CODEX

Cloud Natural Language API lets you extract information about people, places, events, (and more) mentioned in text documents, news articles, or blog posts. You can use it to understand sentiment about your product on social media, or parse intent from customer conversations happening in a call center or a messaging app. You can even upload text documents for analysis.

Cloud Natural Language API features

Syntax Analysis: Extract tokens and sentences, identify parts of speech (PoS) and create dependency parse trees for each sentence.

Entity Recognition: Identify entities and label by types such as person, organization, location, events, products and media.

Sentiment Analysis: Understand the overall…

CODEX

GCP packs its Spark and Hadoop together and named it Cloud DataProc.

Operations that used to take hours or days take seconds or minutes instead. Create Cloud Dataproc clusters quickly and resize them at any time, so you don’t have to worry about your data pipelines outgrowing your clusters.

This tutorial shows you how to use gcloud on the Google Cloud to create a Google Cloud Dataproc cluster, run a simple Apache Spark job in the cluster, then modify the number of workers in the cluster.

Create a cluster

In Cloud Shell, run the following command to set the Region:

gcloud config set…

CODEX

A Virtual Private Cloud (VPC) network is a virtual version of a physical network, implemented inside of Google’s production network, using Andromeda. A VPC network provides the following:

• Provides connectivity for your Compute Engine virtual machine (VM) instances, including Google Kubernetes Engine (GKE) clusters, App Engine flexible environment instances, and other Google Cloud products built on Compute Engine VMs.
• Offers native Internal TCP/UDP Load Balancing and proxy systems for Internal HTTP(S) Load Balancing.
• Connects to on-premises networks using Cloud VPN tunnels and Cloud Interconnect attachments.
• Distributes traffic from Google Cloud external load balancers to backends.

Projects can contain multiple VPC…

CODEX

SQL (Structured Query Language) is a standard language for data operations that allows you to ask questions and get insights from structured datasets. It’s commonly used in database management and allows you to perform tasks like transaction record writing into relational databases and petabyte-scale data analysis.

Below, you will learn how to:

• Distinguish databases from tables and projects.
• Use the SELECT, FROM, and WHERE keywords to construct simple queries.
• Identify the different components and hierarchies within the BigQuery console.
• Load databases and tables into BigQuery.
• Execute simple queries on tables.
• Learn about the COUNT, GROUP BY, AS, and ORDER BY…

CODEX

This tutorial demonstrates some of the security concerns of a default GKE cluster configuration and the corresponding hardening measures to prevent multiple paths of pod escape and cluster privilege escalation. These attack paths are relevant in the following scenarios:

1. An application flaw in an external facing pod that allows for Server-Side Request Forgery (SSRF) attacks.
2. A fully compromised container inside a pod allowing for Remote Command Execution (RCE).
3. A malicious internal user or an attacker with a set of compromised internal user credentials with the ability to create/update a pod in a given namespace.

This lab was created by GKE…

CODEX

When configuring security, applications should be granted the smallest set of privileges that still allows them to operate correctly. When applications have more privileges than they need, they are more dangerous when compromised. In a Kubernetes cluster, these privileges can be grouped into the following broad levels:

• Host access: describes what permissions an application has on it’s host node, outside of its container. This is controlled via Pod and Container security contexts, as well as app armor profiles.
• Network access: describes what other resources or workloads an application can access via the network. This is controlled with NetworkPolicies.
• Kubernetes API…

CODEX

One of the key security concerns for running Kubernetes clusters is knowing what container images are running inside each pod and being able to account for their origin. Establishing “container provenance” means having the ability to trace the source of a container to a trusted point of origin and ensuring your organization follows the desired processes during artifact (container) creation.

Some of the key concerns are:

• Safe Origin — How do you ensure that all container images running in the cluster come from an approved source?
• Consistency and Validation — How do you ensure that all desired validation steps were…

CODEX

While role-based access control (RBAC) resource definitions are standard across all Kubernetes platforms, their interaction with underlying authentication and authorization providers needs to be understood when building on any cloud provider.

RBAC is a powerful security mechanism that provides great flexibility in how you restrict operations within a cluster. In this tutorial you will learn:

1. Assigning different permissions to user personas, namely owners and auditors.
2. Granting limited API access to an application running within your cluster.

Architecture

You will provision two service accounts to represent user personas and three namespaces: dev, test, and prod. The “owner” persona will have read-write access…