Professional Cloud DevOps Engineer

Section 1: Applying site reliability engineering principles to a service

1.1 Balance change, velocity, and reliability of the service:

    ●  Discover SLIs (e.g., availability, latency)

    ●  Define SLOs and understand SLAs

    ●  Agree to consequences of not meeting the error budget

    ●  Construct feedback loops to decide what to build next

    ●  Eliminate toil via automation

1.2 Manage service life cycle:

    ●  Manage a service (e.g., introduce a new service, deploy, maintain, and retire it)

    ●  Plan for capacity (e.g., quotas and limits management)

1.3 Ensure healthy communication and collaboration for operations:

    ●  Prevent burnout (e.g., set up automation processes to prevent burnout)

    ●  Foster a learning culture

    ●  Foster a culture of blamelessness

Section 2: Building and implementing CI/CD pipelines for a service

2.1 Design CI/CD pipelines:

    ●  Creating and storing immutable artifacts with Artifact Registry

    ●  Deployment strategies with Cloud Build and Spinnaker

    ●  Deployment to hybrid and multicloud environments with Anthos, Spinnaker, and Kubernetes

    ●  Artifact versioning strategy with Cloud Build and Artifact Registry

    ●  CI/CD pipeline triggers with Cloud Source Repositories, external SCM, and Pub/Sub

    ●  Testing a new version with Spinnaker

    ●  Configuring deployment processes (e.g., approval flows)

2.2 Implement CI/CD pipelines:

    ●  CI with Cloud Build

    ●  CD with Cloud Build

    ●  Open source tooling (e.g., Jenkins, Spinnaker, GitLab, Concourse)

    ●  Auditing and tracing of deployments (e.g., CSR, Artifact Registry, Cloud Build, Cloud Audit Logs)

2.3 Manage configuration and secrets:

    ●  Secure storage methods

    ●  Secret rotation and config changes

2.4 Manage infrastructure as code:

    ●  Terraform

    ●  Infrastructure code versioning

    ●  Make infrastructure changes safer

    ●  Immutable architecture

2.5 Deploy CI/CD tooling:

    ●  Centralized tools vs. multiple tools (single vs. multi-tenant)

    ●  Security of CI/CD tooling

2.6 Manage different development environments (e.g., staging, production):

    ●  Decide on the number of environments and their purpose

    ●  Create environments dynamically per feature branch with GKE

    ●  Local development environments with Docker, Cloud Code, Skaffold

2.7 Secure the deployment pipeline:

    ●  Vulnerability analysis with Artifact Registry

    ●  Binary Authorization

    ●  IAM policies per environment

Section 3: Implementing service monitoring strategies

3.1 Manage application logs:

    ●  Collecting logs from Compute Engine, GKE with Cloud Logging, Fluentd

    ●  Collecting third-party and structured logs with Cloud Logging, Fluentd

    ●  Sending application logs directly to the Cloud Logging API

3.2 Manage application metrics with Cloud Monitoring:

    ●  Collecting metrics from Compute Engine

    ●  Collecting GKE/Kubernetes metrics

    ●  Use Metrics Explorer for ad hoc metric analysis

3.3 Manage Cloud Monitoring platform:

    ●  Creating a monitoring dashboard

    ●  Filtering and sharing dashboards

    ●  Configure third-party alerting in Cloud Monitoring (e.g., PagerDuty, Slack)

    ●  Define alerting policies based on SLIs with Cloud Monitoring

    ●  Automate alerting policy definition with Terraform

    ●  Implementing SLO monitoring and alerting with Cloud Monitoring

    ●  Understand Cloud Monitoring integrations (e.g., Grafana, BigQuery)

    ●  Using SIEM tools to analyze audit/flow logs (e.g., Splunk, Datadog)

    ●  Design Cloud Monitoring metrics scopes

3.4 Manage Cloud Logging platform:

    ●  Enabling data access logs (e.g., Cloud Audit Logs)

    ●  Enabling VPC flow logs

    ●  Viewing logs in the Google Cloud Console

    ●  Using basic vs. advanced logging filters

    ●  Implementing logs-based metrics

    ●  Understanding the logging exclusion vs. logging export

    ●  Selecting the options for logging export

    ●  Implementing a project-level / org-level export

    ●  Viewing export logs in Cloud Storage and BigQuery

    ●  Sending logs to an external logging platform

3.5 Implement logging and monitoring access controls:

    ●  Set ACL to restrict access to audit logs with IAM, Cloud Logging

    ●  Set ACL to restrict export configuration with IAM, Cloud Logging

    ●  Set ACL to allow metric writing for custom metrics with IAM, Cloud Monitoring

Section 4: Optimizing service performance

4.1 Identify service performance issues:

    ●  Evaluate and understand user impact

    ●  Utilize Google Cloud’s operations suite to identify cloud resource utilization

    ●  Utilize Cloud Trace and Cloud Profiler to profile performance characteristics

    ●  Interpret service mesh telemetry

    ●  Troubleshoot issues with the image/OS

    ●  Troubleshoot network issues (e.g., VPC flow logs, firewall logs, latency, view network details)

4.2 Debug application code:

    ●  Application instrumentation

    ●  Cloud Debugger

    ●  Cloud Logging

    ●  Cloud Trace

    ●  Debugging distributed applications

    ●  App Engine local development server

    ●  Error Reporting

    ●  Cloud Profiler

4.3 Optimize resource utilization:

    ●  Identify resource costs

    ●  Identify resource utilization levels

    ●  Develop plan to optimize areas of greatest cost or lowest utilization

    ●  Manage preemptible VMs

    ●  Utilize committed use discounts where appropriate

    ●  TCO considerations (e.g., security, logging, networking)

    ●  Consider network pricing

Section 5: Managing service incidents

5.1 Coordinate roles and implement communication channels during a service incident:

    ●  Define roles (incident commander, communication lead, operations lead)

    ●  Handle requests for impact assessment

    ●  Provide regular status updates, internal and external

    ●  Record major changes in incident state (e.g., When mitigated? When is all clear?)

    ●  Establish communications channels (e.g., email, IRC, Hangouts, Slack, phone)

    ●  Scaling response team and delegation

    ●  Avoid exhaustion / burnout

    ●  Rotate / hand over roles

    ●  Manage stakeholder relationships

5.2 Investigate incident symptoms impacting users:

    ●  Identify probable causes of service failure

    ●  Evaluate symptoms against probable causes; rank probability of cause based on observed behavior

    ●  Perform investigation to isolate most likely actual cause

    ●  Identify alternatives to mitigate issue

5.3 Mitigate incident impact on users:

    ●  Roll back release

    ●  Drain / redirect traffic

    ●  Turn off experiment

    ●  Add capacity

5.4 Resolve issues with deployments (e.g., Cloud Build, Jenkins):

    ●  Code change / fix bug

    ●  Verify fix

    ●  Declare all-clear

5.5 Document issue in a postmortem:

    ●  Document root causes

    ●  Create and prioritize action items

    ●  Communicate postmortem to stakeholders