Challange Lab Set Up and Configure a Cloud Environment in Google Cloud - ghdrako/doc_snipets GitHub Wiki

Complete the following tasks:

  • Create a production VPC with three subnets manually
  • Create a bastion that is connected to both VPCs
  • Create a development Cloud SQL Instance and connect and prepare the WordPress environment
  • Create a Kubernetes cluster in the development VPC for WordPress
  • Prepare the Kubernetes cluster for the WordPress environment
  • Create a development VPC with three subnets manually
  • Create a WordPress deployment using the supplied configuration
  • Enable monitoring of the cluster via stackdriver
  • Provide access for an additional engineer

standards you should follow:

  • Create all resources in the us-east1 region and us-east1-b zone, unless otherwise directed.
  • Use the project VPCs.
  • Naming is normally team-resource, e.g. an instance could be named kraken-webserver1.
  • Allocate cost effective resource sizes. Projects are monitored and excessive resource use will result in the containing project's termination (and possibly yours), so beware. This is the guidance the monitoring team is willing to share: unless directed, use n1-standard-1.

Task 1. Create development VPC manually

  • Create a VPC called griffin-dev-vpc with the following subnets only:

    griffin-dev-wp IP address block: 192.168.16.0/20 griffin-dev-mgmt IP address block: 192.168.32.0/20

gcloud compute networks create griffin-dev-vpc --subnet-mode=custom
gcloud compute networks subnets create griffin-dev-wp --network=griffin-dev-vpc --region=us-east1 --range=192.168.16.0/20
gcloud compute networks subnets create griffin-dev-mgmt --network=griffin-dev-vpc --region=us-east1 --range=192.168.32.0/20

Task 2. Create production VPC manually

  • Create a VPC called griffin-prod-vpc with the following subnets only:

    griffin-prod-wp IP address block: 192.168.48.0/20 griffin-prod-mgmt IP address block: 192.168.64.0/20

gcloud compute networks create griffin-prod-vpc --subnet-mode=custom
gcloud compute networks subnets create griffin-prod-wp --network=griffin-prod-vpc --region=us-east1 --range=192.168.48.0/20
gcloud compute networks subnets create griffin-prod-mgmt --network=griffin-prod-vpc --region=us-east1 --range=192.168.64.0/20

or

gsutil cp -r gs://cloud-training/gsp321/dm ~/
cd dm
sed -i s/SET_REGION/us-east1/g prod-network.yaml
gcloud deployment-manager deployments create griffin-prod --config prod-network.yaml

Task 3. Create bastion host

  • Create a bastion host with two network interfaces, one connected to griffin-dev-mgmt and the other connected to griffin-prod-mgmt. Make sure you can SSH to the host.
manual by web console

gcloud compute instances create bastion \
  --network-interface=network=griffin-dev-vpc,subnet=griffin-dev-mgmt  \
  --network-interface=network=griffin-prod-vpc,subnet=griffin-prod-mgmt \
  --tags=ssh \
  --zone=us-east1-b

gcloud compute firewall-rules create fw-ssh-dev --source-ranges=0.0.0.0/0 --target-tags ssh --allow=tcp:22 --network=griffin-dev-vpc


gcloud compute firewall-rules create fw-ssh-prod --source-ranges=0.0.0.0/0 --target-tags ssh --allow=tcp:22 --network=griffin-prod-vpc


gcloud compute --project=qwiklabs-gcp-00-602078b8065d firewall-rules create allow-bastion-dev-ssh --direction=INGRESS --priority=1000 --network=griffin-dev-vpc --action=ALLOW --rules=tcp:22 --source-ranges=192.168.32.0/20 --target-tags=ssh

gcloud compute --project=qwiklabs-gcp-00-602078b8065d firewall-rules create allow-bastion-prod-ssh --direction=INGRESS --priority=1000 --network=griffin-prod-vpc --action=ALLOW --rules=tcp:22 --source-ranges=192.168.32.0/20 --target-tags=ssh

Task 4. Create and configure Cloud SQL Instance

  • Create a MySQL Cloud SQL Instance called griffin-dev-db in us-east1. Connect to the instance and run the following SQL commands to prepare the WordPress environment:
CREATE DATABASE wordpress;
CREATE USER "wp_user"@"%" IDENTIFIED BY "stormwind_rules";
GRANT ALL PRIVILEGES ON wordpress.* TO "wp_user"@"%";
FLUSH PRIVILEGES;

These SQL statements create the worpdress database and create a user with access to the wordpress dataase.

manual by web consle

gcloud sql instances create griffin-dev-db --root-password mysql --region=us-east1
gcloud sql connect griffin-dev-db
CREATE DATABASE wordpress;
CREATE USER "wp_user"@"%" IDENTIFIED BY "stormwind_rules";
GRANT ALL PRIVILEGES ON wordpress.* TO "wp_user"@"%";
FLUSH PRIVILEGES;
exit;

gcloud sql connect   griffin-dev-db --user="wp_user"@"%" --database wordpress
gcloud sql connect griffin-dev-db --user="wp_user"@"%" --quiet

