-
-
Save techstoa/79b3509c8c036b916fc61bba4179ab9c to your computer and use it in GitHub Desktop.
Revisions
-
Victor Yang revised this gist
Sep 6, 2018 . 1 changed file with 1 addition and 0 deletions.There are no files selected for viewing
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters. Learn more about bidirectional Unicode charactersOriginal file line number Diff line number Diff line change @@ -11,6 +11,7 @@ ``` gcloud auth list gcloud auth login gcloud auth activate-service-account --key-file=sa_key.json ``` kubectl uses OAuth token generated by -
Sep 6, 2018 . 1 changed file with 0 additions and 2 deletions.There are no files selected for viewing
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters. Learn more about bidirectional Unicode charactersOriginal file line number Diff line number Diff line change @@ -176,8 +176,6 @@ EOF gcloud compute instance-templates create nginx-template --metadata-from-file startup-script=startup.sh gcloud compute target-pools create nginx-pool gcloud compute instance-groups managed create nginx-group \ --base-instance-name nginx \ --size 2 \ -
Sep 6, 2018 . 1 changed file with 1 addition and 0 deletions.There are no files selected for viewing
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters. Learn more about bidirectional Unicode charactersOriginal file line number Diff line number Diff line change @@ -173,6 +173,7 @@ apt-get install -y nginx service nginx start sed -i -- 's/nginx/Google Cloud Platform - '"\$HOSTNAME"'/' /var/www/html/index.nginx-debian.html EOF gcloud compute instance-templates create nginx-template --metadata-from-file startup-script=startup.sh gcloud compute target-pools create nginx-pool gcloud compute instance-templates create nginx-template \ -
Sep 6, 2018 . 1 changed file with 1 addition and 1 deletion.There are no files selected for viewing
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters. Learn more about bidirectional Unicode charactersOriginal file line number Diff line number Diff line change @@ -158,7 +158,7 @@ curl -v "https://cloudkms.googleapis.com/v1/projects/$DEVSHELL_PROJECT_ID/locati | jq .plaintext -r | base64 -d ``` ## gcloud command for creating an instance? from web console ``` gcloud beta compute --project=victory-demo-dev instances create micro1 --zone=us-west1-a --machine-type=f1-micro --subnet=default --network-tier=PREMIUM --maintenance-policy=MIGRATE --service-account=398028291895-compute@developer.gserviceaccount.com --scopes=https://www.googleapis.com/auth/devstorage.read_only,https://www.googleapis.com/auth/logging.write,https://www.googleapis.com/auth/monitoring.write,https://www.googleapis.com/auth/servicecontrol,https://www.googleapis.com/auth/service.management.readonly,https://www.googleapis.com/auth/trace.append --min-cpu-platform=Automatic --image=debian-9-stretch-v20180510 --image-project=debian-cloud --boot-disk-size=10GB --boot-disk-type=pd-standard --boot-disk-device-name=micro1 -
Sep 6, 2018 . 1 changed file with 0 additions and 0 deletions.There are no files selected for viewing
File renamed without changes. -
Sep 6, 2018 . 1 changed file with 8 additions and 0 deletions.There are no files selected for viewing
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters. Learn more about bidirectional Unicode charactersOriginal file line number Diff line number Diff line change @@ -117,7 +117,15 @@ gcloud iam service-accounts list --filter='email ~ [0-9]*-compute@.*' --form # add role to service account gcloud iam service-accounts add-iam-policy-binding [email protected] --member='serviceAccount:[email protected]' --role='roles/iam.serviceAccountActor' ``` ## cloud build ``` # user defined gcloud container builds submit --config=cloudbuild.yaml --substitutions=_BRANCH_NAME=foo,_BUILD_NUMBER=1 . # override built in TAG_NAME gcloud container builds submit --config=cloudbuild.yaml --substitutions=TAG_NAME=v1.0.1 ``` ## kms ``` -
