SlideShare a Scribd company logo

GCP Best Practices for SRE Team

H
Huynh Thai Bao

The document outlines best practices for using Google Cloud Platform (GCP), focusing on organization setup, billing management, logging and monitoring, and identity access management. It emphasizes the importance of separate resource hierarchies, infrastructure as code, cost usage control, and various logging mechanisms for future analysis. Additionally, it provides security recommendations and mentions the role of organizational policies in managing resource access and configuration.

Engineering
Related topics:
Cloud Computing Insights
1 of 20
Download to read offline
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
GCP Best Practices For Cloud Journey Bảo Huỳnh Site Reliability Engineering 27-March-2020
1. GCP Walk Through 2. GCP Best practice (for all) 3. GCP Best practice (GKE operation) 4. Sample Organization report (Mudah) 5. Q&A Agenda
1. GCP Walk Through
2. GCP Best Practice (Org. setup) A. Separate Resource Hierarchy - Different Level for management - Separate projects for billing control
2. GCP Best Practice (Org. setup)
B. IAC for cloud resources creation 2. GCP Best Practice (Org. setup)
C. Export & analyze billing - Export to BigQuery - Visualize with Data Studio 2. GCP Best Practice (Billing Mgmt.)
D. Cost usage control - Setting Quotas for each resources - Alert on budget billing 2. GCP Best Practice (Billing Mgmt.)
2. GCP Best Practice (Logging & Monitoring)
E. Logging with Stackdriver Export to LogSink for future usage Support below LogSink: - On-prem LogStore - Cloud Pub/Sub - GCS - BigQuery 2. GCP Best Practice (Logging & Monitoring)
2. GCP Best Practice (Logging & Monitoring) F. Monitoring with Stackdriver Metrics Exposure Alerting Rules based on Metrics
2. GCP Best Practice (Logging & Monitoring) J. Audit Logging Answer 4W question: What Who When Where
Types of Audit Trail Log entries for GCP Usage IAM FOR VIEWING Admin Activity + API calls + Other administrative actions [that modify the configuration or metadata of resources] - Enable by default - Can not disable - Free - Project viewer - Logging / Log Viewer Data Access + API calls [ that read the configuration / metadata of resources ] + user-driven API calls [ make changes to user-provided resource data ] • Disable by default • Charged by Google • Project/Owner • Logging/Private Logs Viewer System Event + Google Cloud administrative actions [ that modify the configuration of resources ] (( generated by Google systems; they are not driven by direct user action )) - Enable by default - Can not disable - Free - Project viewer - Logging / Log Viewer 2. GCP Best Practice (Logging & Monitoring) J. Audit Logging
Type Target Applied Level Identity and Accessiblity Management (IAM) All identities in GCP - User - Group - ServiceAccount Projects Orgranization Policy GCP Resources Orgranization Projects 2. GCP Best Practice (IAM & Policies)
2. GCP Best Practice (IAM & Policies) Identities and Accessibility Management - Assign only limited access to resources - Assign users into different group => then assign group with IAM - NOT allow any bucket-level access, only access by object-level
2. GCP Best Practice (IAM & Policies) Organization Policies - providing the ability to set restrictions on specific resources to determine how they can be configured and used. Vietnamese Translate - Áp constraints lên các resource (VM, CloudFunction, GCS,..) - Để: quy định các resource này ĐƯỢC configure & sử dụng ntn bởi user Example: ● Define a constraint to restrict virtual machine instances from having an external IP address. ● Define a constraint to allow cloud function could use ingress setting (from user)
● Enforce MFA on employee's account ● Use Cloud Identity / GSuite to manage account for organization 2. GCP Best Practice (Security)
● Private IP Cluster ● Different NodePool for different types of Application ● Enable Stackdriver Logging & Monitoring for service observalibilty ● Security + Avoid running as Root (instead using SecurityContext) + Enable NetworkPolicy (Ingress/Egress/From/To) for each NS ● Isolation application (in each namespaces) if possible + Apply security + Enable Quota for Resources (per Namespace) maxpod * limit CPU/Memory => Each application don’t starve out resources of other apps => cost control 3. GCP Best Practice (GKE Operation)
● Report based on current GCP’s resources of Mudah ● Recommendation given by GCP experts ● Follow GCP best practices from Google for cloud operation. 4. Sample Organization Report
Questions & a little Answers

More Related Content

PDF
DevOps for beginners
Pradeep Patel, PMP®
 
PPTX
Introduction to Docker - 2017
Docker, Inc.
 
