Welcome to the exciting world of Google Cloud! In this tutorial, we will guide you through the process of setting up and configuring a robust cloud environment using Google Cloud Platform (GCP). Specifically, we’ll be tackling the GSP321 Challenge Lab, an engaging hands-on experience designed to enhance your skills in cloud computing.
Whether you’re a beginner eager to explore cloud technologies or an experienced professional looking to sharpen your GCP expertise, this tutorial is tailored for you. By the end of this guide, you’ll have successfully navigated through the challenges posed in GSP321, gaining valuable insights into creating and optimizing a cloud environment in Google Cloud. Let’s dive in and conquer the Google Cloud Challenge together!
Create a Custom VPC Network:
gcloud compute networks create griffin-dev-vpc --subnet-mode custom
gcloud compute networks create: This command is used to create a new VPC network in Google Cloud.
griffin-dev-vpc: This is the name assigned to the new VPC network. You can replace it with a name of your choice.
–subnet-mode custom: This option specifies that the VPC will use custom subnets. Custom subnets allow for more flexibility in defining IP address ranges for subnets within the VPC.
Create a Subnet for WordPress (wp):
gcloud compute networks subnets create griffin-dev-wp --network=griffin-dev-vpc --region us-east1 --range=192.168.16.0/20
gcloud compute networks subnets create: This command creates a new subnet within the specified VPC.
griffin-dev-wp: This is the name assigned to the subnet for WordPress. You can choose a different name if desired.
–network=griffin-dev-vpc: This flag specifies the parent VPC network for the subnet.
–region us-east1: This flag specifies the region where the subnet will be created (in this case, us-east1). You can change the region based on your requirements.
–range=192.168.16.0/20: This flag sets the IP address range for the subnet. In this example, the subnet will have IP addresses in the range from 192.168.16.0 to 192.168.31.255.
Create a Subnet for Management (mgmt):
gcloud compute networks subnets create griffin-dev-mgmt --network=griffin-dev-vpc --region us-east1 --range=192.168.32.0/20
This command is similar to the previous one, but it creates a subnet named griffin-dev-mgmt for management purposes.
The –range flag sets the IP address range for this subnet, which is 192.168.32.0 to 192.168.47.255 in this case.
These commands are part of the process of creating a custom VPC network with two subnets, one for WordPress and another for management, within the specified IP address ranges. This kind of network setup is common in cloud environments to isolate different components and enhance security and manageability.
gsutil cp
gsutil cp -r gs://cloud-training/gsp321/dm .
gsutil cp: This command is used to copy files and directories to and from Google Cloud Storage.
-r: This flag stands for “recursive” and is used to copy directories and their contents.
gs://cloud-training/gsp321/dm: This is the source location in Google Cloud Storage. It specifies the path to the source files or directory you want to copy. In this case, it’s copying from the bucket cloud-training and the path gsp321/dm.
.: This is the destination location on the local machine. In this case, it represents the current directory. The files and directories from the source in Google Cloud Storage will be copied to the current directory on the local machine.
Deployment Using Google Cloud Deployment Manager
cd dm
cd: This command is used to change the current working directory.
dm: This is the directory to which the script is changing. It stands for Deployment Manager, suggesting that it might be related to managing deployments.
sed -i s/SET_REGION/us-east1/g prod-network.yaml
sed: This is the stream editor command.
-i: This flag stands for “in-place,” indicating that the changes should be made directly to the file specified.
s/SET_REGION/us-east1/g: This is the substitution command. It replaces all occurrences of SET_REGION with us-east1 in the file.
prod-network.yaml: This is the name of the file on which the substitution is being performed.
gcloud deployment-manager deployments create prod-network --config=prod-network.yaml
gcloud deployment-manager deployments create: This command creates a new deployment using Google Cloud Deployment Manager.
prod-network: This is the name assigned to the deployment.
–config=prod-network.yaml: This flag specifies the configuration file (prod-network.yaml) to be used for the deployment.
cd ..
This command changes the current working directory back to the parent directory.
Create a Compute Engine Instance (bastion):
gcloud compute instances create bastion --network-interface=network=griffin-dev-vpc,subnet=griffin-dev-mgmt --network-interface=network=griffin-prod-vpc,subnet=griffin-prod-mgmt --tags=ssh --zone=us-east1-b
gcloud compute instances create: This command is used to create a new Compute Engine instance.
bastion: This is the name assigned to the new instance.
–network-interface=network=griffin-dev-vpc,subnet=griffin-dev-mgmt: This flag specifies the network and subnet for the first network interface.
–network-interface=network=griffin-prod-vpc,subnet=griffin-prod-mgmt: This flag specifies the network and subnet for the second network interface.
–tags=ssh: This flag assigns the tag “ssh” to the instance, which will be used in firewall rules to control access.
–zone=us-east1-b: This flag specifies the zone where the instance will be created (in this case, us-east1-b).
Create Firewall Rules
gcloud compute firewall-rules create fw-ssh-dev --source-ranges=0.0.0.0/0 --target-tags ssh --allow=tcp:22 --network=griffin-dev-vpc
gcloud compute firewall-rules create: This command is used to create a new firewall rule.
fw-ssh-dev: This is the name assigned to the firewall rule for SSH in the development VPC.
