Create And Manage Cloud Resources - Cloud

• Lab Fundamentals
  • Features and Components
  • Accessing the Cloud Console
• Projects in the Cloud Console
  • Roles and Permissions
  • APIs and Services
• Creating a Virtual Machine
• Cloud Shell and gcloud
  • Commands
• Kubernetes Engine
• Set Up Network and HTTP Load Balancers

Lab Fundamentals

Features and Components

• 
• Start Lab (button) -=> Clicking this button creates a temporary Google Cloud environment
• Credit -=> The price of a lab
• Time -=> Specifies the amount of time you have to complete a lab
• Score -=> To pass a lab with activity tracking, you need to complete all the steps in order

Accessing the Cloud Console

• Start the lab
• Connection Details pane
  • It contains an Open Google Console button, credentials (username and password), and a Project ID field
  • Google Console -=> The web console and central development hub for Google Cloud
  • Project ID -=> A Project ID is a unique identifier that is used to link Google Cloud resources and APIs to your specific project
  • Username and Password -=> These credentials represent an identity in the Cloud Identity and Access Management (Cloud IAM) service
• Sign in to Google Cloud
  • Open Google Console
  • Copy & Paste given username & password

Projects in the Cloud Console

• Project info
  • Your project has a name, ID, and number
• View all projects
  • In the Google Cloud Console title bar, next to your project name, click the drop-down menu
  • In the Select a project dialog, click All. The resulting list of projects includes a "Qwiklabs Resources" project
• Navigation Menu
  • Compute -=> A variety of machine types that support any type of workload. The different computing options let you decide how much control you want over operational details and infrastructure
  • Storage -=> Data storage and database options for structured or unstructured, relational or non relational data
  • Networking -=> Services that balance application traffic and provision security rules
  • Cloud Operations -=> A suite of cross-cloud logging, monitoring, trace, and other service reliability tools
  • Tools -=> Services that help developers manage deployments and application build pipelines
  • Big Data -=> Services that allow you to process and analyze large datasets
  • Artificial Intelligence -=> A suite of APIs that run specific artificial intelligence and machine learning tasks on Google Cloud

Roles and Permissions

• View your roles and permissions
  • On the Navigation menu (Navigation menu), click IAM & Admin

APIs and Services

• View available APIs
  • On the Navigation menu (Navigation menu), click APIs & Services > Library
  • The Dialogflow API allows you to build rich conversational applications (e.g., for Google Assistant) without having to understand the underlying machine learning and natural language schema.

Creating a Virtual Machine

• Compute Engine lets you create virtual machines that run different operating systems, including multiple flavors of Linux (Debian, Ubuntu, Suse, Red Hat, CoreOS) and Windows Server, on Google infrastructure
• Regions and Zones
  • A region is a specific geographical location where you can run your resources. Each region has one or more zones
  • Resources that live in a zone are referred to as zonal resources
  • Virtual machine Instances and persistent disks live in a zone
  • Region > Zone > Data Centers
• Cloud Shell Commands
  • gcloud auth list -=> List the active account name
  • gcloud config list project -=> List project id
  • sudo su - -=> In the SSH terminal, to get root access
  • apt-get update -=> Update your OS
  • apt-get install nginx -y -=> Install NGINX
  • ps auwx | grep nginx -=> Confirm that NGINX is running
  • gcloud compute instances create gcelab2 --machine-type n1-standard-2 --zone us-central1-f -=> To create a new virtual machine instance from the command line
  • gcloud compute instances create --help -=> To see all the defaults, Press ENTER or the spacebar to scroll through the help content. To exit the content, type Q
  • exit -=> After connecting, disconnect from SSH by exiting from the remote shell
  • gcloud init --console-only -=> To use console based login instead of web browser

Cloud Shell and gcloud

• Cloud Shell provides you with command-line access to computing resources hosted on Google Cloud