Sep 3, 2018 . 1 changed file with 4 additions and 3 deletions.There are no files selected for viewing
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters. Learn more about bidirectional Unicode charactersOriginal file line number Diff line number Diff line change @@ -34,9 +34,10 @@ gcloud compute zones list --filter=region:us-central1 ## projects ``` # various way to get project_id PROJECT_ID=$(gcloud config get-value core/project) PROJECT_ID=$(gcloud config list project --format='value(core.project)') PROJECT_ID=$(gcloud info --format='value(config.project)') # get project_number gcloud projects list --filter="name:${project_id}" --format='value(project_number)' -
Aug 30, 2018 . 1 changed file with 2 additions and 1 deletion.There are no files selected for viewing
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters. Learn more about bidirectional Unicode charactersOriginal file line number Diff line number Diff line change @@ -323,7 +323,8 @@ gcloud compute instances list --log-http ## instance level metadata ``` curl -s "http://metadata.google.internal/computeMetadata/v1/instance/?recursive=true&alt=text" -H "Metadata-Flavor: Google" leader=$(curl -s "http://metadata.google.internal/computeMetadata/v1/instance/attributes/leader" -H "Metadata-Flavor: Google") ``` ## project level metadata -
Aug 29, 2018 . 1 changed file with 1 addition and 1 deletion.There are no files selected for viewing
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters. Learn more about bidirectional Unicode charactersOriginal file line number Diff line number Diff line change @@ -2,7 +2,7 @@ * [projections](https://cloud.google.com/sdk/gcloud/reference/topic/projections) * [filters](https://cloud.google.com/sdk/gcloud/reference/topic/filters) * [resource-keys](https://cloud.google.com/sdk/gcloud/reference/topic/resource-keys) * [scripting-gcloud](https://cloud.google.com/sdk/docs/scripting-gcloud) * http://cloudplatform.googleblog.com/2018/03/introducing-GCPs-new-interactive-CLI.html * https://medium.com/@Joachim8675309/getting-started-with-gcloud-sdk-part-1-114924737 * https://medium.com/@Joachim8675309/getting-started-with-gcloud-sdk-part-2-4d049a656f1a -
Aug 29, 2018 . 1 changed file with 3 additions and 4 deletions.There are no files selected for viewing
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters. Learn more about bidirectional Unicode charactersOriginal file line number Diff line number Diff line change @@ -4,6 +4,8 @@ * [resource-keys](https://cloud.google.com/sdk/gcloud/reference/topic/resource-keys) * https://cloud.google.com/sdk/docs/scripting-gcloud * http://cloudplatform.googleblog.com/2018/03/introducing-GCPs-new-interactive-CLI.html * https://medium.com/@Joachim8675309/getting-started-with-gcloud-sdk-part-1-114924737 * https://medium.com/@Joachim8675309/getting-started-with-gcloud-sdk-part-2-4d049a656f1a ## auth ``` @@ -116,10 +118,6 @@ gcloud iam service-accounts add-iam-policy-binding infrastructure@retviews-15490 ``` ## kms ``` # list all keyrings @@ -274,6 +272,7 @@ https://www.googleapis.com/compute/v1/projects/debian-cloud/global/images/debian * [resource-keys](https://cloud.google.com/sdk/gcloud/reference/topic/resource-keys) ``` gcloud compute instances list --filter="zone:us-central1-a" gcloud compute instances list --project=dev --filter="name~^es" gcloud compute instances list --project=dev --filter=name:kafka --format="value(name,INTERNAL_IP)" gcloud compute instances list --filter=tags:kafka-node -
Aug 29, 2018 . 1 changed file with 6 additions and 0 deletions.There are no files selected for viewing
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters. Learn more about bidirectional Unicode charactersOriginal file line number Diff line number Diff line change @@ -21,8 +21,14 @@ kubectl uses OAuth token generated by ``` gcloud info --format flattened export PROJECT=$(gcloud info --format='value(config.project)') ``` ## zones To return a list of zones given a region ``` gcloud compute zones list --filter=region:us-central1 ``` ## projects ``` -
