Index
As this ebook edition doesn't have fixed pagination, the page numbers below are hyperlinked for reference only, based on the printed edition of this book.
A
application
deploying, to development environment 211
deploying, to staging environments 212
releasing, to production 213
Artifact Registry
URL 52
B
Bazel
URL 208
Binary Authorization
about 186
enabling, for admission control 162-165
production, securing with 186-188
builder 173
build infrastructure
creating 131
foundational Google Cloud services, enabling 133, 134
principle of least privilege (POLP), applying 146
private GKE cluster, setting up 135-138
private GKE control plane access, securing 144, 145
private pools, creating with security best practices 139-144
VPC networking, setting up 134, 135
buildpacks 214
build pipeline
security 8
build provenance
images, building with 161
build resources
build-specific IAM service accounts
builds, on worker pools
prerequisites, for running 17-19
build steps
container image, defining 56-60
default configuration, adjusting 64-67
minimum configuration, defining 51
resource creation, separating from 116-120
build submission
build-wide specifications
C
caching 206
client libraries
reference link 37
Cloud Asset Inventory API 67
Cloud Build
about 19
goals 19
integrating, with source code management platforms 78-80
reference link, for pricing 9
relationship, with Cloud Deploy 217-219
worker pools, configuring 16
cloud builder
about 10
URL 56
Cloud Build, in production
builds, making dynamic 202
build triggers, securing 197
changes, in secret management 204, 205
Cloud Build services, leveraging from different projects 191-196
configurations 202
dynamic substitutions, using 203, 204
value, deriving from logs 198-202
Cloud Build notifier
URL 198
Cloud Build Service-Level Agreement (SLA)
reference link 189
cloudbuild.yaml file
reference link 33
Cloud Deploy
about 213
continuous delivery, implementing with 211-213
Cloud Functions
supporting languages 168
versus Cloud Run 170
Cloud Functions 2nd gen
about 169
reference link 169
Cloud Key Management Service (KMS) 204
Cloud Logging
about 59
URL 60
Cloud-native automation
Cloud Native Buildpacks
URL 173
Cloud Native Computing Foundation (CNCF)
URL 132
Cloud Pub/Sub
URL 198
Cloud Run
advantages 169
URL 198
Cloud Scheduler
reference link 11
Cloud Shell
URL 19
Cloud Storage 172
cloud virtual private network (VPN) tunnels 135
command-line interface (CLI) 19
Compute Engine
URL 52
Container Builder 19
Container Registry 173
containers, building without build configuration
Dockerfile 171
language-specific tooling, using 171, 172
continuous delivery
implementing, with Cloud Deploy 211
custom builder
custom IAM roles
for build service accounts 148-152
cyberattack, investigative update
reference link 8
D
default pool
about 16
machine types 22
Direct Interconnect 25
Docker Hub 58
E
end-to-end (E2E) pipeline 37
Eventarc
about 170
reference link 170
G
gcloud command 32
GCP console
GCP service integrations 11-13
GitHub account
URL 152
gitignore
reference link 32
GKE cluster
globally unique identifier (GUID) 35
Go 168
Google Cloud 106
Google Cloud Build
Cloud-native automation with 9, 10
Google Cloud Platform (GCP) 9
Google Cloud Storage (GCS) 32, 106
Google Compute Engine (GCE) 136
Google Kubernetes Engine (GKE)
GKE Autopilot 133
GKE Standard 133
Google Secret Manager 78
Google virtual private cloud (VPC) 133
Gradle 171
H
HashiCorp Configuration Language (HCL)
about 105
reference link, for syntax 176
I
Identity and Access Management (IAM) 17, 54, 134
infrastructure as a service (IaaS) 8
infrastructure as code (IaC)
Internet Protocol (IP) address 136
J
Java 168
JavaScript Object Notation (JSON) 37
Jenkins
reference link 7
Jib 172
K
Kaniko
reference link 206
Knative 169
Ko 172
Kubernetes
about 132
components 132
high-level architecture 132
namespaces 132
nodes 132
URL 132
L
Logs Explorer 60
loveholidays, Cloud Build
reference link 12
M
managed service
about 16
managed service providers (MSPs) 7
Maven 171
metadata, for container images
attestation 99
N
network perimeter
Node.js 168
P
pricing, Cloud Build
reference link 18
principle of least privilege (POLP)
about 17
applying, to builds 146
private pools
about 16
architecture 24
private pools overview
reference link 10
projects
relationship, with billing accounts 18
pull request (PR) 152
Python 168
Q
quotas, Cloud Build
reference link 21
R
release management, for builds
Binary Authorization, enabling for admission control 162-165
builds, executing via build triggers 157-161
builds, gating with manual approvals 156, 157
configuring 152
images, building with build provenance 161
SCM integration, with Cloud Build 152-156
trusted software artifacts, enabling from builds 161
resource creation
separating, from build steps 116-120
REST API
reference link 37
role-based access control (RBAC) 149
S
Secret Manager
reference link 11
service account 11
service-level agreement (SLA) 7
service-level objective (SLO) 12
Service Networking API 24
Service Producer network 24
Skaffold
about 66
URL 66
Software Development Kit (SDK) 44
source code management platforms
Cloud Build, integrating with 78-80
source control management (SCM) tool 31
T
task automation, for Cloud Run and Cloud Functions
containers, running in Cloud Run 179-183
deploying, to Cloud Functions 178, 179
jobs, deploying to Cloud Run 176, 177
performing 176
production, securing with Binary Authorization 186-188
progressive rollouts, for revisions of Cloud Run service 184-186
services, deploying to Cloud Run 176, 177
Terraform
about 66
toil
reducing, with managed services 8, 9
reference link, for eliminating 8
trigger
about 32
anatomy 77
defining 81
webhook triggers 81
trusted software artifacts
enabling, from build 161
V
Virtual Private Cloud Service Controls (VPC SC)
configuring 100
URL 99
Virtual Private Cloud (VPC) 10
Virtual Private Network (VPN) tunnel 25
VPC Service Controls
about 11
reference link 11
W
worker pools
configuring, in Cloud Build 16
default pool 16
private pool 16