Commands

• gcloud config set compute/region us-central1 -=> Set the region to us-central1
• gcloud config get-value compute/region -=> To view the project region setting
• gcloud config set compute/zone us-central1-b -=> Set the zone to us-central1-b
• gcloud config get-value compute/zone -=> To view the project zone setting
• Finding project information
  • gcloud config get-value project -=> To view the project id for your project
  • gcloud compute project-info describe --project $(gcloud config get-value project) -=> To view details about the project
• Setting environment variables
  • export PROJECT_ID=$(gcloud config get-value project) -=> Create an environment variable to store your Project ID
  • export ZONE=$(gcloud config get-value compute/zone) -=> Create an environment variable to store your Zone
  • echo -e "PROJECT ID: $PROJECT_ID\nZONE: $ZONE" -=> To verify that your variables were set properly
• Creating a virtual machine with the gcloud tool
  • gcloud compute instances create gcelab2 --machine-type n1-standard-2 --zone $ZONE -=> To create your VM
    • gcloud compute allows you to manage your Compute Engine resources in a format that's simpler than the Compute Engine API
    • instances create creates a new instance
    • gcelab2 is the name of the VM
    • The --machine-type flag specifies the machine type as n1-standard-2
    • The --zone flag specifies where the VM is created, If you omit the --zone flag, the gcloud tool can infer your desired zone based on your default properties
• Explore gcloud commands
  • gcloud -h -=> The gcloud tool offers simple usage guidelines that are available by adding the -h flag (for help) onto the end of any gcloud command
  • gcloud config --help -=> You can access more verbose help by appending the --help flag onto a command or running the gcloud help command
  • gcloud help config -=> Equivalent to gcloud config --help
  • gcloud config list -=> View the list of configurations in your environment
  • gcloud config list --all -=> To see all properties and their settings
  • gcloud components list -=> List your components
• Filtering command line output
  • gcloud compute instances list -=> List the compute instance available in the project
  • gcloud compute instances list --filter="name=('gcelab2')" -=> List the gcelab2 virtual machine
  • gcloud compute firewall-rules list -=> List the Firewall rules in the project
  • gcloud compute firewall-rules list --filter="NETWORK:'default' AND ALLOW:'icmp'" -=> List the Firewall rules for the default network where the allow rule matches an ICMP rule
• Connecting to your VM instance
  • gcloud compute ssh gcelab2 --zone $ZONE -=> To connect to your VM with SSH
    • To leave the passphrase empty, press ENTER twice
  • Install nginx web server on to virtual machine
  • exit
• Updating the Firewall
  • gcloud compute firewall-rules list
    • From the above we can see we have two networks available. The default network is where our virtual machine gcelab2 is located
  • gcloud compute instances add-tags gcelab2 --tags http-server,https-server -=> Add a tag to the virtual machine
  • gcloud compute firewall-rules create default-allow-http --direction=INGRESS --priority=1000 --network=default --action=ALLOW --rules=tcp:80 --source-ranges=0.0.0.0/0 --target-tags=http-server -=> Update the firewall rule to allow
  • gcloud compute firewall-rules list --filter=ALLOW:'80' -=> List the firewall rules for the project
  • curl http://$(gcloud compute instances list --filter=name:gcelab2 --format='value(EXTERNAL_IP)') -=> Verify communication is possible for http to the virtual machine
• Viewing the system logs
  • gcloud logging logs list -=> View the available logs on the system
  • gcloud logging logs list --filter="compute" -=> View the logs that relate to compute resources
  • gcloud logging read "resource.type=gce_instance" --limit 5 -=> Read the logs related to the resource type of gce_instance
  • gcloud logging read "resource.type=gce_instance AND labels.instance_name='gcelab2'" --limit 5 -=> Read the logs for a specific virtual machine

