Create and Manage Google Cloud Resources

*Notes about different modules as part of 'Create and Manage Cloud Resources'. DYOR as this is more from my understanding and articles may not be updated to stay relevant.

The code snippets and instructions are mostly copy pasted from QWIK Labs manual for easier personal access with no copyright infringement intended*

QwikLabs Fundamentals:

Few of the Labs are for free and few need credit, do check for Google Cloud Skill Programs where you could enroll for courses for free for a specific time period
Each Lab do come with specific time period and it would be more than enough to complete the activities noted in the section/module
When you start a lab, you would be provided with Username, Password and GCP Project ID. Do remember and make use of this to open 'Google Cloud Console'
Cloud Console: The web console and central development hub for Google Cloud. You will do the majority of your work in Google Cloud from this interface
A Google Cloud project is an organizing entity for your Google Cloud resources. It often contains resources and services; for example, it may hold a pool of virtual machines, a set of databases, and a network that connects them together. Projects also contain settings and permissions, which specify security rules and who has access to what resources.
Categories of the Google Cloud Services are Compute, Storage, Networking, Cloud Operations, Tools, Big Data and Artificial Intelligence
Common roles found in IAM & Admin are viewer, editor and owner.
It do support lot of API's and services
It do support Cloud Shell
Ensure to close the lab if you are doing the activities as part of skill badge program or part of course to earn credits

Creating a Virtual Machine

Can create VM using gcloud or Navigation Menu -> Compute -> Virtual Machine

Sample command to create using gcloud is

gcloud compute instances create gcelab2 --machine-type n1-standard-2 --zone us-central1-c

Getting Started with Cloud Shell and gcloud

Cloud Shell provides you with command-line access to computing resources hosted on Google Cloud. Cloud Shell is a Debian-based virtual machine with a persistent 5-GB home directory, which makes it easy for you to manage your Google Cloud projects and resources. The gcloud command-line tool and other utilities you need are pre-installed in Cloud Shell, which allows you to get up and running quickly.

To get default compute zone and region

gcloud config get-value compute/zone
gcloud config get-value compute/region

To get project information

gcloud compute project-info describe --project <your_project_ID>

Kubernetes Engine: Qwik Start

Google Kubernetes Engine (GKE) provides a managed environment for deploying, managing, and scaling your containerized applications using Google infrastructure. The Kubernetes Engine environment consists of multiple machines (specifically Compute Engine instances) grouped to form a container cluster.
Google Kubernetes Engine (GKE) clusters are powered by the Kubernetes open source cluster management system. Kubernetes provides the mechanisms through which you interact with your container cluster. You use Kubernetes commands and resources to deploy and manage your applications, perform administrative tasks, set policies, and monitor the health of your deployed workloads.
A cluster consists of at least one cluster master machine and multiple worker machines called nodes. Nodes are Compute Engine virtual machine (VM) instances that run the Kubernetes processes necessary to make them part of the cluster.
To create a cluster, run the following command, replacing [CLUSTER-NAME] with the name you choose for the cluster (for example:my-cluster).
```
gcloud container clusters create [CLUSTER-NAME]
```
To authenticate the cluster, run the following command, replacing [CLUSTER-NAME] with the name of your cluster:
```
gcloud container clusters get-credentials [CLUSTER-NAME]
```
To create a new Deployment hello-server from the hello-app container image, run the following kubectl create command:
```
kubectl create deployment hello-server --image=gcr.io/google-samples/hello-app:1.0
```
To create a Kubernetes Service, which is a Kubernetes resource that lets you expose your application to external traffic, run the following kubectl expose command:
```
kubectl expose deployment hello-server --type=LoadBalancer --port 8080
```
To inspect the hello-server Service, run kubectl get:
```
kubectl get service
```
To view the application from your web browser, open a new tab and enter the following address, replacing [EXTERNAL IP] with the EXTERNAL-IP for hello-server.
```
http://[EXTERNAL-IP]:8080
```

To delete the cluster, run the following command:

gcloud container clusters delete [CLUSTER-NAME]

Set Up Network and HTTP Load Balancers

Set default zone and region for all resources

Create three instances for lb

gcloud compute instances create www1 \
--image-family debian-9 \
--image-project debian-cloud \
--zone us-central1-a \
--tags network-lb-tag \
--metadata startup-script="#! /bin/bash
  sudo apt-get update
  sudo apt-get install apache2 -y
  sudo service apache2 restart
  echo '<!doctype html><html><body><h1>www1</h1></body></html>' | tee /var/www/html/index.html"

