GCP Commands
gcloud compute instances list –sort-by=ZONE
VM Instance
gcloud compute instances create vpc-demo-instance1 --machine-type=e2-medium --zone "ZONE" --subnet vpc-demo-subnet1
export LOCATION=US
gcloud storage buckets create -l $LOCATION gs://$DEVSHELL_PROJECT_ID
# Retrieve a banner image from a publicly accessible Cloud Storage location:
gcloud storage cp gs://cloud-training/gcpfci/my-excellent-blog.png my-excellent-blog.png
gcloud storage cp my-excellent-blog.png gs://$DEVSHELL_PROJECT_ID/my-excellent-blog.png
gsutil acl ch -u allUsers:R gs://$DEVSHELL_PROJECT_ID/my-excellent-blog.png
SSH
gcloud compute ssh vm-internal --zone us-central1-f --tunnel-through-iap
gcloud auth list
gcloud config list project
gcloud services enable run.googleapis.com
gcloud config set compute/region us-east4
LOCATION="us-east4"
gcloud builds submit --tag gcr.io/$GOOGLE_CLOUD_PROJECT/helloworld
gcloud container images list
gcloud auth configure-docker
gcloud run deploy --image gcr.io/$GOOGLE_CLOUD_PROJECT/helloworld --allow-unauthenticated --region=$LOCATION
# Delete
gcloud container images delete gcr.io/$GOOGLE_CLOUD_PROJECT/helloworld
gcloud run services delete helloworld --region=us-east4
The Cloud Console is a graphical user interface and Cloud Shell is a command-line tool. Both tools allow you to interact with Google Cloud. Even though the Cloud Console can do things Cloud Shell can’t do and vice-versa, don’t think of them as alternatives, but think of them as one extremely flexible and powerful interface.
gcloud storage buckets create gs://chapribucket
gcloud storage cp test.png gs://chapribucket2
gcloud compute regions list
INFRACLASS_REGION=[YOUR_REGION]
Networks
gcloud compute networks create managementnet --project=qwiklabs-gcp-00-eb0d1773ac6c --subnet-mode=custom --mtu=1460 --bgp-routing-mode=regional --bgp-best-path-selection-mode=legacy
gcloud compute networks subnets create managementsubnet-us --project=qwiklabs-gcp-00-eb0d1773ac6c --range=10.240.0.0/20 --stack-type=IPV4_ONLY --network=managementnet --region=us-east1
gcloud compute networks create privatenet --subnet-mode=custom
gcloud compute networks subnets create privatesubnet-us --network=privatenet --region=us-east1 --range=172.16.0.0/24
gcloud compute networks subnets create privatesubnet-notus --network=privatenet --region=asia-southeast1 --range=172.20.0.0/20
gcloud compute networks list
gcloud compute networks subnets list --sort-by=NETWORK
# firewall
gcloud compute --project=qwiklabs-gcp-00-eb0d1773ac6c firewall-rules create managementnet-allow-icmp-ssh-rdp --direction=INGRESS --priority=1000 --network=managementnet --action=ALLOW --rules=tcp:22,tcp:3389 --source-ranges=0.0.0.0/0
gcloud compute firewall-rules create privatenet-allow-icmp-ssh-rdp --direction=INGRESS --priority=1000 --network=privatenet --action=ALLOW --rules=icmp,tcp:22,tcp:3389 --source-ranges=0.0.0.0/0
gcloud compute ssh vm-internal --zone us-central1-f --tunnel-through-iap
#Debian
free
sudo dmidecode -t 17
nproc
lscpu
ACL with buckets
Copy the file to the bucket and configure the access control list
gcloud storage cp setup.html gs://$BUCKET_NAME_1/
gsutil acl get gs://$BUCKET_NAME_1/setup.html > acl.txt
cat acl.txt
# set the access list to private and verify the results
gsutil acl set private gs://$BUCKET_NAME_1/setup.html
gsutil acl get gs://$BUCKET_NAME_1/setup.html > acl2.txt
cat acl2.txt
# update the access list to make the file publicly readable
gsutil acl ch -u AllUsers:R gs://$BUCKET_NAME_1/setup.html
gsutil acl get gs://$BUCKET_NAME_1/setup.html > acl3.txt
cat acl3.txt
Customer-supplied encryption keys (CSEK)
-- create AES-256 base-64 key.