Aug 26, 2018 . 1 changed file with 6 additions and 3 deletions.There are no files selected for viewing
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters. Learn more about bidirectional Unicode charactersOriginal file line number Diff line number Diff line change @@ -333,9 +333,12 @@ gcloud logging read "timestamp >= \"2018-04-19T00:30:00Z\" and logName=projects ## Enable Service ``` # chain gcloud services enable cloudapis.googleapis.com && \ cloudresourcemanager.googleapis.com && \ compute.googleapis.com # or not chain gcloud services enable container.googleapis.com gcloud services enable containerregistry.googleapis.com gcloud services enable cloudbuild.googleapis.com -
Aug 26, 2018 . 1 changed file with 1 addition and 3 deletions.There are no files selected for viewing
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters. Learn more about bidirectional Unicode charactersOriginal file line number Diff line number Diff line change @@ -191,15 +191,13 @@ tag the instances with `no-ips` ``` gcloud compute instances add-tags existing-instance --tags no-ip gcloud compute routes create no-ip-internet-route \ --network custom-network1 \ --destination-range 0.0.0.0/0 \ --next-hop-instance nat-gateway \ --next-hop-instance-zone us-central1-a \ --tags no-ip --priority 800 ``` ## layer 3 network lb ``` -
Aug 26, 2018 . 1 changed file with 15 additions and 0 deletions.There are no files selected for viewing
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters. Learn more about bidirectional Unicode charactersOriginal file line number Diff line number Diff line change @@ -186,6 +186,21 @@ gcloud compute instance-templates create nat-2 \ --metadata-from-file=startup-script=startup.sh --address $nat_2_ip ``` ### route tag the instances with `no-ips` ``` gcloud compute instances add-tags existing-instance --tags no-ip ``` ``` gcloud compute routes create no-ip-internet-route \ --network custom-network1 \ --destination-range 0.0.0.0/0 \ --next-hop-instance nat-gateway \ --next-hop-instance-zone us-central1-a \ --tags no-ip --priority 800 ``` ## layer 3 network lb ``` gcloud compute firewall-rules create www-firewall --allow tcp:80 -
Aug 26, 2018 . 1 changed file with 6 additions and 0 deletions.There are no files selected for viewing
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters. Learn more about bidirectional Unicode charactersOriginal file line number Diff line number Diff line change @@ -175,9 +175,15 @@ gcloud compute instance-groups managed create nginx-group \ https://cloud.google.com/vpc/docs/special-configurations#multiple-natgateways ``` gsutil cp gs://nat-gw-template/startup.sh . gcloud compute instance-templates create nat-1 \ --machine-type n1-standard-2 --can-ip-forward --tags natgw \ --metadata-from-file=startup-script=startup.sh --address $nat_1_ip gcloud compute instance-templates create nat-2 \ --machine-type n1-standard-2 --can-ip-forward --tags natgw \ --metadata-from-file=startup-script=startup.sh --address $nat_2_ip ``` ## layer 3 network lb -
Aug 26, 2018 . 1 changed file with 9 additions and 0 deletions.There are no files selected for viewing
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters. Learn more about bidirectional Unicode charactersOriginal file line number Diff line number Diff line change @@ -171,6 +171,15 @@ gcloud compute instance-groups managed create nginx-group \ --target-pool nginx-pool ``` ### MIG with startup and shutdown scripts https://cloud.google.com/vpc/docs/special-configurations#multiple-natgateways ``` gcloud compute instance-templates create nat-1 \ --machine-type n1-standard-2 --can-ip-forward --tags natgw \ --metadata-from-file=startup-script=startup.sh --address $nat_1_ip ``` ## layer 3 network lb ``` gcloud compute firewall-rules create www-firewall --allow tcp:80 -
Aug 16, 2018 . 1 changed file with 8 additions and 0 deletions.There are no files selected for viewing
