Professional Cloud Developer
Section 1: Designing highly scalable, available, and reliable cloud-native applications
1.1 Designing high-performing applications and APIs. Considerations include:
a. Microservices
b. Scaling velocity characteristics/trade-offs of IaaS (infrastructure as a service) vs. CaaS (container as a service) vs. PaaS (platform as a service)
c. Geographic distribution of Google Cloud services (e.g., latency, regional services, zonal services)
d. Defining a key structure for high-write applications using Cloud Storage, Cloud Bigtable, Cloud Spanner, or Cloud SQL
e. User session management
f. Caching solutions
g. Deploying and securing API services
h. Loosely coupled asynchronous applications (e.g., Apache Kafka, Pub/Sub)
i. Graceful shutdown on platform termination
j. Google-recommended practices and documentation
1.2 Designing secure applications. Considerations include:
a. Implementing requirements that are relevant for applicable regulations (e.g., data wipeout)
b. Security mechanisms that protect services and resources
c. Security mechanisms that secure/scan application binaries and manifests
d. Storing and rotating application secrets and keys (e.g., Cloud KMS, HashiCorp Vault)
e. Authenticating to Google services (e.g., application default credentials, JSON Web Token (JWT), OAuth 2.0)
f. IAM roles for users/groups/service accounts
g. Securing service-to-service communications (e.g., service mesh, Kubernetes Network Policies, and Kubernetes namespaces)
h. Running services with least privileged access (e.g., Workload Identity)
i. Certificate-based authentication (e.g., SSL, mTLS)
j. Google-recommended practices and documentation
1.3 Managing application data. Considerations include:
a. Defining database schemas for Google-managed databases (e.g., Firestore, Cloud Spanner, Cloud Bigtable, Cloud SQL)
b. Choosing data storage options based on use case considerations, such as:
a. Time-limited access to objects
b. Data retention requirements
c. Structured vs. unstructured data
d. Strong vs. eventual consistency
e. Data volume
f. Frequency of data access in Cloud Storage
c. Google-recommended practices and documentation
1.4 Application modernization. Considerations include:
a. Using managed services
b. Refactoring a monolith to microservices
c. Designing stateless, horizontally scalable services
d. Google-recommended practices and documentation
Section 2: Building and testing applications
2.1 Setting up your local development environment. Considerations include:
a. Emulating Google Cloud services for local application development
b. Creating Google Cloud projects
c. Using the command-line interface (CLI), Google Cloud Console, and Cloud Shell tools
d. Using developer tooling (e.g., Cloud Code, Skaffold)
2.2 Writing efficient code. Considerations include:
a. Algorithm design
b. Modern application patterns
c. Software development methodologies
d. Debugging and profiling code
2.3 Testing. Considerations include:
a. Unit testing
b. Integration testing
c. Performance testing
d. Load testing
2.4 Building. Considerations include:
a. Source control management
b. Creating secure container images from code
c. Developing a continuous integration pipeline using services (e.g., Cloud Build, Container Registry) that construct deployment artifacts
d. Reviewing and improving continuous integration pipeline efficiency
Section 3: Deploying applications
3.1 Recommend appropriate deployment strategies using the appropriate tools (e.g., Cloud Build, Spinnaker, Tekton, Anthos Configuration Manager) for the target compute environment (e.g., Compute Engine, Google Kubernetes Engine). Considerations include:
a. Blue/green deployments
b. Traffic-splitting deployments
c. Rolling deployments
d. Canary deployments
3.2 Deploying applications and services on Compute Engine. Considerations include:
a. Installing an application into a virtual machine (VM)
b. Managing service accounts for VMs
c. Bootstrapping applications
d. Exporting application logs and metrics
e. Managing Compute Engine VM images and binaries
3.3 Deploying applications and services to Google Kubernetes Engine (GKE). Considerations include:
a. Deploying a containerized application to GKE
b. Managing Kubernetes RBAC and Google Cloud IAM relationships
c. Configuring Kubernetes namespaces
d. Defining workload specifications (e.g., resource requirements)
e. Building a container image using Cloud Build
f. Configuring application accessibility to user traffic and other services
g. Managing container life cycle
h. Define Kubernetes resources and configurations
3.4 Deploying a Cloud Function. Considerations include:
a. Cloud Functions that are triggered via an event from Google Cloud services (e.g., Pub/Sub, Cloud Storage objects)
b. Cloud Functions that are invoked via HTTP
c. Securing Cloud Functions
3.5 Using service accounts. Considerations include:
a. Creating a service account according to the principle of least privilege
b. Downloading and using a service account private key file
Section 4: Integrating Google Cloud services
4.1 Integrating an application with data and storage services. Considerations include:
a. Read/write data to/from various databases (e.g., SQL)
b. Connecting to a data store (e.g., Cloud SQL, Cloud Spanner, Firestore, Cloud Bigtable)
c. Writing an application that publishes/consumes data asynchronously (e.g., from Pub/Sub)
d. Storing and retrieving objects from Cloud Storage
4.2 Integrating an application with compute services. Considerations include:
a. Implementing service discovery in GKE and Compute Engine
b. Reading instance metadata to obtain application configuration
c. Authenticating users by using OAuth2.0 Web Flow and Identity-Aware Proxy
d. Authenticating to Cloud APIs with Workload Identity
4.3 Integrating Cloud APIs with applications. Considerations include:
a. Enabling a Cloud API
b. Making API calls using supported options (e.g., Cloud Client Library, REST API or gRPC, APIs Explorer) taking into consideration:
a. Batching requests
b. Restricting return data
c. Paginating results
d. Caching results
e. Error handling (e.g., exponential backoff)
c. Using service accounts to make Cloud API calls
Section 5: Managing application performance monitoring
5.1 Managing Compute Engine VMs. Considerations include:
a. Debugging a custom VM image using the serial port
b. Diagnosing a failed Compute Engine VM startup
c. Sending logs from a VM to Cloud Logging
d. Viewing and analyzing logs
e. Inspecting resource utilization over time
5.2 Managing Google Kubernetes Engine workloads. Considerations include:
a. Configuring logging and monitoring
b. Analyzing container life cycle events (e.g., CrashLoopBackOff, ImagePullErr)
c. Viewing and analyzing logs
d. Writing and exporting custom metrics
e. Using external metrics and corresponding alerts
f. Configuring workload autoscaling
5.3 Troubleshooting application performance. Considerations include:
a. Creating a monitoring dashboard
b. Writing custom metrics and creating log-based metrics
c. Using Cloud DebuggerReviewing stack traces for error analysis
d. Exporting logs from Google Cloud
e. Viewing logs in the Google Cloud Console
f. Reviewing application performance (e.g., Cloud Trace, Prometheus, OpenTelemetry)
g. Monitoring and profiling a running application
h. Using documentation, forums, and Google Cloud support