python3 -c 'import base64; import os;
print(base64.encodebytes(os.urandom(32)))'
# The encryption controls are contained in a gsutil configuration file named .bot
gsutil config -n
nano .boto
#set encryption_key= and decryption_1 keys
gsutil cp setup2.html gs://$BUCKET_NAME_1/
gsutil cp setup3.html gs://$BUCKET_NAME_1/
Enable lifecycle management
gsutil lifecycle get gs://$BUCKET_NAME_1
nano life.json
life.json
{
"rule":
[
{
"action": {"type": "Delete"},
"condition": {"age": 31}
}
]
}
gsutil lifecycle set life.json gs://$BUCKET_NAME_1
gsutil lifecycle get gs://$BUCKET_NAME_1
Enable versioning
gsutil versioning get gs://$BUCKET_NAME_1
gsutil versioning set on gs://$BUCKET_NAME_1
gcloud storage ls -a gs://$BUCKET_NAME_1/setup.html
Synchronize a directory to a bucket
mkdir firstlevel
mkdir ./firstlevel/secondlevel
cp setup.html firstlevel
cp setup.html firstlevel/secondlevel
# sync the firstlevel directory on the VM with your bucket
gsutil rsync -r ./firstlevel gs://$BUCKET_NAME_1/firstlevel
VPC & Cloud Interconnect
# create a VPC network called vpc-demo
gcloud compute networks create vpc-demo --subnet-mode custom
# create subnet vpc-demo-subnet1 in the region REGION 1
gcloud compute networks subnets create vpc-demo-subnet1 \
--network vpc-demo --range 10.1.1.0/24 --region "us-east1"
# Create subnet vpc-demo-subnet2 in the region REGION 2:
gcloud compute networks subnets create vpc-demo-subnet2 \
--network vpc-demo --range 10.2.1.0/24 --region us-central1
# Create a firewall rule to allow all custom traffic within the network:
gcloud compute firewall-rules create vpc-demo-allow-custom \
--network vpc-demo \
--allow tcp:0-65535,udp:0-65535,icmp \
--source-ranges 10.0.0.0/8
# Create a firewall rule to allow SSH, ICMP traffic from anywhere
gcloud compute firewall-rules create vpc-demo-allow-ssh-icmp \
--network vpc-demo \
--allow tcp:22,icmp
Create HA VPN
In Cloud Shell, create an HA VPN in the vpc-demo & on-prem network
gcloud compute vpn-gateways create vpc-demo-vpn-gw1 --network vpc-demo --region "REGION"
gcloud compute vpn-gateways create on-prem-vpn-gw1 --network on-prem --region "REGION"
# Output
Creating VPN Gateway...done.
NAME: vpc-demo-vpn-gw1
INTERFACE0: 35.242.117.95
INTERFACE1: 35.220.73.93
NETWORK: vpc-demo
REGION: "REGION"
View details of the vpc-demo-vpn-gw1 gateway to verify its settings:
gcloud compute vpn-gateways describe vpc-demo-vpn-gw1 --region "REGION"
gcloud compute vpn-gateways describe on-prem-vpn-gw1 --region "Region"
Create Cloud Routers
Create a cloud router in the vpc-demo & on-prem network
gcloud compute routers create vpc-demo-router1 \
--region "REGION" \
--network vpc-demo \
--asn 65001
gcloud compute routers create on-prem-router1 \
--region "REGION" \
--network on-prem \
--asn 65002
Create VPN Tunnels
# Create the first VPN tunnel in the vpc-demo network:
gcloud compute vpn-tunnels create vpc-demo-tunnel0 \
--peer-gcp-gateway on-prem-vpn-gw1 \
--region "REGION" \
--ike-version 2 \
--shared-secret [SHARED_SECRET] \
--router vpc-demo-router1 \
--vpn-gateway vpc-demo-vpn-gw1 \
--interface 0
# Create the second VPN tunnel in the vpc-demo network:
gcloud compute vpn-tunnels create vpc-demo-tunnel1 \
--peer-gcp-gateway on-prem-vpn-gw1 \
--region "REGION" \
--ike-version 2 \
