├── .gitignore ├── README.md ├── generate-readme.php └── home ├── cloud └── gcp │ └── taskset │ ├── ReadMe.md │ ├── task-001-intro-console-projects-iam-apis │ └── ReadMe.md │ ├── task-002-getting-started-with-cloud-market-place--lamp-stack │ └── ReadMe.md │ ├── task-003-vpc-networking-and-google-compute-engine │ └── ReadMe.md │ ├── task-004-getting-started-with-cloud-storage-and-cloud-sql--php │ ├── ReadMe.md │ └── index.php │ ├── task-005-getting-started-with-gke--nginx │ └── ReadMe.md │ ├── task-006-hello-cloud-run--node │ ├── ReadMe.md │ └── hello-world-node │ │ ├── Dockerfile │ │ ├── index.js │ │ └── package.json │ ├── task-007-building-a-devops-pipeline--python │ ├── .images │ │ └── devops-pipeline.png │ ├── Dockerfile │ ├── ReadMe.md │ ├── main.py │ ├── requirements.txt │ └── templates │ │ ├── index.html │ │ └── layout.html │ ├── task-008-deploying-app-to-app-engine-and-gke-and-cloudrun--python │ ├── .images │ │ └── arch-objective.png │ ├── Dockerfile │ ├── ReadMe.md │ ├── app.yaml │ ├── k8s-manifests.yaml │ ├── main.py │ ├── requirements.txt │ └── templates │ │ ├── index.html │ │ └── layout.html │ ├── task-009-monitoring-applications-in-gcp--python │ ├── Dockerfile │ ├── ReadMe.md │ ├── app.yaml │ ├── main.py │ ├── requirements.txt │ └── templates │ │ ├── index.html │ │ └── layout.html │ ├── task-010-alerting-in-google-cloud--python │ ├── Dockerfile │ ├── ReadMe.md │ ├── app-engine-error-percent-policy.json │ ├── app.yaml │ ├── main.py │ ├── requirements.txt │ └── templates │ │ ├── index.html │ │ └── layout.html │ ├── task-011-service-monitoring--node │ └── ReadMe.md │ ├── task-012-monitoring-and-dashboarding-multiple-projects-from-a-single-workspace--nginx │ └── ReadMe.md │ ├── task-013-compute-logging-and-monitoring │ └── ReadMe.md │ ├── task-014-log-analysis-cloud-run--node │ └── ReadMe.md │ ├── task-015-cloud-storage-audit-logs │ └── ReadMe.md │ ├── task-016-analyzing-network-traffic-with-vpc-flow-logs │ └── ReadMe.md │ ├── task-017-application-performance-management--python-and-nodejs │ └── ReadMe.md │ ├── task-018-2inst-2buckets-2iam │ └── ReadMe.md │ ├── task-019-working-with-cloud-build │ └── ReadMe.md │ ├── task-020-deploying-google-kubernetes-engine │ └── ReadMe.md │ ├── task-021-creating-google-kubernetes-engine-deployments │ ├── ReadMe.md │ ├── nginx-canary.yaml │ ├── nginx-deployment.yaml │ ├── nginx-svc-session-affinity.yaml │ └── service-nginx.yaml │ ├── task-022-configuring-persistent-storage-for-google-kubernetes-engine │ ├── ReadMe.md │ ├── pod-volume-demo.yaml │ ├── pvc-demo.yaml │ └── statefulset-demo.yaml │ ├── task-023-anthos-service-mesh-walkthrough │ ├── .images │ │ ├── arch-img.png │ │ ├── security.png │ │ └── topology.png │ └── ReadMe.md │ ├── task-024-observing-anthos-services │ └── ReadMe.md │ ├── task-025-managing-traffic-with-anthos-service-mesh │ ├── .images │ │ ├── img.png │ │ └── img2.png │ ├── ReadMe.md │ ├── conditional-routing-labels.yaml │ ├── conditional-routing-req-headers.yaml │ ├── fault-injection-aborts.yaml │ ├── fault-injection-delays.yaml │ ├── manifests │ │ ├── destinationrule--productpage-circuit-breaker.yaml │ │ ├── destinationrule-all.yaml │ │ ├── gateway--bookinfo-gateway-port-80-http.yaml │ │ ├── virtualService-2-or-1-second-delay-to-calls-to-ratings-service.yaml │ │ ├── virtualservice--all-to-v1.yaml │ │ ├── virtualservice--bookinfo-based-on-exact-and-prefix-uri-match.yaml │ │ ├── virtualservice--half-second-timeout-for-calls-to-reviews.yaml │ │ ├── virtualservice--productpage-per-try-timeout-2s.yaml │ │ ├── virtualservice--reviews-v2-based-on-header.yaml │ │ ├── virtualservice--reviews-v3.yaml │ │ ├── virtualservice--route-req-to-v2-reviews.yaml │ │ └── virtualservice-reviews-50-v3-and-50-v1.yaml │ ├── retry.yaml │ ├── timeouts.yaml │ └── traffic-splitting.yaml │ ├── task-026-securing-traffic-through-anthos-service-mesh │ ├── .images │ │ ├── mTLS-initial-setup.png │ │ └── mTLS-strict-mode.png │ ├── PeerAuthentication--mesh-wide-mtls.yaml │ ├── PeerAuthentication--restricted-mtls.yaml │ ├── ReadMe.md │ └── manifests │ │ ├── AuthorizationPolicy--require-jwt-v2.yaml │ │ ├── AuthorizationPolicy--require-jwt.yaml │ │ ├── RequestAuthentication--jwt-example.yaml │ │ ├── httpbin.yaml │ │ └── sleep.yaml │ ├── task-027-cloud-source-repositories-overview │ └── ReadMe.md │ ├── task-028-managing-deployments-using-kubernetes-engine │ ├── .images │ │ ├── blue-green-deployments.png │ │ ├── canary-deployments.png │ │ └── rolling-update.png │ ├── ReadMe.md │ ├── cleanup.sh │ ├── deployments │ │ ├── auth.yaml │ │ ├── frontend.yaml │ │ ├── hello-canary.yaml │ │ ├── hello-green.yaml │ │ └── hello.yaml │ ├── nginx │ │ ├── frontend.conf │ │ └── proxy.conf │ ├── pods │ │ ├── healthy-monolith.yaml │ │ ├── monolith.yaml │ │ └── secure-monolith.yaml │ └── services │ │ ├── auth.yaml │ │ ├── frontend.yaml │ │ ├── hello-blue.yaml │ │ ├── hello-green.yaml │ │ ├── hello.yaml │ │ └── monolith.yaml │ ├── task-029-trouble-shooting-workloads-on-gke-for-sre │ └── ReadMe.md │ ├── task-030-minimal-nodejs-app-dockerize-google-artifact-registry │ ├── ReadMe.md │ └── test │ │ ├── Dockerfile │ │ └── app.js │ ├── task-031-hello-node-kubernetes--node │ ├── .images │ │ ├── moving-parts.png │ │ └── state-of-cluster.png │ ├── Dockerfile │ ├── ReadMe.md │ └── server.js │ ├── task-032-setting-up-jenkins-on-kubernetes-engine │ ├── ReadMe.md │ └── values.yaml │ └── task-033-continuous-delivery-with-jenkins-in-kubernetes-engine │ ├── Jenkinsfile │ ├── ReadMe.md │ └── values.yaml ├── containers ├── ReadMe.md ├── task-001-docker-overview │ └── ReadMe.md ├── task-002-docker-run--detached-vs-foreground │ └── ReadMe.md ├── task-003-docker-run--assign-name-and-allocate-pseudo-tty │ └── ReadMe.md ├── task-004-docker-run--pid-setting-and-choosing-image-with-tag │ └── ReadMe.md ├── task-005-docker-run--expose-port-and-pull-policy-and-environment-vars │ ├── .env │ ├── .images │ │ └── nginx.png │ └── ReadMe.md ├── task-006-docker-run--full-container-capabilities-and-set-working-dir-and-volume-mounts │ └── ReadMe.md ├── task-007-docker-run--metadata-and-network-and-attach-to-stdout │ └── ReadMe.md ├── task-008-docker-run--hostsfile-ulimit-mem-limit │ └── ReadMe.md ├── task-009-docker-attach │ └── ReadMe.md ├── task-010-docker-build │ ├── Dockerfile │ ├── ReadMe.md │ └── index.html └── task-011-docker-commit │ └── ReadMe.md ├── infrastructure-as-code └── terraform-gcp │ ├── ReadMe.md │ ├── taskset │ ├── task-001-vpc-2inst-cloudshell │ │ ├── .images │ │ │ └── infra-diagram.png │ │ ├── ReadMe.md │ │ ├── instance │ │ │ ├── main.tf │ │ │ └── variables.tf │ │ ├── mynetwork.tf │ │ └── provider.tf │ ├── task-002-1inst-dflt-vpc │ │ ├── ReadMe.md │ │ └── main.tf │ ├── task-003-vars-and-resource-dependencies │ │ ├── ReadMe.md │ │ ├── exp.tf │ │ ├── instance.tf │ │ ├── outputs.tf │ │ ├── provider.tf │ │ └── variables.tf │ ├── task-004-creating-remote-backend │ │ ├── ReadMe.md │ │ └── main.tf │ ├── task-005-deploy-k8s-loadbalancer-service │ │ ├── ReadMe.md │ │ ├── k8s.tf │ │ ├── main.tf │ │ ├── test.sh │ │ └── versions.tf │ ├── task-006-modular-load-balancing-regional-load-balancer │ │ ├── .images │ │ │ ├── app-with--basic-load-balancer-default.png │ │ │ ├── basic-load-balancer-custom-hc-hc.png │ │ │ ├── basic-load-balancer-default-hc-firewall-rule.png │ │ │ ├── basic-load-balancer-default.png │ │ │ ├── cloud-nat-details.png │ │ │ ├── cloud-nat.png │ │ │ ├── cloud-router-details.png │ │ │ ├── cloud-router.png │ │ │ ├── firewall-rules.png │ │ │ ├── forwarding-rules.png │ │ │ ├── health-checks.png │ │ │ ├── instance-template-details.png │ │ │ ├── instance-template.png │ │ │ ├── load-balancers.png │ │ │ ├── mig-details.png │ │ │ ├── mig.png │ │ │ ├── service-account.png │ │ │ ├── target-pools.png │ │ │ ├── vm-instances.png │ │ │ ├── vpc-networks.png │ │ │ └── vpc-subnetworks.png │ │ ├── ReadMe.md │ │ ├── apply.log │ │ ├── main.tf │ │ ├── outputs.tf │ │ ├── terraform-google-lb │ │ │ └── examples │ │ │ │ └── basic │ │ │ │ ├── docs │ │ │ │ └── diagram.png │ │ │ │ ├── locals.tf │ │ │ │ ├── main.tf │ │ │ │ ├── network.tf │ │ │ │ ├── outputs.tf │ │ │ │ ├── provider.tf │ │ │ │ ├── templates │ │ │ │ └── gceme.sh.tpl │ │ │ │ ├── variables.tf │ │ │ │ └── versions.tf │ │ ├── variables.tf │ │ └── versions.tf │ ├── task-007-cloud-sql │ │ ├── .images │ │ │ └── cloud-sql-proxy-workings.png │ │ ├── ReadMe.md │ │ ├── main.tf │ │ ├── outputs.tf │ │ └── variables.tf │ └── task-008-building-a-vpn-between-gcp-and-aws │ │ ├── .images │ │ ├── aws-compute.png │ │ ├── aws-customer-gatways.png │ │ ├── aws-intenet-gatway.png │ │ ├── aws-subnets.png │ │ ├── aws-virtual-private-gateway-gatway.png │ │ ├── aws-vpc.png │ │ ├── aws-vpn-connections.png │ │ ├── gcp-cloud-firewall.png │ │ ├── gcp-cloud-ip-addresses.png │ │ ├── gcp-cloud-router-details.png │ │ ├── gcp-cloud-router.png │ │ ├── gcp-cloud-routes.png │ │ ├── gcp-cloud-vpn-gatways.png │ │ ├── gcp-cloud-vpn-tunnels.png │ │ ├── gcp-compute.png │ │ ├── gcp-network.png │ │ └── gcp-peer-vpn-gatway.png │ │ ├── ReadMe.md │ │ └── autonetdeploy-multicloudvpn │ │ ├── aws_set_credentials.sh │ │ ├── create_instance.sh │ │ ├── gcp_set_credentials.sh │ │ ├── gcp_set_project.sh │ │ ├── get_terraform.sh │ │ ├── images │ │ └── autonetdeploy_gcpawsvpn_arch.png │ │ ├── migrate_sa_roles.sh │ │ └── terraform │ │ ├── aws_compute.tf │ │ ├── aws_networking.tf │ │ ├── aws_outputs.tf │ │ ├── aws_security.tf │ │ ├── aws_variables.tf │ │ ├── gcp_compute.tf │ │ ├── gcp_networking.tf │ │ ├── gcp_outputs.tf │ │ ├── gcp_security.tf │ │ ├── gcp_variables.tf │ │ ├── main.tf │ │ ├── run_graph.sh │ │ └── vm_userdata.sh │ └── update-readme.php └── web-servers └── nginx ├── ReadMe.md ├── task-001-run-nginx ├── 50x.html ├── ReadMe.md ├── default.conf └── index.html └── task-002-nginx-conf ├── ReadMe.md ├── conf.d └── default.conf └── html ├── 50x.html └── index.html /.gitignore: -------------------------------------------------------------------------------- 1 | .idea 2 | .tmp 3 | 4 | venv 5 | 6 | tmpdir 7 | 8 | 9 | ## All pem files 10 | *.pem -------------------------------------------------------------------------------- /README.md: -------------------------------------------------------------------------------- 1 | - [home](#home) 2 | - [cloud](#cloud) 3 | - [gcp](#gcp) 4 | - [containers](#containers) 5 | - [infrastructure-as-code](#infrastructure-as-code) 6 | - [terraform-gcp](#terraform-gcp) 7 | - [web-servers](#web-servers) 8 | - [nginx](#nginx) 9 | 10 | 11 | # home 12 | | No of Tasks | | 13 | |---------|--------------------------------------------| 14 | | 0| ./home| 15 | 16 | ## cloud 17 | | No of Tasks | | 18 | |---------|--------------------------------------------| 19 | | 0| ./home/cloud| 20 | 21 | ### gcp 22 | | No of Tasks | | 23 | |---------|--------------------------------------------| 24 | | 26| ./home/cloud/gcp| 25 | 26 | ## containers 27 | | No of Tasks | | 28 | |---------|--------------------------------------------| 29 | | 10| ./home/containers| 30 | 31 | ## infrastructure-as-code 32 | | No of Tasks | | 33 | |---------|--------------------------------------------| 34 | | 0| ./home/infrastructure-as-code| 35 | 36 | ### terraform-gcp 37 | | No of Tasks | | 38 | |---------|--------------------------------------------| 39 | | 1| ./home/infrastructure-as-code/terraform-gcp| 40 | 41 | ## web-servers 42 | | No of Tasks | | 43 | |---------|--------------------------------------------| 44 | | 0| ./home/web-servers| 45 | 46 | ### nginx 47 | | No of Tasks | | 48 | |---------|--------------------------------------------| 49 | | 2| ./home/web-servers/nginx| 50 | -------------------------------------------------------------------------------- /home/cloud/gcp/taskset/task-001-intro-console-projects-iam-apis/ReadMe.md: -------------------------------------------------------------------------------- 1 | # Get Familiar With Console, Projects, Roles And Permissions, APIs And Services 2 | 3 | 4 | [https://www.cloudskillsboost.google](https://www.cloudskillsboost.google) 5 | 6 | [Select - DevOps Engineer, SRE Learning Path](https://www.cloudskillsboost.google/paths) 7 | 8 | **High Level Objectives** 9 | - Searching though available products and services in the GCP console. 10 | - Accessing projects in console. 11 | - Accessing roles and permissions in console i.e. Identify and Access Management 12 | - Enable specific API for any product 13 | 14 | 15 | 16 | **Skills** 17 | - gcp 18 | - gcp-console 19 | - gcp-projects 20 | - gcp-iam 21 | - gcp-apis 22 | 23 | 24 | 25 | > Task : Searching through the available products and services 26 | 27 | ## Project 28 | 29 | 30 | - A Google Cloud [project](https://cloud.google.com/docs/overview/#projects) is an organizing entity for your Google Cloud resources. It often contains resources and services. 31 | - Your project has a name, number, and ID 32 | 33 | > Task : How do we see all the projects 34 | 35 | ## Roles and permissions 36 | 37 | [IAM Overview](https://cloud.google.com/iam/docs/overview) 38 | [course_sessions/2028816/video/343130](https://www.cloudskillsboost.google/course_sessions/2028816/video/343130) 39 | 40 | - Google Cloud also contains a collection of permissions and roles that define who has access to what resources 41 | - You can use the [CloudIAM](https://cloud.google.com/iam/) console for the same. 42 | 43 | > Task : How do we navigate to CloudIAM console 44 | 45 | 46 | ## APIs And Services 47 | 48 | - When you create your own Google Cloud projects outside of the lab environment, you will have to enable APIs yourself. 49 | 50 | > Task : Enable the Dialogflow API 51 | 52 | 53 | 54 | 55 | -------------------------------------------------------------------------------- /home/cloud/gcp/taskset/task-002-getting-started-with-cloud-market-place--lamp-stack/ReadMe.md: -------------------------------------------------------------------------------- 1 | # Getting Started With Cloud Marketplace 2 | 3 | [https://www.cloudskillsboost.google](https://www.cloudskillsboost.google) 4 | 5 | [Select - DevOps Engineer, SRE Learning Path](https://www.cloudskillsboost.google/paths) 6 | 7 | **High Level Objectives** 8 | - To launch a LAMP stack from GCP marketplace 9 | - Validate the changes by going to the public endpoint created 10 | 11 | 12 | 13 | **Skills** 14 | - gcp 15 | - cloud-marketplace 16 | 17 | 18 | 19 | 20 | 21 | > Task : We will use the Cloud MarketPlace to deploy a LAMP stack 22 | 23 | ## High Level Tasks 24 | 25 | - Search for "LAMP Packaged by Bitnami" in the Marketplace 26 | - Launch 27 | - You should see the status as deployed as it is completed 28 | - Go to the site address 29 | - SSH 30 | - In the created SSH window 31 | 32 | ```bash 33 | cd /opt/bitnami 34 | 35 | sudo sh -c 'echo "" > apache2/htdocs/phpinfo.php' 36 | ``` 37 | 38 | - Open the `SITE_ADDRESS` again to view your changes -------------------------------------------------------------------------------- /home/cloud/gcp/taskset/task-004-getting-started-with-cloud-storage-and-cloud-sql--php/index.php: -------------------------------------------------------------------------------- 1 | 2 | Welcome to my excellent blog 3 | 4 |

Welcome to my excellent blog

5 | 19 | -------------------------------------------------------------------------------- /home/cloud/gcp/taskset/task-005-getting-started-with-gke--nginx/ReadMe.md: -------------------------------------------------------------------------------- 1 | # Getting started with GKE 2 | 3 | [https://www.cloudskillsboost.google](https://www.cloudskillsboost.google) 4 | 5 | [Select - DevOps Engineer, SRE Learning Path](https://www.cloudskillsboost.google/paths) 6 | 7 | **High Level Objectives** 8 | - Check if required APIs are enabled 9 | - Start a Kubernetes Engine Cluster 10 | - Run and deploy nginx container 11 | - Expose deployment via LB 12 | - Validate the changes by going to the external IP created. 13 | 14 | 15 | 16 | **Skills** 17 | - gcp 18 | - gke 19 | - kubernetes 20 | - container 21 | - nginx 22 | - loadbalancer 23 | - cloudshell 24 | - external ip 25 | 26 | 27 | ## Check if the APIs are enabled 28 | 29 | - Kubernetes Engine API 30 | - Container Registry API 31 | 32 | ## Start a Kubernetes Engine cluster 33 | 34 | - Run the following commands in cloudshell 35 | 36 | ```bash 37 | ## Set the zone 38 | export MY_ZONE=us-central1-a 39 | 40 | ## Create k8s cluster 41 | gcloud container clusters create webfrontend --zone $MY_ZONE --num-nodes 2 42 | ``` 43 | 44 | - Once completed 45 | 46 | ```bash 47 | kubectl get nodes 48 | ``` 49 | 50 | ## Run and deploy a container 51 | 52 | ```bash 53 | ## Deploy nginx container 54 | kubectl create deploy nginx --image=nginx:1.17.10 55 | 56 | ## Check the pods 57 | kubectl get pods 58 | 59 | ## Expose the deployment to the internet by creating the LoadBalancer type of Service 60 | kubectl expose deployment nginx --port 80 --type LoadBalancer 61 | 62 | ## Check the services 63 | kubectl get services 64 | 65 | ## Note no external IP is created yet. 66 | ``` 67 | 68 | - Once the external IP is created, visit the pubic IP. You should see the nginx page. 69 | 70 | -------------------------------------------------------------------------------- /home/cloud/gcp/taskset/task-006-hello-cloud-run--node/hello-world-node/Dockerfile: -------------------------------------------------------------------------------- 1 | # Use the official lightweight Node.js 12 image. 2 | # https://hub.docker.com/_/node 3 | FROM node:12-slim 4 | # Create and change to the app directory. 5 | WORKDIR /usr/src/app 6 | # Copy application dependency manifests to the container image. 7 | # A wildcard is used to ensure copying both package.json AND package-lock.json (when available). 8 | # Copying this first prevents re-running npm install on every code change. 9 | COPY package*.json ./ 10 | # Install production dependencies. 11 | # If you add a package-lock.json, speed your build by switching to 'npm ci'. 12 | # RUN npm ci --only=production 13 | RUN npm install --only=production 14 | # Copy local code to the container image. 15 | COPY . ./ 16 | # Run the web service on container startup. 17 | CMD [ "npm", "start" ] -------------------------------------------------------------------------------- /home/cloud/gcp/taskset/task-006-hello-cloud-run--node/hello-world-node/index.js: -------------------------------------------------------------------------------- 1 | const express = require('express'); 2 | const app = express(); 3 | const port = process.env.PORT || 8080; 4 | app.get('/', (req, res) => { 5 | const name = process.env.NAME || 'World'; 6 | res.send(`Hello ${name}!`); 7 | }); 8 | app.listen(port, () => { 9 | console.log(`helloworld: listening on port ${port}`); 10 | }); -------------------------------------------------------------------------------- /home/cloud/gcp/taskset/task-006-hello-cloud-run--node/hello-world-node/package.json: -------------------------------------------------------------------------------- 1 | { 2 | "name": "helloworld", 3 | "description": "Simple hello world sample in Node", 4 | "version": "1.0.0", 5 | "main": "index.js", 6 | "scripts": { 7 | "start": "node index.js" 8 | }, 9 | "dependencies": { 10 | "express": "^4.17.1" 11 | } 12 | } -------------------------------------------------------------------------------- /home/cloud/gcp/taskset/task-007-building-a-devops-pipeline--python/.images/devops-pipeline.png: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/thecloudterminal01/learn-devops/d6cc45268dd93258ffc70c253e28ec44fcfbd541/home/cloud/gcp/taskset/task-007-building-a-devops-pipeline--python/.images/devops-pipeline.png -------------------------------------------------------------------------------- /home/cloud/gcp/taskset/task-007-building-a-devops-pipeline--python/Dockerfile: -------------------------------------------------------------------------------- 1 | FROM python:3.7 2 | WORKDIR /app 3 | COPY . . 