Day 2 Operations on Google Cloud

(2 days)


The large majority of customers on Google Cloud have migrated using a “lift and shift” strategy to simply move their applications to Google Cloud. They often are using the console to manage their systems operations and hosting their applications on a self-managed fleet of Compute Engine virtual machines.

This course uses the example of a simple 3-tier web application which has recently been migrated to virtual machines on Google Cloud. You will walk through the process of modernizing this application by implementing logging and monitoring using Cloud Operations, tightening security policies by using custom service accounts, leveraging tagging for managing and cataloging resources, enforcing compliance policies at the project and organization level, managing OS images and patching for their virtual machines, and automating deployment of infrastructure using Terraform. Finally, you will walk through the process of migrating your application to a Google Kubernetes Engine cluster while following best practices and minimizing downtime for your currently running applications.


  • Understand the pillars of the Google Cloud Architecture Framework, focusing on the pillar of Operational Excellence
  • Implement logging and monitoring for your applications following Google Cloud best practices
  • Follow the principle of least privilege by replacing default service accounts with purpose-built service accounts for your application Create project-level and organization-level polices to enforce compliance with company policies
  • Manage and patch OS images and enforce compliance using VM Manager
  • Automate deployment of infrastructure using tools such as Terraform
  • Prepare and migrate your application to managed services such as Google Kubernetes Engine
  • Learn more about next steps to continue modernizing your applications using cloud native technologies


SysOps professionals looking to implement best practices to modernize the infrastructure powering their applications.


Students should have completed the “Google Cloud Fundamentals: Core Infrastructure” and “Architecting with Google Compute Engine” courses or have equivalent Google Cloud experience. Familiarity with shell scripting in Linux and containers is also recommended.

Course Outline

Module 1: Google Cloud Architecture Framework

  • Introduction to the Google Cloud Architecture Framework
  • Operational Excellence
  • Exploring Your Use Case: 3-Tier Web Application

Module 2: Logging and Monitoring

  • The Four Golden Signals
  • Setting Up the Cloud Logging Agent
  • Querying Logs in Cloud Logging
  • Making Logs Actionable with Cloud Monitoring
  • Alerting Policies

Module 3: Securing Resources with Cloud IAM and Policies

  • Why to Not Use the Default Service Accounts
  • Creating Service Accounts and Custom IAM roles
  • Policies and Tags for Resources
  • IAM Conditions and Tags
  • Project and Organization-Level Policies

Module 4: Using VM Manager to Manage Resources

  • Introduction to VM Manager
  • OS Configurations and Policies
  • OS Inventory and Patch Management
  • Enforcing Compliance Policies

Module 5: Migrating Your Application Database

  • Database Options and Considerations
  • Preparing to Migrate Your Database
  • Database Migration Service
  • CDC and Migrating Your Application to the New Database

Module 6: Automating Infrastructure Deployment

  • Why Automation?
  • Introduction to Terraform
  • Preparing Current Configuration for Automation
  • Best Practices for Automating Deployment of Resources

Module 7: Preparing to Migrate Application to Google Kubernetes Engine

  • Ensuring Your VM-based Application Is Ready for Migration
  • Planning for Migrating the Application Without Downtime
  • GKE Operation Modes
  • Migrating the Application

Module 8: Managing and Troubleshooting Google Kubernetes Engine

  • Logging and Monitoring for GKE
  • Optimizing Cluster Performance
  • Managing IP Allocation
  • Troubleshooting Performance

Module 9: Summary of Best Practices and Future Steps

  • Summary of Journey
  • Summary of Best Practices
  • Next Steps to Continue Infrastructure Modernization

Lab 1: Getting Started with the Case Study App

  • Get Familiar with the Case Study Application
  • Deploy the Application on the Cloud Shell for Local Development
  • Deploy the Application into Compute Engine VMs
  • Automate the Creation of Compute Engine Images with Packer

Lab 2: Setting Up Cloud Logging and Monitoring for Your Application

  • Install the Cloud Logging Agent on Your VMs
  • Update Application Code to Use the Cloud Logging Client Libraries
  • Set Up a Dashboard Using Cloud Monitoring
  • Set Up an Alerting Policy Using Cloud Monitoring

Lab 3: Securing and Managing Your Application VMs

  • Create Service Accounts for Application VMs
  • Assign Appropriate Roles for Service Accounts
  • Update Service Accounts on Application VMs
  • Use VM Manager to Create an OS Policy Assignment
  • Ensure that Your VMs Comply with the OS Policy

Lab 4: Migrating Your Application Database

  • Provision Cloud SQL Instance to Host MySQL Database
  • Configure MySQL Database for Database Migration Service
  • Create Database Migration Job

Lab 5: Automating Infrastructure Deployment with Terraform

  • Export Current Configuration Using Google Cloud CLI
  • Update Terraform Scripts Using Best Practices
  • Test Deployment of Resources Using Terraform

Lab 6: Migrating Your Application to GKE

  • Containerize Components of Application
  • Provision GKE Autopilot Cluster
  • Deploy Application to GKE
  • Migrate Traffic from Legacy Application to GKE

Lab 7: Managing and Troubleshooting Your Application on GKE

  • Explore Logging and Monitoring in GKE
  • Set Up GKE Cluster Notifications Using Pub/Sub
  • Securely Connect to Cloud SQL Using Workload Identity
  • Identify Performance Issues with Your Application
  • Scale Your Application