--shared-secret [SHARED_SECRET] \
--router vpc-demo-router1 \
--vpn-gateway vpc-demo-vpn-gw1 \
--interface 1
# Create the first VPN tunnel in the on-prem network:
gcloud compute vpn-tunnels create on-prem-tunnel0 \
--peer-gcp-gateway vpc-demo-vpn-gw1 \
--region "REGION" \
--ike-version 2 \
--shared-secret [SHARED_SECRET] \
--router on-prem-router1 \
--vpn-gateway on-prem-vpn-gw1 \
--interface 0
# Create the second VPN tunnel in the on-prem network:
gcloud compute vpn-tunnels create on-prem-tunnel1 \
--peer-gcp-gateway vpc-demo-vpn-gw1 \
--region "REGION" \
--ike-version 2 \
--shared-secret [SHARED_SECRET] \
--router on-prem-router1 \
--vpn-gateway on-prem-vpn-gw1 \
--interface 1
Create Border Gateway Protocol (BGP) peering for each tunnel
Create the router interface for tunnel0 in network vpc-demo:
gcloud compute routers add-interface vpc-demo-router1 \
--interface-name if-tunnel0-to-on-prem \
--ip-address 169.254.0.1 \
--mask-length 30 \
--vpn-tunnel vpc-demo-tunnel0 \
--region "REGION"
Create the BGP peer for tunnel0 in network vpc-demo:
gcloud compute routers add-bgp-peer vpc-demo-router1 \
--peer-name bgp-on-prem-tunnel0 \
--interface if-tunnel0-to-on-prem \
--peer-ip-address 169.254.0.2 \
--peer-asn 65002 \
--region "REGION"
Create a router interface for tunnel1 in network vpc-demo:
gcloud compute routers add-interface vpc-demo-router1 \
--interface-name if-tunnel1-to-on-prem \
--ip-address 169.254.1.1 \
--mask-length 30 \
--vpn-tunnel vpc-demo-tunnel1 \
--region "REGION"
Create the BGP peer for tunnel1 in network vpc-demo:
gcloud compute routers add-bgp-peer vpc-demo-router1 \
--peer-name bgp-on-prem-tunnel1 \
--interface if-tunnel1-to-on-prem \
--peer-ip-address 169.254.1.2 \
--peer-asn 65002 \
--region "REGION"
Create a router interface for tunnel0 in network on-prem:
gcloud compute routers add-interface on-prem-router1 \
--interface-name if-tunnel0-to-vpc-demo \
--ip-address 169.254.0.2 \
--mask-length 30 \
--vpn-tunnel on-prem-tunnel0 \
--region "REGION"
Create the BGP peer for tunnel0 in network on-prem:
gcloud compute routers add-bgp-peer on-prem-router1 \
--peer-name bgp-vpc-demo-tunnel0 \
--interface if-tunnel0-to-vpc-demo \
--peer-ip-address 169.254.0.1 \
--peer-asn 65001 \
--region "REGION"
Create a router interface for tunnel1 in network on-prem:
gcloud compute routers add-interface on-prem-router1 \
--interface-name if-tunnel1-to-vpc-demo \
--ip-address 169.254.1.2 \
--mask-length 30 \
--vpn-tunnel on-prem-tunnel1 \
--region "REGION"
Create the BGP peer for tunnel1 in network on-prem:
gcloud compute routers add-bgp-peer on-prem-router1 \
--peer-name bgp-vpc-demo-tunnel1 \
--interface if-tunnel1-to-vpc-demo \
--peer-ip-address 169.254.1.1 \
--peer-asn 65001 \
--region "REGION"
View details of Cloud Router vpc-demo-router1 to verify its settings:
gcloud compute routers describe vpc-demo-router1 \
--region "REGION"
gcloud compute routers describe on-prem-router1 \
--region "REGION"
Connect K8S
gcloud container clusters get-credentials cluster-1 --zone us-central1-c --project qwiklabs-gcp-04-9b06733dbf8c
kubectl get nodes
gcloud artifacts repositories create devops-demo \
--repository-format=docker \
--location=us-central1
gcloud auth configure-docker us-central1-docker.pkg.dev
Creating cluster
Check k8s commands