Skip to content
SSE reading notes

GCP — Basics

Google Cloud Platform — Basics

Section titled “Google Cloud Platform — Basics”

Compute

Section titled “Compute”
  • GCE (Compute Engine) — VMs. Equivalent of EC2.
  • GKE — managed Kubernetes (best K8s on cloud, default for serious workloads).
  • Cloud Run — managed containers, scale to zero, request-based. Two flavors: services (HTTP) and jobs (batch).
  • Cloud Functions — serverless functions (gen 2 runs on Cloud Run).
  • App Engine — older PaaS. Standard (sandboxed) and Flexible (containers).
  • Batch — managed batch jobs.

Storage

Section titled “Storage”
  • GCS (Cloud Storage) — object store. Multi-region, dual-region, regional. Storage classes: Standard, Nearline (30d+), Coldline (90d+), Archive (365d+).
  • Persistent Disk — block, attached to VMs.
  • Filestore — managed NFS.

Databases

Section titled “Databases”
  • Cloud SQL — managed Postgres / MySQL / SQL Server.
  • AlloyDB — Postgres-compatible, faster (Google’s Aurora).
  • Spanner — globally distributed strongly-consistent SQL. Unique to GCP.
  • Bigtable — wide-column NoSQL (HBase API).
  • Firestore — document NoSQL.
  • Memorystore — managed Redis / Memcached.
  • BigQuery — serverless analytical warehouse. Pay-per-query or flat-rate.
  • Dataflow — managed Apache Beam.
  • Pub/Sub — message queue / event bus.

Networking

Section titled “Networking”
  • VPC — global by default (subnets per region within one VPC).
  • Cloud Load Balancing — global anycast L7 (HTTPS) and regional L4. Strong feature set vs AWS.
  • Cloud CDN — built into Load Balancer.
  • Cloud DNS — managed DNS.
  • Cloud NAT — egress NAT (no NAT gateway per AZ).
  • VPC peering, Shared VPC, VPC Service Controls (security perimeter).
  • Cloud Armor — WAF + DDoS.
  • Cloud Interconnect / VPN — to on-prem.

Identity

Section titled “Identity”
  • IAM — roles + members. Roles: primitive (owner, editor, viewer — too broad), predefined, custom.
  • Service Accounts — identity for workloads. Use Workload Identity in GKE to bind K8s SA → GCP SA without keys.
  • Cloud Identity / Workspace — corporate identity.
  • Identity-Aware Proxy (IAP) — zero-trust access to apps.

Observability

Section titled “Observability”
  • Cloud Monitoring + Cloud Logging (formerly Stackdriver).
  • Cloud Trace — distributed tracing.
  • Cloud Profiler — continuous profiling.
  • Error Reporting — auto-grouped errors.
  • All export to BigQuery / Pub/Sub / GCS.

Security & Compliance

Section titled “Security & Compliance”
  • KMS — key mgmt. Cloud HSM option.
  • Secret Manager — secrets.
  • VPC Service Controls — perimeter around services to prevent data exfiltration.
  • Security Command Center — central findings dashboard.
  • Binary Authorization — only signed images deploy.

CI/CD-ish

Section titled “CI/CD-ish”
  • Cloud Build — managed builds.
  • Artifact Registry — Docker / npm / Maven / Go modules.
  • Cloud Deploy — release pipelines for GKE / Cloud Run.
  • Anthos — multi-cluster / multi-cloud K8s.

Org structure

Section titled “Org structure”
  • OrganizationFoldersProjects → resources.
  • IAM inheritance flows down. SCP-equivalent: organization policies.
  • Billing accounts attached to projects.

CLI

Section titled “CLI”
Terminal window
gcloud auth login
gcloud config set project myproj
gcloud projects list
gcloud compute instances list
gcloud run services deploy api --source . --region eu-west1
gcloud logging read 'resource.type="cloud_run_revision" severity>=ERROR' --limit 50
gcloud iam service-accounts list
gcloud secrets versions access latest --secret=db-password
gcloud builds submit --tag gcr.io/proj/api:1.2.3

Differences from AWS to remember

Section titled “Differences from AWS to remember”
  • VPC is global; subnets are regional. Simpler than AWS multi-AZ subnet planning.
  • Cloud Load Balancer is global anycast by default for HTTPS.
  • IAM is hierarchical; AWS isn’t (Organizations is bolted on).
  • Service accounts are first-class identities (you can actAs them).
  • BigQuery is dramatically simpler than Athena+Glue for analytics.
  • Spanner offers global strong consistency that AWS doesn’t have an equivalent for.
  • Cloud Run is simpler than ECS/Fargate for many use cases.

Common interview Qs

Section titled “Common interview Qs”
  1. Cloud Run vs GKE — pick. Cloud Run for stateless HTTP services; GKE for complex workloads, controllers, sidecars, custom networking.
  2. Workload Identity in GKE — what? Bind K8s ServiceAccount to GCP SA so pods get IAM without static keys.
  3. VPC SC — when? Need to enforce data exit boundaries (e.g. BigQuery accessible only from your project).
  4. BigQuery vs Bigtable. Analytics warehouse vs OLTP wide-column.
  5. Spanner unique value? Globally consistent SQL with horizontal scale and external consistency (TrueTime).