4 | RUN pip install gunicorn 5 | RUN pip install -r requirements.txt 6 | ENV PORT=80 7 | CMD exec gunicorn --bind :$PORT --workers 1 --threads 8 main:app -------------------------------------------------------------------------------- /home/cloud/gcp/taskset/task-007-building-a-devops-pipeline--python/ReadMe.md: -------------------------------------------------------------------------------- 1 | # Building a DevOps Pipeline 2 | 3 | [https://www.cloudskillsboost.google](https://www.cloudskillsboost.google) 4 | 5 | [Select - DevOps Engineer, SRE Learning Path](https://www.cloudskillsboost.google/paths) 6 | 7 | **High Level Objectives** 8 | - Create a Git repository 9 | - Create a simple Python application 10 | - Test Your web application in Cloud Shell 11 | - Define a Docker build 12 | - Manage Docker images with Cloud Build and Container Registry 13 | - Automate builds with triggers 14 | - Test your build changes 15 | 16 | 17 | 18 | **Skills** 19 | - gcp 20 | - devops 21 | - python 22 | - docker 23 | - cloud-build 24 | - cloud-shell 25 | - cloud-registry 26 | 27 | 28 | 29 | 30 | 31 | ![.images/devops-pipeline.png](.images/devops-pipeline.png) 32 | 33 | 34 | 35 | 36 | ### Create a Git repository 37 | 38 | - Use service `Source Repositories` 39 | - Name : `devops-repo` 40 | - Create 41 | - Activate CloudShell 42 | - Clone the repo 43 | 44 | ```bash 45 | mkdir gcp-course 46 | cd gcp-course 47 | gcloud source repos clone devops-repo 48 | cd devops-repo 49 | ``` 50 | 51 | ### Create a simple Python application 52 | 53 | - Create the req files and folders 54 | - Run the following 55 | 56 | 57 | ```bash 58 | cd ~/gcp-course/devops-repo 59 | git add --all 60 | 61 | git config --global user.email "you@example.com" 62 | git config --global user.name "Your Name" 63 | 64 | git commit -a -m "Initial Commit" 65 | 66 | git push origin master 67 | ``` 68 | 69 | - Create Dockerfile 70 | 71 | ### Manage Docker images with Cloud Build and Container Registry 72 | 73 | ```bash 74 | cd ~/gcp-course/devops-repo 75 | echo $DEVSHELL_PROJECT_ID 76 | gcloud builds submit --tag gcr.io/$DEVSHELL_PROJECT_ID/devops-image:v0.1 . 77 | ``` 78 | 79 | - Check the CloudBuild and ContainerRegistry now 80 | 81 | - Let's deploy the container to compute 82 | 83 | > Container Image : gcr.io//devops-image:v0.1 84 | 85 | - Allow http traffic 86 | 87 | ```bash 88 | cd ~/gcp-course/devops-repo 89 | git add --all 90 | 91 | git commit -am "Added Docker Support" 92 | 93 | git push origin master 94 | ``` 95 | 96 | - Visit the public IP now 97 | 98 | 99 | ### Automate builds with triggers 100 | 101 | - Go to the CloudBuild 102 | - Create Trigger 103 | - Select `devops-repo` and `.*(any branch)` 104 | - Choose `Dockerfile` for configuration 105 | - Create 106 | - Manually run the trigger once 107 | - Go to history and check the builds 108 | - Check the container registry for the new folder `devops-repo` 109 | - Make changes in the `main.py` file and commit again. 110 | 111 | ```bash 112 | cd ~/gcp-course/devops-repo 113 | git commit -a -m "Testing Build Trigger" 114 | git push origin master 115 | ``` 116 | 117 | ### Test your build changes 118 | 119 | - Check the build history in CloudBuilds and copy the Image link, format should be gcr.io/qwiklabs-gcp-00-f23112/devops-repoxx34345xx. 120 | - Create a new compute engine with the new tag and allow http traffic -------------------------------------------------------------------------------- /home/cloud/gcp/taskset/task-007-building-a-devops-pipeline--python/main.py: -------------------------------------------------------------------------------- 1 | from flask import Flask, render_template, request 2 | app = Flask(__name__) 3 | @app.route("/") 4 | def main(): 5 | model = {"title": "Hello DevOps Fans."} 6 | return render_template('index.html', model=model) 7 | if __name__ == "__main__": 8 | app.run(host='0.0.0.0', port=8080, debug=True, threaded=True) -------------------------------------------------------------------------------- /home/cloud/gcp/taskset/task-007-building-a-devops-pipeline--python/requirements.txt: -------------------------------------------------------------------------------- 1 | Flask==2.0.3 -------------------------------------------------------------------------------- /home/cloud/gcp/taskset/task-007-building-a-devops-pipeline--python/templates/index.html: -------------------------------------------------------------------------------- 1 | {% extends "layout.html" %} 2 | {% block content %} 3 |
4 |
5 |

{{model.title}}

6 |
7 |
8 | {% endblock %} -------------------------------------------------------------------------------- /home/cloud/gcp/taskset/task-007-building-a-devops-pipeline--python/templates/layout.html: -------------------------------------------------------------------------------- 1 | 2 | 3 | 4 | {{model.title}} 5 | 6 | 7 | 8 | 9 |
10 | {% block content %}{% endblock %} 11 |
12 |
13 | 14 | -------------------------------------------------------------------------------- /home/cloud/gcp/taskset/task-008-deploying-app-to-app-engine-and-gke-and-cloudrun--python/.images/arch-objective.png: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/thecloudterminal01/learn-devops/d6cc45268dd93258ffc70c253e28ec44fcfbd541/home/cloud/gcp/taskset/task-008-deploying-app-to-app-engine-and-gke-and-cloudrun--python/.images/arch-objective.png -------------------------------------------------------------------------------- /home/cloud/gcp/taskset/task-008-deploying-app-to-app-engine-and-gke-and-cloudrun--python/Dockerfile: -------------------------------------------------------------------------------- 1 | FROM python:3.7 2 | WORKDIR /app 3 | COPY . . 4 | RUN pip install gunicorn 5 | RUN pip install -r requirements.txt 6 | ENV PORT=8080 7 | CMD exec gunicorn --bind :$PORT --workers 1 --threads 8 main:app -------------------------------------------------------------------------------- /home/cloud/gcp/taskset/task-008-deploying-app-to-app-engine-and-gke-and-cloudrun--python/ReadMe.md: -------------------------------------------------------------------------------- 1 | # Deploying same Python app to AppEngine, GKE, CloudRun 2 | 3 | [https://www.cloudskillsboost.google](https://www.cloudskillsboost.google) 4 | 5 | [Select - DevOps Engineer, SRE Learning Path](https://www.cloudskillsboost.google/paths) 6 | 7 | **High Level Objectives** 8 | - Create a minimal python app, dockerize the app 9 | - Deploy to App Engine 10 | - Deploy to Kubernetes Engine 11 | - Deploy to Cloud Run 12 | 13 | 14 | 15 | **Skills** 16 | - gcp 17 | - python 18 | - docker 19 | - kubernetes 20 | - cloud run 21 | - app engine 22 | - cloud build 23 | 24 | 25 | ![img.png](.images/arch-objective.png) 26 | 27 | ```bash 28 | docker build -t test-python . 29 | 30 | docker run --rm -p 8080:8080 test-python 31 | ``` 32 | 33 | - Web Preview 34 | 35 | ## Deploy to App Engine 36 | 37 | - Create file app.yaml 38 | 39 | ```bash 40 | # create App Engine application 41 | gcloud app create --region=us-central 42 | 43 | # Deploy the app using 44 | gcloud app deploy --version=one --quiet 45 | ``` 46 | 47 | - Navigate to App Engine dashboard 48 | - Click on the URL 49 | - Make changes in the `main.py` and run the following 50 | 51 | ```bash 52 | ## The --no-promote parameter tells App Engine to continue serving requests with the old version 53 | gcloud app deploy --version=two --no-promote --quiet 54 | ``` 55 | 56 | - Now visit the URL again. You should see the same version of code. 57 | - Go to versions in the console 58 | - Click on version 2 link to test it. 59 | 60 | - Select split traffic and change to version 2 and save 61 | - Visit the URL again and refresh 62 | 63 | ## Deploy the Kubernetes 64 | 65 | - Create Manual k8s cluster with all defaults set 66 | - Connect to the cluster 67 | 68 | ```bash 69 | kubectl get nodes 70 | ``` 71 | 72 | - Make changes in `main.py` and run the following 73 | 74 | - Create the k8s-manifests.yaml file 75 | 76 | - Enter the following commands to use Cloud Build to create the image and store it in Container Registry 77 | ```bash 78 | ## Check the image tag created in the output 79 | gcloud builds submit --tag gcr.io/$DEVSHELL_PROJECT_ID/devops-image:v0.2 . 80 | 81 | ## Replace this tag in the k8s-manifests.yaml 82 | ``` 83 | 84 | - Apply the changes 85 | 86 | ```bash 87 | kubectl apply -f k8s-manifests.yaml 88 | 89 | kubectl get pods 90 | 91 | kubectl get svc 92 | ``` 93 | 94 | - Visit the external IP created by the service 95 | 96 | ## Deploy to CloudRun 97 | 98 | - Make changes in the `main.py` file 99 | 100 | - Trigger build in CloudBuild 101 | 102 | ```bash 103 | gcloud builds submit --tag gcr.io/$DEVSHELL_PROJECT_ID/cloud-run-image:v0.1 . 104 | ``` 105 | 106 | - Go to Cloudrun in the console 107 | 108 | - Give `Service name` as `hello-cloud-run` 109 | - Autoscaling max 6 110 | - Authentication as `Allow unauthenticated invocations` 111 | - Keep the `Container, Connections, Security ` as Default 112 | - Create 113 | - Visit the URL created 114 | 115 | 116 | 117 | 118 | -------------------------------------------------------------------------------- /home/cloud/gcp/taskset/task-008-deploying-app-to-app-engine-and-gke-and-cloudrun--python/app.yaml: -------------------------------------------------------------------------------- 1 | # For AppEngine 2 | runtime: python37 -------------------------------------------------------------------------------- /home/cloud/gcp/taskset/task-008-deploying-app-to-app-engine-and-gke-and-cloudrun--python/k8s-manifests.yaml: -------------------------------------------------------------------------------- 1 | --- 2 | apiVersion: apps/v1 3 | kind: Deployment 4 | metadata: 5 | name: devops-deployment 6 | labels: 7 | app: devops 8 | tier: frontend 9 | spec: 10 | replicas: 3 11 | selector: 12 | matchLabels: 13 | app: devops 14 | tier: frontend 15 | template: 16 | metadata: 17 | labels: 18 | app: devops 19 | tier: frontend 20 | spec: 21 | containers: 22 | - name: devops-demo 23 | image: 24 | ports: 25 | - containerPort: 8080 26 | --- 27 | apiVersion: v1 28 | kind: Service 29 | metadata: 30 | name: devops-deployment-lb 31 | labels: 32 | app: devops 33 | tier: frontend-lb 34 | spec: 35 | type: LoadBalancer 36 | ports: 37 | - port: 80 38 | targetPort: 8080 39 | selector: 40 | app: devops 41 | tier: frontend -------------------------------------------------------------------------------- /home/cloud/gcp/taskset/task-008-deploying-app-to-app-engine-and-gke-and-cloudrun--python/main.py: -------------------------------------------------------------------------------- 1 | from flask import Flask, render_template, request 2 | app = Flask(__name__) 3 | @app.route("/") 4 | def main(): 5 | model = {"title": "Hello DevOps Fans."} 6 | return render_template('index.html', model=model) 7 | if __name__ == "__main__": 8 | app.run(host='0.0.0.0', port=8080, debug=True, threaded=True) -------------------------------------------------------------------------------- /home/cloud/gcp/taskset/task-008-deploying-app-to-app-engine-and-gke-and-cloudrun--python/requirements.txt: -------------------------------------------------------------------------------- 1 | Flask==2.0.3 -------------------------------------------------------------------------------- /home/cloud/gcp/taskset/task-008-deploying-app-to-app-engine-and-gke-and-cloudrun--python/templates/index.html: -------------------------------------------------------------------------------- 1 | {% extends "layout.html" %} 2 | {% block content %} 3 |
