-
-
Save alekonko/c0c06a478aff5b0e8bf5b74265229dbb to your computer and use it in GitHub Desktop.
Qwiklabs Google
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| https://cloud.google.com/storage/docs/encryption/ | |
| BUCKET_NAME=YOUR_NAME_enron_corpus | |
| gsutil mb gs://${BUCKET_NAME} | |
| gsutil cp gs://enron_corpus/allen-p/inbox/1. . | |
| tail 1. | |
| Enable API/Create keyring | |
| gcloud services enable cloudkms.googleapis.com | |
| KEYRING_NAME=test CRYPTOKEY_NAME=qwiklab | |
| gcloud kms keyrings create $KEYRING_NAME --location global | |
| gcloud kms keys create $CRYPTOKEY_NAME --location global \ | |
| --keyring $KEYRING_NAME \ | |
| --purpose encryption | |
| Encrypt 1 file | |
| PLAINTEXT=$(cat 1. | base64 -w0) | |
| curl -v "https://cloudkms.googleapis.com/v1/projects/$DEVSHELL_PROJECT_ID/locations/global/keyRings/$KEYRING_NAME/cryptoKeys/$CRYPTOKEY_NAME:encrypt" \ | |
| -d "{\"plaintext\":\"$PLAINTEXT\"}" \ | |
| -H "Authorization:Bearer $(gcloud auth application-default print-access-token)"\ | |
| -H "Content-Type: application/json" | |
| curl -v "https://cloudkms.googleapis.com/v1/projects/$DEVSHELL_PROJECT_ID/locations/global/keyRings/$KEYRING_NAME/cryptoKeys/$CRYPTOKEY_NAME:encrypt" \ | |
| -d "{\"plaintext\":\"$PLAINTEXT\"}" \ | |
| -H "Authorization:Bearer $(gcloud auth application-default print-access-token)"\ | |
| -H "Content-Type:application/json" \ | |
| | jq .ciphertext -r > 1.encrypted | |
| curl -v "https://cloudkms.googleapis.com/v1/projects/$DEVSHELL_PROJECT_ID/locations/global/keyRings/$KEYRING_NAME/cryptoKeys/$CRYPTOKEY_NAME:decrypt" \ | |
| -d "{\"ciphertext\":\"$(cat 1.encrypted)\"}" \ | |
| -H "Authorization:Bearer $(gcloud auth application-default print-access-token)"\ | |
| -H "Content-Type:application/json" \ | |
| | jq .plaintext -r | base64 -d | |
| gsutil cp 1.encrypted gs://${BUCKET_NAME} | |
| IAM permissions | |
| USER_EMAIL=$(gcloud auth list --limit=1 2>/dev/null | grep '@' | awk '{print $2}') | |
| gcloud kms keyrings add-iam-policy-binding $KEYRING_NAME \ | |
| --location global \ | |
| --member user:$USER_EMAIL \ | |
| --role roles/cloudkms.admin | |
| gcloud kms keyrings add-iam-policy-binding $KEYRING_NAME \ | |
| --location global \ | |
| --member user:$USER_EMAIL \ | |
| --role roles/cloudkms.cryptoKeyEncrypterDecrypter | |
| Encrypt bulk | |
| gsutil -m cp -r gs://enron_corpus/allen-p . | |
| MYDIR=allen-p | |
| FILES=$(find $MYDIR -type f -not -name "*.encrypted") | |
| for file in $FILES; do | |
| PLAINTEXT=$(cat $file | base64 -w0) | |
| curl -v "https://cloudkms.googleapis.com/v1/projects/$DEVSHELL_PROJECT_ID/locations/global/keyRings/$KEYRING_NAME/cryptoKeys/$CRYPTOKEY_NAME:encrypt" \ | |
| -d "{\"plaintext\":\"$PLAINTEXT\"}" \ | |
| -H "Authorization:Bearer $(gcloud auth application-default print-access-token)" \ | |
| -H "Content-Type:application/json" \ | |
| | jq .ciphertext -r > $file.encrypted | |
| done | |
| gsutil -m cp allen-p/inbox/*.encrypted gs://${BUCKET_NAME}/allen-p/inbox |
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| gcloud auth list | |
| gcloud config list project | |
| gcloud config set compute/zone us-central1-a | |
| gcloud config set compute/region us-central1 | |
| cat << EOF > startup.sh | |
| #! /bin/bash | |
| apt-get update | |
| apt-get install -y nginx | |
| service nginx start | |
| sed -i -- 's/nginx/Google Cloud Platform - '"\$HOSTNAME"'/' /var/www/html/index.nginx-debian.html | |
| EOF | |
| gcloud compute instance-templates create nginx-template \ | |
| --metadata-from-file startup-script=startup.sh | |
| gcloud compute target-pools create nginx-pool | |
| gcloud compute instance-groups managed create nginx-group \ | |
| --base-instance-name nginx \ | |
| --size 2 \ | |
| --template nginx-template \ | |
| --target-pool nginx-pool | |
| gcloud compute instances list | |
| gcloud compute firewall-rules create www-firewall --allow tcp:80 | |
| Create a network Load Balancer | |
| gcloud compute forwarding-rules create nginx-lb \ | |
| --region us-central1 \ | |
| --ports=80 \ | |
| --target-pool nginx-pool | |
| gcloud compute forwarding-rules list | |
| You can then visit the load balancer from the browser http://IP_ADDRESS/ where IP_ADDRESS is the address shown as the result of running the previous command. | |
| Create a HTTP Load Balancer | |
| Create healthchecks. | |
| gcloud compute http-health-checks create http-basic-check | |
| Define an HTTP service and map a port name to the relevant port for the instance group. | |
| gcloud compute instance-groups managed \ | |
| set-named-ports nginx-group \ | |
| --named-ports http:80 | |
| Create a backend service: | |
| gcloud compute backend-services create nginx-backend \ | |
| --protocol HTTP --http-health-checks http-basic-check --global | |
| Add the instance group into the backend service: | |
| gcloud compute backend-services add-backend nginx-backend \ | |
| --instance-group nginx-group \ | |
| --instance-group-zone us-central1-a \ | |
| --global | |
| Create a default URL map that directs all incoming requests to all your instances: | |
| gcloud compute url-maps create web-map \ | |
| --default-service nginx-backend | |
| Create a target HTTP proxy to route requests to your URL map: | |
| gcloud compute target-http-proxies create http-lb-proxy \ | |
| --url-map web-map | |
| Create a global forwarding rule to handle and route incoming requests. | |
| gcloud compute forwarding-rules create http-content-rule \ | |
| --global \ | |
| --target-http-proxy http-lb-proxy \ | |
| --ports 80 | |
| gcloud compute forwarding-rules list |
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment