SlideShare a Scribd company logo

GCP Best Practices for SRE Team

H
Huynh Thai Bao

GCP Best Practices for SRE Team: + Organization setup + Provision + Billing + Networking + Service Observability / Monitoring + GKE operation

Engineering
1 of 20
Download to read offline
GCP Best Practices For Cloud Journey Bảo Huỳnh Site Reliability Engineering 27-March-2020
1. GCP Walk Through 2. GCP Best practice (for all) 3. GCP Best practice (GKE operation) 4. Sample Organization report (Mudah) 5. Q&A Agenda
1. GCP Walk Through
2. GCP Best Practice (Org. setup) A. Separate Resource Hierarchy - Different Level for management - Separate projects for billing control
2. GCP Best Practice (Org. setup)
B. IAC for cloud resources creation 2. GCP Best Practice (Org. setup)
C. Export & analyze billing - Export to BigQuery - Visualize with Data Studio 2. GCP Best Practice (Billing Mgmt.)
D. Cost usage control - Setting Quotas for each resources - Alert on budget billing 2. GCP Best Practice (Billing Mgmt.)
2. GCP Best Practice (Logging & Monitoring)
E. Logging with Stackdriver Export to LogSink for future usage Support below LogSink: - On-prem LogStore - Cloud Pub/Sub - GCS - BigQuery 2. GCP Best Practice (Logging & Monitoring)
2. GCP Best Practice (Logging & Monitoring) F. Monitoring with Stackdriver Metrics Exposure Alerting Rules based on Metrics
2. GCP Best Practice (Logging & Monitoring) J. Audit Logging Answer 4W question: What Who When Where
Types of Audit Trail Log entries for GCP Usage IAM FOR VIEWING Admin Activity + API calls + Other administrative actions [that modify the configuration or metadata of resources] - Enable by default - Can not disable - Free - Project viewer - Logging / Log Viewer Data Access + API calls [ that read the configuration / metadata of resources ] + user-driven API calls [ make changes to user-provided resource data ] • Disable by default • Charged by Google • Project/Owner • Logging/Private Logs Viewer System Event + Google Cloud administrative actions [ that modify the configuration of resources ] (( generated by Google systems; they are not driven by direct user action )) - Enable by default - Can not disable - Free - Project viewer - Logging / Log Viewer 2. GCP Best Practice (Logging & Monitoring) J. Audit Logging
Type Target Applied Level Identity and Accessiblity Management (IAM) All identities in GCP - User - Group - ServiceAccount Projects Orgranization Policy GCP Resources Orgranization Projects 2. GCP Best Practice (IAM & Policies)
2. GCP Best Practice (IAM & Policies) Identities and Accessibility Management - Assign only limited access to resources - Assign users into different group => then assign group with IAM - NOT allow any bucket-level access, only access by object-level
2. GCP Best Practice (IAM & Policies) Organization Policies - providing the ability to set restrictions on specific resources to determine how they can be configured and used. Vietnamese Translate - Áp constraints lên các resource (VM, CloudFunction, GCS,..) - Để: quy định các resource này ĐƯỢC configure & sử dụng ntn bởi user Example: ● Define a constraint to restrict virtual machine instances from having an external IP address. ● Define a constraint to allow cloud function could use ingress setting (from user)
● Enforce MFA on employee's account ● Use Cloud Identity / GSuite to manage account for organization 2. GCP Best Practice (Security)
● Private IP Cluster ● Different NodePool for different types of Application ● Enable Stackdriver Logging & Monitoring for service observalibilty ● Security + Avoid running as Root (instead using SecurityContext) + Enable NetworkPolicy (Ingress/Egress/From/To) for each NS ● Isolation application (in each namespaces) if possible + Apply security + Enable Quota for Resources (per Namespace) maxpod * limit CPU/Memory => Each application don’t starve out resources of other apps => cost control 3. GCP Best Practice (GKE Operation)
● Report based on current GCP’s resources of Mudah ● Recommendation given by GCP experts ● Follow GCP best practices from Google for cloud operation. 4. Sample Organization Report
Questions & a little Answers

Recommended

Google Cloud Networking Deep Dive
Google Cloud Networking Deep DiveGoogle Cloud Networking Deep Dive
Google Cloud Networking Deep DiveMichelle Holley
 
Exploiting IAM in the google cloud platform - dani_goland_mohsan_farid
Exploiting IAM in the google cloud platform - dani_goland_mohsan_faridExploiting IAM in the google cloud platform - dani_goland_mohsan_farid
Exploiting IAM in the google cloud platform - dani_goland_mohsan_faridCloudVillage
 
Network architecture design for microservices on GCP
Network architecture design for microservices on GCPNetwork architecture design for microservices on GCP
Network architecture design for microservices on GCPRaphaël FRAYSSE
 
OPA APIs and Use Case Survey
OPA APIs and Use Case SurveyOPA APIs and Use Case Survey
OPA APIs and Use Case SurveyTorin Sandall
 
Introduction to the Container Network Interface (CNI)
Introduction to the Container Network Interface (CNI)Introduction to the Container Network Interface (CNI)
Introduction to the Container Network Interface (CNI)Weaveworks
 
Google Cloud Platform Solutions for DevOps Engineers
Google Cloud Platform Solutions for DevOps EngineersGoogle Cloud Platform Solutions for DevOps Engineers
Google Cloud Platform Solutions for DevOps EngineersMárton Kodok
 
Integrated Cloud Framework: Security, Governance, Compliance, Content Applica...
Integrated Cloud Framework: Security, Governance, Compliance, Content Applica...Integrated Cloud Framework: Security, Governance, Compliance, Content Applica...
Integrated Cloud Framework: Security, Governance, Compliance, Content Applica...Chad Lawler
 
Webinar: Simplifying the Enterprise Hybrid Cloud with Azure Stack HCI
Webinar: Simplifying the Enterprise Hybrid Cloud with Azure Stack HCIWebinar: Simplifying the Enterprise Hybrid Cloud with Azure Stack HCI
Webinar: Simplifying the Enterprise Hybrid Cloud with Azure Stack HCIStorage Switzerland
 

Recommended

Google Cloud Networking Deep Dive
Google Cloud Networking Deep DiveGoogle Cloud Networking Deep Dive
Google Cloud Networking Deep DiveMichelle Holley
 
Exploiting IAM in the google cloud platform - dani_goland_mohsan_farid
Exploiting IAM in the google cloud platform - dani_goland_mohsan_faridExploiting IAM in the google cloud platform - dani_goland_mohsan_farid
Exploiting IAM in the google cloud platform - dani_goland_mohsan_faridCloudVillage
 