4 |
5 |

{{model.title}}

6 |
7 |
8 | {% endblock %} -------------------------------------------------------------------------------- /home/cloud/gcp/taskset/task-008-deploying-app-to-app-engine-and-gke-and-cloudrun--python/templates/layout.html: -------------------------------------------------------------------------------- 1 | 2 | 3 | 4 | {{model.title}} 5 | 6 | 7 | 8 | 9 |
10 | {% block content %}{% endblock %} 11 |
12 |
13 | 14 | -------------------------------------------------------------------------------- /home/cloud/gcp/taskset/task-009-monitoring-applications-in-gcp--python/Dockerfile: -------------------------------------------------------------------------------- 1 | FROM python:3.7 2 | WORKDIR /app 3 | COPY . . 4 | RUN pip install gunicorn 5 | RUN pip install -r requirements.txt 6 | ENV PORT=8080 7 | CMD exec gunicorn --bind :$PORT --workers 1 --threads 8 main:app -------------------------------------------------------------------------------- /home/cloud/gcp/taskset/task-009-monitoring-applications-in-gcp--python/app.yaml: -------------------------------------------------------------------------------- 1 | # For AppEngine 2 | runtime: python37 -------------------------------------------------------------------------------- /home/cloud/gcp/taskset/task-009-monitoring-applications-in-gcp--python/main.py: -------------------------------------------------------------------------------- 1 | from flask import Flask, render_template, request 2 | import googlecloudprofiler 3 | 4 | 5 | app = Flask(__name__) 6 | @app.route("/") 7 | def main(): 8 | model = {"title": "Hello DevOps Fans."} 9 | return render_template('index.html', model=model) 10 | 11 | # This code simply turns Profiler on. Once on, Profiler starts reporting application metrics to Google Cloud 12 | try: 13 | googlecloudprofiler.start(verbose=3) 14 | except (ValueError, NotImplementedError) as exc: 15 | print(exc) 16 | 17 | if __name__ == "__main__": 18 | app.run(host='0.0.0.0', port=8080, debug=True, threaded=True) 19 | 20 | -------------------------------------------------------------------------------- /home/cloud/gcp/taskset/task-009-monitoring-applications-in-gcp--python/requirements.txt: -------------------------------------------------------------------------------- 1 | Flask==2.0.3 2 | itsdangerous==2.0.1 3 | Jinja2==3.0.3 4 | google-cloud-profiler==3.0.6 5 | protobuf==3.20.1 -------------------------------------------------------------------------------- /home/cloud/gcp/taskset/task-009-monitoring-applications-in-gcp--python/templates/index.html: -------------------------------------------------------------------------------- 1 | {% extends "layout.html" %} 2 | {% block content %} 3 |
4 |
5 |

{{model.title}}

6 |
7 |
8 | {% endblock %} -------------------------------------------------------------------------------- /home/cloud/gcp/taskset/task-009-monitoring-applications-in-gcp--python/templates/layout.html: -------------------------------------------------------------------------------- 1 | 2 | 3 | 4 | {{model.title}} 5 | 6 | 7 | 8 | 9 |
10 | {% block content %}{% endblock %} 11 |
12 |
13 | 14 | -------------------------------------------------------------------------------- /home/cloud/gcp/taskset/task-010-alerting-in-google-cloud--python/Dockerfile: -------------------------------------------------------------------------------- 1 | FROM python:3.7 2 | WORKDIR /app 3 | COPY . . 4 | RUN pip install gunicorn 5 | RUN pip install -r requirements.txt 6 | ENV PORT=8080 7 | CMD exec gunicorn --bind :$PORT --workers 1 --threads 8 main:app -------------------------------------------------------------------------------- /home/cloud/gcp/taskset/task-010-alerting-in-google-cloud--python/app-engine-error-percent-policy.json: -------------------------------------------------------------------------------- 1 | { 2 | "displayName": "HTTP error count exceeds 1 percent for App Engine apps", 3 | "combiner": "OR", 4 | "conditions": [ 5 | { 6 | "displayName": "Ratio: HTTP 500s error-response counts / All HTTP response counts", 7 | "conditionThreshold": { 8 | "filter": "metric.label.response_code>=\"500\" AND metric.label.response_code<\"600\" AND metric.type=\"appengine.googleapis.com/http/server/response_count\" AND resource.type=\"gae_app\"", 9 | "aggregations": [ 10 | { 11 | "alignmentPeriod": "60s", 12 | "crossSeriesReducer": "REDUCE_SUM", 13 | "groupByFields": [ 14 | "project", 15 | "resource.label.module_id", 16 | "resource.label.version_id" 17 | ], 18 | "perSeriesAligner": "ALIGN_DELTA" 19 | } 20 | ], 21 | "denominatorFilter": "metric.type=\"appengine.googleapis.com/http/server/response_count\" AND resource.type=\"gae_app\"", 22 | "denominatorAggregations": [ 23 | { 24 | "alignmentPeriod": "60s", 25 | "crossSeriesReducer": "REDUCE_SUM", 26 | "groupByFields": [ 27 | "project", 28 | "resource.label.module_id", 29 | "resource.label.version_id" 30 | ], 31 | "perSeriesAligner": "ALIGN_DELTA" 32 | } 33 | ], 34 | "comparison": "COMPARISON_GT", 35 | "thresholdValue": 0.01, 36 | "duration": "0s", 37 | "trigger": { 38 | "count": 1 39 | } 40 | } 41 | } 42 | ] 43 | } -------------------------------------------------------------------------------- /home/cloud/gcp/taskset/task-010-alerting-in-google-cloud--python/app.yaml: -------------------------------------------------------------------------------- 1 | # For AppEngine 2 | runtime: python37 -------------------------------------------------------------------------------- /home/cloud/gcp/taskset/task-010-alerting-in-google-cloud--python/main.py: -------------------------------------------------------------------------------- 1 | import time 2 | import random 3 | import json 4 | from flask import Flask, render_template, request 5 | 6 | app = Flask(__name__) 7 | 8 | @app.route("/") 9 | def home(): 10 | model = {"title": "Hello DevOps Fans."} 11 | return render_template('index.html', model=model) 12 | 13 | # when you want to have 10 seconds delay in response 14 | @app.route("/sleepy200") 15 | def sleepy200(): 16 | model = {"title": "Hello DevOps Fans. I just woke up from sleep"} 17 | time.sleep(10) 18 | return render_template('index.html', model=model) 19 | 20 | 21 | # The route should give random 500 error 22 | @app.route("/random500error") 23 | def random500(): 24 | num = random.randrange(20) 25 | if num == 0: 26 | return json.dumps({"error": 'Error thrown randomly'}), 500 27 | else: 28 | model = {"title": "Still 200 OK, try again :) ."} 29 | return render_template('index.html', model=model) 30 | 31 | if __name__ == "__main__": 32 | app.run(host='0.0.0.0', port=8080, debug=True, threaded=True) -------------------------------------------------------------------------------- /home/cloud/gcp/taskset/task-010-alerting-in-google-cloud--python/requirements.txt: -------------------------------------------------------------------------------- 1 | Flask==2.0.3 -------------------------------------------------------------------------------- /home/cloud/gcp/taskset/task-010-alerting-in-google-cloud--python/templates/index.html: -------------------------------------------------------------------------------- 1 | {% extends "layout.html" %} 2 | {% block content %} 3 |
4 |
5 |

{{model.title}}

6 |
7 |
8 | {% endblock %} -------------------------------------------------------------------------------- /home/cloud/gcp/taskset/task-010-alerting-in-google-cloud--python/templates/layout.html: -------------------------------------------------------------------------------- 1 | 2 | 3 | 4 | {{model.title}} 5 | 6 | 7 | 8 | 9 |
10 | {% block content %}{% endblock %} 11 |
12 |
13 | 14 | -------------------------------------------------------------------------------- /home/cloud/gcp/taskset/task-011-service-monitoring--node/ReadMe.md: -------------------------------------------------------------------------------- 1 | # Service Monitoring 2 | 3 | 4 | [https://www.cloudskillsboost.google](https://www.cloudskillsboost.google) 5 | 6 | [Select - DevOps Engineer, SRE Learning Path](https://www.cloudskillsboost.google/paths) 7 | 8 | [haggman/HelloLoggingNodeJS.git](https://github.com/haggman/HelloLoggingNodeJS.git) 9 | 10 | **High Level Objectives** 11 | - Deploy the test nodejs app 12 | - Use Service Monitoring to create an availability SLO 13 | - Create an alert tied to your SLO 14 | - Trigger the alert 15 | 16 | **Skills** 17 | - gcp 18 | - nodejs 19 | - app engine 20 | - app engine logs 21 | - alerting 22 | - service monitoring 23 | - service level objective 24 | - error budget 25 | - error reporting 26 | - monitoring 27 | 28 | 29 | ### Deploy the test nodejs app 30 | 31 | - Clone the repo 32 | 33 | ```bash 34 | git clone https://github.com/haggman/HelloLoggingNodeJS.git 35 | 36 | cd HelloLoggingNodeJS 37 | ``` 38 | 39 | - Create new App Engine app 40 | 41 | ```bash 42 | gcloud app create --region=us-central 43 | ``` 44 | - Deploy the Hello Logging app to App Engine 45 | 46 | ```bash 47 | gcloud app deploy 48 | ``` 49 | 50 | - Test the URL 51 | 52 | ### Use Service Monitoring to create an availability SLO, Create an alert tied to your SLO 53 | 54 | - Place some load on application 55 | 56 | ```bash 57 | # The loop generates ten requests per second. 