Kubernetes Engine

• Google Kubernetes Engine (GKE) provides a managed environment for deploying, managing, and scaling your containerized applications using Google infrastructure. The Kubernetes Engine environment consists of multiple machines (specifically Compute Engine instances) grouped to form a container cluster
• Google Kubernetes Engine (GKE) clusters are powered by the Kubernetes open source cluster management system. Kubernetes provides the mechanisms through which you interact with your container cluster
• When you run a GKE cluster, advanced cluster management features
  • Load balancing for Compute Engine instances -=> Google Cloud offers server-side load balancing so you can distribute incoming traffic across multiple virtual machine (VM) instances
  • Node pools to designate subsets of nodes within a cluster for additional flexibility
  • Automatic scaling of your cluster's node instance count -=> When demand is high, the cluster autoscaler adds nodes to the node pool. When demand is low, the cluster autoscaler scales back down to a minimum size that you designate
  • Automatic upgrades for your cluster's node software
  • Node auto-repair to maintain node health and availability
  • Logging and Monitoring with Cloud Monitoring for visibility into your cluster
• Set a default compute zone
  • gcloud config set compute/zone us-central1-a -=> To set your default compute zone
• Create a GKE cluster
  • A cluster consists of at least one cluster master machine and multiple worker machines called nodes
    • Cluster > Master machine > Worker machines (Nodes/VM)
  • gcloud container clusters create [CLUSTER-NAME] -=> To create a cluster
    • Cluster names must start with a letter and end with an alphanumeric, and cannot be longer than 40 characters
  • gcloud container clusters get-credentials [CLUSTER-NAME] -=> To authenticate the cluster
  • kubectl create deployment hello-server --image=gcr.io/google-samples/hello-app:1.0 -=> To create a new Deployment hello-server from the hello-app container image
    • If a version is not specified, the latest version is used
  • kubectl expose deployment hello-server --type=LoadBalancer --port 8080 -=> To create a Kubernetes Service, which is a Kubernetes resource that lets you expose your application to external traffic
    • --port specifies the port that the container exposes
    • type="LoadBalancer" creates a Compute Engine load balancer for your container
  • kubectl get service -=> To inspect the hello-server Service
    • http://[EXTERNAL-IP]:8080 -=> To view the application from your web browser
  • gcloud container clusters delete [CLUSTER-NAME] -=> To delete the cluster
    • When prompted, type Y to confirm

Set Up Network and HTTP Load Balancers

• Basic
  • Network Load Balancer
    • L3 NLB
    • Instance Template -=> Startup script, Prototype
    • Target Pool -=> Single access point to all instances in a group
    • Manage instance group using instance template of 2 VM
    • View the created instance & configure a firewall
    • List the forwarding rules
  • HTTP Load Balancer
    • L7 HTTPS LB
    • Create load balancer template
    • Add instance group as the backend to the Backend service
    • URL map routes the incoming requests to the default backend service
    • Create a target HTTP proxy to route requests to your URL map
    • Create a global forwarding rule to route incoming requests to the proxy
• Set the default region and zone for all resources
  • gcloud config set compute/zone us-central1-a -=> Set the default zone
  • gcloud config set compute/region us-central1 -=> Set the default region
• Create multiple web server instances
  • For this load balancing scenario, create three Compute Engine VM instances and install Apache on them, then add a firewall rule that allows HTTP traffic to reach the instances
  • Create three new virtual machines in your default zone and give them all the same tag. The code provided sets the zone to us-central1-a. Setting the tags field lets you reference these instances all at once, such as with a firewall rule. These commands also install Apache on each instance and give each instance a unique home page

      gcloud compute instances create www1 \
      --image-family debian-9 \
      --image-project debian-cloud \
      --zone us-central1-a \
      --tags network-lb-tag \
      --metadata startup-script="#! /bin/bash
        sudo apt-get update
        sudo apt-get install apache2 -y
        sudo service apache2 restart
        echo '<!doctype html><html><body><h1>www1</h1></body></html>' | tee /var/www/html/index.html"
    

  • Create a firewall rule to allow external traffic to the VM instances

      gcloud compute firewall-rules create www-firewall-network-lb \
      --target-tags network-lb-tag --allow tcp:80
    

