Working Basics with the Google Cloud Platform (GCP)
In this post I want to show some basics good to know when working with the Google Cloud Platform (GCP).
Creating a Google project
To use Cloud APIs, you also need to have a Google project. A project is equivalent to a developer account. It serves as a resource container for your Google Cloud resources. It also provides an isolation boundary for your usage of Google Cloud services, so you can manage quota limits and billing independently at the project level. Usage telemetry and dashboards are grouped by projects as well. If you don’t already have a project, you can create one using the Google Cloud console.
A project can own a wide range of resources, including API keys, OAuth clients, service accounts, Compute Engine VMs, Cloud Storage buckets, and BigQuery datasets.
If you want to stop using Google Cloud for any reasons, you can use Google Cloud console to delete your project. Your project and all resources in the project will be deleted after the retention window. Note that different types of data have different retention periods.
Source: https://cloud.google.com/apis/docs/getting-started#creating_a_google_project
A Google Cloud project is conceptually similar to the Azure subscription, in terms of billing, quotas, and limits. However, from a functional perspective, a Google Cloud project is more like a resource group in Azure. It’s a logical unit that cloud resources are deployed to.
Note that unlike in Google Cloud, there is no maximum number of Azure subscriptions. Each Azure subscription is linked to a single Azure Active Directory (Azure AD) tenant (an account, in Google Cloud terms). An Azure AD tenant can contain an unlimited number of subscriptions, whereas Google Cloud has a default limit of 30 projects per account.
A Google Cloud project is also similar to an AWS member account which gets organized from AWS in organizational units (OUs). Both are billing and IAM boundaries in the organization.
What is a project?
A project organizes all your Google Cloud resources. All data in Cloud Storage belongs inside a project. A project consists of a set of users; a set of APIs; and billing, authentication, and monitoring settings for those APIs. So, for example, all of your Cloud Storage buckets and objects, along with user permissions for accessing them, reside in a project. You can have one project, or you can create multiple projects and use them to organize your Google Cloud resources, including your Cloud Storage data, into logical groups. You can have one or multiple projects.Source: https://cloud.google.com/storage/docs/projects#what_is_a_project
More about AWS accounts and AWS organizations you can read in my following post.
Google Cloud APIs
Google Cloud APIs are programmatic interfaces to Google Cloud Platform services. They are a key part of Google Cloud Platform, allowing you to easily add the power of everything from computing to networking to storage to machine-learning-based data analysis to your applications.
Source: https://cloud.google.com/apis/docs/overview
In Google Cloud you not just need them to access services from your own developed applications, you also need them for example to create a VM instance in your GCP project by using the GCP console.
Therefore in order to create a new VM instance, you first need to enable the Compute Engine API for the project you want to deploy it.
VPC networks vs. Shared VPC networks
In GCP for each project by default a common VPC network will be deployed. When you set up an organization in Google Cloud as shown in my post below, one of the tasks is to also set up a Shared VPC network.
This Shared VPC network will be deployed in a central host project in GCP. In a nutshell you use Shared VPC networks for project resources to communicate securely over the network and using the private ip address space with resources from other projects. Therefore the projects they want to use the Shared VPC network must be attached to it.
Shared VPC
Shared VPC allows an organization to connect resources from multiple projects to a common Virtual Private Cloud (VPC) network, so that they can communicate with each other securely and efficiently using internal IPs from that network. When you use Shared VPC, you designate a project as a host project and attach one or more other service projects to it. The VPC networks in the host project are called Shared VPC networks. Eligible resources from service projects can use subnets in the Shared VPC network.Shared VPC connects projects within the same organization. Linked projects can be in the same or different folders, but if they are in different folders the admin must have Shared VPC Admin rights to both folders. Refer to the Google Cloud resource hierarchy for more information about organizations, folders, and projects.
A Shared VPC network is a VPC network defined in a host project and made available as a centrally shared network for eligible resources in service projects. Shared VPC networks can be either auto or custom mode, but legacy networks are not supported.
Shared VPC formerly known as Google Cross-Project Networking (XPN) is also referred to as XPN in the API.
(common) VPC networks
A Virtual Private Cloud (VPC) network is a virtual version of a physical network, implemented inside of Google’s production network, using Andromeda.
Below you will see the created Shared VPC network during set up the organization.
You can open them later in the menu of the Google Cloud console at VPC network –> Shared VPC as shown below.
In order to use these networks, you have to attach the project to as shown below.
I will attach my project testing-vms-02 to the vpc-host-dev project where the Shared VPC network was deployed to.
So I click on vpc-host-dev
I will share here all subnets from with my project. You can also share just individual subnets.
From now on you can use this network for resources within the attached project. For example below I will create a new VM instance in my attached project.
First I will select a network interface. Here I can choose between the following two interface cards.
gVNIC and VirtIO
Google Virtual NIC (gVNIC) is a virtual network interface designed specifically for Compute Engine. gVNIC is an alternative to the virtIO-based ethernet drive
https://cloud.google.com/compute/docs/networking/using-gvnic
At Google, we are constantly improving the performance of our network infrastructure. We recently introduced Google Virtual NIC (gVNIC), a virtual network interface designed specifically for Compute Engine. gVNIC is an alternative to the VirtIO-based Ethernet driver. It is tightly integrated with our high performance, flexible Andromeda virtual network stack and is required to enable high network bandwidth configurations (50-100 Gbps).
Using gVNIC improves communication performance by more efficiently delivering traffic among your VM instances. This improvement is valuable for high performance computing (HPC) users because MPI communication performance is critical for application scalability of workloads such as weather modeling, computational fluid dynamics, and computer aided engineering.
To simplify using gVNIC for HPC workloads, our CentOS 7 based HPC VM image now supports gVNIC and includes the latest gve driver (gve-1.2.3) by default. Continue reading for more details on gVNIC performance or skip ahead to our quickstart guide to get started today!
At Network interfaces I have to select Networks shared with me to assign an IP from that network to my VM.
Billing Accounts and Quotas
By default, Google Cloud only allows the creation of five projects per billing account.
The number of projects any user or service account can create is limited. If you create a project outside an organization, the quota on your account is used. If you are creating a project within an organization, the quota on both your account and organization are checked, and if either one has quota remaining, the project can be created.
Once your quota is reached, you can request an increase. If you have less than 30 projects remaining in your quota, you can see the number of projects you have remaining in your quota on the New Project page. For more information, see Managing project quotas.
Source: https://cloud.google.com/resource-manager/docs/limits
To see all your projects and assigned billing accounts you can go to billing in the GCP console at the link https://console.cloud.google.com/billing and click on the tab My Projects.
List Resources within Google Cloud by using the CLI gcloud
About how to use and install the Google Cloud CLI you can read my following post.
List all resources within the given project
gcloud asset search-all-resources –scope=projects/<project id>List all resources within the organization
gcloud asset search-all-resources –scope=organizations/<organization id>
For example to show my VM instance named instance-1 within the project Testing VMs (id: testing-vms-01) I can call the following command.
gcloud asset search-all-resources –scope=projects/testing-vms-01 –query=”name:instance-1″
Source: https://cloud.google.com/sdk/gcloud/reference/asset/search-all-resources
Links
Getting started
https://cloud.google.com/apis/docs/getting-startedGoogle Cloud APIs
https://cloud.google.com/apis/docs/overviewShared VPC
https://cloud.google.com/vpc/docs/shared-vpcVPC networks
https://cloud.google.com/vpc/docs/vpcUsing Google Virtual NIC
https://cloud.google.com/compute/docs/networking/using-gvnic