–source-ranges=0.0.0.0/0: This flag allows traffic from any source IP address.
–target-tags ssh: This flag specifies that the firewall rule applies to instances with the “ssh” tag.
–allow=tcp:22: This flag allows TCP traffic on port 22 (SSH).
–network=griffin-dev-vpc: This flag specifies the VPC network to which the firewall rule is applied.
gcloud compute firewall-rules create fw-ssh-prod --source-ranges=0.0.0.0/0 --target-tags ssh --allow=tcp:22 --network=griffin-prod-vpc
Similar to the previous command, this creates a firewall rule named fw-ssh-prod for SSH in the production VPC (griffin-prod-vpc).
Create a Google Cloud SQL Instance:
gcloud sql instances create griffin-dev-db --root-password password --region=us-east1
gcloud sql instances create: This command is used to create a new Google Cloud SQL instance.
griffin-dev-db: This is the name assigned to the new SQL instance. You can replace it with a name of your choice.
–root-password password: This flag sets the root password for the SQL instance. In this case, the password is set to “password.” You should replace it with a strong and secure password.
–region=us-east1: This flag specifies the region in which the SQL instance will be located.
gcloud sql connect griffin-dev-db
gcloud sql connect: This command is used to connect to a Google Cloud SQL instance.
griffin-dev-db: This is the name of the SQL instance to which the connection is being made.
After executing the gcloud sql connect command, the script expects you to enter the password interactively. In this case, the password is “password,” as set during the creation of the SQL instance. Once you enter the correct password, the connection to the SQL instance should be established.
Create a Database:
CREATE DATABASE wordpress;
This SQL statement creates a new database named “wordpress.”
CREATE USER "wp_user"@"%" IDENTIFIED BY "stormwind_rules";
This SQL statement creates a user named “wp_user” who is allowed to connect from any host (“%”). The user is identified by the password “stormwind_rules.” You should replace this password with a secure one.
GRANT ALL PRIVILEGES ON wordpress.* TO "wp_user"@"%";
This SQL statement grants all privileges on the “wordpress” database to the “wp_user” from any host (“%”). This allows the user to perform any operation on the specified database.
FLUSH PRIVILEGES;
This SQL statement reloads the privilege tables, applying the changes made by the GRANT statement. This ensures that the changes take effect immediately.
exit;
Create a Kubernetes Engine cluster:
gcloud container clusters create griffin-dev \ --network griffin-dev-vpc \ --subnetwork griffin-dev-wp \ --machine-type n1-standard-4 \ --num-nodes 2 \ --zone us-east1-b
gcloud container clusters create: This command is used to create a new Google Kubernetes Engine cluster.
griffin-dev: This is the name assigned to the new Kubernetes cluster. You can replace it with a name of your choice.
–network griffin-dev-vpc: This flag specifies the VPC network in which the cluster will be created.
–subnetwork griffin-dev-wp: This flag specifies the subnetwork (subnet) within the VPC where the cluster’s nodes will be placed.
–machine-type n1-standard-4: This flag specifies the machine type for the nodes in the cluster. In this case, it’s set to “n1-standard-4,” which represents a machine type with 4 vCPUs and 15 GB of memory.
–num-nodes 2: This flag sets the number of nodes in the cluster to 2. You can adjust this number based on your requirements.
–zone us-east1-b: This flag specifies the zone in which the cluster will be created (in this case, us-east1-b). You can change the zone based on your preferences or requirements.
gcloud container clusters get-credentials griffin-dev --zone us-east1-b
gcloud container clusters get-credentials: This command is used to fetch and set the kubectl credentials for a specific GKE cluster.
griffin-dev: This is the name of the GKE cluster for which you want to retrieve the credentials. Replace it with the name of your actual GKE cluster.
–zone us-east1-b: This flag specifies the zone where the GKE cluster is located. The kubectl credentials are specific to the cluster and its location.
cd ~/
cd: This command is used to change the current working directory.
~/: This is a shorthand notation for the home directory of the current user. This command changes the current directory to the home directory.
gsutil cp -r gs://cloud-training/gsp321/wp-k8s .
gsutil cp: This command is used to copy files to and from Google Cloud Storage.
-r: This flag stands for “recursive” and is used to copy directories and their contents.
gs://cloud-training/gsp321/wp-k8s: This is the source location in Google Cloud Storage. It specifies the path to the source files or directory you want to copy.
.: This is the destination location on the local machine. In this case, it represents the current directory (~), so the files from Google Cloud Storage will be copied to the home directory.
cd wp-k8s
cd: This command is used to change the current working directory.
wp-k8s: This is the name of the directory to which the script is changing.
sed -i s/username_goes_here/wp_user/g wp-env.yaml
sed: This is the stream editor command.