58 | # The URL is to the /random-error route, which generates an error about every 1000 requests, 59 | # so you should see approximately 1 error every 100s. 60 | while true; \ 61 | do curl -s https://$DEVSHELL_PROJECT_ID.appspot.com/random-error \ 62 | -w '\n' ;sleep .1s;done 63 | ``` 64 | 65 | - `App Engine` > `Dashboard` 66 | - Check `Server Errors` 67 | - Navigation menu to go to `Error Reporting`. Notice the error is also being caught here 68 | - Navigation menu to go to `Monitoring` > `Services` > `default` > `+Create SLO` 69 | - `Availability` to `Request based` 70 | - `Period type` to `Rolling` and `Period Length` to `7 days` 71 | - Set `Goal` to `99.5%` 72 | - Create 73 | 74 | 75 | 76 | ### Create an alert tied to your SLO 77 | 78 | - Expand the new SLO and investigate the information it displays 79 | - Check three tabs, `Service level indicator`, `Error budget`, and `Alerts firing` 80 | - `Alerts firing` > `CREATE SLO ALERT` 81 | - `Display Name` to `Really short window test` 82 | - `Lookback duration` to `10` minutes and `burn rate threshold` to `1.5` 83 | - Create notification channel and select it 84 | - Next and create 85 | 86 | 87 | 88 | ### Trigger the alert 89 | 90 | - In the `index.js` file 91 | - Scroll to the /random-error route found at approximately line 126 and modify the value next to Math.random from 1000 to 20 92 | - Run 93 | 94 | ```bash 95 | gcloud app deploy 96 | 97 | while true; \ 98 | do curl -s https://$DEVSHELL_PROJECT_ID.appspot.com/random-error \ 99 | -w '\n' ;sleep .1s;done 100 | ``` 101 | 102 | - Wait for sometime and notice the new alert triggered. -------------------------------------------------------------------------------- /home/cloud/gcp/taskset/task-012-monitoring-and-dashboarding-multiple-projects-from-a-single-workspace--nginx/ReadMe.md: -------------------------------------------------------------------------------- 1 | # Monitoring and Dashboarding Multiple Projects from a Single Workspace 2 | 3 | [https://www.cloudskillsboost.google](https://www.cloudskillsboost.google) 4 | 5 | [Select - DevOps Engineer, SRE Learning Path](https://www.cloudskillsboost.google/paths) 6 | 7 | **High Level Objectives** 8 | - Configure Resource Projects 9 | - Create a Monitoring Workspace and link the two worker projects into it 10 | - Create and configure Monitoring groups 11 | - Create and test an uptime check 12 | 13 | 14 | **Skills** 15 | - gcp 16 | - monitoring 17 | - dashboarding 18 | - multiple projects 19 | - monitoring groups 20 | - uptime check 21 | 22 | 23 | We need to have 3 different Projects. 24 | The first project (ID 1) will be the monitoring workspace host project. 25 | Projects ID 2 and ID 3 will be the monitored/resource projects. 26 | Per Google's recommended best practices, the project we use to host the monitoring workspace will not be one of the projects actually housing monitored resources. 27 | 28 | 29 | ### Configure Resource Projects 30 | 31 | - Label Project ID 1 as Monitoring Project. 32 | - Label Project ID 2 as Worker 1. 33 | - Label Project ID 3 as Worker 2. 34 | 35 | - Launch `NGINX Open Source Packaged by Bitnami` from `Marketplace` in `Worker 1` and `Worker 2` projects 36 | 37 | ### Create a Monitoring Workspace and link the two worker projects into it 38 | 39 | - Go to `Monitoring Project` 40 | - `Monitoring` > `Overview` > `Settings` 41 | - Add `Worker 1` and `Worker 2` 42 | - Choose `Use this project as the scoping project` 43 | - Save and go to `Dashboards`. Take few minutes for explore. 44 | 45 | ### Create and configure Monitoring groups 46 | - Go to each `Worker` Project 47 | - Assign labels to both VMs in `Worker 1` and `Worker 2` 48 | - `component:frontend` 49 | - `stage:dev/test` 50 | 51 | - Create Resource Group 52 | - `Monitoring` > `Groups` > `Create` > Name : Frontend Servers 53 | - Give `component` = `frontend` criteria. You should see 2 instances 54 | - Create a `Sub Group`, Keep the first criteria as same. Give second as `stage` = `dev` 55 | - Check the UI when done 56 | 57 | ### Create and test an uptime check 58 | 59 | - Create an uptime check for the Frontend Servers group 60 | - Check out how an uptime check handles failure 61 | - What can Cloud Monitoring, Logging, and Alerting tell us? 62 | 63 | ### Create a custom dashboard 64 | 65 | - Create a developer dashboard and add an uptime chart to it 66 | - Add and test a CPU utilization chart to the dashboard 67 | 68 | -------------------------------------------------------------------------------- /home/cloud/gcp/taskset/task-015-cloud-storage-audit-logs/ReadMe.md: -------------------------------------------------------------------------------- 1 | # Cloud Audit Logs 2 | 3 | [https://www.cloudskillsboost.google](https://www.cloudskillsboost.google) 4 | 5 | [Select - DevOps Engineer, SRE Learning Path](https://www.cloudskillsboost.google/paths) 6 | 7 | 8 | **High Level Objectives** 9 | - Enable data access logs on Cloud Storage. 10 | - Generate admin and data access activity. 11 | - View Audit logs. 12 | 13 | **Skills** 14 | - gcp 15 | - gcp-logging 16 | - access-logs 17 | - audit-logs 18 | - cloud-storage 19 | 20 | 21 | ### Enable data access logs on Cloud Storage 22 | 23 | 24 | - Navigation Menu > IAM & Admin > Audit Logs. 25 | - Scroll or use Filter to locate `Google Cloud Storage`, then check the box next to it. This should display the Info Panel with options on LOG TYPE. 26 | - Select Admin Read, Data Read and Data Write, and then click SAVE. 27 | 28 | 29 | ### Generate some admin and data access activity 30 | 31 | ```bash 32 | # Use gsutil to create a Cloud Storage bucket with the same name as your project: 33 | gsutil mb gs://$DEVSHELL_PROJECT_ID 34 | 35 | # Make sure the bucket successfully created: 36 | gsutil ls 37 | 38 | # Create a simple "Hello World" type of text file and upload it to your bucket: 39 | echo "Hello World!" > sample.txt 40 | gsutil cp sample.txt gs://$DEVSHELL_PROJECT_ID 41 | 42 | # Verify the file is in the bucket: 43 | gsutil ls gs://$DEVSHELL_PROJECT_ID 44 | 45 | # Create a new auto mode network named mynetwork, then create a new virtual machine and place it on the new network: 46 | gcloud compute networks create mynetwork --subnet-mode=auto 47 | gcloud compute instances create default-us-vm \ 48 | --zone=us-west4-b --network=mynetwork 49 | 50 | # Delete the storage bucket: 51 | gsutil rm -r gs://$DEVSHELL_PROJECT_ID 52 | ``` 53 | 54 | ### Viewing audit logs 55 | 56 | - Navigation menu to navigate to Cloud overview > Activity. 57 | - Filters pane, click the Activity types, select all, and click OK 58 | - Click the Resource type > Select GCE Network > OK 59 | - Navigation menu to navigate to Logging > Logs Explorer. 60 | - Click the Log name dropdown and use the filter to locate the activity log under CLOUD AUDIT section and Apply it to the query. 61 | - Log fields explorer to filter to GCS Bucket entries. 62 | - Expand the delete entry, then drill into protoPayload > authenticationInfo field and notice you can see the email address of the user that performed this action. 63 | 64 | 65 | ```bash 66 | gcloud logging read \ 67 | "logName=projects/$DEVSHELL_PROJECT_ID/logs/cloudaudit.googleapis.com%2Fdata_access" 68 | ``` -------------------------------------------------------------------------------- /home/cloud/gcp/taskset/task-019-working-with-cloud-build/ReadMe.md: -------------------------------------------------------------------------------- 1 | # Working with Cloud Build 2 | 3 | [https://www.cloudskillsboost.google](https://www.cloudskillsboost.google) 4 | 5 | [Select - Getting Started with Google Kubernetes Engine Course](https://www.cloudskillsboost.google) 6 | 7 | **High Level Objectives** 8 | - Confirm that needed APIs are enabled 9 | - Building containers with DockerFile and Cloud Build 10 | - Building containers with a build configuration file and Cloud Build 11 | - Building and testing containers with a build configuration file and Cloud Build 12 | 13 | **Skills** 14 | - gcp 15 | - cloud-build 16 | - cloud-shell 17 | - cloud-shell-editor 18 | - containers 19 | - docker 20 | - dockerfile 21 | 22 | ### Confirm that needed APIs are enabled 23 | 24 | - Cloud Build 25 | - Container Registry 26 | 27 | ### Building containers with DockerFile and Cloud Build 28 | 29 | ```bash 30 | # Create file 31 | touch quickstart.sh 32 | ``` 33 | 34 | ```shell 35 | #!/bin/sh 36 | echo "Hello, world! The time is $(date)." 37 | ``` 38 | 39 | - Dockerfile 40 | 41 | ```Dockerfile 42 | FROM alpine 43 | COPY quickstart.sh / 44 | CMD ["/quickstart.sh"] 45 | ``` 46 | 47 | ```bash 48 | chmod +x quickstart.sh 49 | ``` 50 | 51 | - In Cloud Shell, run the following command to build the Docker container image in Cloud Build: 52 | 53 | ```bash 54 | gcloud builds submit --tag gcr.io/${GOOGLE_CLOUD_PROJECT}/quickstart-image . 55 | ``` 56 | 57 | - In the Google Cloud Console, on the Navigation menu (Navigation menu icon), click Container Registry > Images. 58 | 59 | ### Building containers with a build configuration file and Cloud Build 60 | 61 | - In Cloud Shell enter the following command to clone the repository to the lab Cloud Shell: 62 | 63 | ```bash 64 | git clone https://github.com/GoogleCloudPlatform/training-data-analyst 65 | 66 | # Create a soft link as a shortcut to the working directory: 67 | ln -s ~/training-data-analyst/courses/ak8s/v1.1 ~/ak8s 68 | 69 | # Change to the directory that contains the sample files for this lab: 70 | cd ~/ak8s/Cloud_Build/a 71 | 72 | cat cloudbuild.yaml 73 | 74 | # In Cloud Shell, execute the following command to start a Cloud Build using cloudbuild.yaml as the build configuration file: 75 | gcloud builds submit --config cloudbuild.yaml . 76 | ``` 77 | 78 | - Container Registry > Images and then click quickstart-image. 79 | - Navigation menu (Navigation menu icon), click Cloud Build > History. 80 | 81 | ### Building and testing containers with a build configuration file and Cloud Build 82 | 83 | 84 | - In Cloud Shell, change to the directory that contains the sample files for this lab: 85 | 86 | ```bash 87 | cd ~/ak8s/Cloud_Build/b 88 | 89 | # In Cloud Shell, execute the following command to view the contents of cloudbuild.yaml 90 | cat cloudbuild.yaml 91 | 92 | 93 | # In Cloud Shell, execute the following command to start a Cloud Build using cloudbuild.yaml as the build configuration file: 94 | gcloud builds submit --config cloudbuild.yaml . 