Google Compute Engine

Google Compute Engine (GCE) is an Infrastructure as a Service (IaaS) component of Google Cloud Platform that allows users to create and manage virtual machines (VMs) on demand. It provides scalable, high-performance VMs that run on Google’s infrastructure.

1. Enabling GCE API

Before creating a GCE instance, the Compute Engine API must be enabled. This can be done manually or via Infrastructure as Code (IaC) tools. Enabling the API is a prerequisite for provisioning and managing VM instances.

2. Creating a Virtual Machine Instance

When configuring a new GCE VM instance, several parameters must be specified:

A. Machine Configuration

Machine Type: Choose from predefined (e2, n1, n2, etc.) or custom machine types with specific vCPU and RAM.
OS Image and Boot Disk:
- Choose OS (Debian, Ubuntu, Red Hat, Windows, etc.)
- Boot disk type: Standard persistent disk (PD), SSD PD, or balanced PD.
- Optionally deploy container images (e.g., Docker images) directly.

B. Networking Configuration

Allow HTTP/HTTPS Traffic: Enable firewalls to permit incoming web traffic.
Load Balancer Health Check: Required for backends in load balancing.
IP Forwarding: Enable if the VM will act as a NAT gateway or VPN endpoint.
Network Bandwidth: Optional; controls egress throughput.
Network Interfaces: Define subnet, IP ranges, and tags for routing/firewall rules.

C. Observability (Monitoring and Logging)

Install Ops Agent: For system metrics and logs ingestion into Cloud Monitoring and Cloud Logging.
Enable Display Device: For GUI-based interaction (mostly for Windows VMs).

D. Security Settings

Access Scopes: Define access level for default service account (default/full/custom per API).
Shielded VM Options: Protect against rootkit and bootkit attacks (secure boot, vTPM, integrity monitoring).

E. Advanced Options

Deletion Protection: Prevent accidental deletions.
Reservations: Use capacity reservations for guaranteed availability.
Startup Scripts: Execute commands at boot time (e.g., software install).
Metadata: Pass custom metadata or scripts.
Encryption: Use Google-managed keys or customer-supplied keys (CSEK/CMEK).
Provisioning Model: Choose between standard, spot, or preemptible instances.

F. Sole Tenancy

Host your VM on dedicated physical machines, useful for licensing or isolation purposes.

3. “Equivalent Code” Option

This generates the corresponding gcloud CLI command or Terraform code for the selected configuration, facilitating automation or reproducibility.

4. Static and Dynamic IP Addressing

Internal IP:

Always assigned, used for intra-VPC communication.

External IP:

Ephemeral IP: Assigned temporarily; changes on VM restart.
Static IP: Reserved and fixed; useful for DNS mapping or persistent public access.

Reserving a Static IP:

Select network service tier (Standard or Premium).
Choose IP version (IPv4 or IPv6).
Decide on scope: Regional (for GCE) or Global (for load balancers).
Attach it to the VM from the reserved list.
Note: Static IPs are billed even when not in use.

5. VM Creation Methods

Startup Script:
- Run shell or PowerShell scripts at boot time.
Instance Template:
- Predefined configuration template to deploy uniform VMs.
- Immutable after creation (clone and modify to change).
Custom Image:
- Snapshot of an existing configured VM.
- Useful for replicating pre-installed software environments.

6. Sole-Tenant Nodes

A Sole-Tenant Node is a physical machine dedicated to a single tenant. Recommended for:

Compliance requirements
Workloads requiring licensing isolation

Steps to Configure:

Create Node Group: Define region, zone, and node group name.
Create Node Template:
- Node type, SSD configuration, GPU acceleration (e.g., NVIDIA T4)
- CPU overcommit options
- Affinity labels for scheduling control
Auto Scaling: Configure scale-out or fixed number of nodes.
Maintenance Policy: Decide live migration or VM restart behavior.
Sharing Policy: Share nodes across projects or services if needed.

7. VM Manager

Useful for managing large-scale VM fleets:

OS Patch Management: Schedule and enforce OS patches across VMs.
OS Configuration Management: Apply consistent settings like SSH access, packages, and services.

8. Instance Groups

GCP provides two types:

A. Managed Instance Group (MIG)

Identical instances created from an instance template.
Supports:
- Auto-healing (health check based)
- Auto-scaling (based on load)
- Rolling updates and version control
- Canary deployments

MIG Creation Requires:

Instance template
Auto-scaling policy:
- Metrics (CPU, Load Balancer, etc.)
- Cooldown period
- Min/Max instance limits
- Scale-in control
Health check for auto-healing

B. Unmanaged Instance Group

Heterogeneous VM instances.
No auto-scaling or auto-healing.
Deprecated for production workloads; useful for grouping unrelated VMs.

Additional Notes

Project Settings: Every resource is part of a GCP project.
Billing: Each project must be linked to a billing account.
IAM Permissions: Role-based access control is critical for team environments.
API Enablement: Compute Engine API must be enabled for all operations.

1. Enabling GCE API​

2. Creating a Virtual Machine Instance​

A. Machine Configuration​

B. Networking Configuration​

C. Observability (Monitoring and Logging)​

D. Security Settings​

E. Advanced Options​

F. Sole Tenancy​

3. “Equivalent Code” Option​

4. Static and Dynamic IP Addressing​

Internal IP:​

External IP:​

Reserving a Static IP:​

5. VM Creation Methods​

6. Sole-Tenant Nodes​

Steps to Configure:​

7. VM Manager​

8. Instance Groups​

A. Managed Instance Group (MIG)​

MIG Creation Requires:​

B. Unmanaged Instance Group​

Additional Notes​