-i: This flag stands for “in-place,” indicating that the changes should be made directly to the file.
s/username_goes_here/wp_user/g: This is the substitution command. It replaces all occurrences of username_goes_here with wp_user in the file wp-env.yaml.
sed -i s/password_goes_here/stormwind_rules/g wp-env.yaml
Similar to the previous sed command, this one replaces all occurrences of password_goes_here with stormwind_rules in the file wp-env.yaml.
kubectl create -f wp-env.yaml
kubectl create: This command is used to create Kubernetes resources.
-f wp-env.yaml: This flag specifies the YAML file (wp-env.yaml) that contains the Kubernetes resource definitions. The resources defined in this file will be created in the Kubernetes cluster.
gcloud iam service-accounts keys create key.json --iam-account=cloud-sql-proxy@$GOOGLE_CLOUD_PROJECT.iam.gserviceaccount.com
gcloud iam service-accounts keys create: This command is used to create a new service account key.
key.json: This is the name assigned to the JSON file that will store the service account key.
–iam-account=cloud-sql-proxy@$GOOGLE_CLOUD_PROJECT.iam.gserviceaccount.com: This flag specifies the service account for which the key is being created. It is specific to Cloud SQL Proxy and likely represents a service account associated with a GCP project.
kubectl create secret generic cloudsql-instance-credentials --from-file key.json
kubectl create secret generic: This command creates a generic secret in Kubernetes.
cloudsql-instance-credentials: This is the name assigned to the Kubernetes secret.
–from-file key.json: This flag specifies that the content of the secret will be loaded from the file key.json. This file likely contains the service account key created in the previous step.
I=$(gcloud sql instances describe griffin-dev-db --format="value(connectionName)")
gcloud sql instances describe: This command is used to retrieve details about a Google Cloud SQL instance.
griffin-dev-db: This is the name of the SQL instance for which information is being fetched.
–format=”value(connectionName)”: This flag specifies the format of the output, specifically retrieving the connectionName and assigning it to the variable I.
sed -i s/YOUR_SQL_INSTANCE/$I/g wp-deployment.yaml
sed: This is the stream editor command.
-i: This flag stands for “in-place,” indicating that the changes should be made directly to the file.
s/YOUR_SQL_INSTANCE/$I/g: This is the substitution command. It replaces all occurrences of YOUR_SQL_INSTANCE with the value stored in the variable $I (the connectionName) in the file wp-deployment.yaml.
kubectl create -f wp-deployment.yaml
kubectl create -f: This command is used to create Kubernetes resources from a YAML file.
wp-deployment.yaml: This is the YAML file containing the definition for a Kubernetes Deployment. The updated file from the previous step is used to create the deployment.
kubectl create -f wp-service.yaml
Creates a Kubernetes Service using the definition in the YAML file wp-service.yaml.
Creating Uptime Check for WordPress:
Open the Google Cloud Console.
From the Navigation Menu, go to “Kubernetes Engine” and then select “Services and Ingress.”
Copy Endpoint’s Address:
Find the service or ingress associated with your WordPress deployment.
Look for the “Endpoints” section and copy the address of your WordPress service. This will be the URL you’ll use for the Uptime Check.
Navigate to Monitoring -> Uptime Checks:
From the Navigation Menu, go to “Monitoring” and then select “Uptime Checks.”
Create a New Uptime Check:
Click on the “+ CREATE UPTIME CHECK” button.
Configure Uptime Check:
Title: Enter a title for the Uptime Check, e.g., “WordPress Uptime.”
Next: Click “Next” to proceed to the next step.
Set Target Hostname and Path:
Target Hostname: Paste the copied Endpoint’s address here. Remove “http://” or “https://” from the beginning, so you have just the domain or IP address.
Path: Set the path to “/,” as this is the root path for WordPress.
Next: Click “Next” to proceed.
Configure Additional Settings:
Adjust any additional settings as needed (e.g., check frequency, timeout, and content match settings).
Next: Click “Next” to proceed.
Review and Create:
Review your Uptime Check configuration.
Create: Click “Create” to finalize and create the Uptime Check.
Verification:
Once created, you’ll see the newly added Uptime Check in the Uptime Checks list.
Adding a New Member with “Editor” Role:
Open the Google Cloud Console.
From the Navigation Menu, go to “IAM” and then select “IAM.”
Add New Member:
Look for the “ADD” button at the top of the IAM page and click on it.
In the “New members” field, enter the username provided in the Lab instruction page (Username 2).
Role: Select “Project” and then choose “Editor” from the role dropdown.
Save:
After specifying the new member and role, click the “Save” button to apply the changes.
Conclusion:
For the Kubernetes deployment, users learn to create a cluster, modify deployment configurations, and interact with Google Cloud SQL for database management. Additionally, the inclusion of Uptime Checks ensures continuous monitoring of service availability.
The IAM (Identity and Access Management) tasks demonstrate the importance of managing user roles and permissions. Adding a new member with the “Editor” role ensures proper authorization for project-level operations.
Overall, these instructions cover a comprehensive set of actions, empowering users to deploy and manage services efficiently on Google Cloud Platform. The combination of Kubernetes and database configurations, along with IAM controls, reflects a well-rounded approach to cloud infrastructure management.