Network architecture design for microservices on GCP
Network architecture design for microservices on GCPNetwork architecture design for microservices on GCP
Network architecture design for microservices on GCPRaphaël FRAYSSE
 
OPA APIs and Use Case Survey
OPA APIs and Use Case SurveyOPA APIs and Use Case Survey
OPA APIs and Use Case SurveyTorin Sandall
 
Introduction to the Container Network Interface (CNI)
Introduction to the Container Network Interface (CNI)Introduction to the Container Network Interface (CNI)
Introduction to the Container Network Interface (CNI)Weaveworks
 
Google Cloud Platform Solutions for DevOps Engineers
Google Cloud Platform Solutions for DevOps EngineersGoogle Cloud Platform Solutions for DevOps Engineers
Google Cloud Platform Solutions for DevOps EngineersMárton Kodok
 
Integrated Cloud Framework: Security, Governance, Compliance, Content Applica...
Integrated Cloud Framework: Security, Governance, Compliance, Content Applica...Integrated Cloud Framework: Security, Governance, Compliance, Content Applica...
Integrated Cloud Framework: Security, Governance, Compliance, Content Applica...Chad Lawler
 
Webinar: Simplifying the Enterprise Hybrid Cloud with Azure Stack HCI
Webinar: Simplifying the Enterprise Hybrid Cloud with Azure Stack HCIWebinar: Simplifying the Enterprise Hybrid Cloud with Azure Stack HCI
Webinar: Simplifying the Enterprise Hybrid Cloud with Azure Stack HCIStorage Switzerland
 
Google Cloud DNS
Google Cloud DNSGoogle Cloud DNS
Google Cloud DNSZdenko Hrček
 
Open shift 4 infra deep dive
Open shift 4 infra deep diveOpen shift 4 infra deep dive
Open shift 4 infra deep diveWinton Winton
 
Introduction to Terraform and Google Cloud Platform
Introduction to Terraform and Google Cloud PlatformIntroduction to Terraform and Google Cloud Platform
Introduction to Terraform and Google Cloud PlatformPradeep Bhadani
 
Kubernetes networking in AWS
Kubernetes networking in AWSKubernetes networking in AWS
Kubernetes networking in AWSZvika Gazit
 
What is Cloud Native Explained?
What is Cloud Native Explained?What is Cloud Native Explained?
What is Cloud Native Explained?jeetendra mandal
 
Cloud Native Application
Cloud Native ApplicationCloud Native Application
Cloud Native ApplicationVMUG IT
 
Tom Grey - Google Cloud Platform
Tom Grey - Google Cloud PlatformTom Grey - Google Cloud Platform
Tom Grey - Google Cloud PlatformFondazione CUOA
 
Kubernetes Networking with Cilium - Deep Dive
Kubernetes Networking with Cilium - Deep DiveKubernetes Networking with Cilium - Deep Dive
Kubernetes Networking with Cilium - Deep DiveMichal Rostecki
 
Introduction to Google Cloud Services / Platforms
Introduction to Google Cloud Services / PlatformsIntroduction to Google Cloud Services / Platforms
Introduction to Google Cloud Services / PlatformsNilanchal
 
SDDC Strategy 1.3
SDDC Strategy 1.3SDDC Strategy 1.3
SDDC Strategy 1.3Woo Hyung Choi
 
Evolution of containers to kubernetes
Evolution of containers to kubernetesEvolution of containers to kubernetes
Evolution of containers to kubernetesKrishna-Kumar
 
[AWS Builders 온라인 시리즈] AWS 서비스를 활용하여 파일 스토리지 빠르게 마이그레이션 하기 - 서지혜, AWS 솔루션즈 아키텍트
[AWS Builders 온라인 시리즈] AWS 서비스를 활용하여 파일 스토리지 빠르게 마이그레이션 하기 - 서지혜, AWS 솔루션즈 아키텍트[AWS Builders 온라인 시리즈] AWS 서비스를 활용하여 파일 스토리지 빠르게 마이그레이션 하기 - 서지혜, AWS 솔루션즈 아키텍트
[AWS Builders 온라인 시리즈] AWS 서비스를 활용하여 파일 스토리지 빠르게 마이그레이션 하기 - 서지혜, AWS 솔루션즈 아키텍트Amazon Web Services Korea
 
Openshift argo cd_v1_2
Openshift argo cd_v1_2Openshift argo cd_v1_2
Openshift argo cd_v1_2RastinKenarsari
 
GCP IAM.pptx
GCP IAM.pptxGCP IAM.pptx
GCP IAM.pptxMohitBabbar6
 
(ENT305) Develop an Enterprise-wide Cloud Adoption Strategy | AWS re:Invent 2014
(ENT305) Develop an Enterprise-wide Cloud Adoption Strategy | AWS re:Invent 2014(ENT305) Develop an Enterprise-wide Cloud Adoption Strategy | AWS re:Invent 2014
(ENT305) Develop an Enterprise-wide Cloud Adoption Strategy | AWS re:Invent 2014Amazon Web Services
 
Gitops: a new paradigm for software defined operations
Gitops: a new paradigm for software defined operationsGitops: a new paradigm for software defined operations
Gitops: a new paradigm for software defined operationsMariano Cunietti
 
Emerging Trends in Hybrid-Cloud & Multi-Cloud Strategies
Emerging Trends in Hybrid-Cloud & Multi-Cloud StrategiesEmerging Trends in Hybrid-Cloud & Multi-Cloud Strategies
Emerging Trends in Hybrid-Cloud & Multi-Cloud StrategiesChaitanya Atreya
 
SRE Conference 2022 - How to Build a Healthy On-Call Culture
SRE Conference 2022 - How to Build a Healthy On-Call CultureSRE Conference 2022 - How to Build a Healthy On-Call Culture
SRE Conference 2022 - How to Build a Healthy On-Call Culturesmalltown
 
Automated Governance for the DevOps Institutions.pdf
Automated Governance for the DevOps Institutions.pdfAutomated Governance for the DevOps Institutions.pdf
Automated Governance for the DevOps Institutions.pdfVishwas N
 
Microservices with Docker, Kubernetes, and Jenkins
Microservices with Docker, Kubernetes, and JenkinsMicroservices with Docker, Kubernetes, and Jenkins
Microservices with Docker, Kubernetes, and JenkinsRed Hat Developers
 
[Study Guide] Google Professional Cloud Architect (GCP-PCA) Certification
[Study Guide] Google Professional Cloud Architect (GCP-PCA) Certification[Study Guide] Google Professional Cloud Architect (GCP-PCA) Certification
[Study Guide] Google Professional Cloud Architect (GCP-PCA) CertificationAmaaira Johns
 
