Google Associate-Cloud-Engineer - Google Cloud Certified - Associate Cloud Engineer

Cloud Functions is Google Cloud’s event-driven serverless compute platform that lets you run your code locally or in the cloud without having to provision servers. Cloud Functions scales up or down, so you pay only for compute resources you use. Cloud Functions have excellent integration with Cloud Pub/Sub, lets you scale down to zero and is recommended by Google as the ideal serverless platform to use when dependent on Cloud Pub/Sub.

"If you’re building a simple API (a small set of functions to be accessed via HTTP or Cloud Pub/Sub), we recommend using Cloud Functions."

Ref: https://cloud.google.com/serverless-options

Creating or upgrading a cluster by specifying the version as latest does not provide automatic upgrades. Enable node auto-upgrades to ensure that the nodes in your cluster are up-to-date with the latest stable version.

https://cloud.google.com/kubernetes-engine/versioning-and-upgrades

Node auto-upgrades help you keep the nodes in your cluster up to date with the cluster master version when your master is updated on your behalf. When you create a new cluster or node pool with Google Cloud Console or the gcloud command, node auto-upgrade is enabled by default.

Ref: https://cloud.google.com/kubernetes-engine/docs/how-to/node-auto-upgrades

gcloud deployment-manager deployments create creates deployments based on the configuration file. (Infrastructure as code). All the configuration related to the artifacts is in the configuration file. This command correctly creates a cluster based on the provided cluster.yaml configuration file.

Ref: https://cloud.google.com/sdk/gcloud/reference/deployment-manager/deployments/create

The requirement is for private communication between a Cloud Run service and a GKE API, following best practices.

Option A exposes the GKE API to the public internet, which violates the "privately reach" requirement. Relying on dynamic IP allowlisting with Cloud Armor is complex and less secure than private networking.

Options B and C configure overly permissive firewall rules (allowing all egress or ingress) and do not establish the necessary private network path between Cloud Run (which normally runs outside your VPC) and the GKE cluster within your VPC.

Option D describes the standard Google-recommended pattern for this scenario:

Internal Application Load Balancer (ILB): Expose the GKE service (API) using an ILB. This gives the service a private IP address accessible only within the VPC network (or connected networks).

Cloud DNS: Create a private DNS zone and record pointing a fully qualified domain name (FQDN) to the ILB's private IP address. This allows services to reach the API via a stable name instead of an IP.

Serverless VPC Access Connector: This connector creates a bridge allowing serverless services like Cloud Run to send traffic into your VPC network.

Cloud Run Configuration: Configure the Cloud Run service to use the VPC Access connector. The application code can then call the GKE API using its private FQDN registered in Cloud DNS.

This setup ensures traffic flows entirely over private networks (within the VPC via the ILB and through the VPC Access connector), meeting the private communication requirement securely and reliably.

`gcloud services list --available` returns not only the enabled services in the project but also services that CAN be enabled.

https://cloud.google.com/sdk/gcloud/reference/services/list#--available

Run the following command to list the enabled APIs and services in your current project:

gcloud services list

whereas, Run the following command to list the APIs and services available to you in your current project:

gcloud services list –available

https://cloud.google.com/sdk/gcloud/reference/services/list#--available

--available

Return the services available to the project to enable. This list will include any services that the project has already enabled.

To list the services the current project has enabled for consumption, run:

gcloud services list --enabled

To list the services the current project can enable for consumption, run:

gcloud services list –available

https://cloud.google.com/resource-manager/docs/project-migration#oauth_consent_screen

https://cloud.google.com/resource-manager/docs/project-migration

Comprehensive and Detailed Explanation From Exact Extract:

The key requirements are a containerized web application that handles unpredictable traffic and must minimize costs.

Cloud Run is the ideal solution because it is a fully managed, serverless platform for containers that automatically scales to zero instances when there is no traffic. This directly fulfills the cost requirement by eliminating charges for idle resources. It excels at handling unpredictable, bursty traffic.

GKE Standard and Autopilot (Options B and D) incur costs for the cluster or nodes even when not serving traffic (unless carefully scaled down), making them less cost-efficient than Cloud Run's native scale-to-zero for unpredictable, non-constant workloads.

Specifying conditions for alerting policies This page describes how to specify conditions for alerting policies. The conditions for an alerting policy define what is monitored and when to trigger an alert. For example, suppose you want to define an alerting policy that emails you if the CPU utilization of a Compute Engine VM instance is above 80% for more than 3 minutes. You use the conditions dialog to specify that you want to monitor the CPU utilization of a Compute Engine VM instance, and that you want an alerting policy to trigger when that utilization is above 80% for 3 minutes.https://cloud.google.com/monitoring/alerts/ui-conditions-ga

https://cloud.google.com/monitoring/alerts/using-alerting-uihttps://cloud.google.com/monitoring/support/notification-options