Gcp Notes: Difference between revisions

Overview

Auth

get the auth file and then:

export GOOGLE_APPLICATION_CREDENTIALS="/usr/home/user/.gcp/XXX-XXX.json"

whoami ?

gcloud auth list

gsutil version -l

The gsutil will show legacy boto files:

${HOME}/.config/gcloud/legacy_credentials/udavid.thornton@tripstack.com/.boto

but in the same dir there is:

${HOME}/.config/gcloud/legacy_credentials/david.thornton@tripstack.com/adc.json

whcih you can put in the GOOGLE_APPLICATION_CREDENTIALS env var.

There a couple of env vars, it's not clear when to use which one. It's a bit all over the place. At this time GOOGLE_APPLICATION_CREDENTIALS works in the most places I care about ( terraform )

echo ${GOOGLE_CREDENTIALS}
echo ${GOOGLE_CLOUD_KEYFILE_JSON}
echo ${GCLOUD_KEYFILE_JSON}

Storage

Types of storage, how to choose:

https://cloud.google.com/storage-options/

Compute

https://cloud.google.com/sdk/gcloud/reference/compute/instances/create

how do I like project and familiy for well known images for terraform builds?

gcloud compute images list  --standard-images

OS Login

So you want to just ssh into the vm like you do everything else, you don't want to use

gcloud ssh login

or the "in browser" ssh client.

great , you want "OS Login"

lots of steps:

1. for the VM set the enable-oslogin meta data value to "TRUE"

in tf like this:

  metadata  = {
    enable-oslogin = "TRUE"
  }

2. give the user the correct roles:

Computer OS Login ( for vanilla , non-root access )
Compute OS Admin login ( for root access via sudo )

via command line this I think:

gcloud projects add-iam-policy-binding project-ID --member \
 serviceAccount:"velos-manager@project-ID.iam.gserviceaccount.com" \
 --role "roles/iam.serviceAccountUser"
 --no-user-output-enabled --quiet

How Tos

single node NFS

https://medium.com/google-cloud/gke-with-google-cloud-single-node-filer-nfs-4c4dc569964f

Reading

Hashes and ETags

Best Practices

https://cloud.google.com/storage/docs/hashes-etags