Get Well Prepared for Google Professional Cloud Developer (GCP-PCD) Certifica...
Get Well Prepared for Google Professional Cloud Developer (GCP-PCD) Certifica...Get Well Prepared for Google Professional Cloud Developer (GCP-PCD) Certifica...
Get Well Prepared for Google Professional Cloud Developer (GCP-PCD) Certifica...Amaaira Johns
 

More Related Content

What's hot

Open shift 4 infra deep dive
Open shift 4 infra deep diveOpen shift 4 infra deep dive
Open shift 4 infra deep diveWinton Winton
 
Introduction to Terraform and Google Cloud Platform
Introduction to Terraform and Google Cloud PlatformIntroduction to Terraform and Google Cloud Platform
Introduction to Terraform and Google Cloud PlatformPradeep Bhadani
 
Kubernetes networking in AWS
Kubernetes networking in AWSKubernetes networking in AWS
Kubernetes networking in AWSZvika Gazit
 
What is Cloud Native Explained?
What is Cloud Native Explained?What is Cloud Native Explained?
What is Cloud Native Explained?jeetendra mandal
 
Cloud Native Application
Cloud Native ApplicationCloud Native Application
Cloud Native ApplicationVMUG IT
 
Tom Grey - Google Cloud Platform
Tom Grey - Google Cloud PlatformTom Grey - Google Cloud Platform
Tom Grey - Google Cloud PlatformFondazione CUOA
 
Kubernetes Networking with Cilium - Deep Dive
Kubernetes Networking with Cilium - Deep DiveKubernetes Networking with Cilium - Deep Dive
Kubernetes Networking with Cilium - Deep DiveMichal Rostecki
 
Introduction to Google Cloud Services / Platforms
Introduction to Google Cloud Services / PlatformsIntroduction to Google Cloud Services / Platforms
Introduction to Google Cloud Services / PlatformsNilanchal
 
Evolution of containers to kubernetes
Evolution of containers to kubernetesEvolution of containers to kubernetes
Evolution of containers to kubernetesKrishna-Kumar
 
[AWS Builders 온라인 시리즈] AWS 서비스를 활용하여 파일 스토리지 빠르게 마이그레이션 하기 - 서지혜, AWS 솔루션즈 아키텍트
[AWS Builders 온라인 시리즈] AWS 서비스를 활용하여 파일 스토리지 빠르게 마이그레이션 하기 - 서지혜, AWS 솔루션즈 아키텍트[AWS Builders 온라인 시리즈] AWS 서비스를 활용하여 파일 스토리지 빠르게 마이그레이션 하기 - 서지혜, AWS 솔루션즈 아키텍트
[AWS Builders 온라인 시리즈] AWS 서비스를 활용하여 파일 스토리지 빠르게 마이그레이션 하기 - 서지혜, AWS 솔루션즈 아키텍트Amazon Web Services Korea
 
(ENT305) Develop an Enterprise-wide Cloud Adoption Strategy | AWS re:Invent 2014
(ENT305) Develop an Enterprise-wide Cloud Adoption Strategy | AWS re:Invent 2014(ENT305) Develop an Enterprise-wide Cloud Adoption Strategy | AWS re:Invent 2014
(ENT305) Develop an Enterprise-wide Cloud Adoption Strategy | AWS re:Invent 2014Amazon Web Services
 
Gitops: a new paradigm for software defined operations
Gitops: a new paradigm for software defined operationsGitops: a new paradigm for software defined operations
Gitops: a new paradigm for software defined operationsMariano Cunietti
 
Emerging Trends in Hybrid-Cloud & Multi-Cloud Strategies
Emerging Trends in Hybrid-Cloud & Multi-Cloud StrategiesEmerging Trends in Hybrid-Cloud & Multi-Cloud Strategies
Emerging Trends in Hybrid-Cloud & Multi-Cloud StrategiesChaitanya Atreya
 
SRE Conference 2022 - How to Build a Healthy On-Call Culture
SRE Conference 2022 - How to Build a Healthy On-Call CultureSRE Conference 2022 - How to Build a Healthy On-Call Culture
SRE Conference 2022 - How to Build a Healthy On-Call Culturesmalltown
 
Automated Governance for the DevOps Institutions.pdf
Automated Governance for the DevOps Institutions.pdfAutomated Governance for the DevOps Institutions.pdf
Automated Governance for the DevOps Institutions.pdfVishwas N
 
Microservices with Docker, Kubernetes, and Jenkins
Microservices with Docker, Kubernetes, and JenkinsMicroservices with Docker, Kubernetes, and Jenkins
Microservices with Docker, Kubernetes, and JenkinsRed Hat Developers
 

What's hot (20)

Google Cloud DNS
Google Cloud DNSGoogle Cloud DNS
Google Cloud DNS
 
Open shift 4 infra deep dive
Open shift 4 infra deep diveOpen shift 4 infra deep dive
Open shift 4 infra deep dive
 
Introduction to Terraform and Google Cloud Platform
Introduction to Terraform and Google Cloud PlatformIntroduction to Terraform and Google Cloud Platform
Introduction to Terraform and Google Cloud Platform
 
Kubernetes networking in AWS
Kubernetes networking in AWSKubernetes networking in AWS
Kubernetes networking in AWS
 
What is Cloud Native Explained?
What is Cloud Native Explained?What is Cloud Native Explained?
What is Cloud Native Explained?
 
Cloud Native Application
Cloud Native ApplicationCloud Native Application
Cloud Native Application
 
Tom Grey - Google Cloud Platform
Tom Grey - Google Cloud PlatformTom Grey - Google Cloud Platform
Tom Grey - Google Cloud Platform
 
Kubernetes Networking with Cilium - Deep Dive
Kubernetes Networking with Cilium - Deep DiveKubernetes Networking with Cilium - Deep Dive
Kubernetes Networking with Cilium - Deep Dive
 
Introduction to Google Cloud Services / Platforms
Introduction to Google Cloud Services / PlatformsIntroduction to Google Cloud Services / Platforms
Introduction to Google Cloud Services / Platforms
 
SDDC Strategy 1.3
SDDC Strategy 1.3SDDC Strategy 1.3
SDDC Strategy 1.3
 
Evolution of containers to kubernetes
Evolution of containers to kubernetesEvolution of containers to kubernetes
Evolution of containers to kubernetes
 
[AWS Builders 온라인 시리즈] AWS 서비스를 활용하여 파일 스토리지 빠르게 마이그레이션 하기 - 서지혜, AWS 솔루션즈 아키텍트
[AWS Builders 온라인 시리즈] AWS 서비스를 활용하여 파일 스토리지 빠르게 마이그레이션 하기 - 서지혜, AWS 솔루션즈 아키텍트[AWS Builders 온라인 시리즈] AWS 서비스를 활용하여 파일 스토리지 빠르게 마이그레이션 하기 - 서지혜, AWS 솔루션즈 아키텍트
[AWS Builders 온라인 시리즈] AWS 서비스를 활용하여 파일 스토리지 빠르게 마이그레이션 하기 - 서지혜, AWS 솔루션즈 아키텍트
 
Openshift argo cd_v1_2
Openshift argo cd_v1_2Openshift argo cd_v1_2
Openshift argo cd_v1_2
 
GCP IAM.pptx
GCP IAM.pptxGCP IAM.pptx
GCP IAM.pptx
 
(ENT305) Develop an Enterprise-wide Cloud Adoption Strategy | AWS re:Invent 2014
(ENT305) Develop an Enterprise-wide Cloud Adoption Strategy | AWS re:Invent 2014(ENT305) Develop an Enterprise-wide Cloud Adoption Strategy | AWS re:Invent 2014
(ENT305) Develop an Enterprise-wide Cloud Adoption Strategy | AWS re:Invent 2014
 
Gitops: a new paradigm for software defined operations
Gitops: a new paradigm for software defined operationsGitops: a new paradigm for software defined operations
Gitops: a new paradigm for software defined operations
 
Emerging Trends in Hybrid-Cloud & Multi-Cloud Strategies
Emerging Trends in Hybrid-Cloud & Multi-Cloud StrategiesEmerging Trends in Hybrid-Cloud & Multi-Cloud Strategies
Emerging Trends in Hybrid-Cloud & Multi-Cloud Strategies
 
SRE Conference 2022 - How to Build a Healthy On-Call Culture
SRE Conference 2022 - How to Build a Healthy On-Call CultureSRE Conference 2022 - How to Build a Healthy On-Call Culture
SRE Conference 2022 - How to Build a Healthy On-Call Culture
 
Automated Governance for the DevOps Institutions.pdf
Automated Governance for the DevOps Institutions.pdfAutomated Governance for the DevOps Institutions.pdf
Automated Governance for the DevOps Institutions.pdf
 
Microservices with Docker, Kubernetes, and Jenkins
Microservices with Docker, Kubernetes, and JenkinsMicroservices with Docker, Kubernetes, and Jenkins
Microservices with Docker, Kubernetes, and Jenkins
 

Similar to GCP Best Practices for SRE Team

[Study Guide] Google Professional Cloud Architect (GCP-PCA) Certification
[Study Guide] Google Professional Cloud Architect (GCP-PCA) Certification[Study Guide] Google Professional Cloud Architect (GCP-PCA) Certification
[Study Guide] Google Professional Cloud Architect (GCP-PCA) CertificationAmaaira Johns
 
Get Well Prepared for Google Professional Cloud Developer (GCP-PCD) Certifica...
Get Well Prepared for Google Professional Cloud Developer (GCP-PCD) Certifica...Get Well Prepared for Google Professional Cloud Developer (GCP-PCD) Certifica...
Get Well Prepared for Google Professional Cloud Developer (GCP-PCD) Certifica...Amaaira Johns
 
Most Advanced GTM Deployment. Ever!
Most Advanced GTM Deployment. Ever!Most Advanced GTM Deployment. Ever!
Most Advanced GTM Deployment. Ever!Phil Pearce
 
JCConf 2015 - 輕鬆學google的雲端開發 - Google App Engine入門(下)
JCConf 2015 - 輕鬆學google的雲端開發 - Google App Engine入門(下)JCConf 2015 - 輕鬆學google的雲端開發 - Google App Engine入門(下)
JCConf 2015 - 輕鬆學google的雲端開發 - Google App Engine入門(下)Simon Su
 
Get Ready to Become Google Associate Cloud Engineer
Get Ready to Become Google Associate Cloud EngineerGet Ready to Become Google Associate Cloud Engineer
Get Ready to Become Google Associate Cloud EngineerAmaaira Johns
 
Cloud Composer workshop at Airflow Summit 2023.pdf
Cloud Composer workshop at Airflow Summit 2023.pdfCloud Composer workshop at Airflow Summit 2023.pdf
Cloud Composer workshop at Airflow Summit 2023.pdfLeah Cole
 
b04-DataflowArchitecture.pdf
b04-DataflowArchitecture.pdfb04-DataflowArchitecture.pdf
b04-DataflowArchitecture.pdfRAJA RAY
 
(Ab)Using GPOs for Active Directory Pwnage
(Ab)Using GPOs for Active Directory Pwnage(Ab)Using GPOs for Active Directory Pwnage
(Ab)Using GPOs for Active Directory PwnagePetros Koutroumpis
 
Serverless and Design Patterns In GCP
Serverless and Design Patterns In GCPServerless and Design Patterns In GCP
Serverless and Design Patterns In GCPOliver Fierro
 
Accelerate your SAP BusinessObjects to the Cloud
Accelerate your SAP BusinessObjects to the CloudAccelerate your SAP BusinessObjects to the Cloud
Accelerate your SAP BusinessObjects to the CloudWiiisdom
 
Big Data - Hadoop and MapReduce for QA and testing by Aditya Garg
Big Data - Hadoop and MapReduce for QA and testing by Aditya GargBig Data - Hadoop and MapReduce for QA and testing by Aditya Garg
Big Data - Hadoop and MapReduce for QA and testing by Aditya GargQA or the Highway
 
Session 4 GCCP.pptx
Session 4 GCCP.pptxSession 4 GCCP.pptx
Session 4 GCCP.pptxDSCIITPatna
 
Anthos Security: modernize your security posture for cloud native applications
Anthos Security: modernize your security posture for cloud native applicationsAnthos Security: modernize your security posture for cloud native applications
Anthos Security: modernize your security posture for cloud native applicationsGreg Castle
 
GPU Support In Spark And GPU/CPU Mixed Resource Scheduling At Production Scale
GPU Support In Spark And GPU/CPU Mixed Resource Scheduling At Production ScaleGPU Support In Spark And GPU/CPU Mixed Resource Scheduling At Production Scale
GPU Support In Spark And GPU/CPU Mixed Resource Scheduling At Production ScaleSpark Summit
 
Big Data Driven At Eway
Big Data Driven At Eway Big Data Driven At Eway
Big Data Driven At Eway Tu Pham
 