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters. Learn more about bidirectional Unicode charactersOriginal file line number Diff line number Diff line change @@ -254,6 +254,14 @@ gcloud compute instances list --filter='name:prod-es*' --format='value(INTERNAL_ ## move instance `gcloud compute instances move <instance_wanna_move> --destination-zone=us-central1-a --zone=us-central1-c` ## ssh & scp ``` #--verbosity=debug is great for debugging, showing the SSH command # the following is a real word example for running a bastion server that talks to a GKE cluster (master authorized network) gcloud compute ssh --verbosity=debug <instance_name> --command "kubectl get nodes" gcloud compute scp --recurse ../manifest <instance_name>: ``` ## generate ssh config ``` -
Aug 13, 2018 . 1 changed file with 11 additions and 2 deletions.There are no files selected for viewing
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters. Learn more about bidirectional Unicode charactersOriginal file line number Diff line number Diff line change @@ -22,6 +22,16 @@ kubectl uses OAuth token generated by gcloud info --format flattened export PROJECT=$(gcloud info --format='value(config.project)') ``` ## projects ``` # get project_id project_id=$(gcloud config get-value core/project) project_id=$(gcloud config list project --format='value(core.project)') # get project_number gcloud projects list --filter="name:${project_id}" --format='value(project_number)' ``` ## switch gcloud context with gcloud config @@ -34,8 +44,7 @@ gcloud config set compute/region us-west1 gcloud config set compute/zone us-west1-a alias demo='gcloud config set account [email protected] && gcloud config set project salt-163215 && gcloud config set compute/region us-west1 && gcloud config set compute/zone us-west1-a' cluster=$(gcloud config get-value container/cluster 2> /dev/null) zone=$(gcloud config get-value compute/zone 2> /dev/null) -
Aug 12, 2018 . 1 changed file with 0 additions and 0 deletions.There are no files selected for viewing
File renamed without changes. -
pydevops revised this gist
Jun 25, 2018 . 1 changed file with 14 additions and 0 deletions.There are no files selected for viewing
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters. Learn more about bidirectional Unicode charactersOriginal file line number Diff line number Diff line change @@ -46,6 +46,20 @@ gcloud config set project $(gcloud projects list --filter='name:wordpress-dev' - # get the GKE cluster endpoint gcloud container clusters describe mycluster --zone $(gcloud config get-value compute/zone) --format='get(endpoint)' ``` ``` command -v gcloud >/dev/null 2>&1 || { \ echo >&2 "I require gcloud but it's not installed. Aborting."; exit 1; } REGION=$(gcloud config get-value compute/region) if [[ -z "${REGION}" ]]; then echo "https://cloud.google.com/compute/docs/regions-zones/changing-default-zone-region" 1>&2 echo "gcloud cli must be configured with a default region." 1>&2 echo "run 'gcloud config set compute/region REGION'." 1>&2 echo "replace 'REGION' with the region name like us-west1." 1>&2 exit 1; fi ``` -
Jun 20, 2018 . 1 changed file with 17 additions and 6 deletions.There are no files selected for viewing
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters. Learn more about bidirectional Unicode charactersOriginal file line number Diff line number Diff line change @@ -267,18 +267,29 @@ curl "http://metadata.google.internal/computeMetadata/v1/instance/?recursive=tru gcloud compute project-info describe ``` ## StackDriver logging ``` gcloud logging read "timestamp >= \"2018-04-19T00:30:00Z\" and logName=projects/${project_id}/logs/requests and resource.type=http_load_balancer" --format="csv(httpRequest.remoteIp,httpRequest.requestUrl,timestamp)" --project=${project_id} ``` ## Enable Service ``` gcloud services enable cloudapis.googleapis.com gcloud services enable