gcloud compute instances delete-access-config VM-2 --access-config-name="External NAT"
gcloud compute instances add-access-config VM-2 --zone=europe-west1-d --address=XXXXXXX

Let's get a quick overview of Google Cloud App Engine

Let's get a quick overview of Google Cloud PubSub

Let's get a quick overview of Google Cloud IAM

Let's get a quick overview of Google Cloud Load Balancers

Une URL signée est une URL qui fournit une autorisation et une durée limitées pour effectuer une requête. Les URL signées contiennent des informations d'authentification dans leur chaîne de requête, ce qui permet aux utilisateurs sans identifiants d'effectuer des actions spécifiques sur une ressource. Lorsque vous générez une URL signée, vous spécifiez un compte utilisateur ou un compte de service qui doit disposer des autorisations suffisantes pour effectuer la requête adressée par l'URL signée. Une fois l'URL signée générée, toute personne qui en dispose peut l'utiliser pour effectuer des actions spécifiées, telles que la lecture d'un objet, dans un délai spécifié.

Bigtable is designed for high-volume writes and storing large volumes of data. BigQuery is designed for large volumes of data, but it is not optimized for writes the way Bigtable is. Datastore and Firestore are not designed to scale to large data volumes the way Bigtable is.

Google Cloud Interconnect – Dedicated is the only option for a dedicated connection between a customer's data center and a Google data center.

Multizone/region clusters are available in GKE and are used to provide resiliency to an application, so option B is correct. Option A refers to instance groups that are a feature of Compute Engine, not directly of Kubernetes Engine. Option C is incorrect; regional deployments is a fictitious term. Load balancing distributes load and is part of Kubernetes by default. If load is not distributed across zones or regions, it does not help to add resiliency across data centers.

Pods are single instances of a running process in a cluster, so option C is correct. Pods run containers but are not sets of containers. Application code runs in containers that deployed in pods. Pods are not controllers, so they cannot manage communication with clients and Kubernetes services.

The only states a Kubernetes deployment can be in are progressing, completed, and failed.

The options for setting scopes are: Allow Default Access, Allow Full Access, and Set Access For Each API, so option B is correct. Option A is incorrect; it is missing Set Access For Each API. Option C is incorrect; it is missing Allow Default Access. Option D is incorrect; it is missing Allow Full Access.

App Engine provides three ways to split traffic: by IP address, by HTTP cookie, and by random selection.

VOIR IMAGE 1 :
--->
Think of app engine standard dot notation
instance number is the lowest level of addressing you can get. e.g. 1.version.service.app-id.appspot.com
https://cloud.google.com/appengine/docs/legacy/standard/python/how-requests-are-routed#targeted_routing

Shield VM is an advanced set of security controls that includes Integrity Monitoring, a check to ensure boot images have not been tampered with, which makes option B the right answer. Firewalls are used to control in ingress and egress of network traffic to a server or subnet. Project-wide SSH keys are used for authenticating users across servers within a project. Boot disk integrity check is a fictional feature.

Cloud Trace is a distributed tracing application that provides details on how long different parts of code run, so option C is correct. Option A is incorrect; monitoring is used to notify DevOps engineers when resources are not functioning as expected. Option B is incorrect; Logging is for collecting, storing, and viewing log data, and although log entries might help diagnose bottlenecks, it is not specifically designed for that. Option D is incorrect; Debug is used to generate snapshot and inject logpoints.

Specialized services are monitored by Google so users do not have to monitor them

Exporting from Dataproc exports data about the cluster configuration, which makes option C correct. Option A is incorrect; data in dataframes is not exported. Option B is incorrect; Spark does not have tables for persistently storing data like relational databases. Option D is incorrect; no data from Hadoop is exported.

Bigtable is designed to accept billions of rows of data. Collecting data from 100,000 sensors every 5 seconds will generate 6,000,000 data points every minute, or 8,640,000,000 data points per day. Spanner is a relational database and supports transactions, but they are not needed. Cloud SQL MySQL and Cloud SQL PostgreSQL would be difficult to scale to this level of read and write performance.

gcloud by default will retry a failed network operation and will wait a long time period before each retry. The time to wait is calculated using a truncated binary exponential back-off strategy.
Cloud DataProc is the managed Spark service. Cloud DataFlow is for stream and batch processing of data, BigQuery is for analytics, and Cloud Hadoop is not a GCP service.

You can find the number of vCPUs on the cluster listing in the Total Cores column or on the Details page in the Node Pool section in the size parameter, making option D correct. The Labels section does not have vCPU information.

The Deployment Manager is the name of the service for creating application resources using a YAML configuration file, so option B is correct. Option A is incorrect although you could use scripts with gcloud commands to deploy resources in Compute Engine. Options C and D are incorrect because those are fictitious names of products.