Architecting Analytic Pipelines on GCP - Chicago Cloud Conference 2020
Architecting Analytic Pipelines on GCP - Chicago Cloud Conference 2020Architecting Analytic Pipelines on GCP - Chicago Cloud Conference 2020
Architecting Analytic Pipelines on GCP - Chicago Cloud Conference 2020Mariano Gonzalez
 
Agileto Presentation V1.7 Web
Agileto Presentation V1.7 WebAgileto Presentation V1.7 Web
Agileto Presentation V1.7 Webgabrielciurezu
 
Agileto Presentation V1.7
Agileto Presentation V1.7Agileto Presentation V1.7
Agileto Presentation V1.7gabrielciurezu
 
Sprint 45 review
Sprint 45 reviewSprint 45 review
Sprint 45 reviewManageIQ
 

Similar to GCP Best Practices for SRE Team (20)

[Study Guide] Google Professional Cloud Architect (GCP-PCA) Certification
[Study Guide] Google Professional Cloud Architect (GCP-PCA) Certification[Study Guide] Google Professional Cloud Architect (GCP-PCA) Certification
[Study Guide] Google Professional Cloud Architect (GCP-PCA) Certification
 
Get Well Prepared for Google Professional Cloud Developer (GCP-PCD) Certifica...
Get Well Prepared for Google Professional Cloud Developer (GCP-PCD) Certifica...Get Well Prepared for Google Professional Cloud Developer (GCP-PCD) Certifica...
Get Well Prepared for Google Professional Cloud Developer (GCP-PCD) Certifica...
 
Most Advanced GTM Deployment. Ever!
Most Advanced GTM Deployment. Ever!Most Advanced GTM Deployment. Ever!
Most Advanced GTM Deployment. Ever!
 
JCConf 2015 - 輕鬆學google的雲端開發 - Google App Engine入門(下)
JCConf 2015 - 輕鬆學google的雲端開發 - Google App Engine入門(下)JCConf 2015 - 輕鬆學google的雲端開發 - Google App Engine入門(下)
JCConf 2015 - 輕鬆學google的雲端開發 - Google App Engine入門(下)
 
Get Ready to Become Google Associate Cloud Engineer
Get Ready to Become Google Associate Cloud EngineerGet Ready to Become Google Associate Cloud Engineer
Get Ready to Become Google Associate Cloud Engineer
 
Cloud Composer workshop at Airflow Summit 2023.pdf
Cloud Composer workshop at Airflow Summit 2023.pdfCloud Composer workshop at Airflow Summit 2023.pdf
Cloud Composer workshop at Airflow Summit 2023.pdf
 
GCP-pde.pdf
GCP-pde.pdfGCP-pde.pdf
GCP-pde.pdf
 
b04-DataflowArchitecture.pdf
b04-DataflowArchitecture.pdfb04-DataflowArchitecture.pdf
b04-DataflowArchitecture.pdf
 
(Ab)Using GPOs for Active Directory Pwnage
(Ab)Using GPOs for Active Directory Pwnage(Ab)Using GPOs for Active Directory Pwnage
(Ab)Using GPOs for Active Directory Pwnage
 
Serverless and Design Patterns In GCP
Serverless and Design Patterns In GCPServerless and Design Patterns In GCP
Serverless and Design Patterns In GCP
 
Accelerate your SAP BusinessObjects to the Cloud
Accelerate your SAP BusinessObjects to the CloudAccelerate your SAP BusinessObjects to the Cloud
Accelerate your SAP BusinessObjects to the Cloud
 
Big Data - Hadoop and MapReduce for QA and testing by Aditya Garg
Big Data - Hadoop and MapReduce for QA and testing by Aditya GargBig Data - Hadoop and MapReduce for QA and testing by Aditya Garg
Big Data - Hadoop and MapReduce for QA and testing by Aditya Garg
 
Session 4 GCCP.pptx
Session 4 GCCP.pptxSession 4 GCCP.pptx
Session 4 GCCP.pptx
 
Anthos Security: modernize your security posture for cloud native applications
Anthos Security: modernize your security posture for cloud native applicationsAnthos Security: modernize your security posture for cloud native applications
Anthos Security: modernize your security posture for cloud native applications
 
GPU Support In Spark And GPU/CPU Mixed Resource Scheduling At Production Scale
GPU Support In Spark And GPU/CPU Mixed Resource Scheduling At Production ScaleGPU Support In Spark And GPU/CPU Mixed Resource Scheduling At Production Scale
GPU Support In Spark And GPU/CPU Mixed Resource Scheduling At Production Scale
 
Big Data Driven At Eway
Big Data Driven At Eway Big Data Driven At Eway
Big Data Driven At Eway
 
Architecting Analytic Pipelines on GCP - Chicago Cloud Conference 2020
Architecting Analytic Pipelines on GCP - Chicago Cloud Conference 2020Architecting Analytic Pipelines on GCP - Chicago Cloud Conference 2020
Architecting Analytic Pipelines on GCP - Chicago Cloud Conference 2020
 
Agileto Presentation V1.7 Web
Agileto Presentation V1.7 WebAgileto Presentation V1.7 Web
Agileto Presentation V1.7 Web
 
Agileto Presentation V1.7
Agileto Presentation V1.7Agileto Presentation V1.7
Agileto Presentation V1.7
 
Sprint 45 review
Sprint 45 reviewSprint 45 review
Sprint 45 review
 

More from Huynh Thai Bao

Service Mesh 101 - Digging into your service
Service Mesh 101 - Digging into your service Service Mesh 101 - Digging into your service
Service Mesh 101 - Digging into your service Huynh Thai Bao
 
CICD pipelines with GitOps
CICD pipelines with GitOpsCICD pipelines with GitOps
CICD pipelines with GitOpsHuynh Thai Bao
 
ELK - Optimizations & Updates
ELK - Optimizations & UpdatesELK - Optimizations & Updates
ELK - Optimizations & UpdatesHuynh Thai Bao
 
K8s-zero-downtime-the-missing-part
K8s-zero-downtime-the-missing-partK8s-zero-downtime-the-missing-part
K8s-zero-downtime-the-missing-partHuynh Thai Bao
 
Cassandra - decentralized structured database
Cassandra - decentralized structured databaseCassandra - decentralized structured database
Cassandra - decentralized structured databaseHuynh Thai Bao
 
Skaffold - faster development on K8S
Skaffold - faster development on K8SSkaffold - faster development on K8S
Skaffold - faster development on K8SHuynh Thai Bao
 
Kubernetes - A Rising Hero
Kubernetes - A Rising HeroKubernetes - A Rising Hero
Kubernetes - A Rising HeroHuynh Thai Bao
 
