Certified Google Cloud Architect

Author Archives: anuj

HL7 Messages and DataFlow Streaming Healthcare API

anuj April 16, 2024 HL7 Messages and DataFlow Streaming Healthcare API2024-04-16T17:25:02+00:00 APIs on GCP No Comment

Just a quick note - from the field. There's two things to watch out for - Is the payload TEXT (JSON is also TEXT) or BINARY (preferred). The Base64 encoding…

Restricting what your API Key can call in GCP (and otherwise)

anuj March 19, 2024 Restricting what your API Key can call in GCP (and otherwise)2024-04-17T22:45:03+00:00 APIs on GCP No Comment

Consuming GCP APIs from a client There's TWO ways you can consume an API from a client a. API Keys -Least SEcure way - since the KEY is passwordless -and…

Sample GKE constraints for common use cases

anuj February 29, 2024 Sample GKE constraints for common use cases2024-02-29T17:37:32+00:00 GKE No Comment

Sample GKE constraints for common use cases The following sections provide the syntax of some custom constraints that you might find useful: Description Constraint syntax Do not disable node auto-upgrade…

Check when a GKE Cluster was created

anuj February 29, 2024 Check when a GKE Cluster was created2024-02-29T16:44:23+00:00 AWS No Comment

Apply this filter to the logs (under operations from the cluster management screen). Default audit logs go back 180 days. "gke_cluster" "" "your-cluster-name" Default audit logs go back 180…

Editor Role in GCP – Beware of Service Account Privileges

anuj February 29, 2024 Editor Role in GCP – Beware of Service Account Privileges2024-02-29T13:56:11+00:00 GCP IAM No Comment

While only an OWNER can create service accounts, an EDITOR too can manipulate existing service accounts. If a project contains service accounts , the Editor roles grant permission to create…

GKE Control Plane and Public IPs and Private Service Connect

anuj February 29, 2024 GKE Control Plane and Public IPs and Private Service Connect2024-02-29T13:49:09+00:00 GCP Networking No Comment

By default, when you create a public cluster, GKE assigns an external IP address (external endpoint) to the control plane and provisions public nodes. This means that any VM with…

Pass Through (Network) Load balancers and GKE Ingress Firewall Rule

anuj February 28, 2024 Pass Through (Network) Load balancers and GKE Ingress Firewall Rule2024-02-29T16:46:19+00:00 Intrusion Prevention No Comment

Overview If you created a GKE service that allows external access, you will be surprised to see a few firewall rules (at the VPC level) created automatically for you. Some…

Cloud CDN to deal with unauthenticated users

anuj February 15, 2024 Cloud CDN to deal with unauthenticated users2024-02-15T15:25:19+00:00 GCP Networking No Comment

Use Case - serve content to users who are not authenticated Cloud CDN can cache content that doesn't require authenticated users.

Routing Logs outside of GCP

anuj February 15, 2024 Routing Logs outside of GCP2024-02-15T05:29:04+00:00 GCP Operational No Comment

Use Case - To Route GCP Logs to external sinks ( Splunk) The only sink you can use here is pub sub. Install the logging agent to capture your application…

GCP – Failed SSH Attempts

anuj February 15, 2024 GCP – Failed SSH Attempts2024-02-15T05:19:57+00:00 Google Cloud Security No Comment

Use Case - monitor for failed SSH attempts and alert based on failures Log based alerts would be needed - there is no built in metric for failed SSH attempts.…

12 3 ›»