Task 5. Create Kubernetes cluster

  • Create a 2 node cluster (n1-standard-4) called griffin-dev, in the griffin-dev-wp subnet, and in zone us-east1-b.
gcloud config set compute/zone us-east1-b


gcloud container clusters create griffin-dev \
  --network griffin-dev-vpc \
  --subnetwork griffin-dev-wp \
  --machine-type n1-standard-4 \
  --num-nodes 2  \
  --zone us-east1-b

gcloud container clusters get-credentials griffin-dev --zone us-east1-b

gcloud beta container --project "qwiklabs-gcp-00-602078b8065d" clusters create "griffin-dev" \
--zone "us-east1-b" --no-enable-basic-auth --cluster-version "1.22.8-gke.202" --release-channel "regular" \
--machine-type "n1-standard-4" --image-type "COS_CONTAINERD" --disk-type "pd-standard" --disk-size "100" \
--metadata disable-legacy-endpoints=true \
--scopes "https://www.googleapis.com/auth/devstorage.read_only","https://www.googleapis.com/auth/logging.write","https://www.googleapis.com/auth/monitoring","https://www.googleapis.com/auth/servicecontrol","https://www.googleapis.com/auth/service.management.readonly","https://www.googleapis.com/auth/trace.append" \ 
--max-pods-per-node "110" --num-nodes "2" --logging=SYSTEM,WORKLOAD --monitoring=SYSTEM --enable-ip-alias \
--network "projects/qwiklabs-gcp-00-602078b8065d/global/networks/griffin-dev-vpc" \ 
--subnetwork "projects/qwiklabs-gcp-00-602078b8065d/regions/us-east1/subnetworks/griffin-dev-wp" \
--no-enable-intra-node-visibility --default-max-pods-per-node "110" --no-enable-master-authorized-networks \
--addons HorizontalPodAutoscaling,HttpLoadBalancing,GcePersistentDiskCsiDriver \
--enable-autoupgrade --enable-autorepair --max-surge-upgrade 1 --max-unavailable-upgrade 0 \
--enable-shielded-nodes --node-locations "us-east1-b"

Task 6. Prepare the Kubernetes cluster

  1. Use Cloud Shell and copy all files from gs://cloud-training/gsp321/wp-k8s.
gsutil -m cp -r gs://cloud-training/gsp321/wp-k8s .
gsutil cp -r gs://cloud-training/gsp321/wp-k8s ~/
cd orchestrate-with-kubernetes/kubernetes

The WordPress server needs to access the MySQL database using the username and password you created in task 4.

  1. You do this by setting the values as secrets. WordPress also needs to store its working files outside the container, so you need to create a volume.
cd ~/wp-k8s
edit wp-env.yaml # Replace username_goes_here and password_goes_here to wp_user and stormwind_rules.
  1. Add the following secrets and volume to the cluster using wp-env.yaml.
--kubectl create secret generic tls-certs --from-file tls/



gcloud container clusters get-credentials griffin-dev --zone=us-east1-b
kubectl create -f wp-env.yaml
kubectl apply -f wp-env.yaml
  1. Make sure you configure the username to wp_user and password to stormwind_rules before creating the configuration.

You also need to provide a key for a service account that was already set up. This service account provides access to the database for a sidecar container. 5. Use the command below to create the key, and then add the key to the Kubernetes environment.

gcloud iam service-accounts keys create key.json \
    --iam-account=cloud-sql-proxy@$GOOGLE_CLOUD_PROJECT.iam.gserviceaccount.com
kubectl create secret generic cloudsql-instance-credentials \
    --from-file key.json

Task 7. Create a WordPress deployment

Now you have provisioned the MySQL database, and set up the secrets and volume, you can create the deployment using wp-deployment.yaml.

Before you create the deployment you need to edit ```wp-deployment.yaml```.

Replace ```YOUR_SQL_INSTANCE``` with ```griffin-dev-db's``` Instance connection name.
cd ~/wp-k8s
edit wp-deployment.yaml
kubectl create -f wp-deployment.yaml
kubectl create -f wp-service.yaml
Get the Instance connection name from your Cloud SQL instance.

After you create your WordPress deployment, create the service with ```wp-service.yaml```.

Once the Load Balancer is created, you can visit the site and ensure you see the WordPress site installer. At this point the dev team will take over and complete the install and you move on to the next task.

Task 8. Enable monitoring

Create an uptime check for your WordPress development site.

Task 9. Provide access for an additional engineer

You have an additional engineer starting and you want to ensure they have access to the project, so please go ahead and grant them the editor role to the project.

The second user account for the lab represents the additional engineer.