I need to monitor the Oracle Cloud Compute VM using REST API's or Java SDK. So for REST API monitoring do we need to do any set up in VM?
No, you don't need any set up inside the VM, but you do need the API users to be authorized in a IAM policy.
For example with a policy like this (for just reading the metrics):
Allow group <api_users> to read metrics in tenancy
Then you can use the APIs here.
Related
It seems that this page contains all the functionality that Azure CLI supports in regard to Azure API Management. But it doesn't show how to manage entities such as users, products, certificates, subscriptions, and APIs using Azure CLI.
Does Azure CLI lack these functionalities or is there a way to manage those entities using Azure CLI? Can Azure CLI be considered as a replacement for ARM templates in the case of APIM?
Azure CLI is missing those. Please raise on aka.ms/apimwish
According to my research, the Azure CLI API management command is in preview. SO it will miss some commands. For more details, please refer to the document. So if you want to manage Azure API management entities such as users, products, certificates, subscriptions, and APIs, I suggest you use Azure PowerShell to do that : https://learn.microsoft.com/en-us/powershell/module/az.apimanagement/?view=azps-3.0.0.
The Azure CLI currently seems to support this, see here for Microsoft docs. Make sure you upgrade your CLI to the latest version to be able to leverage this.
To get the CLI docs:
az apim --help
I want to write a Google Cloud Function that can interact with GCP's Dataproc service to programatically launch Dataproc clusters. We already have a battle-hardened Dataproc infrastructure, we're just looking to extend the ways in which they get launched.
Our Dataproc clusters can only be launched using an appropriate IAM service account that is already a member of the appropriate IAM roles hence the Cloud Function will need to authenticate to the Dataproc service using that service account. What is the most appropriate way for a Cloud Function to authenticate to other GCP services/APIs using a service account?
Options I suspect include:
* running the function as that service account
* providing a JSON key file & setting GOOGLE_APPLICATION_CREDENTIALS environment variable
Is there a recognised way of achieving this?
I have had a look at :
* https://cloud.google.com/docs/authentication/
* https://cloud.google.com/docs/authentication/getting-started
but they are not specific to Cloud Functions.
I've also looked at
* https://cloud.google.com/functions/docs/writing/http
but that seems more concerned with how the caller of the function can authenticate.
I think this is what you're looking for: https://cloud.google.com/functions/docs/concepts/iam
At runtime, Cloud Functions defaults to using the App Engine default service account (PROJECT_ID#appspot.gserviceaccount.com), which has the Editor role on the project. You can change the roles of this service account to limit or extend the permissions for your running functions. You can also change which service account is used by providing a non-default service account on a per-function basis.
tl;dr gcloud functions deploy FUNCTION_NAME --service-account SERVICE_ACCOUNT_EMAIL
By the way, if you ever need more complex scheduling logic, consider looking into Cloud Composer (managed Apache Airflow): https://cloud.google.com/composer/
I have multiple environments in Google Compute Engine (dev, staging, and production), each with its own Google Cloud SQL instance. The instances connect via Cloud SQL Proxy and authenticate with a credential file that is tied to a service account. I want to have a separate service account for each environment, which would be restricted to accessing the SQL instance specific to that environment. Currently, it appears that any service account with role Cloud SQL Client can access any Cloud SQL instance within the same project.
I cannot find any way to restrict access on a Cloud SQL Instance to a specific service account. Is it possible, and if so, how? If not, is there a different way to achieve the goal of preventing a server in one environment from accessing a Cloud SQL instance in another environment?
NOTE: this configuration is possible with Google Cloud Storage; one can assign a specific service account to have various permissions on each bucket, so that the dev service account cannot accidentally access Production files.
Unfortunately, Cloud SQL currently does not support instance level IAM policies.
The only workaround is hosting the instances in different projects.
As of the August 2021 release of Google Cloud SQL:
You can use IAM Conditions to define and enforce conditional, attribute-based access control for Google Cloud resources, including Cloud SQL instances
See the documentation for IAM Conditions for information about how to restrict a user or service account to specific Cloud SQL instances.
Does MySql come out of the box installed in pivotal cloud foundry environment? I was told that the containers within cloud foundry are transient in nature. If so , how does it support MySQL DB installation?
Pivotal offers Cloud Foundry in a couple ways. The hosted service is called Pivotal Web Services and allows apps to bind to a MySQL service such as ClearDB -- check out the marketplace.
The on-premise offering of Pivotal Cloud Foundry provides a MySQL service as well.
MySQL itself doesn't run as an application on Cloud Foundry, it's offered as a service alongside Cloud Foundry. Cloud Foundry currently only runs stateless applications, but support for a cloud-native solution for persistent workloads is starting up, so in the future it would be possible to run MySQL as an "application" directly on Cloud Foundry.
I am trying evaluate Google Compute Engine (GCE) for a cloud project in our company. We have some experience in working with Amazon Web Services but would like to know if GCE is a better alternative for our project.
I have following questions. Our choice for the project will be based on the answers for the questions so please help me with these queries.
Is there an equivalent of AWS Route53 and Elastic Load Balancer on Google cloud? If they are not available then how do we load balance GCE instances?
Is there a concept like regions? (such as us-east-coast-1, us-west-coast-1, etc…). Helpful in making sure that the service is not affected during natural calamities.
Is there an equivalent of Cloud Watch to help us auto scale compute engine instances based on load?
Can we setup a private cloud on Google cloud platform?
Can we get persistent public IP addresses for GCE instances?
Are there any advantages (in terms of tighter integration OR pricing) when using Google services such as Google Analytics, YouTube, DoubleClick, etc?
Load Balancing
Google Cloud Platform's Compute Engine (GCE) recently added a Load Balancing feature. It's lower level than ELB (it only supports UDP / TCP, not HTTP(S)).
Regions
GCE has feature parity. AWS Regions correspond to GCE Regions, and AWS Availability Zones to GCE Zones
Autoscaling (CloudWatch)
Google Compute Engine does not have autoscaling, but Google App Engine does. Third party tools such as Scalr or RightScale are however compatible with Google Compute Engine
Disclaimer: I do work at Scalr.
Private Cloud
Did you mean dedicated instances? Those are not available in GCE.
If you meant VPC, then you can use GCE networks to achieve isolation. You'll also wish to disable ephemeral external IP addresses for the instances you want to isolate.
Persistent IPs
GCE has persistent IPs, they are called "Reserved Addresses"
Integration with other services
You will likely get better latency to Google services you use in your backend (I recall a couple presentations at Google I/O talking about Google App Engine + BigQuery).
For frontend services (Google Analytics), you'll likely see not benefit, since this depends on your users, not your servers.