cloud engineer
Here’s how to list SQL instances within your GCP project.
gcloud sql instances list --project your-project-id |
gcloud sql instances list --project your-project-id
Output:
NAME DATABASE_VERSION LOCATION TIER PRIMARY_ADDRESS PRIVATE_ADDRESS STATUS database1 SQLSERVER_2017_STANDARD us-central1-a db-n1-standard-1 - 10.10.10.11 RUNNABLE database2 SQLSERVER_2017_STANDARD us-central1-c db-n1-standard-1 - 10.10.10.12 RUNNABLE |
NAME DATABASE_VERSION LOCATION TIER PRIMARY_ADDRESS PRIVATE_ADDRESS STATUS database1 SQLSERVER_2017_STANDARD us-central1-a db-n1-standard-1 - 10.10.10.11 RUNNABLE database2 SQLSERVER_2017_STANDARD us-central1-c db-n1-standard-1 - 10.10.10.12 RUNNABLE
Here’s another way to list projects in a shared VPC.
gcloud compute shared-vpc list-associated-resources your-shared-host |
gcloud compute shared-vpc list-associated-resources your-shared-host
Output:
project1 PROJECT project2 PROJECT project3 PROJECT ... |
project1 PROJECT project2 PROJECT project3 PROJECT ...
Here’s how to create a firewall from service account to service account.
gcloud compute firewall-rules create "firewall-name" \ --description="firewall-description" \ --priority "1000" \ --direction INGRESS \ --action allow \ --network "network-name" \ --source-service-accounts="service@account.net" \ --target-service-accounts="service@account.net" \ --rules tcp:9001 |
gcloud compute firewall-rules create "firewall-name" \ --description="firewall-description" \ --priority "1000" \ --direction INGRESS \ --action allow \ --network "network-name" \ --source-service-accounts="service@account.net" \ --target-service-accounts="service@account.net" \ --rules tcp:9001
Instead of source-range, it’s using source-service-accounts.
Here’s a Terraform script for launching an instance in Google Cloud Platform.
provider "google" { project = "project-id" region = "us-central1" zone = "us-central1-a" } resource "google_compute_instance" "wiki" { name = "wiki" machine_type = "n2-standard-1" zone = "us-central1-a" tags = ["web-server"] labels = { name = "wiki" environment = "development" } boot_disk { initialize_params { image = "centos-7-v20210122" } } network_interface { network = "default" access_config { } } service_account { email = "service-account@email.com" scopes = ["cloud-platform"] } } |
provider "google" { project = "project-id" region = "us-central1" zone = "us-central1-a" } resource "google_compute_instance" "wiki" { name = "wiki" machine_type = "n2-standard-1" zone = "us-central1-a" tags = ["web-server"] labels = { name = "wiki" environment = "development" } boot_disk { initialize_params { image = "centos-7-v20210122" } } network_interface { network = "default" access_config { } } service_account { email = "service-account@email.com" scopes = ["cloud-platform"] } }
Here’s a few Terraform commands.
terraform init terraform plan terraform apply terraform destroy |
terraform init terraform plan terraform apply terraform destroy
How to create an instance from a snapshot with alias IP and reserved IPs.
#!/bin/bash gcloud beta compute instances create jump-server \ --network-interface=aliases=10.128.1.0/24,private-network-ip=jump-server,subnet=default \ --machine-type=n1-standard-1 \`` --network-tier=PREMIUM \ --maintenance-policy=MIGRATE \ --service-account=xxxxxxxxxxxxx-compute@developer.gserviceaccount.com \ --tags=int-webserver \ --image=debian-10-buster-v20201216 \ --image-project=debian-cloud \ --boot-disk-size=20GB \ --boot-disk-type=pd-standard \ --boot-disk-device-name=jump-server-1 \ --no-shielded-secure-boot \ --shielded-vtpm \ --shielded-integrity-monitoring \ --labels=name=jump-server \ --reservation-affinity=any \ --zone=us-central1-a \ --project=airy-totality-151318 |
#!/bin/bash gcloud beta compute instances create jump-server \ --network-interface=aliases=10.128.1.0/24,private-network-ip=jump-server,subnet=default \ --machine-type=n1-standard-1 \`` --network-tier=PREMIUM \ --maintenance-policy=MIGRATE \ --service-account=xxxxxxxxxxxxx-compute@developer.gserviceaccount.com \ --tags=int-webserver \ --image=debian-10-buster-v20201216 \ --image-project=debian-cloud \ --boot-disk-size=20GB \ --boot-disk-type=pd-standard \ --boot-disk-device-name=jump-server-1 \ --no-shielded-secure-boot \ --shielded-vtpm \ --shielded-integrity-monitoring \ --labels=name=jump-server \ --reservation-affinity=any \ --zone=us-central1-a \ --project=airy-totality-151318
The default command uses –private-network-ip and –subnet options separately.
--private-network-ip 10.0.0.24 \ --subnet=default \ |
--private-network-ip 10.0.0.24 \ --subnet=default \
But when dealing with aliases, reserved IPs and subnets, use a single –network-interface option instead.
--network-interface=aliases=10.128.1.0/24,private-network-ip=jump-server,subnet=default \ |
--network-interface=aliases=10.128.1.0/24,private-network-ip=jump-server,subnet=default \