95 | 96 | # Confirm that your command shell knows that the build failed: 97 | echo $? 98 | 99 | 100 | ``` -------------------------------------------------------------------------------- /home/cloud/gcp/taskset/task-020-deploying-google-kubernetes-engine/ReadMe.md: -------------------------------------------------------------------------------- 1 | # Deploying Google Kubernetes Engine 2 | 3 | [https://www.cloudskillsboost.google](https://www.cloudskillsboost.google) 4 | 5 | [Select - Getting Started with Google Kubernetes Engine Course](https://www.cloudskillsboost.google) 6 | 7 | **High Level Objectives** 8 | - Use the Google Cloud Console to build and manipulate GKE clusters 9 | - Use the Google Cloud Console to deploy a Pod 10 | 11 | **Skills** 12 | - GKE 13 | - Kubernetes 14 | - Pods 15 | - Modify Cluster 16 | 17 | 18 | ### Deploy GKE clusters 19 | 20 | - cluster name to standard-cluster-1 21 | - zone to us-central1-a. 22 | 23 | 24 | ### Modify GKE clusters 25 | 26 | - Change the number of nodes from 3 to 4 and click RESIZE 27 | 28 | ### View details about workloads in the Google Cloud Console 29 | 30 | - In the Google Cloud Console, on the Kubernetes Engine > Workloads page, click nginx-1. -------------------------------------------------------------------------------- /home/cloud/gcp/taskset/task-021-creating-google-kubernetes-engine-deployments/nginx-canary.yaml: -------------------------------------------------------------------------------- 1 | apiVersion: apps/v1 2 | kind: Deployment 3 | metadata: 4 | name: nginx-canary 5 | labels: 6 | app: nginx 7 | spec: 8 | replicas: 1 9 | selector: 10 | matchLabels: 11 | app: nginx 12 | template: 13 | metadata: 14 | labels: 15 | app: nginx 16 | track: canary 17 | Version: 1.9.1 18 | spec: 19 | containers: 20 | - name: nginx 21 | image: nginx:1.9.1 22 | ports: 23 | - containerPort: 80 -------------------------------------------------------------------------------- /home/cloud/gcp/taskset/task-021-creating-google-kubernetes-engine-deployments/nginx-deployment.yaml: -------------------------------------------------------------------------------- 1 | apiVersion: apps/v1 2 | kind: Deployment 3 | metadata: 4 | name: nginx-deployment 5 | labels: 6 | app: nginx 7 | spec: 8 | replicas: 3 9 | selector: 10 | matchLabels: 11 | app: nginx 12 | template: 13 | metadata: 14 | labels: 15 | app: nginx 16 | spec: 17 | containers: 18 | - name: nginx 19 | image: nginx:1.7.9 20 | ports: 21 | - containerPort: 80 -------------------------------------------------------------------------------- /home/cloud/gcp/taskset/task-021-creating-google-kubernetes-engine-deployments/nginx-svc-session-affinity.yaml: -------------------------------------------------------------------------------- 1 | apiVersion: v1 2 | kind: Service 3 | metadata: 4 | name: nginx 5 | spec: 6 | type: LoadBalancer 7 | sessionAffinity: ClientIP 8 | selector: 9 | app: nginx 10 | ports: 11 | - protocol: TCP 12 | port: 60000 13 | targetPort: 80 -------------------------------------------------------------------------------- /home/cloud/gcp/taskset/task-021-creating-google-kubernetes-engine-deployments/service-nginx.yaml: -------------------------------------------------------------------------------- 1 | apiVersion: v1 2 | kind: Service 3 | metadata: 4 | name: nginx 5 | spec: 6 | type: LoadBalancer 7 | selector: 8 | app: nginx 9 | ports: 10 | - protocol: TCP 11 | port: 60000 12 | targetPort: 80 -------------------------------------------------------------------------------- /home/cloud/gcp/taskset/task-022-configuring-persistent-storage-for-google-kubernetes-engine/pod-volume-demo.yaml: -------------------------------------------------------------------------------- 1 | kind: Pod 2 | apiVersion: v1 3 | metadata: 4 | name: pvc-demo-pod 5 | spec: 6 | containers: 7 | - name: frontend 8 | image: nginx 9 | volumeMounts: 10 | - mountPath: "/var/www/html" 11 | name: pvc-demo-volume 12 | volumes: 13 | - name: pvc-demo-volume 14 | persistentVolumeClaim: 15 | claimName: hello-web-disk -------------------------------------------------------------------------------- /home/cloud/gcp/taskset/task-022-configuring-persistent-storage-for-google-kubernetes-engine/pvc-demo.yaml: -------------------------------------------------------------------------------- 1 | apiVersion: v1 2 | kind: PersistentVolumeClaim 3 | metadata: 4 | name: hello-web-disk 5 | spec: 6 | accessModes: 7 | - ReadWriteOnce 8 | resources: 9 | requests: 10 | storage: 30Gi -------------------------------------------------------------------------------- /home/cloud/gcp/taskset/task-022-configuring-persistent-storage-for-google-kubernetes-engine/statefulset-demo.yaml: -------------------------------------------------------------------------------- 1 | kind: Service 2 | apiVersion: v1 3 | metadata: 4 | name: statefulset-demo-service 5 | spec: 6 | ports: 7 | - protocol: TCP 8 | port: 80 9 | targetPort: 9376 10 | type: LoadBalancer 11 | --- 12 | apiVersion: apps/v1 13 | kind: StatefulSet 14 | metadata: 15 | name: statefulset-demo 16 | spec: 17 | selector: 18 | matchLabels: 19 | app: MyApp 20 | serviceName: statefulset-demo-service 21 | replicas: 3 22 | updateStrategy: 23 | type: RollingUpdate 24 | template: 25 | metadata: 26 | labels: 27 | app: MyApp 28 | spec: 29 | containers: 30 | - name: stateful-set-container 31 | image: nginx 32 | ports: 33 | - containerPort: 80 34 | name: http 35 | volumeMounts: 36 | - name: hello-web-disk 37 | mountPath: "/var/www/html" 38 | volumeClaimTemplates: 39 | - metadata: 40 | name: hello-web-disk 41 | spec: 42 | accessModes: [ "ReadWriteOnce" ] 43 | resources: 44 | requests: 45 | storage: 30Gi -------------------------------------------------------------------------------- /home/cloud/gcp/taskset/task-023-anthos-service-mesh-walkthrough/.images/arch-img.png: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/thecloudterminal01/learn-devops/d6cc45268dd93258ffc70c253e28ec44fcfbd541/home/cloud/gcp/taskset/task-023-anthos-service-mesh-walkthrough/.images/arch-img.png -------------------------------------------------------------------------------- /home/cloud/gcp/taskset/task-023-anthos-service-mesh-walkthrough/.images/security.png: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/thecloudterminal01/learn-devops/d6cc45268dd93258ffc70c253e28ec44fcfbd541/home/cloud/gcp/taskset/task-023-anthos-service-mesh-walkthrough/.images/security.png -------------------------------------------------------------------------------- /home/cloud/gcp/taskset/task-023-anthos-service-mesh-walkthrough/.images/topology.png: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/thecloudterminal01/learn-devops/d6cc45268dd93258ffc70c253e28ec44fcfbd541/home/cloud/gcp/taskset/task-023-anthos-service-mesh-walkthrough/.images/topology.png -------------------------------------------------------------------------------- /home/cloud/gcp/taskset/task-025-managing-traffic-with-anthos-service-mesh/.images/img.png: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/thecloudterminal01/learn-devops/d6cc45268dd93258ffc70c253e28ec44fcfbd541/home/cloud/gcp/taskset/task-025-managing-traffic-with-anthos-service-mesh/.images/img.png -------------------------------------------------------------------------------- /home/cloud/gcp/taskset/task-025-managing-traffic-with-anthos-service-mesh/.images/img2.png: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/thecloudterminal01/learn-devops/d6cc45268dd93258ffc70c253e28ec44fcfbd541/home/cloud/gcp/taskset/task-025-managing-traffic-with-anthos-service-mesh/.images/img2.png -------------------------------------------------------------------------------- /home/cloud/gcp/taskset/task-025-managing-traffic-with-anthos-service-mesh/conditional-routing-labels.yaml: -------------------------------------------------------------------------------- 1 | # conditional routing: based on source labels 2 | # A rule can indicate that it only applies to calls from workloads (pods) implementing the version v2 of the reviews service. 3 | apiVersion: networking.istio.io/v1alpha3 4 | kind: VirtualService 5 | metadata: 6 | name: ratings 7 | spec: 8 | hosts: 9 | - ratings 10 | http: 11 | - match: 12 | - sourceLabels: 13 | app: reviews 14 | version: v2 -------------------------------------------------------------------------------- /home/cloud/gcp/taskset/task-025-managing-traffic-with-anthos-service-mesh/conditional-routing-req-headers.yaml: -------------------------------------------------------------------------------- 1 | # conditional routing: based on request headers 2 | # The below rule only applies to an incoming request if it includes a custom "end-user" header that contains the string “atharvak”. 3 | 4 | 5 | apiVersion: networking.istio.io/v1alpha3 6 | kind: VirtualService 7 | metadata: 8 | name: reviews 9 | spec: 10 | hosts: 11 | - reviews 12 | http: 13 | - match: 14 | - headers: 15 | end-user: 16 | exact: atharvak -------------------------------------------------------------------------------- /home/cloud/gcp/taskset/task-025-managing-traffic-with-anthos-service-mesh/fault-injection-aborts.yaml: -------------------------------------------------------------------------------- 1 | # fault injection: inserting aborts 2 | # The below example returns an HTTP 400 error code for 10% of the requests to the ratings service "v1" 3 | 4 | apiVersion: networking.istio.io/v1alpha3 5 | kind: VirtualService 6 | metadata: 7 | name: ratings 8 | spec: 9 | hosts: 10 | - ratings 11 | http: - fault: 12 | abort: 13 | percent: 10 httpStatus: 400 14 | route: 15 | - destination: 16 | host: ratings subset: v1 -------------------------------------------------------------------------------- /home/cloud/gcp/taskset/task-025-managing-traffic-with-anthos-service-mesh/fault-injection-delays.yaml: -------------------------------------------------------------------------------- 1 | # fault injection: inserting delays: Fault injection is a testing method that introduces errors into a system to ensure that it 2 | # can withstand and recover from error conditions. 3 | # This example introduces a 5 second delay in 10% of the requests to the "v1" version of the ratings microservice. 