Cloud & Networking
Reader small image

You're reading from  Secure Continuous Delivery on Google Cloud

Product typeBook
Published inApr 2024
PublisherPackt
ISBN-139781805129288
Edition1st Edition
Concepts
DevOps
Right arrow
Authors (3):
Giovanni Galloro
Giovanni Galloro
author image
Giovanni Galloro

Giovanni Galloro has been working at Google since 2017 as a customer engineer specializing in container-based runtimes, DevOps tools, and application networking. He works with multiple organizations across EMEA, helping them to leverage these capabilities and improve their software delivery practices. Giovanni is a community ambassador for the Continuous Delivery Foundation and is a frequent speaker at developer conferences. Before Google, he worked at Microsoft, Red Hat, VMware, and HP, following the evolution of application platforms over the past 20 years.
Read more about Giovanni Galloro

Nathaniel Avery
Nathaniel Avery
author image
Nathaniel Avery

Nathaniel Avery works at Google as an outbound product manager for the Google Cloud Application Ecosystem group, specializing in DevOps tools, and has spoken to many Fortune 500 companies about DevOps tooling solutions. Before joining Google, Nate spent more than 20 years in IT designing, planning, and implementing complex systems, integrating custom-built and COTS applications for federal government customers. Currently, he's working on better ways to build and use cloud resources to help customers deliver better products, safely and securely, without sacrificing velocity.
Read more about Nathaniel Avery

David Dorbin
David Dorbin
author image
David Dorbin

David Dorbin has been a technical writer for more than three decades. He's been with Google for more than a dozen years, documenting payment applications, internal tools, and Google Cloud DevOps products. Before Google, he worked with numerous start-ups and established companies, documenting technologies in payment processing, digital publishing and rights management, consumer electronics, and cryptography for financial institutions. In his free time, Dave enjoys playing bass and banjolele (but never at the same time), or doing more damage to his Achilles' heel on the streets and trails of northern New Jersey.
Read more about David Dorbin

View More author details
Right arrow

Securing Your Code with Cloud Workstations

Cloud workstations are fully managed developer workstations hosted on Google Cloud. Cloud engineers or administrators can centrally create, manage, and update these workstations and make them accessible to developers from any device.

In this chapter, we describe how an administrator can preconfigure Cloud workstations, and how developers can use them to work on their code using their preferred IDE.

This chapter includes the following sections:

  • Introduction to Cloud Workstations
  • Configuring workstations for developers
  • Customizing Cloud workstations
  • Coding in Cloud Workstations

Technical requirements

To perform the tasks in this chapter, you need a Google Cloud project with billing or a free trial enabled. You can reuse the project you created in Chapter 2. In this case, you need to enable the Cloud Workstations API, in addition to the APIs you already enabled.

Your Google account needs the Cloud Workstations Admin or Project Editor role in that project, which you should have from following the instructions in the previous chapters.

The code used in this chapter is available in the ch4 folder of the book repository: https://github.com/PacktPublishing/Secure-Continuous-Delivery-on-Google-Cloud/tree/main/ch4.

Introduction to Cloud Workstations

Administrators create and configure Cloud workstations using the Google Cloud console, Google Cloud SDK, or Cloud Workstations API. Developers access their workstations remotely through a web browser or other means, as described in this chapter. With this approach, developers can be productive quickly, access pre-assembled environments for their language of choice, and have enough horsepower when they need it, while at the same time, operators can provide secure and consistent environments.

To start, let’s take a look at the components of the Cloud Workstations service.

Cloud Workstations architecture

The main architectural components of Cloud Workstations are as follows:

  • Workstations are backed by Compute Engine VM instances running in your project and your VPC.

    The creation, life cycle, and software deployment for these VMs are managed by a component called a controller. Software inside Cloud Workstation VMs is deployed in...

Configuring workstations for developers

In this section, you’ll learn how to create and configure workstations for developers. There are three main steps:

  1. Create a workstation cluster.
  2. Create two workstation configurations, with common settings for two different developer teams.
  3. Create one or more workstations.

Let’s start with the first step, which is creating the workstation cluster.