cloudresourcemanager.googleapis.com gcloud services enable compute.googleapis.com gcloud services enable container.googleapis.com gcloud services enable containerregistry.googleapis.com gcloud services enable cloudbuild.googleapis.com gcloud services enable iam.googleapis.com gcloud services enable logging.googleapis.com gcloud services enable monitoring.googleapis.com gcloud services enable storage-api.googleapis.com gcloud services enable storage-component.googleapis.com gcloud services enable sourcerepo.googleapis.com ``` ``` function enable-service() { SERVICE=$1 if [[ $(gcloud services list --format="value(serviceConfig.name)" \ --filter="serviceConfig.name:$SERVICE" 2>&1) != \ @@ -290,7 +301,7 @@ function enable-api() { fi } enable-service container.googleapis.com ``` ## Client libraries you can use to connect to Google APIs -
Jun 20, 2018 . 1 changed file with 1 addition and 1 deletion.There are no files selected for viewing
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters. Learn more about bidirectional Unicode charactersOriginal file line number Diff line number Diff line change @@ -45,7 +45,7 @@ project=$(gcloud config get-value core/project 2> /dev/null) gcloud config set project $(gcloud projects list --filter='name:wordpress-dev' --format='value(project_id)') # get the GKE cluster endpoint gcloud container clusters describe mycluster --zone $(gcloud config get-value compute/zone) --format='get(endpoint)' ``` -
Jun 20, 2018 . 1 changed file with 1 addition and 6 deletions.There are no files selected for viewing
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters. Learn more about bidirectional Unicode charactersOriginal file line number Diff line number Diff line change @@ -293,11 +293,6 @@ function enable-api() { enable-api container.googleapis.com ``` ## Client libraries you can use to connect to Google APIs * https://medium.com/google-cloud/simple-google-api-auth-samples-for-service-accounts-installed-application-and-appengine-da30ee4648 -
Jun 20, 2018 . 1 changed file with 18 additions and 1 deletion.There are no files selected for viewing
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters. Learn more about bidirectional Unicode charactersOriginal file line number Diff line number Diff line change @@ -192,7 +192,6 @@ gcloud compute forwarding-rules list ``` ## forwarding-rules ``` gcloud compute forwarding-rules list --filter=$(dig +short <dns_name>) gcloud compute forwarding-rules describe my-forwardingrule --region us-central1 @@ -276,6 +275,24 @@ gcloud compute project-info describe ``` gcloud logging read "timestamp >= \"2018-04-19T00:30:00Z\" and logName=projects/${project_id}/logs/requests and resource.type=http_load_balancer" --format="csv(httpRequest.remoteIp,httpRequest.requestUrl,timestamp)" --project=${project_id} ``` ## Enable Service ``` function enable-api() { SERVICE=$1 if [[ $(gcloud services list --format="value(serviceConfig.name)" \ --filter="serviceConfig.name:$SERVICE" 2>&1) != \ "$SERVICE" ]]; then echo "Enabling $SERVICE" gcloud services enable $SERVICE else echo "$SERVICE is already enabled" fi } enable-api container.googleapis.com ``` ## API * https://medium.com/google-cloud/simple-google-api-auth-samples-for-service-accounts-installed-application-and-appengine-da30ee4648 -
Jun 20, 2018 . 1 changed file with 0 additions and 87 deletions.There are no files selected for viewing
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters. Learn more about bidirectional Unicode charactersOriginal file line number Diff line number Diff line change @@ -86,50 +86,6 @@ gcloud iam service-accounts list --filter='email ~ [0-9]*-compute@.*' --form gcloud iam service-accounts add-iam-policy-binding [email protected] --member='serviceAccount:[email protected]' --role='roles/iam.serviceAccountActor' ``` ## bash * https://medium.com/@Joachim8675309/getting-started-with-gcloud-sdk-part-1-114924737 @@ -312,49 +268,6 @@ curl "http://metadata.google.internal/computeMetadata/v1/instance/?recursive=tru gcloud compute project-info describe ``` ## GCR * https://gist.github.com/ahmetb/7ce6d741bd5baa194a3fac6b1fec8bb7 * https://medium.com/google-cloud/gcr-io-tips-tricks-d80b3c67cb64 -
