I'm currently working on a project in GCP, even though I started with very little (stale) knowledge, I think I'm progressing well.
What's working for me:
1. Concept/Fundamentals
Before getting on the project, I did some Udemy videos to get familiar with the terminology, especially for IAM. I often had the videos on 1.5x or 2x, as the concepts were similar to other public clouds that I was familiar with.
My reason for videos was to have a picture of things. The GCP Console, where to find things, etc.
No depth at this point.
2. Drill Into
I already knew I was going to be working primarily with Google Kubernetes Engine, and by the time I got on the project, I needed specifics.
I was on the GKE Docs MOST of the time, learning how things fit together.
Now, I already had some good knowledge of Kubernetes which I had gotten from previous experiences and also from being certified.
My task was pretty simple though:
- Deploy and expose a K8s Operator
Meanwhile, check out this thread on why I think you should take the Kubernetes Certification(s). https://twitter.com/Ileriayooo/status/1610323839992430593
As simple as that may sound, it took about 3 days of reading the Docs to understand things properly.
3. Practice
All this would not make sense without getting hands-on. You learn by doing.
Deploying the operator was the simplest part. A helm release in Terraform with the appropriate attributes and then a "terraform apply" gets the job done.
Exposing the operator was the sweetest!
Ingress, off course!! But that was just the beginning.
(a) Performance
This deployment needed to use Container Native Load Balancing. What does this mean?
Typically, Load Balancers are not "container aware", i.e., rather than route traffic to containers, traffic is routed to the k8s nodes (or VMs) that host the pods(containers).
After routing to the nodes, Iptable rules ensure that the traffic gets to the right pod. This pod may be on a different node, which means that the traffic has to leave that initial node in order to get to the destined pod.
With CNLB, the LoadBalancer is aware of the pods and can route traffic directly, skipping the extra hops.
This performance gain could not be overlooked!
Further into the docs, I discovered that by default, CNLB is enabled on GKE clusters if they are:
i) GKE clusters 1.17.6-gke.7 and up
ii) using VPC-native clusters
iii) not using a Shared VPC
iv) not using GKE Network Policy
Otherwise, in order to enable that feature, one will have to explicitly annotate the K8s Service object with the following:
cloud.google.com/neg: '{"ingress": true}'
(b) Security
Exposing this publicly was not the intention. Only a few private networks and IPs were to be able to access this web service.
With Cloud Armor, a Security Policy was configured to allow only specific actors. This is also a good way to prevent Distributed Denial of Service (DDoS) attacks from the internet.
And of course, TLS!!
Google Managed Certificates are easy to get. This also means setting up Google Cloud DNS.
Challenges faced:
Andela made us realize that Technology is usually the easiest to learn - Docs, Udemy, etc.
Working solo, things look like a breeze!
However, you'd soon realize that you need a different set of skills to work in a distributed team:
a) Collaboration/Communication:
Every attempt to run a "terraform apply" kept failing. Terraform Statefiles were centralized and stored in a different GCP Project.
There is always the temptation to go try things out in a different environment.
But, time is not on my side!
To whom do I go?
i) After several days, Slack messages, and email requests, I now have just the right amount of privilege to administer the cloud resources.
ii) Git - rebase, merge, conflicts, PRs, approvals, etc. I need not say more about this.
iii) TODO: insert others
TLDR - Summary
Get familiar with the fundamentals - take a beginner course
Move from the generic, go on to the specific, and drill down.
Practice - you learn by doing, not just knowing.
There will always be challenges - how else will you measure progress?
Follow me on LinkedIn and Twitter where I talk about Cloud & DevOps.
Top comments (0)