Certified Google Cloud Architect

Author Archives: anuj - Page 2

Sample GKE constraints for common use cases

anuj February 29, 2024 Sample GKE constraints for common use cases2024-02-29T17:37:32+00:00 GKE No Comment

Sample GKE constraints for common use cases The following sections provide the syntax of some custom constraints that you might find useful: Description Constraint syntax Do not disable node auto-upgrade…

Check when a GKE Cluster was created

anuj February 29, 2024 Check when a GKE Cluster was created2024-02-29T16:44:23+00:00 AWS No Comment

Apply this filter to the logs (under operations from the cluster management screen). Default audit logs go back 180 days. "gke_cluster" "" "your-cluster-name" Default audit logs go back 180…

Editor Role in GCP – Beware of Service Account Privileges

anuj February 29, 2024 Editor Role in GCP – Beware of Service Account Privileges2024-02-29T13:56:11+00:00 GCP IAM No Comment

While only an OWNER can create service accounts, an EDITOR too can manipulate existing service accounts. If a project contains service accounts , the Editor roles grant permission to create…

GKE Control Plane and Public IPs and Private Service Connect

anuj February 29, 2024 GKE Control Plane and Public IPs and Private Service Connect2024-02-29T13:49:09+00:00 GCP Networking No Comment

By default, when you create a public cluster, GKE assigns an external IP address (external endpoint) to the control plane and provisions public nodes. This means that any VM with…

Pass Through (Network) Load balancers and GKE Ingress Firewall Rule

anuj February 28, 2024 Pass Through (Network) Load balancers and GKE Ingress Firewall Rule2024-02-29T16:46:19+00:00 GKE No Comment

Overview If you created a GKE service that allows external access, you will be surprised to see a few firewall rules (at the VPC level) created automatically for you. Some…

Cloud CDN to deal with unauthenticated users

anuj February 15, 2024 Cloud CDN to deal with unauthenticated users2024-02-15T15:25:19+00:00 GCP Networking No Comment

Use Case - serve content to users who are not authenticated Cloud CDN can cache content that doesn't require authenticated users.

Routing Logs outside of GCP

anuj February 15, 2024 Routing Logs outside of GCP2024-02-15T05:29:04+00:00 GCP Operational No Comment

Use Case - To Route GCP Logs to external sinks ( Splunk) The only sink you can use here is pub sub. Install the logging agent to capture your application…

GCP – Failed SSH Attempts

anuj February 15, 2024 GCP – Failed SSH Attempts2024-02-15T05:19:57+00:00 Google Cloud Security No Comment

Use Case - monitor for failed SSH attempts and alert based on failures Log based alerts would be needed - there is no built in metric for failed SSH attempts.…

Retention Policies and Cloud Storage

anuj February 15, 2024 Retention Policies and Cloud Storage2024-02-15T05:19:35+00:00 GCP Cloud Storage No Comment

Use Case - Disallow deletion of bucket objects, regardless of IAM access Retention policy will lock the bucket (or object in a bucket) and not allow deletion, regardless of access…

Service accounts- at Org, Folder Levels – and at Resource Levels

anuj January 31, 2024 Service accounts- at Org, Folder Levels – and at Resource Levels2024-01-31T15:08:11+00:00 No Comment

High level service accounts (Folders, projects and Org level) should be few SAs. No keys allowed. The AD groups (containing human users) should be defined for these with all the…

‹123 4 ›»