google-cloud
Compare original and translation side by side
🇺🇸
Original
English🇨🇳
Translation
ChineseGoogle Cloud Platform (GCP)
Google Cloud Platform (GCP)
Core Capabilities
核心能力
Provides expert guidance for Google Cloud Platform across all major services:
- Compute Services - Compute Engine (VMs), Cloud Run, Cloud Functions, App Engine
- Container & Kubernetes - Google Kubernetes Engine (GKE), Artifact Registry, Cloud Build
- Storage Services - Cloud Storage (buckets), Persistent Disk, Filestore
- Database Services - Cloud SQL, Cloud Spanner, Firestore, Bigtable, Memorystore
- Data & Analytics - BigQuery, Dataflow, Dataproc, Pub/Sub, Composer
- Networking - VPC, Cloud Load Balancing, Cloud CDN, Cloud Armor, Cloud Interconnect
- Security & IAM - Identity and Access Management, Secret Manager, Cloud KMS, Security Command Center
- Infrastructure as Code - Terraform Google provider, Deployment Manager, Config Connector
提供针对Google Cloud Platform所有主要服务的专业指导:
- 计算服务 - Compute Engine(虚拟机)、Cloud Run、Cloud Functions、App Engine
- 容器与Kubernetes - Google Kubernetes Engine (GKE)、Artifact Registry、Cloud Build
- 存储服务 - Cloud Storage(存储桶)、持久磁盘、Filestore
- 数据库服务 - Cloud SQL、Cloud Spanner、Firestore、Bigtable、Memorystore
- 数据与分析 - BigQuery、Dataflow、Dataproc、Pub/Sub、Composer
- 网络服务 - VPC、Cloud Load Balancing、Cloud CDN、Cloud Armor、Cloud Interconnect
- 安全与IAM - 身份与访问管理(Identity and Access Management)、Secret Manager、Cloud KMS、安全指挥中心(Security Command Center)
- 基础设施即代码 - Terraform Google提供商、Deployment Manager、Config Connector
Key Principles
关键原则
General Best Practices
通用最佳实践
- Follow least privilege - Use IAM roles with minimal required permissions
- Enable monitoring - Configure Cloud Monitoring and Logging for all services
- Use managed services - Prefer GKE Autopilot, Cloud SQL, Cloud Run over self-managed
- Implement IaC - Use Terraform or Deployment Manager for reproducible infrastructure
- Tag resources - Apply labels for cost allocation and organization
- Design for HA - Use regional resources and multi-zone deployments
- Secure by default - Enable encryption, use private IPs, configure VPC Service Controls
- Optimize costs - Use committed use discounts, autoscaling, and appropriate resource sizing
- 遵循最小权限原则 - 使用仅包含必要权限的IAM角色
- 启用监控 - 为所有服务配置Cloud Monitoring和Logging
- 使用托管服务 - 优先选择GKE Autopilot、Cloud SQL、Cloud Run而非自托管服务
- 实施IaC - 使用Terraform或Deployment Manager实现可重复的基础设施
- 标记资源 - 应用标签用于成本分配和资源组织
- 设计高可用性架构 - 使用区域资源和多区域部署
- 默认安全配置 - 启用加密、使用私有IP、配置VPC Service Controls
- 优化成本 - 使用承诺使用折扣、自动扩缩容和合适的资源规格
Architecture Patterns
架构模式
- Multi-tier applications: VPC + Cloud Load Balancer + GKE/Cloud Run + Cloud SQL
- Data pipelines: Pub/Sub → Dataflow → BigQuery with Cloud Storage staging
- Serverless APIs: Cloud Run + Cloud SQL + Secret Manager + Cloud Armor
- Hybrid connectivity: VPN or Cloud Interconnect + Shared VPC + Private Google Access
- 多层应用:VPC + Cloud Load Balancer + GKE/Cloud Run + Cloud SQL
- 数据管道:Pub/Sub → Dataflow → BigQuery(搭配Cloud Storage暂存)
- 无服务器API:Cloud Run + Cloud SQL + Secret Manager + Cloud Armor
- 混合连接:VPN或Cloud Interconnect + 共享VPC + 私有Google访问
When to Use What
服务选型指南
- Compute Engine: Full VM control, Windows workloads, lift-and-shift migrations