Vault - Enhancement for K8S secret security
Vault - Enhancement for K8S secret securityVault - Enhancement for K8S secret security
Vault - Enhancement for K8S secret securityHuynh Thai Bao
 
Enabling GitOps - Architecture for Implementation
Enabling GitOps - Architecture for ImplementationEnabling GitOps - Architecture for Implementation
Enabling GitOps - Architecture for ImplementationHuynh Thai Bao
 

More from Huynh Thai Bao (10)

Service Mesh 101 - Digging into your service
Service Mesh 101 - Digging into your service Service Mesh 101 - Digging into your service
Service Mesh 101 - Digging into your service
 
K8s Webhook Admission
K8s Webhook AdmissionK8s Webhook Admission
K8s Webhook Admission
 
CICD pipelines with GitOps
CICD pipelines with GitOpsCICD pipelines with GitOps
CICD pipelines with GitOps
 
ELK - Optimizations & Updates
ELK - Optimizations & UpdatesELK - Optimizations & Updates
ELK - Optimizations & Updates
 
K8s-zero-downtime-the-missing-part
K8s-zero-downtime-the-missing-partK8s-zero-downtime-the-missing-part
K8s-zero-downtime-the-missing-part
 
Cassandra - decentralized structured database
Cassandra - decentralized structured databaseCassandra - decentralized structured database
Cassandra - decentralized structured database
 
Skaffold - faster development on K8S
Skaffold - faster development on K8SSkaffold - faster development on K8S
Skaffold - faster development on K8S
 
Kubernetes - A Rising Hero
Kubernetes - A Rising HeroKubernetes - A Rising Hero
Kubernetes - A Rising Hero
 
Vault - Enhancement for K8S secret security
Vault - Enhancement for K8S secret securityVault - Enhancement for K8S secret security
Vault - Enhancement for K8S secret security
 
Enabling GitOps - Architecture for Implementation
Enabling GitOps - Architecture for ImplementationEnabling GitOps - Architecture for Implementation
Enabling GitOps - Architecture for Implementation
 

Recently uploaded

Sheet Pile Wall Design and Construction: A Practical Guide for Civil Engineer...
Sheet Pile Wall Design and Construction: A Practical Guide for Civil Engineer...Sheet Pile Wall Design and Construction: A Practical Guide for Civil Engineer...
Sheet Pile Wall Design and Construction: A Practical Guide for Civil Engineer...Dr.Costas Sachpazis
 
the ladakh protest in leh ladakh 2024 sonam wangchuk.pptx
the ladakh protest in leh ladakh 2024 sonam wangchuk.pptxthe ladakh protest in leh ladakh 2024 sonam wangchuk.pptx
the ladakh protest in leh ladakh 2024 sonam wangchuk.pptxhumanexperienceaaa
 
Call Girls Service Nashik Vaishnavi 7001305949 Independent Escort Service Nashik
Call Girls Service Nashik Vaishnavi 7001305949 Independent Escort Service NashikCall Girls Service Nashik Vaishnavi 7001305949 Independent Escort Service Nashik
Call Girls Service Nashik Vaishnavi 7001305949 Independent Escort Service NashikCall Girls in Nagpur High Profile
 
OSVC_Meta-Data based Simulation Automation to overcome Verification Challenge...
OSVC_Meta-Data based Simulation Automation to overcome Verification Challenge...OSVC_Meta-Data based Simulation Automation to overcome Verification Challenge...
OSVC_Meta-Data based Simulation Automation to overcome Verification Challenge...Soham Mondal
 
VIP Call Girls Service Hitech City Hyderabad Call +91-8250192130
VIP Call Girls Service Hitech City Hyderabad Call +91-8250192130VIP Call Girls Service Hitech City Hyderabad Call +91-8250192130
VIP Call Girls Service Hitech City Hyderabad Call +91-8250192130Suhani Kapoor
 
Introduction and different types of Ethernet.pptx
Introduction and different types of Ethernet.pptxIntroduction and different types of Ethernet.pptx
Introduction and different types of Ethernet.pptxupamatechverse
 
Call Girls Service Nagpur Tanvi Call 7001035870 Meet With Nagpur Escorts
Call Girls Service Nagpur Tanvi Call 7001035870 Meet With Nagpur EscortsCall Girls Service Nagpur Tanvi Call 7001035870 Meet With Nagpur Escorts
Call Girls Service Nagpur Tanvi Call 7001035870 Meet With Nagpur EscortsCall Girls in Nagpur High Profile
 
MANUFACTURING PROCESS-II UNIT-2 LATHE MACHINE
MANUFACTURING PROCESS-II UNIT-2 LATHE MACHINEMANUFACTURING PROCESS-II UNIT-2 LATHE MACHINE
MANUFACTURING PROCESS-II UNIT-2 LATHE MACHINESIVASHANKAR N
 
Microscopic Analysis of Ceramic Materials.pptx
Microscopic Analysis of Ceramic Materials.pptxMicroscopic Analysis of Ceramic Materials.pptx
Microscopic Analysis of Ceramic Materials.pptxpurnimasatapathy1234
 
Decoding Kotlin - Your guide to solving the mysterious in Kotlin.pptx
Decoding Kotlin - Your guide to solving the mysterious in Kotlin.pptxDecoding Kotlin - Your guide to solving the mysterious in Kotlin.pptx
Decoding Kotlin - Your guide to solving the mysterious in Kotlin.pptxJoão Esperancinha
 
(ANVI) Koregaon Park Call Girls Just Call 7001035870 [ Cash on Delivery ] Pun...
(ANVI) Koregaon Park Call Girls Just Call 7001035870 [ Cash on Delivery ] Pun...(ANVI) Koregaon Park Call Girls Just Call 7001035870 [ Cash on Delivery ] Pun...
(ANVI) Koregaon Park Call Girls Just Call 7001035870 [ Cash on Delivery ] Pun...ranjana rawat
 
The Most Attractive Pune Call Girls Budhwar Peth 8250192130 Will You Miss Thi...
The Most Attractive Pune Call Girls Budhwar Peth 8250192130 Will You Miss Thi...The Most Attractive Pune Call Girls Budhwar Peth 8250192130 Will You Miss Thi...
The Most Attractive Pune Call Girls Budhwar Peth 8250192130 Will You Miss Thi...ranjana rawat
 
Coefficient of Thermal Expansion and their Importance.pptx
Coefficient of Thermal Expansion and their Importance.pptxCoefficient of Thermal Expansion and their Importance.pptx
Coefficient of Thermal Expansion and their Importance.pptxAsutosh Ranjan
 