PDF
Secure your Application with Google cloud armor
DevOps Indonesia
 
ODP
An Introduction To Jenkins
Knoldus Inc.
 
ODP
Introduction to Ansible
Knoldus Inc.
 
PDF
Kubernetes Architecture | Understanding Kubernetes Components | Kubernetes Tu...
Edureka!
 
PDF
A quick introduction to AKS
Alessandro Melchiori
 
PDF
AWS vs Azure vs Google (GCP) - Slides
TobyWilman
 
DevOps for beginners
Pradeep Patel, PMP®
 
Introduction to Docker - 2017
Docker, Inc.
 
Secure your Application with Google cloud armor
DevOps Indonesia
 
An Introduction To Jenkins
Knoldus Inc.
 
Introduction to Ansible
Knoldus Inc.
 
Kubernetes Architecture | Understanding Kubernetes Components | Kubernetes Tu...
Edureka!
 
A quick introduction to AKS
Alessandro Melchiori
 
AWS vs Azure vs Google (GCP) - Slides
TobyWilman
 

What's hot (20)

PDF
Argocd up and running
Raphaël PINSON
 
PDF
Google Cloud Networking Deep Dive
Michelle Holley
 
PDF
AWS Lambda Tutorial | Introduction to AWS Lambda | AWS Tutorial | AWS Trainin...
Edureka!
 
PDF
Kubernetes Secrets Management on Production with Demo
Opsta
 
PDF
Kubernetes
erialc_w
 
PPTX
Comprehensive Terraform Training
Yevgeniy Brikman
 
PPTX
Cloud Security
AWS User Group Bengaluru
 
PPTX
Dockers and containers basics
Sourabh Saxena
 
PDF
Azure Arc Overview from Microsoft
David J Rosenthal
 
PDF
Gitlab, GitOps & ArgoCD
Haggai Philip Zagury
 
PPTX
Kubernetes and container security
Volodymyr Shynkar
 
PDF
Red Hat OpenShift Container Platform Overview
James Falkner
 
PDF
Cloud Security Strategy
Capgemini
 
PPT
10월 웨비나 - AWS에서 Active Directory 구축 및 연동 옵션 살펴보기 (김용우 솔루션즈 아키텍트)
Amazon Web Services Korea
 
PDF
ArgoCD Meetup PPT final.pdf
amanmakwana3
 
PPTX
Azure DevOps
Juan Fabian
 
PPTX
Grafana.pptx
Bhushan Rane
 
PPTX
Continues Integration and Continuous Delivery with Azure DevOps - Deploy Anyt...
Janusz Nowak
 
PPTX
DevOps and Cloud
Fernando Honig
 
PPTX
Container orchestration overview
Wyn B. Van Devanter
 
Argocd up and running
Raphaël PINSON
 
Google Cloud Networking Deep Dive
Michelle Holley
 
AWS Lambda Tutorial | Introduction to AWS Lambda | AWS Tutorial | AWS Trainin...
Edureka!
 
Kubernetes Secrets Management on Production with Demo
Opsta
 
Kubernetes
erialc_w
 
Comprehensive Terraform Training
Yevgeniy Brikman
 
Cloud Security
AWS User Group Bengaluru
 
Dockers and containers basics
Sourabh Saxena
 
Azure Arc Overview from Microsoft
David J Rosenthal
 
Gitlab, GitOps & ArgoCD
Haggai Philip Zagury
 
Kubernetes and container security
Volodymyr Shynkar
 
Red Hat OpenShift Container Platform Overview
James Falkner
 
Cloud Security Strategy
Capgemini
 
10월 웨비나 - AWS에서 Active Directory 구축 및 연동 옵션 살펴보기 (김용우 솔루션즈 아키텍트)
Amazon Web Services Korea
 
ArgoCD Meetup PPT final.pdf
amanmakwana3
 
Azure DevOps
Juan Fabian
 
Grafana.pptx
Bhushan Rane
 
Continues Integration and Continuous Delivery with Azure DevOps - Deploy Anyt...
Janusz Nowak
 
DevOps and Cloud
Fernando Honig
 
Container orchestration overview
Wyn B. Van Devanter
 
Ad

Similar to GCP Best Practices for SRE Team (20)

PDF
Getting more into GCP.pdf
Knoldus Inc.
 