- GKE: Containerized applications, microservices, Kubernetes workloads
- Cloud Run: Stateless HTTP services, event-driven processing, auto-scaling needs
- Cloud Functions: Event handlers, webhooks, simple integrations
- Cloud SQL: Relational databases with minimal management
- Cloud Spanner: Global distributed SQL, strong consistency across regions
- BigQuery: Data warehouse, analytics, large-scale SQL queries
- Firestore: Document database, real-time sync, mobile/web apps
- Compute Engine:需要完全虚拟机控制权、Windows工作负载、直接迁移(lift-and-shift)场景
- GKE:容器化应用、微服务、Kubernetes工作负载
- Cloud Run:无状态HTTP服务、事件驱动处理、自动扩缩容需求
- Cloud Functions:事件处理程序、Webhook、简单集成场景
- Cloud SQL:需要最少管理的关系型数据库
- Cloud Spanner:全球分布式SQL、跨区域强一致性
- BigQuery:数据仓库、数据分析、大规模SQL查询
- Firestore:文档型数据库、实时同步、移动/网页应用
Detailed References
详细参考文档
Load reference files based on specific needs:
-
Compute Services: See compute-services.md for:
- Compute Engine machine types and selection guide
- Managed instance groups and autoscaling
- Custom images and startup scripts
- Preemptible VMs and spot instances
-
Container Orchestration: See container-orchestration.md for:
- GKE cluster setup and configuration
- Autopilot vs Standard mode comparison
- Node pool management and scaling
- Workload identity and service accounts
- GKE Ingress and Gateway API
-
Storage Solutions: See storage-solutions.md for:
- Cloud Storage bucket configuration
- Storage class selection and lifecycle policies
- Persistent disk types and performance
- Filestore for shared file systems
-
Database Services: See database-services.md for:
- Cloud SQL instance configuration
- Cloud Spanner for global databases
- Firestore data modeling
- Bigtable for large-scale NoSQL
- Memorystore for Redis/Memcached
-
Data & Analytics: See data-analytics.md for:
- BigQuery table design and optimization
- Dataflow streaming and batch pipelines
- Pub/Sub messaging patterns
- Cloud Composer (Airflow) workflows
- Data governance and security
-
Networking Architecture: See networking-architecture.md for:
- VPC design patterns and subnet planning
- Cloud Load Balancing configuration
- Cloud CDN and Cloud Armor setup
- VPN and Cloud Interconnect
- Shared VPC and peering
-
Serverless Computing: See serverless-computing.md for:
- Cloud Functions deployment and triggers
- Cloud Run service configuration
- App Engine standard and flexible
- Event-driven architectures
- Cold start optimization
-
Security & IAM: See security-iam.md for:
- IAM roles and service accounts
- Organization policies and constraints
- VPC Service Controls
- Secret Manager integration
- Cloud KMS encryption
- Security Command Center alerts
-
Infrastructure as Code: See infrastructure-as-code.md for:
- Terraform Google provider patterns
- Deployment Manager templates
- Config Connector for GKE
- CI/CD with Cloud Build
- State management best practices
-
Migration to GCP: See migration-to-gcp.md for:
- Migration planning and assessment
- Migrate for Compute Engine (Velostrata)
- Database migration service
- Storage transfer service
- Cutover strategies and validation
-
Monitoring & Logging: See monitoring-logging.md for:
- Cloud Monitoring setup and metrics
- Cloud Logging configuration
