Gcp Notes: Difference between revisions
No edit summary |
No edit summary |
||
Line 110: | Line 110: | ||
;single node NFS | ;single node NFS | ||
:https://medium.com/google-cloud/gke-with-google-cloud-single-node-filer-nfs-4c4dc569964f | :https://medium.com/google-cloud/gke-with-google-cloud-single-node-filer-nfs-4c4dc569964f | ||
== Annoyances == | |||
1. 'gcloud compute ssh' requires that you know what zone the instance is in. | |||
2. compute instances name change is destructive. Change the name? destroy and recreate :( | |||
3. Web gui search bar "redis" doesn't return "memorystore" ( gcp branded redis ) | |||
4. Web gui search bar "memorystore" yields no results. | |||
5. Web gui search bar quite slow. | |||
6. Web gui Load Balancers: default view not good for professionals. you must always go to "advanced" ( small text at the bootom of the list ). No way to configure it to always go to advanced. | |||
7. Web GUI load balancer, hard to "see" internal load balancers. | |||
== Reading == | == Reading == |
Revision as of 16:32, 24 June 2020
Overview
Auth
get the auth file and then:
export GOOGLE_APPLICATION_CREDENTIALS="/usr/home/user/.gcp/XXX-XXX.json"
whoami ?
gcloud auth list
gsutil version -l
The gsutil will show legacy boto files:
${HOME}/.config/gcloud/legacy_credentials/udavid.thornton@tripstack.com/.boto
but in the same dir there is:
${HOME}/.config/gcloud/legacy_credentials/david.thornton@tripstack.com/adc.json
which you can put in the GOOGLE_APPLICATION_CREDENTIALS env var.
There a couple of env vars, it's not clear when to use which one. It's a bit all over the place. At this time GOOGLE_APPLICATION_CREDENTIALS works in the most places I care about ( terraform )
echo ${GOOGLE_CREDENTIALS} echo ${GOOGLE_CLOUD_KEYFILE_JSON} echo ${GCLOUD_KEYFILE_JSON}
Projecs
I logical place to put your stuff.
Use this "bag" to put a billing unit.
In as much as you want to use label for billing, some charges can't be labels. Project partition that cost.
list your projects:
gcloud projects list
Not all project have billing accounts.
Storage
Types of storage, how to choose:
https://cloud.google.com/storage-options/
Compute
https://cloud.google.com/sdk/gcloud/reference/compute/instances/create
how do I like project and familiy for well known images for terraform builds?
gcloud compute images list --standard-images
list non-running instances
gcloud compute instances list
_always_ show _only_ running.
But what about the failed, initializing, terminated instances? Try this:
gcloud compute instances list --filter="status:*"
OS Login
So you want to just ssh into the vm like you do everything else, you don't want to use
gcloud ssh login
or the "in browser" ssh client.
great , you want "OS Login"
lots of steps:
1. for the VM set the enable-oslogin meta data value to "TRUE"
in tf like this:
metadata = { enable-oslogin = "TRUE" }
2. give the user the correct roles:
Computer OS Login ( for vanilla , non-root access ) Compute OS Admin login ( for root access via sudo )
via command line this I think:
gcloud projects add-iam-policy-binding project-ID --member \ serviceAccount:"velos-manager@project-ID.iam.gserviceaccount.com" \ --role "roles/iam.serviceAccountUser" --no-user-output-enabled --quiet
How Tos
- single node NFS
- https://medium.com/google-cloud/gke-with-google-cloud-single-node-filer-nfs-4c4dc569964f
Annoyances
1. 'gcloud compute ssh' requires that you know what zone the instance is in.
2. compute instances name change is destructive. Change the name? destroy and recreate :(
3. Web gui search bar "redis" doesn't return "memorystore" ( gcp branded redis )
4. Web gui search bar "memorystore" yields no results.
5. Web gui search bar quite slow.
6. Web gui Load Balancers: default view not good for professionals. you must always go to "advanced" ( small text at the bootom of the list ). No way to configure it to always go to advanced.
7. Web GUI load balancer, hard to "see" internal load balancers.
Reading
- Hashes and ETags
- Best Practices
- https://cloud.google.com/storage/docs/hashes-etags