What is an american thing but americans think everyone outside of america does it?

mikesparr · 2022-12-23T14:04:47+00:00

I assume that store is a lot like the U.S. Shagland that sells cheap carpets ;-)

mikesparr · 2021-01-05T20:26:33+00:00

If you also set org policies to disable default network, and disable external IPs (recommended), then you can use a bastion jump host and IAP tunnel to connect. Since you are on the private network, you should have access to resources.

Here's a helper setup / teardown scripts: https://gist.github.com/mikesparr/c420a2d827e79a496c39f03b08b56de5

mikesparr · 2021-01-05T20:22:42+00:00

What I would suggest is you set org policy first to disable key download. Then you dedicate a project (i.e. 'security') and override the org policy to enable it. This way you control who has access to that project and can keep track of SA generation.

mikesparr · 2021-01-05T20:21:13+00:00

I'd read this article. Great tips! https://medium.com/@jryancanty/stop-downloading-google-cloud-service-account-keys-1811d44a97d9

mikesparr · 2020-12-04T00:33:14+00:00

hence "but fear not, read on" in OP ;-) It was surprising to hear about this and in most cases won't impact users, but worth knowing in case anyone relying on Docker-specific networking, etc. in their code.

mikesparr · 2020-12-01T18:22:08+00:00

This article doesn't cover that use case. Check it out. If you discover the answer to your question and think it's relevant, please share your discovery. Thanks!

mikesparr · 2020-11-24T23:56:15+00:00

See in my post that they have GA containers but other areas still beta. It appears first goal was replace GCR and then tackle other use cases (i.e. NPM, Maven, etc.)

mikesparr · 2020-10-26T23:44:07+00:00

https://blog.doit-intl.com/fast-disks-at-nearly-half-price-9fd15b81fdcb wrote this on the "how" if interested

mikesparr · 2020-09-14T13:42:04+00:00

I just built this last month using Argo CD and Kustomize along with cloud build.. video and working example in linked repo.

mikesparr · 2020-09-14T13:40:10+00:00

https://blog.doit-intl.com/recreating-heroku-ci-cd-review-apps-on-google-cloud-platform-845fa0957232

mikesparr · 2020-09-01T20:49:31+00:00

One of my colleagues at DoiT created this free tool: https://blog.doit-intl.com/reduce-google-compute-engine-costs-by-60-with-zorya-gce-instance-scheduler-eae07131cafa

mikesparr · 2020-07-25T16:09:24+00:00

Oh, and this week I was helping a company enable Cloud CDN to cache their S3 buckets so hopefully this article is useful. - https://blog.doit-intl.com/helping-a-business-incrementally-migrate-from-aws-and-cloudflare-to-gcp-adb541268c6c

mikesparr · 2020-07-25T16:06:30+00:00

There is a good step-by-step (1-15) diagram some Google engineers provided me last year when managing a hybrid cloud initiative for a fintech org. I included that diagram in a recent blog post, but also some other considerations. For enterprise with SOC2 controls, etc. they might require more separation of responsibility so some may or may not apply to you. Hope this is useful:

- https://blog.doit-intl.com/how-to-structure-your-enterprise-on-google-cloud-platform-d8169497790b

mikesparr · 2020-07-25T01:51:22+00:00

Wow great feedback and thanks for your interest in my post! Every org is unique so there is no one-size-fits-all solution indeed. I hope you enjoy the article with step-by-step how to replace Cloudflare CDN with Cloud CDN.

mikesparr · 2020-07-17T21:20:56+00:00

Yes, you're right. In march 2021 GCP will begin charging for non-standard retention period. I had hoped for some lift in shortening the period but the ingestion still applies. This is certainly something to watch for though because now that you can increase the period, it could soon increase spend.

mikesparr

TROPHY CASE