IAM provides predefined roles that grant access to specific Google Cloud resources and prevent unauthorized access to other resources. Role Title Description Lowest resource roles/container.admin Kubernetes Engine Admin Provides access to full management of clusters and their Kubernetes API objects.To set a service account on nodes, you must also have the Service Account User role (roles/iam.serviceAccountUser) on…

When you create a Google Cloud project, you are the only user on the project. By default, no other users have access to your project or its resources, including Google Kubernetes Engine (GKE) resources. GKE supports multiple options for managing access to resources within your project and its clusters using role-based access control (RBAC).

Google Cloud Managed Service for Prometheus is Google Cloud’s fully managed, multi-cloud, cross-project solution for Prometheus metrics. It lets you globally monitor and alert on your workloads, using Prometheus, without having to manually manage and operate Prometheus at scale. kubectl edit Prometheus prometheus-kube-prometheus-prometheus :

Storage Transfer Service accesses your data in S3-compatible storage using transfer agents deployed on VMs close to the data source. These agents run in a Docker container and belong to an agent pool, which is a collection of agents using the same configuration and that collectively move your data in parallel. This feature allows you…

The following table summarizes the valid port configurations, based on the load balancing scheme and the target of the forwarding rule. Product Load balancing scheme Target Port requirements Global external Application Load Balancer Regional external Application Load Balancer EXTERNAL_MANAGED Target HTTP proxyTarget HTTPS proxy Can reference exactly one port from 1-65535 Classic Application Load Balancer…

TCP network load balancers support SSL natively, making it possible to secure network traffic. Unlike SSL proxy load balancing and HTTP(S) load balancing, TCP network load balancing simply allows SSL traffic to pass through the load balancer and terminate at the VM itself. For NLBs, there are four higher-level primary components involved: a target pool, a regional…

External Application Load Balancers are proxies that use at least two TCP connections: The load balancer’s secondary TCP connections might not get closed after each request; they can stay open to handle multiple HTTP requests and responses. The backend HTTP keepalive timeout defines the TCP idle timeout between the load balancer and your backends. The backend HTTP…

You can reserve static IP addresses. You can also list and release your reserved static IP addresses. You can reuse a static IP for multiple load balancers.

A proxy-only subnet provides a pool of IP addresses that are reserved exclusively for Envoy proxies used by Google Cloud load balancers. It cannot be used for any other purposes. Each of the load balancer’s proxies is assigned an internal IP address. Packets sent from a proxy to a backend VM or endpoint has a…

Network load balancers distribute traffic across a set of compute instances known as a target pool. Target pools are regional resources which may contain compute instances across multiple zones within a single region. Each Google Cloud project may have up to 50 target pools. For NLBs, target pools may operate on individual compute instances or on…