Jun 20, 2018 . 1 changed file with 43 additions and 0 deletions.There are no files selected for viewing
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters. Learn more about bidirectional Unicode charactersOriginal file line number Diff line number Diff line change @@ -312,6 +312,49 @@ curl "http://metadata.google.internal/computeMetadata/v1/instance/?recursive=tru gcloud compute project-info describe ``` ## Cloud SQL ``` gcloud sql instances create $INSTANCE_NAME \ --database-version POSTGRES_9_6 \ --region "$INSTANCE_REGION" \ --tier db-f1-micro \ --storage-type HDD \ --async > /dev/null echo "Cloud SQL instance creation started.." # Running a loop to wait for the Cloud SQL instance to become "RUNNABLE" for run in {1..60} do echo "Waiting for instance to finish starting.." gcloud sql instances describe $INSTANCE_NAME \ --format="default(state)" | grep RUNNABLE rc=$? if [[ rc -eq 0 ]]; then break fi sleep 10 done gcloud sql instances describe $INSTANCE_NAME \ --format="default(state)" | grep RUNNABLE rc=$? if [[ rc -eq 1 ]]; then echo "Instance creation failed or is taking unusually long" exit 1 elif [[ rc -eq 0 ]]; then echo "Instance creation completed" fi # Making a Postgres user that is allowed to connect from any host gcloud sql users create $USER_NAME \ '%' \ --instance $INSTANCE_NAME \ --password $USER_PASSWORD ``` ## GCR * https://gist.github.com/ahmetb/7ce6d741bd5baa194a3fac6b1fec8bb7 * https://medium.com/google-cloud/gcr-io-tips-tricks-d80b3c67cb64 -
Jun 20, 2018 . 1 changed file with 43 additions and 1 deletion.There are no files selected for viewing
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters. Learn more about bidirectional Unicode charactersOriginal file line number Diff line number Diff line change @@ -24,7 +24,6 @@ export PROJECT=$(gcloud info --format='value(config.project)') ``` ## switch gcloud context with gcloud config ``` gcloud config list @@ -87,7 +86,50 @@ gcloud iam service-accounts list --filter='email ~ [0-9]*-compute@.*' --form gcloud iam service-accounts add-iam-policy-binding [email protected] --member='serviceAccount:[email protected]' --role='roles/iam.serviceAccountActor' ``` ``` SA_NAME=$USER-sa NODE_SA_NAME=$USER-node-sa PROJECT=$(gcloud config get-value core/project) if [ -z "$PROJECT" ]; then echo "No default project set. Please set one with gcloud config" exit 1 fi FULL_SA_NAME=$SA_NAME@$PROJECT.iam.gserviceaccount.com FULL_NODE_SA_NAME=$NODE_SA_NAME@$PROJECT.iam.gserviceaccount.com gcloud iam service-accounts create $SA_NAME --display-name $SA_NAME gcloud iam service-accounts create $NODE_SA_NAME --display-name $NODE_SA_NAME # This is the policy for the container that will communicate with Cloud SQL Proxy # The only permissions it needs is roles/cloudsql.client # Remember, least privilege gcloud projects add-iam-policy-binding $PROJECT \ --member serviceAccount:$FULL_SA_NAME \ --role roles/cloudsql.client > /dev/null # We are building a low privilege service account for the GKE nodes # The actual privileged SAs are built on a per-container basis # These three privileges are the minimum needed for a functioning node # per the GKE docs # https://cloud.google.com/kubernetes-engine/docs/how-to/hardening-your-cluster#use_least_privilege_service_accounts_for_your_nodes gcloud projects add-iam-policy-binding $PROJECT \ --member serviceAccount:$FULL_NODE_SA_NAME \ --role roles/logging.logWriter > /dev/null gcloud projects add-iam-policy-binding $PROJECT \ --member serviceAccount:$FULL_NODE_SA_NAME \ --role roles/monitoring.metricWriter > /dev/null gcloud projects add-iam-policy-binding $PROJECT \ --member serviceAccount:$FULL_NODE_SA_NAME \ --role roles/monitoring.viewer > /dev/null gcloud iam service-accounts keys create credentials.json --iam-account $FULL_SA_NAME ``` ## bash * https://medium.com/@Joachim8675309/getting-started-with-gcloud-sdk-part-1-114924737 -