(RIA) Call Girls Bhosari ( 7001035870 ) HI-Fi Pune Escorts Service
(RIA) Call Girls Bhosari ( 7001035870 ) HI-Fi Pune Escorts Service(RIA) Call Girls Bhosari ( 7001035870 ) HI-Fi Pune Escorts Service
(RIA) Call Girls Bhosari ( 7001035870 ) HI-Fi Pune Escorts Serviceranjana rawat
 
MANUFACTURING PROCESS-II UNIT-5 NC MACHINE TOOLS
MANUFACTURING PROCESS-II UNIT-5 NC MACHINE TOOLSMANUFACTURING PROCESS-II UNIT-5 NC MACHINE TOOLS
MANUFACTURING PROCESS-II UNIT-5 NC MACHINE TOOLSSIVASHANKAR N
 
VIP Call Girls Service Kondapur Hyderabad Call +91-8250192130
VIP Call Girls Service Kondapur Hyderabad Call +91-8250192130VIP Call Girls Service Kondapur Hyderabad Call +91-8250192130
VIP Call Girls Service Kondapur Hyderabad Call +91-8250192130Suhani Kapoor
 
Structural Analysis and Design of Foundations: A Comprehensive Handbook for S...
Structural Analysis and Design of Foundations: A Comprehensive Handbook for S...Structural Analysis and Design of Foundations: A Comprehensive Handbook for S...
Structural Analysis and Design of Foundations: A Comprehensive Handbook for S...Dr.Costas Sachpazis
 
(PRIYA) Rajgurunagar Call Girls Just Call 7001035870 [ Cash on Delivery ] Pun...
(PRIYA) Rajgurunagar Call Girls Just Call 7001035870 [ Cash on Delivery ] Pun...(PRIYA) Rajgurunagar Call Girls Just Call 7001035870 [ Cash on Delivery ] Pun...
(PRIYA) Rajgurunagar Call Girls Just Call 7001035870 [ Cash on Delivery ] Pun...ranjana rawat
 
Extrusion Processes and Their Limitations
Extrusion Processes and Their LimitationsExtrusion Processes and Their Limitations
Extrusion Processes and Their Limitations120cr0395
 
Booking open Available Pune Call Girls Koregaon Park 6297143586 Call Hot Ind...
Booking open Available Pune Call Girls Koregaon Park 6297143586 Call Hot Ind...Booking open Available Pune Call Girls Koregaon Park 6297143586 Call Hot Ind...
Booking open Available Pune Call Girls Koregaon Park 6297143586 Call Hot Ind...Call Girls in Nagpur High Profile
 

Recently uploaded (20)

Sheet Pile Wall Design and Construction: A Practical Guide for Civil Engineer...
Sheet Pile Wall Design and Construction: A Practical Guide for Civil Engineer...Sheet Pile Wall Design and Construction: A Practical Guide for Civil Engineer...
Sheet Pile Wall Design and Construction: A Practical Guide for Civil Engineer...
 
the ladakh protest in leh ladakh 2024 sonam wangchuk.pptx
the ladakh protest in leh ladakh 2024 sonam wangchuk.pptxthe ladakh protest in leh ladakh 2024 sonam wangchuk.pptx
the ladakh protest in leh ladakh 2024 sonam wangchuk.pptx
 
Call Girls Service Nashik Vaishnavi 7001305949 Independent Escort Service Nashik
Call Girls Service Nashik Vaishnavi 7001305949 Independent Escort Service NashikCall Girls Service Nashik Vaishnavi 7001305949 Independent Escort Service Nashik
Call Girls Service Nashik Vaishnavi 7001305949 Independent Escort Service Nashik
 
OSVC_Meta-Data based Simulation Automation to overcome Verification Challenge...
OSVC_Meta-Data based Simulation Automation to overcome Verification Challenge...OSVC_Meta-Data based Simulation Automation to overcome Verification Challenge...
OSVC_Meta-Data based Simulation Automation to overcome Verification Challenge...
 
VIP Call Girls Service Hitech City Hyderabad Call +91-8250192130
VIP Call Girls Service Hitech City Hyderabad Call +91-8250192130VIP Call Girls Service Hitech City Hyderabad Call +91-8250192130
VIP Call Girls Service Hitech City Hyderabad Call +91-8250192130
 
Introduction and different types of Ethernet.pptx
Introduction and different types of Ethernet.pptxIntroduction and different types of Ethernet.pptx
Introduction and different types of Ethernet.pptx
 
Call Girls Service Nagpur Tanvi Call 7001035870 Meet With Nagpur Escorts
Call Girls Service Nagpur Tanvi Call 7001035870 Meet With Nagpur EscortsCall Girls Service Nagpur Tanvi Call 7001035870 Meet With Nagpur Escorts
Call Girls Service Nagpur Tanvi Call 7001035870 Meet With Nagpur Escorts
 
MANUFACTURING PROCESS-II UNIT-2 LATHE MACHINE
MANUFACTURING PROCESS-II UNIT-2 LATHE MACHINEMANUFACTURING PROCESS-II UNIT-2 LATHE MACHINE
MANUFACTURING PROCESS-II UNIT-2 LATHE MACHINE
 
Microscopic Analysis of Ceramic Materials.pptx
Microscopic Analysis of Ceramic Materials.pptxMicroscopic Analysis of Ceramic Materials.pptx
Microscopic Analysis of Ceramic Materials.pptx
 
Decoding Kotlin - Your guide to solving the mysterious in Kotlin.pptx
Decoding Kotlin - Your guide to solving the mysterious in Kotlin.pptxDecoding Kotlin - Your guide to solving the mysterious in Kotlin.pptx
Decoding Kotlin - Your guide to solving the mysterious in Kotlin.pptx
 
(ANVI) Koregaon Park Call Girls Just Call 7001035870 [ Cash on Delivery ] Pun...
(ANVI) Koregaon Park Call Girls Just Call 7001035870 [ Cash on Delivery ] Pun...(ANVI) Koregaon Park Call Girls Just Call 7001035870 [ Cash on Delivery ] Pun...
(ANVI) Koregaon Park Call Girls Just Call 7001035870 [ Cash on Delivery ] Pun...
 
The Most Attractive Pune Call Girls Budhwar Peth 8250192130 Will You Miss Thi...
The Most Attractive Pune Call Girls Budhwar Peth 8250192130 Will You Miss Thi...The Most Attractive Pune Call Girls Budhwar Peth 8250192130 Will You Miss Thi...
The Most Attractive Pune Call Girls Budhwar Peth 8250192130 Will You Miss Thi...
 