PPTX
Cloud & GCP 101
Runcy Oommen
 
PDF
Introduction to GCP
Knoldus Inc.
 
PDF
Enterprise Cloud Governance: A Frictionless Approach
RightScale
 
PPTX
wndoNDKLAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA
coolsiva1812
 
PDF
Reaching for the Clouds: Achieving the Business Benefi ts of Cloud Computing
BMC Software
 
PPTX
Google Cloud Platform AI Training in Hyderabad | Google Cloud AI Course Online
susheel visualpath
 
PPTX
Google Cloud Platform (GCP)
Chetan Sharma
 
PDF
Digital Forensics and Incident Response in The Cloud
Velocidex Enterprises
 
PPTX
Introduction to Google Cloud & GCCP Campaign
GDSCVJTI
 
PPTX
GDSC BVCOENM - Google Cloud Study Jam October 2021 | Day 1 + Day 2
GDSCBVCOENM
 
PPTX
Google Cloud Study Jam | GDSC NCU
Shivam254129
 
PDF
What is Cloud and what are the best practices?
IndSightsResearchSG
 
PDF
What is Cloud and what are the best practices?
IndSightsResearchSG
 
PDF
Getting Started with Google Cloud Platform: A Beginner’s Guide
athinfosysseo
 
PPTX
BSM for Cloud Computing
BMC Software
 
PDF
Google Cloud Certified Associate Cloud Engineer All-in-One Exam Guide 1st Edi...
goatsjknopsnd
 
PDF
The 5 Stages of Cloud Management for Enterprises
RightScale
 
PPTX
GCCP.pptx
AnanyaPRao
 
PDF
8 Elements of Multi-Cloud Security
RightScale
 
Getting more into GCP.pdf
Knoldus Inc.
 
Cloud & GCP 101
Runcy Oommen
 
Introduction to GCP
Knoldus Inc.
 
Enterprise Cloud Governance: A Frictionless Approach
RightScale
 
wndoNDKLAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA
coolsiva1812
 
Reaching for the Clouds: Achieving the Business Benefi ts of Cloud Computing
BMC Software
 
Google Cloud Platform AI Training in Hyderabad | Google Cloud AI Course Online
susheel visualpath
 
Google Cloud Platform (GCP)
Chetan Sharma
 
Digital Forensics and Incident Response in The Cloud
Velocidex Enterprises
 
Introduction to Google Cloud & GCCP Campaign
GDSCVJTI
 
GDSC BVCOENM - Google Cloud Study Jam October 2021 | Day 1 + Day 2
GDSCBVCOENM
 
Google Cloud Study Jam | GDSC NCU
Shivam254129
 
What is Cloud and what are the best practices?
IndSightsResearchSG
 
What is Cloud and what are the best practices?
IndSightsResearchSG
 
Getting Started with Google Cloud Platform: A Beginner’s Guide
athinfosysseo
 
BSM for Cloud Computing
BMC Software
 
Google Cloud Certified Associate Cloud Engineer All-in-One Exam Guide 1st Edi...
goatsjknopsnd
 
The 5 Stages of Cloud Management for Enterprises
RightScale
 
GCCP.pptx
AnanyaPRao
 
8 Elements of Multi-Cloud Security
RightScale
 
Ad

More from Huynh Thai Bao (10)

PPTX
Service Mesh 101 - Digging into your service
Huynh Thai Bao
 
PPTX
K8s Webhook Admission
Huynh Thai Bao
 
PPTX
CICD pipelines with GitOps
Huynh Thai Bao
 
PPTX
ELK - Optimizations & Updates
Huynh Thai Bao
 
PPTX
K8s-zero-downtime-the-missing-part
Huynh Thai Bao
 
PPTX
Cassandra - decentralized structured database
Huynh Thai Bao
 
PPTX
Skaffold - faster development on K8S
Huynh Thai Bao
 
PDF
Kubernetes - A Rising Hero
Huynh Thai Bao
 
PDF
Vault - Enhancement for K8S secret security
Huynh Thai Bao
 
PDF
Enabling GitOps - Architecture for Implementation
Huynh Thai Bao
 
Service Mesh 101 - Digging into your service
Huynh Thai Bao
 
K8s Webhook Admission
Huynh Thai Bao
 
CICD pipelines with GitOps
Huynh Thai Bao
 
ELK - Optimizations & Updates
Huynh Thai Bao
 
K8s-zero-downtime-the-missing-part
Huynh Thai Bao
 
Cassandra - decentralized structured database
Huynh Thai Bao
 
Skaffold - faster development on K8S
Huynh Thai Bao
 
Kubernetes - A Rising Hero
Huynh Thai Bao
 
Vault - Enhancement for K8S secret security
Huynh Thai Bao
 
Enabling GitOps - Architecture for Implementation
Huynh Thai Bao
 

Recently uploaded (20)

