JT
JT Exams
Log inStart Free Trial
Google CloudProfessional Cloud Developer

Google Professional Cloud Developer: Building Cloud-Native Applications

The Google Professional Cloud Developer exam tests your ability to build and deploy scalable, secure, cloud-native applications on Google Cloud. Unlike infrastructure certifications, this one goes deep on application code patterns, managed services for developers, CI/CD pipelines, and observability — the kind of knowledge that separates a developer who uses GCP from one who actually knows it.

13 min
4 sections · 6 exam key points

Cloud-Native Application Design Patterns

Cloud-native applications are designed around the 12-factor methodology: codebase in version control, explicit dependencies, config in environment, backing services as attached resources, separate build/release/run stages, stateless processes, port binding, concurrency via process model, disposability (fast startup, graceful shutdown), dev/prod parity, logs as event streams, admin processes as one-off tasks. Microservices on GCP: Cloud Run (serverless containers, request-driven scaling), GKE (managed Kubernetes for complex workloads), App Engine (fully managed, language-specific runtimes). Service communication: REST over HTTP/S (Cloud Endpoints + OpenAPI), gRPC (Protocol Buffers, bidirectional streaming), Pub/Sub (async messaging for decoupling services).

Data and Storage Services

Choosing the right storage: Firestore (document DB, real-time sync, serverless, for user-facing data with flexible schema), Cloud Spanner (horizontally scalable relational DB with global ACID transactions, for financial or inventory systems), Bigtable (wide-column, time-series and IoT workloads at petabyte scale), Cloud SQL (managed PostgreSQL/MySQL/SQL Server for existing relational workloads), Memorystore (managed Redis/Memcached for caching). Cloud Storage: object storage with four storage classes (Standard, Nearline, Coldline, Archive) for cost optimisation. Object lifecycle management automates transitions between classes. Signed URLs grant time-limited access to private objects — generated server-side and passed to clients for direct upload/download.

CI/CD and Developer Tooling

Cloud Build: managed CI/CD with cloudbuild.yaml steps. Each step is a container that runs a command — flexibility to use any tool. Triggers connect Cloud Build to Cloud Source Repositories, GitHub, or Bitbucket. Artifact Registry stores container images and language packages (Maven, npm, Python). Cloud Deploy: managed continuous delivery to GKE, Cloud Run, or GKE Autopilot. Delivery pipelines define promotion sequences (dev > staging > prod) with optional approval gates and canary/blue-green strategies. Rollback is one command: gcloud deploy rollouts rollback. Cloud Code: IDE plugins (VS Code, JetBrains) for local Kubernetes development. Skaffold automates build-push-deploy on file save. Container Structure Tests validate image contents without running the container.

Security, Observability, and API Management

Application security: Secret Manager for storing and rotating credentials (not environment variables for secrets). Workload Identity Federation: GKE workloads can assume GCP service account identities without key files. Binary Authorization: policy-enforced admission control that requires container images to be signed by trusted attestors before deployment. Observability: Cloud Monitoring (metrics, uptime checks, alerting policies), Cloud Logging (structured logs via the Logging client libraries, Log-based metrics), Cloud Trace (distributed tracing, latency analysis), Cloud Profiler (continuous CPU/memory profiling in production). Use OpenTelemetry for vendor-neutral instrumentation. Cloud Endpoints and Apigee: Endpoints (lightweight API management, OpenAPI or gRPC, authentication via JWT or API key), Apigee (enterprise API gateway with rate limiting, monetisation, analytics, and developer portal).

Key exam facts — Professional Cloud Developer

  • Cloud Run scales to zero and charges only for request processing — ideal for bursty, event-driven workloads
  • Secret Manager is the correct place for credentials — not environment variables, Config Maps, or hard-coded values
  • Cloud Spanner is the only globally distributed, strongly consistent relational database on GCP
  • Binary Authorization enforces that only signed, attested images can be deployed to GKE — part of supply chain security
  • Pub/Sub guarantees at-least-once delivery — design consumers to be idempotent
  • Workload Identity Federation replaces service account keys for GKE workloads — no key rotation needed

Common exam traps

Firestore supports SQL joins and relational queries like Cloud SQL does

Firestore is not a relational database — it cannot do joins; model data for your access patterns, not normalised

Cloud Run and App Engine are interchangeable container platforms

Cloud Run and App Engine both run containers but differ in control: Cloud Run is fully containerised, App Engine handles the runtime

Cloud Build handles both CI and CD all the way to production

Cloud Build is for CI (build and test); Cloud Deploy is for CD (promote through environments) — they complement each other

Practice this topic

Professional Cloud Developerpractice questions

Test yourself on Google PCD

JT Exams routes you to questions in your exact weak areas — automatically, after every session.

Free practice testStart 7-Day Free Trial

No credit card · Cancel anytime