- Log-based alerts and metrics
- Cloud Trace for distributed tracing
- Cloud Profiler for performance
- Dashboards and SLO monitoring
-
CI/CD Pipeline: See cicd-pipeline.md for:
- Cloud Build configuration
- Artifact Registry for containers
- Deployment to GKE, Cloud Run, App Engine
- Binary Authorization for security
- Integration with GitHub, GitLab
-
Cost Management: See cost-management.md for:
- Billing reports and cost allocation
- Budget alerts and quotas
- Committed use discounts planning
- Resource optimization strategies
- Cost anomaly detection
-
Multi-Region Architecture: See multi-region-architecture.md for:
- Global load balancing patterns
- Multi-region database replication
- Cross-region data transfer
- Disaster recovery strategies
- Regional failover setup
-
Hybrid & Multi-Cloud: See hybrid-multi-cloud.md for:
- Anthos for hybrid Kubernetes
- Cloud Interconnect and VPN
- Multi-cloud networking patterns
- Workload migration strategies
- Identity federation
-
GCP CLI & Tools: See gcp-cli-tools.md for:
- gcloud CLI installation and configuration
- Common gcloud commands
- Cloud Shell usage
- gsutil for Cloud Storage
- bq for BigQuery operations
- kubectl for GKE management
根据具体需求加载参考文件:
-
计算服务:查看compute-services.md获取:
- Compute Engine实例类型及选择指南
- 托管实例组与自动扩缩容
- 自定义镜像与启动脚本
- 抢占式VM和Spot实例
-
容器编排:查看container-orchestration.md获取:
- GKE集群搭建与配置
- Autopilot与Standard模式对比
- 节点池管理与扩缩容
- 工作负载身份与服务账号
- GKE Ingress与Gateway API
-
存储解决方案:查看storage-solutions.md获取:
- Cloud Storage存储桶配置
- 存储类别选择与生命周期策略
- 持久磁盘类型与性能
- 用于共享文件系统的Filestore
-
数据库服务:查看database-services.md获取:
- Cloud SQL实例配置
- 用于全球数据库的Cloud Spanner
- Firestore数据建模
- 用于大规模NoSQL的Bigtable
- 用于Redis/Memcached的Memorystore
-
数据与分析:查看data-analytics.md获取:
- BigQuery表设计与优化
- Dataflow流处理与批处理管道
- Pub/Sub消息模式
- Cloud Composer(Airflow)工作流
- 数据治理与安全
-
网络架构:查看networking-architecture.md获取:
- VPC设计模式与子网规划
- Cloud Load Balancing配置
- Cloud CDN与Cloud Armor搭建
- VPN与Cloud Interconnect
- 共享VPC与对等连接
-
无服务器计算:查看serverless-computing.md获取:
- Cloud Functions部署与触发器
- Cloud Run服务配置
- App Engine标准环境与灵活环境
- 事件驱动架构
- 冷启动优化
-
安全与IAM:查看security-iam.md获取:
- IAM角色与服务账号
- 组织策略与约束
- VPC Service Controls
- Secret Manager集成
- Cloud KMS加密
- 安全指挥中心告警
-
基础设施即代码:查看infrastructure-as-code.md获取:
- Terraform Google提供商模式
- Deployment Manager模板
- 用于GKE的Config Connector
- 搭配Cloud Build的CI/CD
- 状态管理最佳实践
-
迁移至GCP:查看migration-to-gcp.md获取:
- 迁移规划与评估
- Compute Engine迁移工具(Velostrata)
- 数据库迁移服务
- 存储迁移服务
- 切换策略与验证
-
监控与日志:查看monitoring-logging.md获取:
- Cloud Monitoring搭建与指标配置
- Cloud Logging配置
- 基于日志的告警与指标
- 用于分布式追踪的Cloud Trace
- 用于性能分析的Cloud Profiler
- 仪表板与SLO监控
-
CI/CD流水线:查看cicd-pipeline.md获取:
- Cloud Build配置
- 用于容器的Artifact Registry
- 部署至GKE、Cloud Run、App Engine
- 用于安全的Binary Authorization
- 与GitHub、GitLab集成
-
成本管理:查看cost-management.md获取:
- 账单报告与成本分配
- 预算告警与配额
- 承诺使用折扣规划
- 资源优化策略
- 成本异常检测
-
多区域架构:查看multi-region-architecture.md获取:
- 全球负载均衡模式
- 多区域数据库复制
- 跨区域数据传输
- 灾难恢复策略
- 区域故障转移搭建
-
混合与多云:查看hybrid-multi-cloud.md获取:
- 用于混合Kubernetes的Anthos
- Cloud Interconnect与VPN
- 多云网络模式
- 工作负载迁移策略
- 身份联合
-
GCP CLI与工具:查看gcp-cli-tools.md获取:
- gcloud CLI安装与配置
- 常用gcloud命令
- Cloud Shell使用方法
- 用于Cloud Storage的gsutil
- 用于BigQuery操作的bq
- 用于GKE管理的kubectl