storage?

  • Enable encryption and upload a key.
  • Create an encryption key using Cloud Key Management Service, and select it when creating a Cloud Storage bucket.
  • Nothing as encryption is enabled by default. (CORRECT)
  • Simply enable encryption when configuring a bucket.

Correct: because Cloud Storage always encrypts data on the server side before it is written to disk. For server side encryption there are options of customer supplied or customer managed encryption keys, but these are only usually used for compliance reasons and are not necessary.

2. Which Google Cloud features could help reduce the risk of DDoS attacks?

  • HTTP global load balancer
  • CloudCDN
  • Google Cloud Armor
  • All of these (CORRECT)

Correct: At layer 4 and below, several attacks are prevented or absorbed by HTTP load balancing, such as SYN floods, IP fragment floods, and port exhaustion. CDN keeps cacheable content at points of presence as much closer to users as possible. This way, in case of attacks DDoS against cacheable content, requests are sent to the points of presence rather than your servers or infrastructure, increasing the likelihood of absorption. Google Cloud Armor, specifically for DDoS mitigation, works in tandem with Cloud Load Balancing to discover and address DDoS assaults effectively.

3. You don’t want programmers to have access to production resources. What’s the easiest way to do this in Google Cloud?

  • Use different service accounts for production and development resources with your project.
  • Create development and production projects, and don’t give developers access to production. (CORRECT)
  • Set up private access and Identity-Aware Proxy.
  • Create a firewall rule that blocks developer access to production servers and databases.

Correct: For example, the best approach is to have separate projects and restrict access to production projects. It will ensure a clear demarcation between development and production environments, enhance security, and lower the chance of accidental unwarranted changes or denials in the production environment.

4. What Google Cloud service can you use to enforce the principle of least privilege when using Google Cloud?

  • IAM members and roles (CORRECT)
  • Firewall rules
  • Encryption keys
  • SSL certificates

Correct: The principle of least privilege states that users should have the privileges that are required strictly for their specific jobs. IAM (Identity and Access Management) provides such fine-grained access control rights that secure and efficient access rights assignment can be based on roles and permissions, matched to individual needs.

MAINTENANCE AND MONITORING

1. Your service has an availability SLO of 99%. What could you use to monitor whether you are meeting it?

  • Uptime check (CORRECT)
  • Readiness probe
  • Health check
  • Liveness probe

Correct: The availability of a system is defined as the percentage of time that the system is operating and has the ability to respond to requests. This is a very important metric for monitoring because it directly informs the Service Level Objective (SLO), as it is measurable about the whole reliability and performance of the system.

2. You’re deploying test environments using Compute Engine VMs. Some downtime is acceptable, and it is very important to deploy them as inexpensively as possible. What single thing below could save you the most money?

  • Preemptible machines (CORRECT)
  • Committed use discount
  • Sustained use discount
  • Sole tenant nodes

Correct: Indeed, a preemptible machine is the best option for very low-cost computing, costing up to 80% less than its non-preemptible counterpart. Some degree of downtime is acceptable for this scenario and requirements can thus be comfortably met using preemptible machines and cost operations.

3. You made a minor update to a service and would like to test it in production by sending a small portion of requests to the new version. Which would you choose?

  • A/B testing
  • Canary deployment (CORRECT)
  • Blue/green deployment
  • Rolling update

Correct: Canary deployment works best to minimize risks by allowing functionality without much ado among a small subset of users. Above all, testing and validation of working new features may be done in a controlled environment. Issues are found and resolved before full-scale deployment, meaning this enables it to be most suitable for the specifications indicated in the question.

4. You’ve made a minor fix to one of your services. You want to deploy the new version with no downtime. Which would you choose?

  • A/B test
  • Rolling update (CORRECT)
  • Canary deployment
  • Blue/green deployment

Correct: The rolling updates keep updating instances in increments so that during the upgrading process at any point in time only a portion of the instances gets updated while the rest remain un-updated until everything gets updated. A rolling update strategy can be managed effectively to conduct controlled deployments where such deployments need to be made through tools like Managed Instance Groups that align with Compute Engine or Kubernetes for GKE (Google Kubernetes Engine).

Leave a Comment