Creating a workstation cluster

In this section, you will see how to create a workstation cluster:

  1. To start creating a cluster, go to the Google Cloud Console menu, and select Cloud Workstations | Cluster management and click on + CREATE.
  2. Type a cluster name in the Name field. For the name selection, consider that clusters define a group of workstations in a particular region, the VPC network they’re attached to, and whether they’re accessible from the internet (public gateway) or only from the VPC network they are attached to (private...

Customizing Cloud Workstations

Because software in Cloud Workstations is deployed in container images, an effective way to customize workstations, while centrally managing, updating, and protecting them from vulnerabilities, is to create custom container images with the software and configurations that the users need, using one of the preconfigured images as the base image.

Creating a custom image and workstation configuration

In this section, you’ll create a custom container image for Java developers, starting from the base editor preconfigured image, and then create another workstation configuration to use it. The configuration will include Maven and some Java extensions for VS Code.

To do this, you need a machine that can build container images, such as Docker, and that can push images to the Artifact Registry. For convenience, you can use Cloud Code for Cloud Shell, as described in Chapter 3, which has Docker already configured to authenticate to your existing Artifact...

Coding on Cloud Workstations

You now have several workstation configurations and workstations, including one with a custom container image for Java development. Now, let’s find out how to use them.

In this section, you’ll learn how a developer connects to and uses Cloud Workstations. We include instructions for accessing a workstation that uses the base editor and instructions for accessing a workstation that uses the JetBrains IntelliJ IDE.

The following sections describe how to access a workstation that uses the base editor and a workstation that uses the JetBrains IntelliJ IDE.

Accessing a Cloud workstation configured with the base editor

The following steps describe how to launch a workstation configured to use the base editor:

  1. In the Google Cloud console, select Cloud Workstations | Workstations.
  2. Under My workstations, click Launch in the java-tools-wks workstation. This is the workstation you customized before, still based on the Code-OSS...

Cleaning up

The workstations you created will shut down automatically after the idle time passes (2 hours). To avoid incurring additional costs, you can delete your workstations, workstation configurations, and workstation clusters following the instructions on this documentation page: https://cloud.google.com/workstations/docs/delete-resources.

Summary

You’ve seen how you can configure Cloud Workstations centrally, using Google-provided base images or customizing it for specific developers’ needs. You’ve also learned how developers can access and use Cloud Workstations using a web browser or the JetBrains Gateway. You’re now ready to use a Cloud workstation for yourself or create and centrally configure and manage a fleet of workstations for your development team or teams.

In the next chapter, you will see how to automate continuous integration tasks with Cloud Build.

lock icon
The rest of the chapter is locked
Previous Chapter
Chapter 6 of 19
Next Chapter
You have been reading a chapter from
Secure Continuous Delivery on Google Cloud
Published in: Apr 2024Publisher: PacktISBN-13: 9781805129288
© 2024 Packt Publishing Limited All Rights Reserved
Register for a free Packt account to unlock a world of extra content!
A free Packt account unlocks extra newsletters, articles, discounted offers, and much more. Start advancing your knowledge today.
Sign up now
undefined
Unlock this book and the full library FREE for 7 days
Get unlimited access to 7000+ expert-authored eBooks and videos courses covering every tech area you can think of
Start free trial
Renews at $15.99/month. Cancel anytime

Authors (3)

author image
Giovanni Galloro

Giovanni Galloro has been working at Google since 2017 as a customer engineer specializing in container-based runtimes, DevOps tools, and application networking. He works with multiple organizations across EMEA, helping them to leverage these capabilities and improve their software delivery practices. Giovanni is a community ambassador for the Continuous Delivery Foundation and is a frequent speaker at developer conferences. Before Google, he worked at Microsoft, Red Hat, VMware, and HP, following the evolution of application platforms over the past 20 years.
Read more about Giovanni Galloro

author image
Nathaniel Avery

Nathaniel Avery works at Google as an outbound product manager for the Google Cloud Application Ecosystem group, specializing in DevOps tools, and has spoken to many Fortune 500 companies about DevOps tooling solutions. Before joining Google, Nate spent more than 20 years in IT designing, planning, and implementing complex systems, integrating custom-built and COTS applications for federal government customers. Currently, he's working on better ways to build and use cloud resources to help customers deliver better products, safely and securely, without sacrificing velocity.
Read more about Nathaniel Avery

author image
David Dorbin

David Dorbin has been a technical writer for more than three decades. He's been with Google for more than a dozen years, documenting payment applications, internal tools, and Google Cloud DevOps products. Before Google, he worked with numerous start-ups and established companies, documenting technologies in payment processing, digital publishing and rights management, consumer electronics, and cryptography for financial institutions. In his free time, Dave enjoys playing bass and banjolele (but never at the same time), or doing more damage to his Achilles' heel on the streets and trails of northern New Jersey.
Read more about David Dorbin

