Tuesday, June 2, 2020

GCP Study notes 13: Architecting with Google Kubernetes Engine: Foundations (courseRA notes)


Architecting with Google Compute Engine Specialization: 4 Courses in this Specialization.

1. Google Cloud Platform Fundamentals: Core Infrastructure
2. Architecting with Google Kubernetes Engine: Foundations
3. Architecting with Google Kubernetes Engine: Workloads
4. Architecting with Google Kubernetes Engine: Production


Architecting with Google Compute Engine Specialization: 5 Courses in this Specialization.

1. Google Cloud Platform Fundamentals: Core Infrastructure
2. Essential Google Cloud Infrastructure: Foundation
3. Essential Google Cloud Infrastructure: Core Services
4. Elastic Google Cloud Infrastructure: Scaling and Automation
5. Reliable Google Cloud Infrastructure: Design and Process

What is Kubernetes?

Kubernetes is an orchestration framework for software containers. Containers are a way to package and run code that's more efficient than virtual machines. Kubernetes provides the tools you need to run containerized applications in production and at scale.

What is Google Kubernetes Engine? Google Kubernetes Engine (GKE) is a managed service for Kubernetes.

Kubernetes Engine:A managed environment for deploying containerized applications
Compute Engine: A managed environment for deploying virtual machines
App Engine: A managed serverless platform for deploying applications
Cloud Functions: A managed serverless platform for deploying event-driven functions

An IAM service account is a special type of Google account that belongs to an application or a virtual machine, instead of to an individual end user.

Create an IAM service account: usually select On the Service account permissions page, specify the role as Project > Editor.
Click + Create Key
Select JSON as the key type.
Then A JSON key file is downloaded, we can use that JSON file to upload to VM later.

Task 2. Explore Cloud Shell
Cloud Shell provides the following features and capabilities:
5 GB of persistent disk storage ($HOME dir)
Preinstalled Cloud SDK and other tools
gcloud: for working with Compute Engine, Google Kubernetes Engine (GKE) and many GCP services
gsutil: for working with Cloud Storage
kubectl: for working with GKE and Kubernetes
bq: for working with BigQuery
Language support for Java, Go, Python, Node.js, PHP, and Ruby

Use Cloud Shell to set up the environment variables for this task:
MY_BUCKET_NAME_1=qwiklabs-gcp-00-2eead3615e6c
MY_BUCKET_NAME_2=2eead3615e6c
MY_REGION=us-central1

make a storage bucket:
gsutil mb gs://$MY_BUCKET_NAME_2

list of all zones in a given region:
gcloud compute zones list | grep $MY_REGION

MY_ZONE=us-central1-c
##Set this zone to be your default zone
gcloud config set compute/zone $MY_ZONE

MY_VMNAME=second-vm
#create a vm using command:
gcloud compute instances create $MY_VMNAME \
--machine-type "n1-standard-1" \
--image-project "debian-cloud" \
--image-family "debian-9" \
--subnet "default"

#list of all Vm instances:
gcloud compute instances list

when browser the VM instance, if the external IP address of the first VM you created is shown as a link. This is because you configured this VM's firewall to allow HTTP traffic.

Use the gcloud command line to create a second service account: from the cloud shell:
gcloud iam service-accounts create test-service-account2 --display-name "test-service-account2"

#To grant the second service account the Project viewer role:
gcloud projects add-iam-policy-binding $GOOGLE_CLOUD_PROJECT --member serviceAccount:test-service-account2@${GOOGLE_CLOUD_PROJECT}.iam.gserviceaccount.com --role roles/viewer

GOOGLE_CLOUD_PROJECT is an environment variable that is automatically populated in Cloud Shell and is set to the project ID of the current context.

Task 3. Work with Cloud Storage in Cloud Shell
#Copy a picture of a cat from a Google-provided Cloud Storage bucket
gsutil cp gs://cloud-training/ak8s/cat.jpg cat.jpg
gsutil cp cat.jpg gs://$MY_BUCKET_NAME_1
gsutil cp gs://$MY_BUCKET_NAME_1/cat.jpg gs://$MY_BUCKET_NAME_2/cat.jpg


#To get the default access list that's been assigned to cat.jpg
gsutil acl get gs://$MY_BUCKET_NAME_1/cat.jpg > acl.txt
cat acl.txt

#Set the access control list for a Cloud Storage object
#To change the object to have private access, execute the following command:
gsutil acl set private gs://$MY_BUCKET_NAME_1/cat.jpg

#To verify the new ACL that's been assigned to cat.jpg
gsutil acl get gs://$MY_BUCKET_NAME_1/cat.jpg > acl-2.txt
cat acl-2.txt

#Authenticate as a service account in Cloud Shell
#to view the current configuration
gcloud config list

#change the authenticated user to the first service account
gcloud auth activate-service-account --key-file credentials.json
gcloud config list
#You should see output for the account is now set to the test-service-account service account.

#To verify the list of authorized accounts in Cloud Shell,
gcloud auth list
#output 2 accounts, one is the student, the other is the service account(active)

#To verify that the current account (test-service-account) cannot access the cat.jpg file in the first bucket that you created:
gsutil cp gs://$MY_BUCKET_NAME_1/cat.jpg ./cat-copy.jpg
#you should get some error message: AccessDeniedException: 403 HttpError accessing

#but you can copy the one from the 2nd bucket:
gsutil cp gs://$MY_BUCKET_NAME_2/cat.jpg ./cat-copy.jpg

#To switch to the lab account, execute the following command.
gcloud config set account student-02-409a8***d4@qwiklabs.net
#to copy the same cat picture:
gsutil cp gs://$MY_BUCKET_NAME_1/cat.jpg ./copy2-of-cat.jpg

#Make the first Cloud Storage bucket readable by everyone, including unauthenticated users.
gsutil iam ch allUsers:objectViewer gs://$MY_BUCKET_NAME_1
#This is an appropriate setting for hosting public website content in Cloud Storage.
#even if you switch to the service account earlier, you can still do the copy from bucket1.

#Open the Cloud Shell code editor
#clone a git repository, orchestrate-with-kubernetes folder appears in the left pane of the Cloud Shell code editor window:
git clone https://github.com/googlecodelabs/orchestrate-with-kubernetes.git

#to create a test directory in cloud shell:
mkdir test

#Add the following text as the last line of the cleanup.sh file:
echo Finished cleanup!


No comments:

Post a Comment

GCP Study notes 13: Architecting with Google Kubernetes Engine: Foundations (courseRA notes)

Architecting with Google Compute Engine Specialization : 4 Courses in this Specialization. 1. Google Cloud Platform Fundamentals: Core In...