Racism is unacceptable and has no place in our bloggers community. #BlackLivesMatter #WhatMatters2020

25 March 2020

Google Cloud Platform Commands sheet

Google as a cloud provider gives your various web services to build your infrastructure and automate it for seamless delivery of your application in production environment in a highly secure way.
This post lists out all the gcloud command which you can apply in your google cloud operations. 

GCP comprises of 3 core components:

Network          ¬Moving
Compute         ¬Processing
Storage           ¬Remembering

GCP Basics 
FunctionCommand
Check version
settings
gcloud version
gcloud info
gcloud components list                                         
Init profile
gcloud init
list services
list enabled services
 gcloud services list
 gcloud services list --enabled
Upgrade local SDKgcloud components update
gcloud components update --version 219.0.1
List all sql instances gcloud sql instances list
List all zonesgcloud compute zones list                 

Project configs
FunctionCommand
List projectsgcloud projects list, gcloud config list                     
Show project infogcloud compute project-info describe
Switch project           gcloud config set project <project-id>
create project & set as defaultgcloud projects create mygcp-project-777 --name mygcp-project --set-as-default                       
set a default projectgcloud config set core/project mygcp-project-777                
set default compute regions & zonegcloud config set compute/region europe-west6
 gcloud config set compute/zone europe-west-6-a

Bucket Basics, gsutil=gcloud storage
FunctionCommand
List all buckets and filesgsutil lsgsutil ls -lh gs://<bucket-name>
Download filegsutil cp gs://<bucket-name>/<dir-path>/package-1.1.tgz .
Upload filegsutil cp <filename> gs://<bucket-name>/<directory>/
Cat filegsutil cat gs://<bucket-name>/<filepath>/
Delete filegsutil rm gs://<bucket-name>/<filepath>
Move filegsutil mv <src-filepath> gs://<bucket-name>/<directory>/<dest-filepath>
Copy foldergsutil cp -r ./conf gs://<bucket-name>/
Show disk usagegsutil du -h gs://<bucket-name/<directory>
Create bucketgsutil mb gs://<bucket-name>
Make all files readablegsutil -m acl set -R -a public-read gs://<bucket-name>/
Config auth    gsutil config -a
Grant bucket access                 gsutil iam ch user:pporwal@gmail.com:objectCreator,objectViewer gs://<bucket-name>       
Remove bucket access gsutil iam ch -d user:pporwal@gmail.com:objectCreator,objectViewer gs://<bucket-name>
Calculate file sha1sumgsha1sum syslog-migration-10.0.2.tgz, shasum syslog-migration-10.0.2.tgz
Gsutil helpgsutil help
 gsutil help options

Image & Containers
FunctionCommand
List all imagesgcloud compute images list     
List all container clustersgcloud container clusters list                                           
Set kubectl contextgcloud container clusters get-credentials <cluster-name>

GKE
FunctionCommand
Set the active accountgcloud config set account <ACCOUNT>                                      
Set kubectl contextgcloud container clusters get-credentials <cluster-name>
Change regiongcloud config set compute/region us-west
Change zonegcloud config set compute/zone us-west1-b
List all container clustersgcloud container clusters list

IAM
FunctionCommand
Authenticate client                   gcloud auth activate-service-account --key-file <key-file>
list of credentialed accounts  gcloud auth list                                                       
Set the active accountgcloud config set account <ACCOUNT>         
Auth to GCP container registrygcloud auth configure-docker
Print token for active accountgcloud auth print-access-tokengcloud auth print-refresh-token                          
Revoke generated credentialgcloud auth <application-default> revoke

Compute Instance
FunctionCommand
List all instances                                gcloud compute instances listgcloud compute instance-templates list
Show instance infogcloud compute instances describe "<instance-name>" --project "<project-name>" --zone "us-west2-a"
Stop an instancegcloud compute instances stop myinstance   
Start an instancegcloud compute instances start myinstance
Create an instancegcloud compute instances create vm1 --image image1 --tags test --zone "<zone>" --machine-type f1-micro    
SSH to instancegcloud compute ssh --project "<project-name>" --zone "<zone-name>" "<instance-name>"
Download filesgcloud compute copy-files example-instance:~/REMOTE-DIR ~/LOCAL-DIR --zone us-central1-a
Upload filesgcloud compute copy-files ~/LOCAL-FILE-1 example-instance:~/REMOTE-DIR --zone us-central1-a

Compute Columes/Disk
Function                              Command
List all disksgcloud compute disks list
List all disk typesgcloud compute disk-types list
List all snapshotsgcloud compute snapshots list
Create snapshotgcloud compute disks snapshot <diskname> --snapshotname <name1> --zone $zone

Compute Network
FunctionCommand
List all networksgcloud compute networks list                                               
Detail of one network                      gcloud compute networks describe <network-name> --format json                                        
Create network with auto subnetgcloud compute networks create <network-name>
Create n/w with subnetgcloud compute networks subnets create subnet1 --network my-vcp --range 192.168.0.0/24
Get a static ipgcloud compute addresses create --region us-west2-a vpn-1-static-ip
List all ip addressesgcloud compute addresses list
Describe ip addressgcloud compute addresses describe <ip-name> --region us-central1
List all routesgcloud compute routes list

DNS
FunctionCommand
List of all record-sets in my zonegcloud dns record-sets list --zone my_zone                                                     
List first 10 DNS recordsgcloud dns record-sets list --zone my_zone --limit=10

Compute Firewall
FunctionCommand
List all firewall rules                gcloud compute firewall-rules list
List all forwarding rulesgcloud compute forwarding-rules list
Describe one firewall rulegcloud compute firewall-rules describe <rule-name>
Create one firewall rulegcloud compute firewall-rules create my-rule --network default --allow tcp:9200 tcp:3306
Update one firewall rulegcloud compute firewall-rules update default --network default --allow tcp:9200 tcp:9300

