Create and Manage Google Cloud Resources
*Notes about different modules as part of 'Create and Manage Cloud Resources'. DYOR as this is more from my understanding and articles may not be updated to stay relevant.
The code snippets and instructions are mostly copy pasted from QWIK Labs manual for easier personal access with no copyright infringement intended*
QwikLabs Fundamentals:
Few of the Labs are for free and few need credit, do check for Google Cloud Skill Programs where you could enroll for courses for free for a specific time period
Each Lab do come with specific time period and it would be more than enough to complete the activities noted in the section/module
When you start a lab, you would be provided with Username, Password and GCP Project ID. Do remember and make use of this to open 'Google Cloud Console'
Cloud Console: The web console and central development hub for Google Cloud. You will do the majority of your work in Google Cloud from this interface
A Google Cloud project is an organizing entity for your Google Cloud resources. It often contains resources and services; for example, it may hold a pool of virtual machines, a set of databases, and a network that connects them together. Projects also contain settings and permissions, which specify security rules and who has access to what resources.
Categories of the Google Cloud Services are Compute, Storage, Networking, Cloud Operations, Tools, Big Data and Artificial Intelligence
Common roles found in IAM & Admin are viewer, editor and owner.
It do support lot of API's and services
It do support Cloud Shell
Ensure to close the lab if you are doing the activities as part of skill badge program or part of course to earn credits
Creating a Virtual Machine
- Can create VM using gcloud or Navigation Menu -> Compute -> Virtual Machine
Sample command to create using gcloud is
gcloud compute instances create gcelab2 --machine-type n1-standard-2 --zone us-central1-c
Getting Started with Cloud Shell and gcloud
Cloud Shell provides you with command-line access to computing resources hosted on Google Cloud. Cloud Shell is a Debian-based virtual machine with a persistent 5-GB home directory, which makes it easy for you to manage your Google Cloud projects and resources. The gcloud command-line tool and other utilities you need are pre-installed in Cloud Shell, which allows you to get up and running quickly.
To get default compute zone and region
gcloud config get-value compute/zone gcloud config get-value compute/region
- To get project information
gcloud compute project-info describe --project <your_project_ID>
Kubernetes Engine: Qwik Start
Google Kubernetes Engine (GKE) provides a managed environment for deploying, managing, and scaling your containerized applications using Google infrastructure. The Kubernetes Engine environment consists of multiple machines (specifically Compute Engine instances) grouped to form a container cluster.
Google Kubernetes Engine (GKE) clusters are powered by the Kubernetes open source cluster management system. Kubernetes provides the mechanisms through which you interact with your container cluster. You use Kubernetes commands and resources to deploy and manage your applications, perform administrative tasks, set policies, and monitor the health of your deployed workloads.
A cluster consists of at least one cluster master machine and multiple worker machines called nodes. Nodes are Compute Engine virtual machine (VM) instances that run the Kubernetes processes necessary to make them part of the cluster.
To create a cluster, run the following command, replacing [CLUSTER-NAME] with the name you choose for the cluster (for example:my-cluster).
gcloud container clusters create [CLUSTER-NAME]
- To authenticate the cluster, run the following command, replacing [CLUSTER-NAME] with the name of your cluster:
gcloud container clusters get-credentials [CLUSTER-NAME]
To create a new Deployment hello-server from the hello-app container image, run the following kubectl create command:
kubectl create deployment hello-server --image=gcr.io/google-samples/hello-app:1.0
To create a Kubernetes Service, which is a Kubernetes resource that lets you expose your application to external traffic, run the following kubectl expose command:
kubectl expose deployment hello-server --type=LoadBalancer --port 8080
To inspect the hello-server Service, run kubectl get:
kubectl get service
To view the application from your web browser, open a new tab and enter the following address, replacing [EXTERNAL IP] with the EXTERNAL-IP for hello-server.