Create a firewall rule to allow external traffic to the VM instances:

gcloud compute firewall-rules create www-firewall-network-lb \
  --target-tags network-lb-tag --allow tcp:80

To retrieve external IP's use below command:
```
gcloud compute instances list
```
curl and confim curl http://[IP_ADDRESS]

Configuring Load Balancer:

Create a static external IP address for your load balancer: gcloud compute addresses create network-lb-ip-1 \ --region us-central1
Add a legacy HTTP health check resource: gcloud compute http-health-checks create basic-check
Add a target pool in the same region as your instances. Run the following to create the target pool and use the health check, which is required for the service to function:gcloud compute target-pools create www-pool \ --region us-central1 --http-health-check basic-check
Add the instances to the pool: gcloud compute target-pools add-instances www-pool --instances www1,www2,www3

Add a forwarding rule:

gcloud compute forwarding-rules create www-rule \
  --region us-central1 \
  --ports 80 \
  --address network-lb-ip-1 \
  --target-pool www-pool

Sending traffic to your instances

To get external ip : gcloud compute forwarding-rules describe www-rule --region us-central1
while true; do curl -m1 IP_ADDRESS; done - By executing this commands we can ensure different VM's are picked randomly

Create an HTTP load balancer

HTTP(S) Load Balancing is implemented on Google Front End (GFE). GFEs are distributed globally and operate together using Google's global network and control plane. You can configure URL rules to route some URLs to one set of instances and route other URLs to other instances. Requests are always routed to the instance group that is closest to the user, if that group has enough capacity and is appropriate for the request. If the closest group does not have enough capacity, the request is sent to the closest group that does have capacity.

To set up a load balancer with a Compute Engine backend, your VMs need to be in an instance group. The managed instance group provides VMs running the backend servers of an external HTTP load balancer. For this lab, backends serve their own hostnames.

Load Balancer template:

gcloud compute instance-templates create lb-backend-template \
 --region=us-central1 \
 --network=default \
 --subnet=default \
 --tags=allow-health-check \
 --image-family=debian-9 \
 --image-project=debian-cloud \
 --metadata=startup-script='#! /bin/bash
   apt-get update
   apt-get install apache2 -y
   a2ensite default-ssl
   a2enmod ssl
   vm_hostname="$(curl -H "Metadata-Flavor:Google" \
   http://169.254.169.254/computeMetadata/v1/instance/name)"
   echo "Page served from: $vm_hostname" | \
   tee /var/www/html/index.html
   systemctl restart apache2'

Create a managed instance group based on the template:

gcloud compute instance-groups managed create lb-backend-group \
--template=lb-backend-template --size=2 --zone=us-central1-a

Create the fw-allow-health-check firewall rule. This is an ingress rule that allows traffic from the Google Cloud health checking systems (130.211.0.0/22 and 35.191.0.0/16). This lab uses the target tag allow-health-check to identify the VMs.

gcloud compute firewall-rules create fw-allow-health-check \
  --network=default \
  --action=allow \
  --direction=ingress \
  --source-ranges=130.211.0.0/22,35.191.0.0/16 \
  --target-tags=allow-health-check \
  --rules=tcp:80

Now that the instances are up and running, set up a global static external IP address that your customers use to reach your load balancer.
```
gcloud compute addresses create lb-ipv4-1 \
  --ip-version=IPV4 \
  --global
```

Note the IPv4 address that was reserved:

gcloud compute addresses describe lb-ipv4-1 \
  --format="get(address)" \
  --global

Create a healthcheck for the load balancer: gcloud compute health-checks create http http-basic-check --port 80

Create a backend service:

gcloud compute backend-services create web-backend-service \
      --protocol=HTTP \
      --port-name=http \
      --health-checks=http-basic-check \
      --global

Add your instance group as the backend to the backend service:

gcloud compute backend-services add-backend web-backend-service \
      --instance-group=lb-backend-group \
      --instance-group-zone=us-central1-a \
      --global

Create a URL map to route the incoming requests to the default backend service: gcloud compute url-maps create web-map-http --default-service web-backend-service
Create a target HTTP proxy to route requests to your URL map:gcloud compute target-http-proxies create http-lb-proxy --url-map web-map-http

Create a global forwarding rule to route incoming requests to the proxy:

gcloud compute forwarding-rules create http-content-rule \
      --address=lb-ipv4-1\
      --global \
      --target-http-proxy=http-lb-proxy \
      --ports=80

For challenge lab solution, i found a good post: Click Here

Tech Nest