May 24, 2018 . 1 changed file with 6 additions and 0 deletions.There are no files selected for viewing
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters. Learn more about bidirectional Unicode charactersOriginal file line number Diff line number Diff line change @@ -249,6 +249,12 @@ gcloud compute disks snapshot kafka-data1-1 --async --snapshot-names=kafka-data- Use [gcloud compute operations describe URI] command to check the status of the operation(s). ``` ## regional disk ``` gcloud beta compute instance attach-disk micro1 --disk pd-west1 --disk-scope regional gcloud beta compute instance detach-disk micro1 --disk pd-west1 --disk-scope regional ``` ## debugging ``` gcloud compute instances list --log-http -
May 15, 2018 . 1 changed file with 6 additions and 4 deletions.There are no files selected for viewing
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters. Learn more about bidirectional Unicode charactersOriginal file line number Diff line number Diff line change @@ -121,12 +121,14 @@ curl -v "https://cloudkms.googleapis.com/v1/projects/$DEVSHELL_PROJECT_ID/locati -d "{\"ciphertext\":\"$(cat 1.encrypted)\"}" \ -H "Authorization:Bearer $(gcloud auth application-default print-access-token)"\ -H "Content-Type:application/json" \ | jq .plaintext -r | base64 -d ``` ## want to get the gcloud command for creating an instance? from web console ``` gcloud beta compute --project=victory-demo-dev instances create micro1 --zone=us-west1-a --machine-type=f1-micro --subnet=default --network-tier=PREMIUM --maintenance-policy=MIGRATE --service-account=398028291895-compute@developer.gserviceaccount.com --scopes=https://www.googleapis.com/auth/devstorage.read_only,https://www.googleapis.com/auth/logging.write,https://www.googleapis.com/auth/monitoring.write,https://www.googleapis.com/auth/servicecontrol,https://www.googleapis.com/auth/service.management.readonly,https://www.googleapis.com/auth/trace.append --min-cpu-platform=Automatic --image=debian-9-stretch-v20180510 --image-project=debian-cloud --boot-disk-size=10GB --boot-disk-type=pd-standard --boot-disk-device-name=micro1 ``` ## instances, template, target-pool and instance group ``` -
May 10, 2018 . 1 changed file with 26 additions and 0 deletions.There are no files selected for viewing
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters. Learn more about bidirectional Unicode charactersOriginal file line number Diff line number Diff line change @@ -99,6 +99,32 @@ gcloud iam service-accounts add-iam-policy-binding infrastructure@retviews-15490 gcloud kms keyrings list --location global # list all keys in my_key_ring gcloud kms keys list --keyring my_key_ring --location global # grant KMS IAM permission to a sv account $USER_EMAIL gcloud kms keyrings add-iam-policy-binding $KEYRING_NAME \ --location global \ --member user:$USER_EMAIL \ --role roles/cloudkms.admin gcloud kms keyrings add-iam-policy-binding $KEYRING_NAME \ --location global \ --member user:$USER_EMAIL \ --role roles/cloudkms.admin # Encrypt and Decrypt in REST API curl -v "https://cloudkms.googleapis.com/v1/projects/$DEVSHELL_PROJECT_ID/locations/global/keyRings/$KEYRING_NAME/cryptoKeys/$CRYPTOKEY_NAME:encrypt" \ -d "{\"plaintext\":\"$PLAINTEXT\"}" \ -H "Authorization:Bearer $(gcloud auth application-default print-access-token)"\ -H "Content-Type:application/json" \ | jq .ciphertext -r > 1.encrypted curl -v "https://cloudkms.googleapis.com/v1/projects/$DEVSHELL_PROJECT_ID/locations/global/keyRings/$KEYRING_NAME/cryptoKeys/$CRYPTOKEY_NAME:decrypt" \ -d "{\"ciphertext\":\"$(cat 1.encrypted)\"}" \ -H "Authorization:Bearer $(gcloud auth application-default print-access-token)"\ -H "Content-Type:application/json" \ | jq .plaintext -r | base64 -d ```
Victor Yang
revised
this gist NewerOlder