Personalised recommendations for you

Based on your interests and search pattern

Designing and Implementing Microsoft Azure Networking Solutions

Designing and Implementing Microsoft Azure Networking Solutions

Designing and Implementing Microsoft Azure Networking Solutions Exam Ref AZ-700 is an all-encompassing guide to the AZ-700 exam and contains all the information you need to succeed in the world of virtual networking with Azure. With this book, you will be fully prepared for the exam and the world of cloud networking.

BookAug 2023524 pages
Microsoft 365 Security, Compliance, and Identity Administration

Microsoft 365 Security, Compliance, and Identity Administration

The Microsoft 365 Security, Compliance, and Identity Administration is a comprehensive guide that helps you employ Microsoft 365's robust suite of features and empowers you to optimize your administrative tasks.

BookAug 2023630 pages
Zero Trust Overview and Playbook Introduction

Zero Trust Overview and Playbook Introduction

Get started on Zero Trust with this step-by-step playbook and learn everything you need to know for a successful Zero Trust journey with tailored guidance for every role, covering strategy, operations, architecture, implementation, and measuring success. This book will become an indispensable reference for everyone in your organization.

BookOct 2023240 pages
The Self-Taught Cloud Computing Engineer

The Self-Taught Cloud Computing Engineer

This self-study book helps you master multiple clouds, including AWS, Azure, and GCP, and serves as a roadmap to becoming a certified cloud computing expert. The book will guide you to develop a professional cloud career by helping you build a broad cloud knowledge base, developing hands-on cloud computing skills, and getting cloud certified.

BookSep 2023472 pages
Technology Operating Models for Cloud and Edge

Technology Operating Models for Cloud and Edge

This book will help you build and create ownership of a technology operating model, as well as connect your leadership with engineering and operations, keeping your internal and external customers in mind. It provides practical tips on why, where, and how to make the cloud and edge platform paradigm sing for you, your team, and your organization.

BookAug 2023228 pages
Azure Architecture Explained

Azure Architecture Explained

Azure is the preferred platform to build mission-critical and secure apps. This book provides comprehensive coverage of essential Azure products, services, and solutions vital for every solution architect's success. Elevate your knowledge and master the critical components of Azure to excel in your role with Azure Architecture Explained.

BookSep 2023446 pages
Pentesting Active Directory and Windows-based Infrastructure

Pentesting Active Directory and Windows-based Infrastructure

This practical guide helps you explore the pentesting of Microsoft infrastructure in detail, and enhances your offensive skillset by showing you the different ways to perform security assessment. This book will help blue teamers and IT engineers get up to speed with possible security issues they may encounter in their Windows environments.

BookNov 2023360 pages
Practical Ansible

Practical Ansible

In Practical Ansible, you'll work with the latest release of Ansible and learn to solve complex issues quickly with the help of task-oriented scenarios. You'll start by installing and configuring Ansible to automate monotonous and repetitive IT tasks and get to grips with concepts such as playbooks, inventories, plugins, collections, and network modules.

BookSep 2023420 pages
Windows 11 for Enterprise Administrators

Windows 11 for Enterprise Administrators

Microsoft’s launch of Windows 11 is a step toward satisfying the enterprise administrator’s needs for better management and enhanced user experience customization. This book provides the enterprise administrator with the knowledge needed to fully utilize the advanced feature set of Windows 11 Enterprise.

BookOct 2023286 pages
The Linux DevOps Handbook

The Linux DevOps Handbook

This book is for software and IT professionals seeking knowledge on Linux systems and DevOps practices. This book will provide you with guidance and tools to learn and gain proficiency in managing Linux-based infrastructures and knowledge of DevOps.

BookNov 2023428 pages2