Compute Services
FunctionCommand
List my backend servicesgcloud compute backend-services list
List all my health check endpointsgcloud compute http-health-checks list                                                              
List all URL mapsgcloud compute url-maps list

some points to remember in VPC

there are two modes of VPC
1. AUTO MODE
2. CUSTOM MODE

To create VPC, GCP API should be enabled.
A VPC network is global whereas Subnets are regional.
By default in VPC there is 1 subnet for all regions.
Each subnet is region comes up with 4 firewall rules.
    rule1 allow ICMP (ping)
    rule2 allow for internal use in CIDR
    rule3 allow TCP:3389 (RDP)
    rule4 allow TCP:22 (SSH)
all above rules are ingress type rules.
Firewall rules are global, can be applied by instance-level-tag/service account.
By default it blocks all the data coming in, & allows all the data going out.

to automatically create a subnet in every region:

Subnets have a */20 CIDR range (e.g. 192.168.0.0/20).
Get all subnets of a VPC network

$ gcloud compute networks subnets list --filter="network:my-vpc"

Filter syntax

Create a compute instance with a specific machine type
$ gcloud compute instances create i1 --machine-type=n1-standard-2

Machine type

Default machine type is n1-standard-1 (1 CPU, 3.75 GB RAM)
Instance name argument can be repeated to create multiple instances
Create a compute instance in a specific VPC network and subnet

$ gcloud compute instances create i1 --network my-vpc --subnet my-subnet-1

Default VPC network is default

If --network is set to a VPC network with “custom” subnet mode, then --subnet must also be specified
Instance name argument can be repeated to create multiple instances

Create a compute instance with a specific OS image

$ gcloud compute instances create i1 --image-family ubuntu-1804-lts --image-project ubuntu-os-cloud

Images

Default image family is debian-9
User either --image-family (uses latest image of this family) or --image (a concrete image)
--image-project serves as a namespace for --image and --image-family(may have multiple images/image families with same name in multiple projects)

List all available images (including projects and families) with:
$ gcloud compute images list

Get the VPC network and subnet of a compute instance
{
$ gcloud compute instances describe i1 --format "value(networkInterfaces.network)" | sed 's|.*/||'
$ gcloud compute instances describe i1 --format "value(networkInterfaces.subnetwork)" |sed 's|.*/||'
}


Format syntax
Get the names of all compute instances
$ gcloud compute instances list --format="value(name)"

Can be used, for example, for deleting all existing compute instances:
$ gcloud compute instances delete $(gcloud compute instances list --format="value(name)")

Allow ingress traffic to a VPC network
$ gcloud compute firewall-rules create my-vpc-allow-ssh-icmp --network my-vpc --allow tcp:22,icmp --source-ranges 0.0.0.0/0

0.0.0.0/0 is the default for --source-ranges and could be omitted.

This allows incoming ICMP and SSH (TCP port 22) traffic to any instances in the VPC network from any source (e.g. from the public Internet).

After creating this firewall rule, you’re able to:
Ping instances in the VPC network:
Ping EXTERNAL_IP
SSH to instances in the VPC network: 
$ gcloud compute ssh i1

Note that a newly created VPC network has no firewall rules applied and instances cannot be reached at all (not even from inside the VPC network). 
You have to create firewall rules to make compute instances reachable.
Create a regional static IP address
$ gcloud compute addresses create addr-1 --region=europe-west6

Regional IP addresses can be attached to compute instances, regional load balancers, etc. in the same region as the IP address.
The name argument can be repeated to create multiple addresses

One of --global or --region must be specified.
Create a global static IP address
$ gcloud compute addresses create addr-1 --global

Global IP addresses can only be attached to global HTTPS, SSL proxy, and TCP proxy load balancers.
The name argument can be repeated to create multiple addresses.

One of --global or --region must be specified.

keep clouding!!

16 March 2020

RANCHER - A cluster management platform

Rancher is 100% free and open source software platform that enables enterprise to run containers in production. It is a complete software stack for teams adopting containers. It has the capability that it can import your k8s-cluster no matter from where it comes from. It is a single cluster-multi tenancy tool. It addresses the operational and security challenges of managing multiple k8s-clusters across any infrastructure, while providing DevOps teams with integrated tools for running containerized workloads.
Resources like Istio, pipeline, prometheus, grafana are integrated with Rancher.

getting start with rancher via Docker

$ docker pull rancher/rancher
$ docker run -d --restart=unless-stopped -p 61090:80 -p 61091:443 -v /software/bea/rancher:/var/lib/rancher --privileged rancher/rancher:latest

access the Rancher console by hitting - https:localhost:61091/
follow the welcome instructions on the screen and it will land up to your Global screen of clusters.
once your setup is complete, start adding any of your k8s-cluster.

in this example I am going to add my vanilla k8s-cluster which is running on-prem.

navigate to Add-cluster > other cluster > give a name to your cluster 
rancher will generate commands for you to import your cluster, which you need to run in your cluster CLI as below

$ kubectl create clusterrolebinding cluster-admin-binding --clusterrole cluster-admin --user [USER_ACCOUNT]
$ kubectl apply -f https://10.50.137.168:61091/v3/import/s8dkk7demo6fp2f6qffhmlkr.yaml

if you get a certificate related error try running on insecure channel

$ curl --insecure -sfL https://10.50.137.168:61091/v3/import/s8dkk7demo6fp2f6qffhmlkr.yaml | kubectl apply -f 

this will deploy required resources
you will be able to see your cluster added into rancher now


keep reading.. lot more to come...

k/r
P