4 | apiVersion: networking.istio.io/v1alpha3 5 | kind: VirtualService 6 | metadata: 7 | name: ratings 8 | spec: 9 | hosts: 10 | - ratings 11 | http: 12 | - fault: 13 | delay: 14 | percent: 10 15 | fixedDelay: 5s 16 | route: 17 | - destination: 18 | host: ratings 19 | subset: v1 -------------------------------------------------------------------------------- /home/cloud/gcp/taskset/task-025-managing-traffic-with-anthos-service-mesh/manifests/destinationrule--productpage-circuit-breaker.yaml: -------------------------------------------------------------------------------- 1 | # DestinationRule is an Istio resource that defines policies to apply to traffic intended 2 | # for a specific service instance. It is used to configure traffic management features such 3 | # as load balancing, circuit breaking, and fault injection. 4 | 5 | apiVersion: networking.istio.io/v1alpha3 6 | kind: DestinationRule 7 | metadata: 8 | name: productpage 9 | spec: 10 | # This specifies the host name that this DestinationRule applies to, which is the "productpage" service. 11 | host: productpage 12 | subsets: 13 | # This defines a subset of the "productpage" service called "v1" that has a label of version: v1. 14 | - name: v1 15 | labels: 16 | version: v1 17 | trafficPolicy: 18 | connectionPool: 19 | # This defines connection pool settings for the service. Specifically, it limits the maximum 20 | # number of TCP connections to 1 and the maximum number of pending HTTP requests per connection to 1. 21 | tcp: 22 | maxConnections: 1 23 | http: 24 | http1MaxPendingRequests: 1 25 | maxRequestsPerConnection: 1 26 | outlierDetection: 27 | # This defines outlier detection settings for the service. 28 | # Specifically, it specifies that if there are more than 1 consecutive 5xx HTTP responses from the "productpage" 29 | # service within a 1-second interval, the service instance will be ejected from the pool for 3 minutes. 30 | # Additionally, if all instances of the service are ejected, Istio will still allow traffic to be sent to the service, 31 | # up to 100% of the total traffic. 32 | consecutive5xxErrors: 1 33 | interval: 1s 34 | baseEjectionTime: 3m 35 | maxEjectionPercent: 100 -------------------------------------------------------------------------------- /home/cloud/gcp/taskset/task-025-managing-traffic-with-anthos-service-mesh/manifests/destinationrule-all.yaml: -------------------------------------------------------------------------------- 1 | # This is a Kubernetes manifest file for an Istio DestinationRule resource, which is used 2 | # to configure traffic routing and policy rules for network traffic between Kubernetes services. 3 | # Here's what this particular manifest is doing: 4 | 5 | apiVersion: networking.istio.io/v1alpha3 6 | kind: DestinationRule 7 | metadata: 8 | name: productpage 9 | spec: 10 | # This specifies the name of the Kubernetes service that this DestinationRule applies to. In this case, it is the "productpage" service. 11 | host: productpage 12 | subsets: 13 | # This defines a subset within the "productpage" service, which is identified by the name "v1". 14 | - name: v1 15 | labels: 16 | version: v1 17 | 18 | # Overall, this manifest is creating a DestinationRule for the "productpage" service with a 19 | # single subset named "v1" that has a label of "version: v1". This subset can be used to route traffic 20 | # specifically to instances of the "productpage" service with that label, or to apply policy rules specific to that version of the service. 21 | --- 22 | apiVersion: networking.istio.io/v1alpha3 23 | kind: DestinationRule 24 | metadata: 25 | name: reviews 26 | spec: 27 | host: reviews 28 | subsets: 29 | - name: v1 30 | labels: 31 | version: v1 32 | - name: v2 33 | labels: 34 | version: v2 35 | - name: v3 36 | labels: 37 | version: v3 38 | --- 39 | apiVersion: networking.istio.io/v1alpha3 40 | kind: DestinationRule 41 | metadata: 42 | name: ratings 43 | spec: 44 | host: ratings 45 | subsets: 46 | - name: v1 47 | labels: 48 | version: v1 49 | - name: v2 50 | labels: 51 | version: v2 52 | - name: v2-mysql 53 | labels: 54 | version: v2-mysql 55 | - name: v2-mysql-vm 56 | labels: 57 | version: v2-mysql-vm 58 | --- 59 | apiVersion: networking.istio.io/v1alpha3 60 | kind: DestinationRule 61 | metadata: 62 | name: details 63 | spec: 64 | host: details 65 | subsets: 66 | - name: v1 67 | labels: 68 | version: v1 69 | - name: v2 70 | labels: 71 | version: v2 72 | --- -------------------------------------------------------------------------------- /home/cloud/gcp/taskset/task-025-managing-traffic-with-anthos-service-mesh/manifests/gateway--bookinfo-gateway-port-80-http.yaml: -------------------------------------------------------------------------------- 1 | apiVersion: networking.istio.io/v1alpha3 2 | kind: Gateway 3 | metadata: 4 | name: bookinfo-gateway 5 | namespace: ingress 6 | spec: 7 | selector: 8 | istio: ingressgateway 9 | # This field specifies the servers that will be created for the Gateway. 10 | servers: 11 | # This field specifies the port that the server will listen on. 12 | - port: 13 | number: 80 14 | name: http 15 | # This field specifies the protocol used by the port. In this case, it is using HTTP. 16 | protocol: HTTP 17 | # This field specifies the list of hosts that this Gateway will accept traffic for. In this case, it is using the wildcard character "*" to accept traffic for all hosts. 18 | hosts: 19 | - "*" 20 | -------------------------------------------------------------------------------- /home/cloud/gcp/taskset/task-025-managing-traffic-with-anthos-service-mesh/manifests/virtualService-2-or-1-second-delay-to-calls-to-ratings-service.yaml: -------------------------------------------------------------------------------- 1 | apiVersion: networking.istio.io/v1alpha3 2 | kind: VirtualService 3 | metadata: 4 | name: ratings 5 | spec: 6 | hosts: 7 | - ratings 8 | http: 9 | - fault: 10 | delay: 11 | percent: 100 12 | fixedDelay: 1s 13 | route: 14 | - destination: 15 | host: ratings 16 | subset: v1 -------------------------------------------------------------------------------- /home/cloud/gcp/taskset/task-025-managing-traffic-with-anthos-service-mesh/manifests/virtualservice--all-to-v1.yaml: -------------------------------------------------------------------------------- 1 | apiVersion: networking.istio.io/v1alpha3 2 | kind: VirtualService 3 | metadata: 4 | name: productpage 5 | spec: 6 | hosts: 7 | # This specifies the host name that this VirtualService applies to, which is the "productpage" service. 8 | - productpage 9 | http: 10 | - route: 11 | - destination: 12 | # This defines the route that the VirtualService should use for incoming HTTP traffic to the "productpage" service. 13 | # Specifically, it routes all traffic to the "v1" subset of the "productpage" service. 14 | host: productpage 15 | subset: v1 16 | # Why both spec: hosts: - productpage and http: - route: - destination: host: productpage subset: v1 as same ? 17 | # It's true that both the spec.hosts and spec.http.route.destination.host fields in the Istio VirtualService resource manifest are set to productpage, which may seem redundant or confusing. However, each field serves a different purpose: 18 | # spec.hosts: This field specifies the list of hosts that this VirtualService applies to. In this case, there is only one host specified, which is the productpage service. 19 | # spec.http.route.destination.host: This field specifies the destination host to which the incoming HTTP requests should be routed by the VirtualService. In this case, it is also set to productpage, which means that all incoming HTTP requests for the productpage service will be routed to the destination host specified in the route field. 20 | # The reason why both fields are set to productpage in this example is because the VirtualService is intended to apply to only one Kubernetes service (productpage) and route all incoming HTTP traffic to a specific subset (v1) of that service. In more complex scenarios where a VirtualService may apply to multiple hosts, or multiple subsets of the same host, you would need to specify the spec.hosts and spec.http.route.destination.host fields differently for each host or subset. 21 | --- 22 | apiVersion: networking.istio.io/v1alpha3 23 | kind: VirtualService 24 | metadata: 25 | name: reviews 26 | spec: 27 | hosts: 28 | - reviews 29 | http: 30 | - route: 31 | - destination: 32 | host: reviews 33 | subset: v1 34 | --- 35 | apiVersion: networking.istio.io/v1alpha3 36 | kind: VirtualService 37 | metadata: 38 | name: ratings 39 | spec: 40 | hosts: 41 | - ratings 42 | http: 43 | - route: 44 | - destination: 45 | host: ratings 46 | subset: v1 47 | --- 48 | apiVersion: networking.istio.io/v1alpha3 49 | kind: VirtualService 50 | metadata: 51 | name: details 52 | spec: 53 | hosts: 54 | - details 55 | http: 56 | - route: 57 | - destination: 58 | host: details 59 | subset: v1 60 | --- -------------------------------------------------------------------------------- /home/cloud/gcp/taskset/task-025-managing-traffic-with-anthos-service-mesh/manifests/virtualservice--bookinfo-based-on-exact-and-prefix-uri-match.yaml: -------------------------------------------------------------------------------- 1 | apiVersion: networking.istio.io/v1alpha3 2 | kind: VirtualService 3 | metadata: 4 | name: bookinfo 5 | spec: 6 | # This field specifies the list of hosts that this VirtualService will apply to. 7 | # In this case, it is using the wildcard character "*" to match all hosts. 8 | hosts: 9 | - "*" 10 | # This field specifies the list of Gateway resources that this VirtualService will apply to. 11 | # In this case, it is using the Gateway resource named "bookinfo-gateway". 12 | gateways: 13 | - bookinfo-gateway 14 | # This field specifies the configuration for HTTP traffic routing. 15 | http: 16 | # This field specifies the list of HTTP path matching rules that this VirtualService will apply to. 17 | # In this case, it is using a set of URI path matching rules. 