Coefficient of Thermal Expansion and their Importance.pptx
Coefficient of Thermal Expansion and their Importance.pptxCoefficient of Thermal Expansion and their Importance.pptx
Coefficient of Thermal Expansion and their Importance.pptx
 
(RIA) Call Girls Bhosari ( 7001035870 ) HI-Fi Pune Escorts Service
(RIA) Call Girls Bhosari ( 7001035870 ) HI-Fi Pune Escorts Service(RIA) Call Girls Bhosari ( 7001035870 ) HI-Fi Pune Escorts Service
(RIA) Call Girls Bhosari ( 7001035870 ) HI-Fi Pune Escorts Service
 
MANUFACTURING PROCESS-II UNIT-5 NC MACHINE TOOLS
MANUFACTURING PROCESS-II UNIT-5 NC MACHINE TOOLSMANUFACTURING PROCESS-II UNIT-5 NC MACHINE TOOLS
MANUFACTURING PROCESS-II UNIT-5 NC MACHINE TOOLS
 
VIP Call Girls Service Kondapur Hyderabad Call +91-8250192130
VIP Call Girls Service Kondapur Hyderabad Call +91-8250192130VIP Call Girls Service Kondapur Hyderabad Call +91-8250192130
VIP Call Girls Service Kondapur Hyderabad Call +91-8250192130
 
Structural Analysis and Design of Foundations: A Comprehensive Handbook for S...
Structural Analysis and Design of Foundations: A Comprehensive Handbook for S...Structural Analysis and Design of Foundations: A Comprehensive Handbook for S...
Structural Analysis and Design of Foundations: A Comprehensive Handbook for S...
 
(PRIYA) Rajgurunagar Call Girls Just Call 7001035870 [ Cash on Delivery ] Pun...
(PRIYA) Rajgurunagar Call Girls Just Call 7001035870 [ Cash on Delivery ] Pun...(PRIYA) Rajgurunagar Call Girls Just Call 7001035870 [ Cash on Delivery ] Pun...
(PRIYA) Rajgurunagar Call Girls Just Call 7001035870 [ Cash on Delivery ] Pun...
 
Extrusion Processes and Their Limitations
Extrusion Processes and Their LimitationsExtrusion Processes and Their Limitations
Extrusion Processes and Their Limitations
 
Booking open Available Pune Call Girls Koregaon Park 6297143586 Call Hot Ind...
Booking open Available Pune Call Girls Koregaon Park 6297143586 Call Hot Ind...Booking open Available Pune Call Girls Koregaon Park 6297143586 Call Hot Ind...
Booking open Available Pune Call Girls Koregaon Park 6297143586 Call Hot Ind...
 

GCP Best Practices for SRE Team

  • 1. GCP Best Practices For Cloud Journey Bảo Huỳnh Site Reliability Engineering 27-March-2020
  • 2. 1. GCP Walk Through 2. GCP Best practice (for all) 3. GCP Best practice (GKE operation) 4. Sample Organization report (Mudah) 5. Q&A Agenda
  • 3. 1. GCP Walk Through
  • 4. 2. GCP Best Practice (Org. setup) A. Separate Resource Hierarchy - Different Level for management - Separate projects for billing control
  • 5. 2. GCP Best Practice (Org. setup)
  • 6. B. IAC for cloud resources creation 2. GCP Best Practice (Org. setup)
  • 7. C. Export & analyze billing - Export to BigQuery - Visualize with Data Studio 2. GCP Best Practice (Billing Mgmt.)
  • 8. D. Cost usage control - Setting Quotas for each resources - Alert on budget billing 2. GCP Best Practice (Billing Mgmt.)
  • 9. 2. GCP Best Practice (Logging & Monitoring)
  • 10. E. Logging with Stackdriver Export to LogSink for future usage Support below LogSink: - On-prem LogStore - Cloud Pub/Sub - GCS - BigQuery 2. GCP Best Practice (Logging & Monitoring)
  • 11. 2. GCP Best Practice (Logging & Monitoring) F. Monitoring with Stackdriver Metrics Exposure Alerting Rules based on Metrics
  • 12. 2. GCP Best Practice (Logging & Monitoring) J. Audit Logging Answer 4W question: What Who When Where
  • 13. Types of Audit Trail Log entries for GCP Usage IAM FOR VIEWING Admin Activity + API calls + Other administrative actions [that modify the configuration or metadata of resources] - Enable by default - Can not disable - Free - Project viewer - Logging / Log Viewer Data Access + API calls [ that read the configuration / metadata of resources ] + user-driven API calls [ make changes to user-provided resource data ] • Disable by default • Charged by Google • Project/Owner • Logging/Private Logs Viewer System Event + Google Cloud administrative actions [ that modify the configuration of resources ] (( generated by Google systems; they are not driven by direct user action )) - Enable by default - Can not disable - Free - Project viewer - Logging / Log Viewer 2. GCP Best Practice (Logging & Monitoring) J. Audit Logging
  • 14. Type Target Applied Level Identity and Accessiblity Management (IAM) All identities in GCP - User - Group - ServiceAccount Projects Orgranization Policy GCP Resources Orgranization Projects 2. GCP Best Practice (IAM & Policies)
  • 15. 2. GCP Best Practice (IAM & Policies) Identities and Accessibility Management - Assign only limited access to resources - Assign users into different group => then assign group with IAM - NOT allow any bucket-level access, only access by object-level
  • 16. 2. GCP Best Practice (IAM & Policies) Organization Policies - providing the ability to set restrictions on specific resources to determine how they can be configured and used. Vietnamese Translate - Áp constraints lên các resource (VM, CloudFunction, GCS,..) - Để: quy định các resource này ĐƯỢC configure & sử dụng ntn bởi user Example: ● Define a constraint to restrict virtual machine instances from having an external IP address. ● Define a constraint to allow cloud function could use ingress setting (from user)
  • 17. ● Enforce MFA on employee's account ● Use Cloud Identity / GSuite to manage account for organization 2. GCP Best Practice (Security)
  • 18. ● Private IP Cluster ● Different NodePool for different types of Application ● Enable Stackdriver Logging & Monitoring for service observalibilty ● Security + Avoid running as Root (instead using SecurityContext) + Enable NetworkPolicy (Ingress/Egress/From/To) for each NS ● Isolation application (in each namespaces) if possible + Apply security + Enable Quota for Resources (per Namespace) maxpod * limit CPU/Memory => Each application don’t starve out resources of other apps => cost control 3. GCP Best Practice (GKE Operation)
  • 19. ● Report based on current GCP’s resources of Mudah ● Recommendation given by GCP experts ● Follow GCP best practices from Google for cloud operation. 4. Sample Organization Report