Google Professional Cloud Developer: Building Cloud-Native Applications

Cloud-native applications are designed around the 12-factor methodology: codebase in version control, explicit dependencies, config in environment, backing services as attached resources, separate build/release/run stages, stateless processes, port binding, concurrency via process model, disposability (fast startup, graceful shutdown), dev/prod parity, logs as event streams, admin processes as one-off tasks. Microservices on GCP: Cloud Run (serverless containers, request-driven scaling), GKE (managed Kubernetes for complex workloads), App Engine (fully managed, language-specific runtimes). Service communication: REST over HTTP/S (Cloud Endpoints + OpenAPI), gRPC (Protocol Buffers, bidirectional streaming), Pub/Sub (async messaging for decoupling services).

Choosing the right storage: Firestore (document DB, real-time sync, serverless, for user-facing data with flexible schema), Cloud Spanner (horizontally scalable relational DB with global ACID transactions, for financial or inventory systems), Bigtable (wide-column, time-series and IoT workloads at petabyte scale), Cloud SQL (managed PostgreSQL/MySQL/SQL Server for existing relational workloads), Memorystore (managed Redis/Memcached for caching). Cloud Storage: object storage with four storage classes (Standard, Nearline, Coldline, Archive) for cost optimisation. Object lifecycle management automates transitions between classes. Signed URLs grant time-limited access to private objects — generated server-side and passed to clients for direct upload/download.

Cloud Build: managed CI/CD with cloudbuild.yaml steps. Each step is a container that runs a command — flexibility to use any tool. Triggers connect Cloud Build to Cloud Source Repositories, GitHub, or Bitbucket. Artifact Registry stores container images and language packages (Maven, npm, Python). Cloud Deploy: managed continuous delivery to GKE, Cloud Run, or GKE Autopilot. Delivery pipelines define promotion sequences (dev > staging > prod) with optional approval gates and canary/blue-green strategies. Rollback is one command: gcloud deploy rollouts rollback. Cloud Code: IDE plugins (VS Code, JetBrains) for local Kubernetes development. Skaffold automates build-push-deploy on file save. Container Structure Tests validate image contents without running the container.

Application security: Secret Manager for storing and rotating credentials (not environment variables for secrets). Workload Identity Federation: GKE workloads can assume GCP service account identities without key files. Binary Authorization: policy-enforced admission control that requires container images to be signed by trusted attestors before deployment. Observability: Cloud Monitoring (metrics, uptime checks, alerting policies), Cloud Logging (structured logs via the Logging client libraries, Log-based metrics), Cloud Trace (distributed tracing, latency analysis), Cloud Profiler (continuous CPU/memory profiling in production). Use OpenTelemetry for vendor-neutral instrumentation. Cloud Endpoints and Apigee: Endpoints (lightweight API management, OpenAPI or gRPC, authentication via JWT or API key), Apigee (enterprise API gateway with rate limiting, monetisation, analytics, and developer portal).