Ensure Access & Identity in Google Cloud: Challenge Lab [GSP342]

Link to the Lab: https://www.cloudskillsboost.google/focuses/14572?parent=catalog

Link to the Video: https://www.youtube.com/embed/vVvE-dvGs-Y

Link to the Channel: https://www.youtube.com/channel/UCiWP5KYh4MWj-yp3j-DMIrA

STEPS

Task 1:

gcloud config set compute/zone us-east1-b

nano role-definition.yaml

*insert whatever is given below*

title: "orca_storage_update"

description: "Permissions"

stage: "ALPHA"

description: "Permissions" stage: "ALPHA" includedPermissions: - storage.buckets.get - storage.objects.get - storage.objects.list - storage.objects.update - storage.objects.create

 

To save a .yaml file press ctrl+x then press y then press enter

 

gcloud iam service-accounts create orca-private-cluster-sa --display-name "Orca Private Cluster Service Account"

 

gcloud iam roles create orca_storage_update \ --project $DEVSHELL_PROJECT_ID \ --file role-definition.yaml

Task 2 and 3:

 

gcloud projects add-iam-policy-binding $DEVSHELL_PROJECT_ID \ --member serviceAccount:orca-private-cluster-sa@$DEVSHELL_PROJECT_ID.iam.gserviceaccount.com --role roles/monitoring.viewer

 

gcloud projects add-iam-policy-binding $DEVSHELL_PROJECT_ID \ --member serviceAccount:orca-private-cluster-sa@$DEVSHELL_PROJECT_ID.iam.gserviceaccount.com --role roles/monitoring.metricWriter

 

gcloud projects add-iam-policy-binding $DEVSHELL_PROJECT_ID \ --member serviceAccount:orca-private-cluster-sa@$DEVSHELL_PROJECT_ID.iam.gserviceaccount.com --role roles/logging.logWriter

 

gcloud projects add-iam-policy-binding $DEVSHELL_PROJECT_ID \ --member serviceAccount:orca-private-cluster-sa@$DEVSHELL_PROJECT_ID.iam.gserviceaccount.com --role projects/$DEVSHELL_PROJECT_ID/roles/orca_storage_update

 

Task 4: Create and configure a new Kubernetes Engine private cluster

 

gcloud container clusters create orca-test-cluster --num-nodes 1 --master-ipv4-cidr=172.16.0.64/28 --network orca-build-vpc --subnetwork orca-build-subnet --enable-master-authorized-networks  --master-authorized-networks 192.168.10.2/32 --enable-ip-alias --enable-private-nodes --enable-private-endpoint --service-account orca-private-cluster-sa@$DEVSHELL_PROJECT_ID.iam.gserviceaccount.com --zone us-east1-b

 

Task 5: Deploy an application to a private Kubernetes Engine cluster.

1. Navigate to the Compute Engine in the Cloud Console.

2. Click on the SSH button for the orca-jumphost instance.

In the SSH window, connect to the private cluster by running the following:

 

gcloud config set compute/zone us-east1-b

 

gcloud container clusters get-credentials orca-test-cluster --internal-ip

 

kubectl create deployment hello-server --image=gcr.io/google-samples/hello-app:1.0

kubectl expose deployment hello-server --name orca-hello-service \ --type LoadBalancer --port 80 --target-port 8080

Congratulations you have completed the Challenge Lab!

SAKURA SATIO