I sat for the Google Cloud Platform DevOps Exam a few days ago and I was pleasantly surprised with the exam format, questions and answers. No case studies:)
I believe this exam is a game changer for folks that are really looking to prove themselves in a niche area. DevOps is still a niche area contrary to what I see in the IT media. The good part is that if you took the Cloud Developer exam then there seems to be some overlap.. Ill elaborate in the list below.
The main area to focus on is not just Kubernetes but we also need to understand their is a significant focus on Site Recovery, DevOps and Stackdriver. Yes, I said it “Stackdriver”.
Google has done a remarkable job on this exam.
DevOps Engineer EXAM Overview
A Professional Cloud DevOps Engineer is responsible for efficient development operations that can balance service reliability and delivery speed. They are skilled at using Google Cloud Platform to build software delivery pipelines, deploy and monitor services, and manage and learn from incidents.
The Professional Cloud DevOps Engineer exam assesses your ability to:
- Apply site reliability engineering principles to a service
- Optimize service performance
- Implement service monitoring strategies
- Build and implement CI/CD pipelines for a service
- Manage service incidents
Beta Exam Questions — 102
Beta Exam Time — 4 Hours (240 Minutes). (Completed in 165 minutes)
Exam Overview Link
The exam was certainly a complex mixture of DevOps, Site Recovery and Google Services such as Stackdriver, Cloud Build, Kubernetes Engine, Container Registry, etc that focused from both an operations and a development perspective
Integrate SRE, DevOps Teams for example and enable a build once policy at the start of your DevOps pipelines so that later phases of the CI/CD pipeline have a consistent build to work with. The goal is to avoid any inconsistencies (Multiple configs, cluster management, multiple build tools, etc)
DevOps Engineer Exam Top Ten Things to Know
The following list is not a concise list of EVERYTHING you should not but merely the main areas to learn and prepare for.
There are command line questions so be forewarned.
Free Practice Exams Here
Understand the difference between SLOs, SLAs and SLIS. Yes, this can be really confusing. The number of questions around these topics were more than 2 or 3. Two main resources to review.
- Google Cloud Blog – SRE Fundamentals
2. Google online SRE Workbook
Note that Stackdriver can be used for creating dashboard, understanding latency, etc.
How does DevOps and SRE relate. Check it out
Just like on the Cloud Developer exam there was a good amount of Kubernetes questions for sure and perhaps the algo popped with a bunch of special questions right off the bat just for me.
- Taking the exam you must have a concise background for Kubernetes Engine (kubectl/gcloud cli commands)
- You must know what the Error Codes 400/403 are in several contexts.
- Know the complementary services around containers and Kube but also how to monitor containers. The easiest way to install Stackdriver monitoring is let it happen at deployment..
Complementary services are…….
Stackdriver and Stackdriver….
Do not even take the exam if your not confident in Stackdriver logging setup, setup alerts and you can spell out the difference between Stackdriver modules, workflows and to note that Debug and Trace heavily tested. Stackdriver APIS are a must know
If your in operations working with GCP then your likely going to just spectacular on these types of questions. However, developers may not do as well since monitoring from my experience is more “tribal” than in other areas in IT. Developers generally dont want to play operations sometimes…
Go into the exam knowing the difference between Debug vs Trace vs Profiler
So what is the “Life of a Log”
GCloud logging Commands to know
- gcloud logging
- gcloud logging logs list
- gcloud logging sinks create
Export Logs need to know.
Export Logs via
- Logging API
- Cloud Storage
- Cloud Pub/Sub •BigQuery
VPC Flow Logs are tested and we need to know a few things.
- Why use them
- How to review them
- How to be alerted
VPC Flow Logs record a sample of network flows sent from and received by VM instances and instances used as Kubernetes Nodes (GKE). These logs can be used for network monitoring, forensics, real-time security analysis, and expense optimization.
You can view flow logs in Stackdriver Logging, and you can export logs to any destination that Stackdriver Logging export supports.
Flow logs are aggregated by connection from Compute Engine VMs and exported in real time.
By subscribing to Cloud Pub/Sub, you can analyze flow logs using real-time streaming APIs.
You may want to review this GCP page.
Theres more..But not now…
Want to know more about the Cloud Developer Exam… Check out my Deep Dive.
Handling Incidents – Yes when SHTF hits you have to know how to deal with an event. An event being a breach has occurred and how to handle issues from a DDOS attack, nodes go done, your boss is out of coffee or a CSS is hacked sort of issues.
Know how to mitigate issues, how to minimize risks, add capacity.
Review this page for a start and specifically understand Google best practices and Data incident response process (Flowchart)
Google SRE book has some info that seems familiar..
Lots of acronyms to learn. For example..
The main roles in incident response are the Incident Commander (IC), Communications Lead (CL), and Operations or Ops Lead (OL). IMAG organizes these roles into a hierarchy: the IC leads the incident response, and the CL and OL report to the IC.
When disaster strikes, who declares the incident typically steps into the IC role and directs the high-level state of the incident?
Securing the pipelines. Container Security = Vulnerability analysis with Container Registry, Cloud Security Scanner
Cloud Security Scanner
Cloud Security scanner is a FREE tool that you can use with Compute Engine, App Engine and Kubernetes Engine
This page has a lot of links that are very useful for the exam preparation
Google Container Security
Kubernetes Engine uses what? Binary Authorization, we are not talking about gender here. -With binary authorization you can require images to be signed by trusted authorities during the development process and then enforce signature validation when deploying.
By enforcing validation you get tighter control over your container environment by ensuring only verified images are integrated into the build-and-release process. No need for crappy deployments right?
Load Balancing and Endpoints
Know the basics of both VM and Container load balancing. What are instance groups.
Know what Endpoints are and how the network policy is a specification of how groups of pods are allowed to communicate with each other and other network endpoints
There more on this, but wait for my deep dive notes…
Infrastructure as Code (IaC)
Cloud Deployment Manager and Terraform were two areas that you may to understand.
In Cloud Deployment Manager -Preview configuration
gcloud deployment-manager deployments create example-deployment –config configuration-file.yaml \ –preview
Deploying a containerized application to Kubernetes Engine
Cloud Build, Know your build steps, Automatic vs manual and integrate with Cloud Repositories. Custom builds steps (Memorize). Speed Up Builds and CI Pipelines
Know how to deploy a containerized app and the details ..
Here is the link you want to look at.
Ill be coming out with a DEEP DIVE with more details when time permits. Expect some practice questions and a new course in January 2020.
Carry on my cloud friends and please do let me know any feedback or suggestions.
Joe Holbrook, the Cloud Tech Guy