Day 2 Operations on Google Cloud
(2 days)
The large majority of customers on Google Cloud have migrated using a “lift and shift” strategy to simply move their applications to Google Cloud. They often are using the console to manage their systems operations and hosting their applications on a self-managed fleet of Compute Engine virtual machines.
This course uses the example of a simple 3-tier web application which has recently been migrated to virtual machines on Google Cloud. You will walk through the process of modernizing this application by implementing logging and monitoring using Cloud Operations, tightening security policies by using custom service accounts, leveraging tagging for managing and cataloging resources, enforcing compliance policies at the project and organization level, managing OS images and patching for their virtual machines, and automating deployment of infrastructure using Terraform. Finally, you will walk through the process of migrating your application to a Google Kubernetes Engine cluster while following best practices and minimizing downtime for your currently running applications.
Objectives
- Understand the pillars of the Google Cloud Architecture Framework, focusing on the pillar of Operational Excellence
- Implement logging and monitoring for your applications following Google Cloud best practices
- Follow the principle of least privilege by replacing default service accounts with purpose-built service accounts for your application Create project-level and organization-level polices to enforce compliance with company policies
- Manage and patch OS images and enforce compliance using VM Manager
- Automate deployment of infrastructure using tools such as Terraform
- Prepare and migrate your application to managed services such as Google Kubernetes Engine
- Learn more about next steps to continue modernizing your applications using cloud native technologies
Audience
SysOps professionals looking to implement best practices to modernize the infrastructure powering their applications.
Prerequisites
Students should have completed the “Google Cloud Fundamentals: Core Infrastructure” and “Architecting with Google Compute Engine” courses or have equivalent Google Cloud experience. Familiarity with shell scripting in Linux and containers is also recommended.
Course Outline
Module 1: Google Cloud Architecture Framework
- Introduction to the Google Cloud Architecture Framework
- Operational Excellence
- Exploring Your Use Case: 3-Tier Web Application
Module 2: Logging and Monitoring
- The Four Golden Signals
- Setting Up the Cloud Logging Agent
- Querying Logs in Cloud Logging
- Making Logs Actionable with Cloud Monitoring
- Alerting Policies
Module 3: Securing Resources with Cloud IAM and Policies
- Why to Not Use the Default Service Accounts
- Creating Service Accounts and Custom IAM roles
- Policies and Tags for Resources
- IAM Conditions and Tags
- Project and Organization-Level Policies
Module 4: Using VM Manager to Manage Resources
- Introduction to VM Manager
- OS Configurations and Policies
- OS Inventory and Patch Management
- Enforcing Compliance Policies
Module 5: Migrating Your Application Database
- Database Options and Considerations
- Preparing to Migrate Your Database
- Database Migration Service
- CDC and Migrating Your Application to the New Database
Module 6: Automating Infrastructure Deployment
- Why Automation?
- Introduction to Terraform
- Preparing Current Configuration for Automation
- Best Practices for Automating Deployment of Resources
Module 7: Preparing to Migrate Application to Google Kubernetes Engine
- Ensuring Your VM-based Application Is Ready for Migration
- Planning for Migrating the Application Without Downtime
- GKE Operation Modes
- Migrating the Application
Module 8: Managing and Troubleshooting Google Kubernetes Engine
- Logging and Monitoring for GKE
- Optimizing Cluster Performance
- Managing IP Allocation
- Troubleshooting Performance
Module 9: Summary of Best Practices and Future Steps
- Summary of Journey
- Summary of Best Practices
- Next Steps to Continue Infrastructure Modernization
Lab 1: Getting Started with the Case Study App
- Get Familiar with the Case Study Application
- Deploy the Application on the Cloud Shell for Local Development
- Deploy the Application into Compute Engine VMs
- Automate the Creation of Compute Engine Images with Packer
Lab 2: Setting Up Cloud Logging and Monitoring for Your Application
- Install the Cloud Logging Agent on Your VMs
- Update Application Code to Use the Cloud Logging Client Libraries
- Set Up a Dashboard Using Cloud Monitoring
- Set Up an Alerting Policy Using Cloud Monitoring
Lab 3: Securing and Managing Your Application VMs
- Create Service Accounts for Application VMs
- Assign Appropriate Roles for Service Accounts
- Update Service Accounts on Application VMs
- Use VM Manager to Create an OS Policy Assignment
- Ensure that Your VMs Comply with the OS Policy
Lab 4: Migrating Your Application Database
- Provision Cloud SQL Instance to Host MySQL Database
- Configure MySQL Database for Database Migration Service
- Create Database Migration Job
Lab 5: Automating Infrastructure Deployment with Terraform
- Export Current Configuration Using Google Cloud CLI
- Update Terraform Scripts Using Best Practices
- Test Deployment of Resources Using Terraform
Lab 6: Migrating Your Application to GKE
- Containerize Components of Application
- Provision GKE Autopilot Cluster
- Deploy Application to GKE
- Migrate Traffic from Legacy Application to GKE
Lab 7: Managing and Troubleshooting Your Application on GKE
- Explore Logging and Monitoring in GKE
- Set Up GKE Cluster Notifications Using Pub/Sub
- Securely Connect to Cloud SQL Using Workload Identity
- Identify Performance Issues with Your Application
- Scale Your Application