Uly.me

cloud engineer

  • Home
  • About
  • Archives
Home/Archives for gcp

February 28, 2021

GCP List of SQL Instances

Here’s how to list SQL instances within your GCP project.

gcloud sql instances list --project your-project-id

gcloud sql instances list --project your-project-id

Output:

NAME             DATABASE_VERSION         LOCATION       TIER              PRIMARY_ADDRESS  PRIVATE_ADDRESS  STATUS
database1        SQLSERVER_2017_STANDARD  us-central1-a  db-n1-standard-1  -                10.10.10.11    RUNNABLE
database2        SQLSERVER_2017_STANDARD  us-central1-c  db-n1-standard-1  -                10.10.10.12    RUNNABLE

NAME DATABASE_VERSION LOCATION TIER PRIMARY_ADDRESS PRIVATE_ADDRESS STATUS database1 SQLSERVER_2017_STANDARD us-central1-a db-n1-standard-1 - 10.10.10.11 RUNNABLE database2 SQLSERVER_2017_STANDARD us-central1-c db-n1-standard-1 - 10.10.10.12 RUNNABLE

February 28, 2021

GCP List of Projects

Here’s another way to list projects in a shared VPC.

gcloud compute shared-vpc list-associated-resources your-shared-host

gcloud compute shared-vpc list-associated-resources your-shared-host

Output:

project1  PROJECT
project2  PROJECT
project3  PROJECT
...

project1 PROJECT project2 PROJECT project3 PROJECT ...

February 16, 2021

GCP Firewall Source Service Account

Here’s how to create a firewall from service account to service account.

gcloud compute firewall-rules create "firewall-name" \
--description="firewall-description" \
--priority "1000" \
--direction INGRESS \
--action allow \
--network "network-name" \
--source-service-accounts="service@account.net" \
--target-service-accounts="service@account.net" \
--rules tcp:9001

gcloud compute firewall-rules create "firewall-name" \ --description="firewall-description" \ --priority "1000" \ --direction INGRESS \ --action allow \ --network "network-name" \ --source-service-accounts="service@account.net" \ --target-service-accounts="service@account.net" \ --rules tcp:9001

Instead of source-range, it’s using source-service-accounts.

February 3, 2021

Terraform GCP Instance

Here’s a Terraform script for launching an instance in Google Cloud Platform.

provider "google" {
  project = "project-id"
  region  = "us-central1"
  zone    = "us-central1-a"
}
resource "google_compute_instance" "wiki" {
  name         = "wiki"
  machine_type = "n2-standard-1"
  zone         = "us-central1-a"
  tags         = ["web-server"]
  labels = {
    name        = "wiki"
    environment = "development"
  }
  boot_disk {
    initialize_params {
      image = "centos-7-v20210122"
    }
  }
  network_interface {
    network = "default"
    access_config {
    }
  }
  service_account {
    email  = "service-account@email.com"
    scopes = ["cloud-platform"]
  }
}

provider "google" { project = "project-id" region = "us-central1" zone = "us-central1-a" } resource "google_compute_instance" "wiki" { name = "wiki" machine_type = "n2-standard-1" zone = "us-central1-a" tags = ["web-server"] labels = { name = "wiki" environment = "development" } boot_disk { initialize_params { image = "centos-7-v20210122" } } network_interface { network = "default" access_config { } } service_account { email = "service-account@email.com" scopes = ["cloud-platform"] } }

Here’s a few Terraform commands.

terraform init
terraform plan
terraform apply
terraform destroy

terraform init terraform plan terraform apply terraform destroy

January 14, 2021

Create Instance With Alias IP

How to create an instance from a snapshot with alias IP and reserved IPs.

#!/bin/bash
gcloud beta compute instances create jump-server \
--network-interface=aliases=10.128.1.0/24,private-network-ip=jump-server,subnet=default \
--machine-type=n1-standard-1 \``
--network-tier=PREMIUM \
--maintenance-policy=MIGRATE \
--service-account=xxxxxxxxxxxxx-compute@developer.gserviceaccount.com \
--tags=int-webserver \
--image=debian-10-buster-v20201216 \
--image-project=debian-cloud \
--boot-disk-size=20GB \
--boot-disk-type=pd-standard \
--boot-disk-device-name=jump-server-1 \
--no-shielded-secure-boot \
--shielded-vtpm \
--shielded-integrity-monitoring \
--labels=name=jump-server \
--reservation-affinity=any \
--zone=us-central1-a \
--project=airy-totality-151318

#!/bin/bash gcloud beta compute instances create jump-server \ --network-interface=aliases=10.128.1.0/24,private-network-ip=jump-server,subnet=default \ --machine-type=n1-standard-1 \`` --network-tier=PREMIUM \ --maintenance-policy=MIGRATE \ --service-account=xxxxxxxxxxxxx-compute@developer.gserviceaccount.com \ --tags=int-webserver \ --image=debian-10-buster-v20201216 \ --image-project=debian-cloud \ --boot-disk-size=20GB \ --boot-disk-type=pd-standard \ --boot-disk-device-name=jump-server-1 \ --no-shielded-secure-boot \ --shielded-vtpm \ --shielded-integrity-monitoring \ --labels=name=jump-server \ --reservation-affinity=any \ --zone=us-central1-a \ --project=airy-totality-151318

The default command uses –private-network-ip and –subnet options separately.

--private-network-ip 10.0.0.24 \
--subnet=default \

--private-network-ip 10.0.0.24 \ --subnet=default \

But when dealing with aliases, reserved IPs and subnets, use a single –network-interface option instead.

--network-interface=aliases=10.128.1.0/24,private-network-ip=jump-server,subnet=default \

--network-interface=aliases=10.128.1.0/24,private-network-ip=jump-server,subnet=default \

  • 1
  • 2
  • 3
  • …
  • 14
  • Next Page »
  • Cloud
  • Linux
  • Git

Copyright © 2012–2021