  • gcloud compute instances list -=> Run the following to list your instances. You'll see their IP addresses in the EXTERNAL_IP column
  • curl http://[IP_ADDRESS] -=> Verify that each instance is running
• Configure the load balancing service
  • When you configure the load balancing service, your virtual machine instances will receive packets that are destined for the static external IP address you configure. Instances made with a Compute Engine image are automatically configured to handle this IP address
  • Create a static external IP address for your load balancer

      gcloud compute addresses create network-lb-ip-1 \
      --region us-central1
    

  • gcloud compute http-health-checks create basic-check -=> Add a legacy HTTP health check resource
  • Add a target pool in the same region as your instances

      gcloud compute target-pools create www-pool \
      --region us-central1 --http-health-check basic-check
    

  • Add the instances to the pool

      gcloud compute target-pools add-instances www-pool \
      --instances www1,www2,www3
    

  • Add a forwarding rule

      gcloud compute forwarding-rules create www-rule \
      --region us-central1 \
      --ports 80 \
      --address network-lb-ip-1 \
      --target-pool www-pool
    

• Sending traffic to your instances
  • Now that the load balancing service is configured, you can start sending traffic to the forwarding rule and watch the traffic be dispersed to different instances
  • gcloud compute forwarding-rules describe www-rule --region us-central1 -=> To view the external IP address of the www-rule forwarding rule used by the load balancer
  • while true; do curl -m1 IP_ADDRESS; done -=> To access the external IP address
• Create an HTTP load balancer
  • HTTP(S) Load Balancing is implemented on Google Front End (GFE). GFEs are distributed globally and operate together using Google's global network and control plane
  • Create the load balancer template

      gcloud compute instance-templates create lb-backend-template \
      --region=us-central1 \
      --network=default \
      --subnet=default \
      --tags=allow-health-check \
      --image-family=debian-9 \
      --image-project=debian-cloud \
      --metadata=startup-script='#! /bin/bash
        apt-get update
        apt-get install apache2 -y
        a2ensite default-ssl
        a2enmod ssl
        vm_hostname="$(curl -H "Metadata-Flavor:Google" \
        http://169.254.169.254/computeMetadata/v1/instance/name)"
        echo "Page served from: $vm_hostname" | \
        tee /var/www/html/index.html
        systemctl restart apache2'
    

  • Managed instance groups (MIGs) let you operate apps on multiple identical VMs. You can make your workloads scalable and highly available by taking advantage of automated MIG services, including: autoscaling, autohealing, regional (multiple zone) deployment, and automatic updating

      gcloud compute instance-groups managed create lb-backend-group \
      --template=lb-backend-template --size=2 --zone=us-central1-a
    

  • Create the fw-allow-health-check firewall rule

      gcloud compute firewall-rules create fw-allow-health-check \
      --network=default \
      --action=allow \
      --direction=ingress \
      --source-ranges=130.211.0.0/22,35.191.0.0/16 \
      --target-tags=allow-health-check \
      --rules=tcp:80
    

  • Set global static external IP address that your customers use to reach your load balancer

      gcloud compute addresses create lb-ipv4-1 \
      --ip-version=IPV4 \
      --global
    

  • Create a health check for the load balancer

      gcloud compute health-checks create http http-basic-check \
      --port 80
    

  • Create a backend service

      gcloud compute backend-services create web-backend-service \
      --protocol=HTTP \
      --port-name=http \
      --health-checks=http-basic-check \
      --global
    

  • Add your instance group as the backend to the backend service

      gcloud compute backend-services add-backend web-backend-service \
      --instance-group=lb-backend-group \
      --instance-group-zone=us-central1-a \
      --global
    

  • URL map is a Google Cloud configuration resource used to route requests to backend services or backend buckets

      gcloud compute url-maps create web-map-http \
      --default-service web-backend-service
    

  • Create a target HTTP proxy to route requests to your URL map

      gcloud compute target-http-proxies create http-lb-proxy \
      --url-map web-map-http
    

  • A forwarding rule and its corresponding IP address represent the frontend configuration of a Google Cloud load balancer

      gcloud compute forwarding-rules create http-content-rule \
      --address=lb-ipv4-1\
      --global \
      --target-http-proxy=http-lb-proxy \
      --ports=80
    

• Testing traffic sent to your instances