Skip to content

gcloud CLI

# Get a list of images 
gcloud compute images list 


# PROJECT=<PROJECT> # Replace this with your project id 
# ZONE=<zone>   # Replace this with a GCP zone of your choice 

# Launch a GCE instance 
gcloud compute instances create gcp-lab1 \ 
 --project=$PROJECT \ 
 --zone=$ZONE \ 
 --machine-type=f1-micro \ 
 --tags=http-server \ 
 --image=ubuntu-1804-bionic-v20190722a \ 
 --image-project=ubuntu-os-cloud 

# Get a list of instances
gcloud compute instances list

# Filter instances by zone 
gcloud compute instances list --zone=<zone>



# SSH into the VM. This commands create the pair of keys and all ssh infrastructure needed for the connection
gcloud compute ssh <instance> --zone=<zone-of-instance> 


# Open port 80 for HTTP access 
gcloud compute firewall-rules create default-allow-http \ 
 --project=$PROJECT \ 
 --direction=INGRESS \ 
 --action=ALLOW \ 
 --rules=tcp:80 \ 
 --source-ranges=0.0.0.0/0 \ 
 --target-tags=http-server 


# Run these commands within the VM 
sudo apt-get install -y apache2 
sudo systemctl start apache2 


# Access Apache through the public IP 
# Terminate the instance 
gcloud compute instances delete gcp-lab1 --zone $ZONE 


# Connect to Google Cloud SQL
gcloud sql connect <nameOfDatabase>


 ```



### Add an image to GCP Container Registry

In GCP Dashboard go yo Container Registry. First time it will be empty. 

```bash
# Run the below commands in Google Cloud Shell 

gcloud services enable containerregistry.googleapis.com 

export PROJECT_ID=<PROJECT ID> # Replace this with your GCP Project ID 

docker pull busybox 
docker images 
cat <<EOF >>Dockerfile 
from busybox:latest 
CMD ["date"] 
EOF 
# Build your own instance of busybox and name it mybusybox
docker build . -t mybusybox 

# Tag your image with the convention stated by GCP
docker tag mybusybox gcr.io/$PROJECT_ID/mybusybox:latest 
# When listing images with docker images, you will see it renamed.

# Run your image
docker run gcr.io/$PROJECT_ID/mybusybox:latest 
# Associate gcp credentials with docker CLI  
gcloud auth configure-docker 

# Take our mybusybox image available in the environment and pushes it to the Container Registry.
docker push gcr.io/$PROJECT_ID/mybusybox:latest 

Demo of Anthos

# Run the below commands in the macOS Terminal 

export PROJECT_ID=<PROJECT ID> # Replace this with your GCP project ID 
export REGION=<REGION ID> # Replace this with a valid GCP region 

gcloud config set project $PROJECT_ID 
gcloud config set compute/region $REGION 

# Enable APIs 
gcloud services enable \ 
 container.googleapis.com \ 
 gkeconnect.googleapis.com \ 
 gkehub.googleapis.com \ 
 cloudresourcemanager.googleapis.com 

# Launch GKE Cluster 
gcloud container clusters create cloud-cluster \ 
    --machine-type=n1-standard-1 \ 
    --num-nodes=1 

# Launch Minikube. Refer to the docs at https://minikube.sigs.k8s.io/docs/  
minikube start 

# Create GCP Service Account 
gcloud iam service-accounts create anthos-hub 

# Add IAM Role to Service Account 
gcloud projects add-iam-policy-binding $PROJECT_ID \ 
 --member="serviceAccount:anthos-hub@$PROJECT_ID.iam.gserviceaccount.com" \ 
 --role="roles/gkehub.connect" 

# Download the Service Account JSON Key 
gcloud iam service-accounts keys create "./anthos-hub-svc.json" \ 
  --iam-account="anthos-hub@$PROJECT_ID.iam.gserviceaccount.com" \ 
  --project=$PROJECT_ID 

# Register cluster with Anthos 
URI='gcloud container clusters list --filter='name=cloud-cluster' --uri'

gcloud container hub memberships register cloud-cluster \ 
        --gke-uri=$URI \ 
        --service-account-key-file=./anthos-hub-svc.json 

# List Membership 
gcloud container hub memberships list 

# Register Minikube with Anthos 
gcloud container hub memberships register local-cluster \ 
 --service-account-key-file=./anthos-hub-svc.json \ 
 --kubeconfig=~/.kube/config \ 
 --context=minikube 

# List Membership 
gcloud container hub memberships list 

# Create Kubernetes Role 

kubectl config use-context minikube 
cat <<EOF > cloud-console-reader.yaml 
kind: ClusterRole 
apiVersion: rbac.authorization.k8s.io/v1 
metadata: 
  name: cloud-console-reader 
rules: 
- apiGroups: [""] 
  resources: ["nodes", "persistentvolumes"] 
  verbs: ["get", "list", "watch"] 
- apiGroups: ["storage.k8s.io"] 
  resources: ["storageclasses"] 
  verbs: ["get", "list", "watch"] 
EOF 
kubectl apply -f cloud-console-reader.yaml 

# Create RoleBinding 
kubectl create serviceaccount local-cluster 

kubectl create clusterrolebinding local-cluster-anthos-view \ 
 --clusterrole view \ 
 --serviceaccount default:local-cluster 

kubectl create clusterrolebinding cloud-console-reader-binding \ 
 --clusterrole cloud-console-reader \ 
 --serviceaccount default:local-cluster 

# Get the Token 
SECRET_NAME=$(kubectl get serviceaccount local-cluster -o jsonpath='{$.secrets[0].name}') 

# Copy the secret and paste it in the console 
kubectl get secret ${SECRET_NAME} -o jsonpath='{$.data.token}' | base64 --decode  

# Delete Membership 
gcloud container hub memberships delete cloud-cluster 
gcloud container hub memberships delete local-cluster 

# Clean up  
gcloud container clusters delete cloud-cluster --project=${PROJECT_ID} 
gcloud iam service-accounts delete anthos-hub@${PROJECT_ID}.iam.gserviceaccount.com 
minikube delete 
Last update: 2023-11-20
Created: November 16, 2023 18:46:16