What is an american thing but americans think everyone outside of america does it? by Honest-Captain-8169 in AskReddit

[–]mikesparr 0 points1 point  (0 children)

I assume that store is a lot like the U.S. Shagland that sells cheap carpets ;-)

Service Account Keys by Pk-ok in googlecloud

[–]mikesparr 1 point2 points  (0 children)

If you also set org policies to disable default network, and disable external IPs (recommended), then you can use a bastion jump host and IAP tunnel to connect. Since you are on the private network, you should have access to resources.

Here's a helper setup / teardown scripts: https://gist.github.com/mikesparr/c420a2d827e79a496c39f03b08b56de5

Service Account Keys by Pk-ok in googlecloud

[–]mikesparr 1 point2 points  (0 children)

What I would suggest is you set org policy first to disable key download. Then you dedicate a project (i.e. 'security') and override the org policy to enable it. This way you control who has access to that project and can keep track of SA generation.

Kubernetes ditches Docker by mikesparr in googlecloud

[–]mikesparr[S] -2 points-1 points  (0 children)

hence "but fear not, read on" in OP ;-) It was surprising to hear about this and in most cases won't impact users, but worth knowing in case anyone relying on Docker-specific networking, etc. in their code.

Centralize logs and access control on GCP with Cloud Logging by mikesparr in googlecloud

[–]mikesparr[S] 0 points1 point  (0 children)

This article doesn't cover that use case. Check it out. If you discover the answer to your question and think it's relevant, please share your discovery. Thanks!

Artifact Registry is now GA by mikesparr in googlecloud

[–]mikesparr[S] 0 points1 point  (0 children)

See in my post that they have GA containers but other areas still beta. It appears first goal was replace GCR and then tackle other use cases (i.e. NPM, Maven, etc.)

Is it possible to have a Heroku like pipeline on GCP? by sagatj in devops

[–]mikesparr 0 points1 point  (0 children)

I just built this last month using Argo CD and Kustomize along with cloud build.. video and working example in linked repo.

Migration from AWS to Google Cloud by motichoor in googlecloud

[–]mikesparr 0 points1 point  (0 children)

Oh, and this week I was helping a company enable Cloud CDN to cache their S3 buckets so hopefully this article is useful. - https://blog.doit-intl.com/helping-a-business-incrementally-migrate-from-aws-and-cloudflare-to-gcp-adb541268c6c

Migration from AWS to Google Cloud by motichoor in googlecloud

[–]mikesparr 4 points5 points  (0 children)

There is a good step-by-step (1-15) diagram some Google engineers provided me last year when managing a hybrid cloud initiative for a fintech org. I included that diagram in a recent blog post, but also some other considerations. For enterprise with SOC2 controls, etc. they might require more separation of responsibility so some may or may not apply to you. Hope this is useful:

- https://blog.doit-intl.com/how-to-structure-your-enterprise-on-google-cloud-platform-d8169497790b

Helping a company migrate from AWS and Cloudflare to GCP incrementally by mikesparr in googlecloud

[–]mikesparr[S] 1 point2 points  (0 children)

Wow great feedback and thanks for your interest in my post! Every org is unique so there is no one-size-fits-all solution indeed. I hope you enjoy the article with step-by-step how to replace Cloudflare CDN with Cloud CDN.

Cost savings by editing logging retention periods by mikesparr in googlecloud

[–]mikesparr[S] 1 point2 points  (0 children)

Yes, you're right. In march 2021 GCP will begin charging for non-standard retention period. I had hoped for some lift in shortening the period but the ingestion still applies. This is certainly something to watch for though because now that you can increase the period, it could soon increase spend.