Road to certification part 3: 9th week at the Spark program @ Encora
This week started with the weekly talk, where we share something we’ve learned during the certification process. In my case, my talk was about virtual machines on the Google Cloud Platform.
I started the talk by asking why there are so many websites but it seems like there aren’t any servers. This happens because nowadays we see tons of websites, but we don’t see each company having its own data center or even its servers. And that’s because, with the rise of the cloud a few years ago, this doesn’t have to be the case anymore. Big companies, startups, and even individuals can rent computing resources and only pay for what they use. This way, they can build their architecture quickly without worrying about buying physical computers, which reduces time and costs. Plus, if they need more processing power, they can easily scale up to more resources.
One of the advantages of using Compute Engine, an Infrastructure as a Service (IaaS) product, is that virtual machines can be created easily, either through the Cloud Console — the graphical interface for creating a VM — or through Cloud Shell, a command-line interface where you can create a custom VM with just one command.
Both tools have their advantages. For example, in Cloud Console, you can visually choose each VM’s parameters and even create a VM from templates if you need something more custom and quick to set up.
The advantage of Cloud Shell is that you can paste a VM creation command. If you’ve already created a VM, you can export that command and paste it into Cloud Shell to create another VM quickly and easily.
gcloud compute instances create instancius --project=qwiklabs-gcp-01-b0e9a8ddaea3 --zone=us-central1-c --machine-type=e2-medium --network-interface=stack-type=IPV4_ONLY,subnet=default,no-address --metadata=enable-oslogin=true --maintenance-policy=MIGRATE --provisioning-model=STANDARD --service-account=198314063887-compute@developer.gserviceaccount.com --scopes=https://www.googleapis.com/auth/devstorage.read_only,https://www.googleapis.com/auth/logging.write,https://www.googleapis.com/auth/monitoring.write,https://www.googleapis.com/auth/service.management.readonly,https://www.googleapis.com/auth/servicecontrol,https://www.googleapis.com/auth/trace.append --create-disk=auto-delete=yes,boot=yes,device-name=instancius,image=projects/debian-cloud/global/images/debian-12-bookworm-v20240910,mode=rw,size=10,type=pd-balanced --no-shielded-secure-boot --shielded-vtpm --shielded-integrity-monitoring --labels=goog-ec-src=vm_add-gcloud --reservation-affinity=anyAnother advantage of Compute Engine is that virtual machines can be set up with startup and shutdown scripts. This means you can establish what to do when a virtual machine starts up or shuts down. This is useful to always have data backups or processes running on the VM or to redirect traffic to another VM while the current one isn’t available.
That was a bit of my talk. With such limited time, it’s hard to pick a topic from so much information, but it’s always useful to give recommendations on how to do something with a certain technology. This way, you give listeners a starting point to dive deeper into their research.
On another note, I’ve been learning more about GCP and how its infrastructure works, what services it uses, and how they relate to other services to create a complex architecture that fits clients’ needs.
I learned more about Virtual Private Networks (VPCs) and their relationship with the firewall to create rules that only allow traffic from certain points or connections between VMs, as well as the use of tags to apply certain rules to only some VMs instead of defining the same firewall rule for each VM.
I’ve also been learning more about roles in GCP and service accounts. This is a topic that really interested me because roles define who can do what and where, so it’s a very useful way to set limits for the people involved in configuring the project’s architecture. On the other hand, service accounts are also an interesting topic in the sense that not everything is done by a person — there have to be service accounts that perform certain actions and have certain permissions to do so.