Shield VM is an advanced set of security controls that includes Integrity Monitoring, a check to ensure boot images have not been tampered with

When a user is granted iam.serviceAccountUser at the project level, that user can manage all service accounts in the project, so option A is correct

All Google regions have the same level of service level agreements, so reliability is the same

Cette page explique comment choisir et gérer une installation de Google Cloud CLI. La CLI Google Cloud inclut les outils de ligne de commande gcloud, gsutil et bq. Pour obtenir la liste des fonctionnalités de la CLI gcloud, consultez la page Toutes les fonctionnalités.

gcloud projects add-iam-policy-binding PROJECTID --member "serviceAccount:service-XXXXXXXXXX@compute-system.iam.gserviceaccount.com" --role "roles/compute.instanceAdmin.v1"

Les programmations d'instances vous permettent de démarrer et d'arrêter automatiquement des instances de machine virtuelle (VM). L'utilisation de programmations d'instances pour automatiser le déploiement de vos instances de VM peut vous aider à optimiser les coûts et à gérer les instances de VM plus efficacement. Vous pouvez utiliser des programmations d'instances pour les charges de travail récurrentes et ponctuelles. Par exemple, utilisez des programmations d'instances pour n'exécuter des instances de VM que pendant les heures de travail ou pour fournir de la capacité pour un événement ponctuel.

################################
Affectation du disque via GCLOUD
################################

gcloud compute instances attach-disk prod-web-01 \
--disk prod-web-01-swap \
--device-name disk-swap

################################
Montage du disque
################################

sudo mkfs.ext4 -m 0 -E lazy_itable_init=0,lazy_journal_init=0,discard /dev/sdb
sudo mkdir -p /mnt/disks/sdb
sudo mount -o discard,defaults /dev/sdb /mnt/disks/sdb
sudo chmod a+w /mnt/disks/sdb

sudo cp /etc/fstab /etc/fstab.backup
sudo blkid /dev/sdb
--> /dev/sdb: UUID="a22c546c-c742-4516-ae02-183e6cde2ccc" BLOCK_SIZE="4096" TYPE="ext4"

sudo nano /etc/fstab
UUID=a22c546c-c742-4516-ae02-183e6cde2ccc /mnt/disks/sdb ext4 discard,defaults 0 2

################################
Ajouter le disque en swap
################################

sudo swapon --show
sudo fallocate -l 15.69G /mnt/disks/sdb/swap
sudo chmod 600 /mnt/disks/sdb/swap
sudo mkswap /mnt/disks/sdb/swap

--> Setting up swapspace version 1, size = 15.6 GiB (16713084928 bytes)
no label, UUID=c80e2e06-6308-45ea-959a-622a46fdfdad

sudo swapon /mnt/disks/sdb/swap

sudo swapon --show
-->
NAME TYPE SIZE USED PRIO
/mnt/disks/sdb/swap file 14.6G 0B -2

nano /etc/fstab
/mnt/disks/sdb/swap swap swap defaults 0 0

sudo sysctl vm.swappiness=33

sudo nano /etc/sysctl.conf
vm.swappiness=33

######################################
DÉBUGER UNE VM GOOGLE CLOUD QUI NE DÉMARRE PLUS
######################################

--> Machine à debug : prod-web-01

--> Avant tout, éteignez la machine virtuelle. Puis dans une console google cloud :

// Détacher le disque de la VM
gcloud compute instances detach-disk prod-web-01 \
--disk=prod-web

// Créer une machine virtuelle qui servira à débuger :
gcloud compute instances create debug-instance

--> Éteindre la machine virtuelle debug-instance

// Affecter le disque à débuger
gcloud compute instances attach-disk debug-instance \
--disk prod-web-01 \
--device-name debug-disk

--> Allumer la VM debug-instance

--> SSH la vm
gcloud compute ssh debug-instance

--> Lister les disques
ls -l /dev/disk/by-id
--> Repérer le disque nommé debug-disk (exemple utilisé après : /dev/sdb1)

--> Procéder au contrôle d'intégrité sur le disque :
sudo fsck /dev/sdb1

--> Créer un dossier
sudo mkdir /mydisk

--> Monter le disque en question sur ce nouveau dossier
sudo mount /dev/sdb1 /mydisk

--> Procéder aux corrections sur les fichiers systèmes de la VM
nano /mydisk/etc/fstab

--> Éteindre la VM

--> Retourner dans une console google cloud

// Désafecter le disque à debug de la machine temporaire
gcloud compute instances detach-disk debug-instance \
--disk=prod-web-01

// Ré-affecter le disque à la VM initiale
gcloud compute instances attach-disk prod-web-01 \
--disk=prod-web-01 \
--boot