PDF
keyrequirementskkkkkkkkkkkkkkkkkkkkkkkkkkkkkkkkkkkkk
mojeeburahmanwardak
 
DOCX
ASol_English-Language-Literature-Set-1-27-02-2023-converted.docx
AYUSHMANAV
 
PDF
Digital Logic Computer Design lecture notes
CHINNASUNKAIAH1
 
PPTX
Lesson 3_Tessellation.pptx finite Mathematics
quakeplayz54
 
PPTX
Welding lecture in detail for understanding
sahilpoonia10
 
PDF
Embodied AI: Ushering in the Next Era of Intelligent Systems
Yu Huang
 
PPTX
Infosys Presentation by1.Riyan Bagwan 2.Samadhan Naiknavare 3.Gaurav Shinde 4...
bapushinde7218
 
PDF
Mohammad Mahdi Farshadian CV - Prospective PhD Student 2026
Educational Group Mohammad Farshadian
 
PPTX
OOP with Java - Java Introduction (Basics)
Rashmi T V
 
PDF
Evaluating the Democratization of the Turkish Armed Forces from a Normative P...
jpsjournal1
 
PPTX
Construction Project Organization Group 2.pptx
vj5agdales
 
PPTX
Recipes for Real Time Voice AI WebRTC, SLMs and Open Source Software.pptx
Alberto González Trastoy
 
PPTX
MET 305 2019 SCHEME MODULE 2 COMPLETE.pptx
VinayB68
 
PPTX
UNIT-1 - COAL BASED THERMAL POWER PLANTS
Chandra Kumar S
 
PDF
Operating System & Kernel Study Guide-1 - converted.pdf
mranoninvisib16
 
PDF
Well-logging-methods_new................
ZafriFarid
 
PPTX
MCN 401 KTU-2019-PPE KITS-MODULE 2.pptx
VinayB68
 
PDF
Model Code of Practice - Construction Work - 21102022 .pdf
AinieButt1
 
PPTX
Foundation to blockchain - A guide to Blockchain Tech
Davies Chacko
 
PPTX
CARTOGRAPHY AND GEOINFORMATION VISUALIZATION chapter1 NPTE (2).pptx
abhi1361yadav
 
keyrequirementskkkkkkkkkkkkkkkkkkkkkkkkkkkkkkkkkkkkk
mojeeburahmanwardak
 
ASol_English-Language-Literature-Set-1-27-02-2023-converted.docx
AYUSHMANAV
 
Digital Logic Computer Design lecture notes
CHINNASUNKAIAH1
 
Lesson 3_Tessellation.pptx finite Mathematics
quakeplayz54
 
Welding lecture in detail for understanding
sahilpoonia10
 
Embodied AI: Ushering in the Next Era of Intelligent Systems
Yu Huang
 
Infosys Presentation by1.Riyan Bagwan 2.Samadhan Naiknavare 3.Gaurav Shinde 4...
bapushinde7218
 
Mohammad Mahdi Farshadian CV - Prospective PhD Student 2026
Educational Group Mohammad Farshadian
 
OOP with Java - Java Introduction (Basics)
Rashmi T V
 
Evaluating the Democratization of the Turkish Armed Forces from a Normative P...
jpsjournal1
 
Construction Project Organization Group 2.pptx
vj5agdales
 
Recipes for Real Time Voice AI WebRTC, SLMs and Open Source Software.pptx
Alberto González Trastoy
 
MET 305 2019 SCHEME MODULE 2 COMPLETE.pptx
VinayB68
 
UNIT-1 - COAL BASED THERMAL POWER PLANTS
Chandra Kumar S
 
Operating System & Kernel Study Guide-1 - converted.pdf
mranoninvisib16
 
Well-logging-methods_new................
ZafriFarid
 
MCN 401 KTU-2019-PPE KITS-MODULE 2.pptx
VinayB68
 
Model Code of Practice - Construction Work - 21102022 .pdf
AinieButt1
 
Foundation to blockchain - A guide to Blockchain Tech
Davies Chacko
 
CARTOGRAPHY AND GEOINFORMATION VISUALIZATION chapter1 NPTE (2).pptx
abhi1361yadav
 

