CODEX

The Google Cloud Speech API enables easy integration of Google speech recognition technologies into developer applications. The Speech API allows you to send audio and receive a text transcription from the service (see What is the Google Cloud Speech API? for more information).

Create an API Key

Since you’ll be using curl to send a request to the Speech API, you'll need to generate an API key to pass in our request URL.

To create an API key, click Navigation menu > APIs & services > Credentials:


CODEX

Cloud Natural Language API lets you extract information about people, places, events, (and more) mentioned in text documents, news articles, or blog posts. You can use it to understand sentiment about your product on social media, or parse intent from customer conversations happening in a call center or a messaging app. You can even upload text documents for analysis.

Cloud Natural Language API features

Syntax Analysis: Extract tokens and sentences, identify parts of speech (PoS) and create dependency parse trees for each sentence.

Entity Recognition: Identify entities and label by types such as person, organization, location, events, products and media.

Sentiment Analysis: Understand the overall…


CODEX

GCP packs its Spark and Hadoop together and named it Cloud DataProc.

Operations that used to take hours or days take seconds or minutes instead. Create Cloud Dataproc clusters quickly and resize them at any time, so you don’t have to worry about your data pipelines outgrowing your clusters.

This tutorial shows you how to use gcloud on the Google Cloud to create a Google Cloud Dataproc cluster, run a simple Apache Spark job in the cluster, then modify the number of workers in the cluster.

Create a cluster

In Cloud Shell, run the following command to set the Region:

gcloud config set…


CODEX

A Virtual Private Cloud (VPC) network is a virtual version of a physical network, implemented inside of Google’s production network, using Andromeda. A VPC network provides the following:

Projects can contain multiple VPC…


CODEX

SQL (Structured Query Language) is a standard language for data operations that allows you to ask questions and get insights from structured datasets. It’s commonly used in database management and allows you to perform tasks like transaction record writing into relational databases and petabyte-scale data analysis.

Below, you will learn how to:

  • Distinguish databases from tables and projects.
  • Use the SELECT, FROM, and WHERE keywords to construct simple queries.
  • Identify the different components and hierarchies within the BigQuery console.
  • Load databases and tables into BigQuery.
  • Execute simple queries on tables.
  • Learn about the COUNT, GROUP BY, AS, and ORDER BY


CODEX

This tutorial demonstrates some of the security concerns of a default GKE cluster configuration and the corresponding hardening measures to prevent multiple paths of pod escape and cluster privilege escalation. These attack paths are relevant in the following scenarios:

  1. An application flaw in an external facing pod that allows for Server-Side Request Forgery (SSRF) attacks.
  2. A fully compromised container inside a pod allowing for Remote Command Execution (RCE).
  3. A malicious internal user or an attacker with a set of compromised internal user credentials with the ability to create/update a pod in a given namespace.

This lab was created by GKE…


CODEX

When configuring security, applications should be granted the smallest set of privileges that still allows them to operate correctly. When applications have more privileges than they need, they are more dangerous when compromised. In a Kubernetes cluster, these privileges can be grouped into the following broad levels:

  • Host access: describes what permissions an application has on it’s host node, outside of its container. This is controlled via Pod and Container security contexts, as well as app armor profiles.
  • Network access: describes what other resources or workloads an application can access via the network. This is controlled with NetworkPolicies.
  • Kubernetes API…


CODEX

One of the key security concerns for running Kubernetes clusters is knowing what container images are running inside each pod and being able to account for their origin. Establishing “container provenance” means having the ability to trace the source of a container to a trusted point of origin and ensuring your organization follows the desired processes during artifact (container) creation.

Some of the key concerns are:

  • Safe Origin — How do you ensure that all container images running in the cluster come from an approved source?
  • Consistency and Validation — How do you ensure that all desired validation steps were…


CODEX

While role-based access control (RBAC) resource definitions are standard across all Kubernetes platforms, their interaction with underlying authentication and authorization providers needs to be understood when building on any cloud provider.

RBAC is a powerful security mechanism that provides great flexibility in how you restrict operations within a cluster. In this tutorial you will learn:

  1. Assigning different permissions to user personas, namely owners and auditors.
  2. Granting limited API access to an application running within your cluster.

Architecture

You will provision two service accounts to represent user personas and three namespaces: dev, test, and prod. The “owner” persona will have read-write access…


CODEX

The Principle of Least Privilege is widely recognized as an important design consideration in enhancing the protection of critical systems from faults and malicious behavior. It suggests that every component must be able to access only the information and resources that are necessary for its legitimate purpose. This document demonstrates how the Principle of Least Privilege can be implemented within the Kubernetes Engine network layer.

Network connections can be restricted at two tiers of your Kubernetes Engine infrastructure. The first, and coarser grained, mechanism is the application of Firewall Rules at the Network, Subnetwork, and Host levels. …

Ryle Zhou

Studying Computer Science at Stanford University. Love writing articles to benefit everyone who wants to learn.

Get the Medium app

A button that says 'Download on the App Store', and if clicked it will lead you to the iOS App store
A button that says 'Get it on, Google Play', and if clicked it will lead you to the Google Play store