http://[EXTERNAL-IP]:8080
To delete the cluster, run the following command:
gcloud container clusters delete [CLUSTER-NAME]
Set Up Network and HTTP Load Balancers
Set default zone and region for all resources
Create three instances for lb
gcloud compute instances create www1 \ --image-family debian-9 \ --image-project debian-cloud \ --zone us-central1-a \ --tags network-lb-tag \ --metadata startup-script="#! /bin/bash sudo apt-get update sudo apt-get install apache2 -y sudo service apache2 restart echo '<!doctype html><html><body><h1>www1</h1></body></html>' | tee /var/www/html/index.html"
Create a firewall rule to allow external traffic to the VM instances:
gcloud compute firewall-rules create www-firewall-network-lb \ --target-tags network-lb-tag --allow tcp:80
- To retrieve external IP's use below command:
gcloud compute instances list
- curl and confim
curl http://[IP_ADDRESS]
Configuring Load Balancer:
Create a static external IP address for your load balancer:
gcloud compute addresses create network-lb-ip-1 \ --region us-central1
Add a legacy HTTP health check resource:
gcloud compute http-health-checks create basic-check
Add a target pool in the same region as your instances. Run the following to create the target pool and use the health check, which is required for the service to function:
gcloud compute target-pools create www-pool \ --region us-central1 --http-health-check basic-check
Add the instances to the pool:
gcloud compute target-pools add-instances www-pool --instances www1,www2,www3
Add a forwarding rule:
gcloud compute forwarding-rules create www-rule \ --region us-central1 \ --ports 80 \ --address network-lb-ip-1 \ --target-pool www-pool
Sending traffic to your instances
To get external ip :
gcloud compute forwarding-rules describe www-rule --region us-central1
while true; do curl -m1 IP_ADDRESS; done
- By executing this commands we can ensure different VM's are picked randomly
Create an HTTP load balancer
- HTTP(S) Load Balancing is implemented on Google Front End (GFE). GFEs are distributed globally and operate together using Google's global network and control plane. You can configure URL rules to route some URLs to one set of instances and route other URLs to other instances. Requests are always routed to the instance group that is closest to the user, if that group has enough capacity and is appropriate for the request. If the closest group does not have enough capacity, the request is sent to the closest group that does have capacity.
To set up a load balancer with a Compute Engine backend, your VMs need to be in an instance group. The managed instance group provides VMs running the backend servers of an external HTTP load balancer. For this lab, backends serve their own hostnames.
Load Balancer template:
gcloud compute instance-templates create lb-backend-template \ --region=us-central1 \ --network=default \ --subnet=default \ --tags=allow-health-check \ --image-family=debian-9 \ --image-project=debian-cloud \ --metadata=startup-script='#! /bin/bash apt-get update apt-get install apache2 -y a2ensite default-ssl a2enmod ssl vm_hostname="$(curl -H "Metadata-Flavor:Google" \ http://169.254.169.254/computeMetadata/v1/instance/name)" echo "Page served from: $vm_hostname" | \ tee /var/www/html/index.html systemctl restart apache2'
Create a managed instance group based on the template:
gcloud compute instance-groups managed create lb-backend-group \ --template=lb-backend-template --size=2 --zone=us-central1-a
Create the fw-allow-health-check firewall rule. This is an ingress rule that allows traffic from the Google Cloud health checking systems (130.211.0.0/22 and 35.191.0.0/16). This lab uses the target tag allow-health-check to identify the VMs.
gcloud compute firewall-rules create fw-allow-health-check \ --network=default \ --action=allow \ --direction=ingress \ --source-ranges=130.211.0.0/22,35.191.0.0/16 \ --target-tags=allow-health-check \ --rules=tcp:80
Now that the instances are up and running, set up a global static external IP address that your customers use to reach your load balancer.
gcloud compute addresses create lb-ipv4-1 \ --ip-version=IPV4 \ --global
Note the IPv4 address that was reserved:
gcloud compute addresses describe lb-ipv4-1 \ --format="get(address)" \ --global
Create a healthcheck for the load balancer:
gcloud compute health-checks create http http-basic-check --port 80
Create a backend service:
gcloud compute backend-services create web-backend-service \ --protocol=HTTP \ --port-name=http \ --health-checks=http-basic-check \ --global
Add your instance group as the backend to the backend service:
gcloud compute backend-services add-backend web-backend-service \ --instance-group=lb-backend-group \ --instance-group-zone=us-central1-a \ --global
Create a URL map to route the incoming requests to the default backend service:
gcloud compute url-maps create web-map-http --default-service web-backend-service
Create a target HTTP proxy to route requests to your URL map:
gcloud compute target-http-proxies create http-lb-proxy --url-map web-map-http
Create a global forwarding rule to route incoming requests to the proxy:
gcloud compute forwarding-rules create http-content-rule \ --address=lb-ipv4-1\ --global \ --target-http-proxy=http-lb-proxy \ --ports=80
For challenge lab solution, i found a good post: Click Here