GCP Best Practices for SRE Team

  • 1. GCP Best Practices For Cloud Journey Bảo Huỳnh Site Reliability Engineering 27-March-2020
  • 2. 1. GCP Walk Through 2. GCP Best practice (for all) 3. GCP Best practice (GKE operation) 4. Sample Organization report (Mudah) 5. Q&A Agenda
  • 3. 1. GCP Walk Through
  • 4. 2. GCP Best Practice (Org. setup) A. Separate Resource Hierarchy - Different Level for management - Separate projects for billing control
  • 5. 2. GCP Best Practice (Org. setup)
  • 6. B. IAC for cloud resources creation 2. GCP Best Practice (Org. setup)
  • 7. C. Export & analyze billing - Export to BigQuery - Visualize with Data Studio 2. GCP Best Practice (Billing Mgmt.)
  • 8. D. Cost usage control - Setting Quotas for each resources - Alert on budget billing 2. GCP Best Practice (Billing Mgmt.)
  • 9. 2. GCP Best Practice (Logging & Monitoring)
  • 10. E. Logging with Stackdriver Export to LogSink for future usage Support below LogSink: - On-prem LogStore - Cloud Pub/Sub - GCS - BigQuery 2. GCP Best Practice (Logging & Monitoring)
  • 11. 2. GCP Best Practice (Logging & Monitoring) F. Monitoring with Stackdriver Metrics Exposure Alerting Rules based on Metrics
  • 12. 2. GCP Best Practice (Logging & Monitoring) J. Audit Logging Answer 4W question: What Who When Where
  • 13. Types of Audit Trail Log entries for GCP Usage IAM FOR VIEWING Admin Activity + API calls + Other administrative actions [that modify the configuration or metadata of resources] - Enable by default - Can not disable - Free - Project viewer - Logging / Log Viewer Data Access + API calls [ that read the configuration / metadata of resources ] + user-driven API calls [ make changes to user-provided resource data ] • Disable by default • Charged by Google • Project/Owner • Logging/Private Logs Viewer System Event + Google Cloud administrative actions [ that modify the configuration of resources ] (( generated by Google systems; they are not driven by direct user action )) - Enable by default - Can not disable - Free - Project viewer - Logging / Log Viewer 2. GCP Best Practice (Logging & Monitoring) J. Audit Logging
  • 14. Type Target Applied Level Identity and Accessiblity Management (IAM) All identities in GCP - User - Group - ServiceAccount Projects Orgranization Policy GCP Resources Orgranization Projects 2. GCP Best Practice (IAM & Policies)
  • 15. 2. GCP Best Practice (IAM & Policies) Identities and Accessibility Management - Assign only limited access to resources - Assign users into different group => then assign group with IAM - NOT allow any bucket-level access, only access by object-level
  • 16. 2. GCP Best Practice (IAM & Policies) Organization Policies - providing the ability to set restrictions on specific resources to determine how they can be configured and used. Vietnamese Translate - Áp constraints lên các resource (VM, CloudFunction, GCS,..) - Để: quy định các resource này ĐƯỢC configure & sử dụng ntn bởi user Example: ● Define a constraint to restrict virtual machine instances from having an external IP address. ● Define a constraint to allow cloud function could use ingress setting (from user)
  • 17. ● Enforce MFA on employee's account ● Use Cloud Identity / GSuite to manage account for organization 2. GCP Best Practice (Security)
  • 18. ● Private IP Cluster ● Different NodePool for different types of Application ● Enable Stackdriver Logging & Monitoring for service observalibilty ● Security + Avoid running as Root (instead using SecurityContext) + Enable NetworkPolicy (Ingress/Egress/From/To) for each NS ● Isolation application (in each namespaces) if possible + Apply security + Enable Quota for Resources (per Namespace) maxpod * limit CPU/Memory => Each application don’t starve out resources of other apps => cost control 3. GCP Best Practice (GKE Operation)
  • 19. ● Report based on current GCP’s resources of Mudah ● Recommendation given by GCP experts ● Follow GCP best practices from Google for cloud operation. 4. Sample Organization Report