18 | - match: 19 | - uri: 20 | # This field specifies an exact match for the URI path. 21 | exact: /productpage 22 | - uri: 23 | # This field specifies a prefix match for the URI path. 24 | prefix: /static 25 | - uri: 26 | exact: /login 27 | - uri: 28 | exact: /logout 29 | - uri: 30 | prefix: /api/v1/products 31 | # This field specifies the list of destinations that matching traffic will be routed to. 32 | route: 33 | # This field specifies the destination host and port for the matching traffic. 34 | - destination: 35 | # This field specifies the name of the destination host which is productpage service 36 | host: productpage 37 | port: 38 | number: 9080 -------------------------------------------------------------------------------- /home/cloud/gcp/taskset/task-025-managing-traffic-with-anthos-service-mesh/manifests/virtualservice--half-second-timeout-for-calls-to-reviews.yaml: -------------------------------------------------------------------------------- 1 | apiVersion: networking.istio.io/v1alpha3 2 | kind: VirtualService 3 | metadata: 4 | name: reviews 5 | spec: 6 | hosts: 7 | - reviews 8 | http: 9 | - route: 10 | - destination: 11 | host: reviews 12 | subset: v2 13 | timeout: 0.5s -------------------------------------------------------------------------------- /home/cloud/gcp/taskset/task-025-managing-traffic-with-anthos-service-mesh/manifests/virtualservice--productpage-per-try-timeout-2s.yaml: -------------------------------------------------------------------------------- 1 | apiVersion: networking.istio.io/v1alpha3 2 | kind: VirtualService 3 | metadata: 4 | name: productpage 5 | spec: 6 | hosts: 7 | - productpage 8 | http: 9 | - route: 10 | - destination: 11 | host: productpage 12 | subset: v1 13 | retries: 14 | attempts: 1 15 | perTryTimeout: 2s -------------------------------------------------------------------------------- /home/cloud/gcp/taskset/task-025-managing-traffic-with-anthos-service-mesh/manifests/virtualservice--reviews-v2-based-on-header.yaml: -------------------------------------------------------------------------------- 1 | apiVersion: networking.istio.io/v1alpha3 2 | kind: VirtualService 3 | metadata: 4 | name: reviews 5 | spec: 6 | hosts: 7 | # This specifies the host name that this VirtualService applies to, which is the "reviews" service. 8 | - reviews 9 | http: 10 | - match: 11 | # This specifies a matching rule based on the end-user HTTP header with the exact value of jason. 12 | # This means that if the end-user header in the incoming HTTP request has a value of jason, the 13 | # VirtualService will route the request to the v2 subset of the reviews service. 14 | - headers: 15 | end-user: 16 | exact: jason 17 | # This defines the destination for the incoming traffic that matches the above match rule. 18 | # Specifically, it routes traffic to the v2 subset of the reviews service. 19 | route: 20 | - destination: 21 | host: reviews 22 | subset: v2 23 | - route: 24 | # This defines a default route for all other incoming traffic that does not match the above rule. 25 | # Specifically, it routes traffic to the v1 subset of the reviews service. 26 | - destination: 27 | host: reviews 28 | subset: v1 29 | 30 | # Overall, this manifest creates a VirtualService that applies to the reviews service, 31 | # and routes incoming traffic to either the v1 or v2 subset of the service based on whether 32 | # the end-user HTTP header has a value of jason. This is a basic example of how you can use VirtualService to 33 | # implement traffic routing rules based on HTTP headers in an Istio service mesh. -------------------------------------------------------------------------------- /home/cloud/gcp/taskset/task-025-managing-traffic-with-anthos-service-mesh/manifests/virtualservice--reviews-v3.yaml: -------------------------------------------------------------------------------- 1 | apiVersion: networking.istio.io/v1alpha3 2 | kind: VirtualService 3 | metadata: 4 | name: reviews 5 | spec: 6 | hosts: 7 | - reviews 8 | http: 9 | - route: 10 | - destination: 11 | host: reviews 12 | subset: v3 -------------------------------------------------------------------------------- /home/cloud/gcp/taskset/task-025-managing-traffic-with-anthos-service-mesh/manifests/virtualservice--route-req-to-v2-reviews.yaml: -------------------------------------------------------------------------------- 1 | apiVersion: networking.istio.io/v1alpha3 2 | kind: VirtualService 3 | metadata: 4 | name: reviews 5 | spec: 6 | hosts: 7 | - reviews 8 | http: 9 | - route: 10 | - destination: 11 | host: reviews 12 | subset: v2 -------------------------------------------------------------------------------- /home/cloud/gcp/taskset/task-025-managing-traffic-with-anthos-service-mesh/manifests/virtualservice-reviews-50-v3-and-50-v1.yaml: -------------------------------------------------------------------------------- 1 | apiVersion: networking.istio.io/v1alpha3 2 | kind: VirtualService 3 | metadata: 4 | name: reviews 5 | spec: 6 | hosts: 7 | - reviews 8 | http: 9 | - route: 10 | - destination: 11 | host: reviews 12 | subset: v1 13 | weight: 50 14 | - destination: 15 | host: reviews 16 | subset: v3 17 | weight: 50 -------------------------------------------------------------------------------- /home/cloud/gcp/taskset/task-025-managing-traffic-with-anthos-service-mesh/retry.yaml: -------------------------------------------------------------------------------- 1 | 2 | # retries : A retry is an attempt to complete an operation multiple times if it fails. 3 | # Adjust the maximum number of retry attempts, or the number of attempts possible within the default or overridden 4 | # timeout period. 5 | apiVersion: networking.istio.io/v1alpha3 6 | kind: VirtualService 7 | metadata: 8 | name: ratings 9 | spec: 10 | hosts: 11 | - ratings 12 | http: 13 | - route: 14 | - destination: 15 | host: ratings 16 | subset: v1 17 | retries: 18 | attempts: 3 19 | perTryTimeout: 2s -------------------------------------------------------------------------------- /home/cloud/gcp/taskset/task-025-managing-traffic-with-anthos-service-mesh/timeouts.yaml: -------------------------------------------------------------------------------- 1 | 2 | # timeouts : Set a timeout, the amount of time Istio waits for a response to a request. 3 | # The timeout for HTTP requests is 15 seconds, but it can be overridden. 4 | apiVersion: networking.istio.io/v1alpha3 5 | kind: VirtualService 6 | metadata: 7 | name: ratings 8 | spec: 9 | hosts: 10 | - ratings 11 | http: 12 | - route: 13 | - destination: 14 | host: ratings 15 | subset: v1 16 | timeout: 8s -------------------------------------------------------------------------------- /home/cloud/gcp/taskset/task-025-managing-traffic-with-anthos-service-mesh/traffic-splitting.yaml: -------------------------------------------------------------------------------- 1 | 2 | ## traffic splitting : Route traffic to multiple versions of a service. 3 | # This Kubernetes manifest creates a virtual service called "reviews" for routing traffic to different 4 | # subsets of a service named "reviews". The service can have multiple versions, or subsets, running concurrently, 5 | # and traffic is split between them based on the specified weights. In this case, traffic is split between two subsets, 6 | # "v1" and "v2", with 75% of traffic being sent to "v1" and 25% of traffic being sent to "v2". The traffic routing 7 | # is based on the HTTP protocol, and the "reviews" service is the destination host. 8 | # This configuration allows for gradual deployment of new versions of the service, as well as testing and 9 | # experimentation with different versions by splitting traffic between them. Istio, a 10 | # popular service mesh for Kubernetes, provides this traffic splitting functionality through its VirtualService resource. 11 | apiVersion: networking. istio.io/v1alpha3 12 | kind: VirtualService 13 | metadata: 14 | name: reviews 15 | spec: 16 | hosts: 17 | - reviews 18 | http: 19 | - route: 20 | - destination: 21 | host: reviews 22 | subset: v1 23 | weight: 75 24 | - destination: 25 | host: reviews 26 | subset: v2 27 | weight: 25 -------------------------------------------------------------------------------- /home/cloud/gcp/taskset/task-026-securing-traffic-through-anthos-service-mesh/.images/mTLS-initial-setup.png: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/thecloudterminal01/learn-devops/d6cc45268dd93258ffc70c253e28ec44fcfbd541/home/cloud/gcp/taskset/task-026-securing-traffic-through-anthos-service-mesh/.images/mTLS-initial-setup.png -------------------------------------------------------------------------------- /home/cloud/gcp/taskset/task-026-securing-traffic-through-anthos-service-mesh/.images/mTLS-strict-mode.png: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/thecloudterminal01/learn-devops/d6cc45268dd93258ffc70c253e28ec44fcfbd541/home/cloud/gcp/taskset/task-026-securing-traffic-through-anthos-service-mesh/.images/mTLS-strict-mode.png -------------------------------------------------------------------------------- /home/cloud/gcp/taskset/task-026-securing-traffic-through-anthos-service-mesh/PeerAuthentication--mesh-wide-mtls.yaml: -------------------------------------------------------------------------------- 1 | apiVersion: "security.istio.io/v1beta1" 2 | kind: "PeerAuthentication" 3 | metadata: 4 | name: "mesh-wide-mtls" 5 | spec: 6 | mtls: 7 | # sets the mTLS mode to "STRICT", which requires both the client and server workloads to 8 | # present valid TLS certificates and chains that can be verified by the mTLS trust anchors configured in the mesh. 9 | mode: STRICT 10 | 11 | # Together, this PeerAuthentication resource specifies that all workloads in the 12 | # Istio service mesh must communicate over mutual TLS with strict mode enabled, which helps 13 | # to ensure that all communication within the mesh is encrypted and authenticated, and that the identities 14 | # of both client and server are verified. This provides a strong security posture for the entire 15 | # service mesh, and helps to protect against attacks such as man-in-the-middle attacks or eavesdropping. -------------------------------------------------------------------------------- /home/cloud/gcp/taskset/task-026-securing-traffic-through-anthos-service-mesh/PeerAuthentication--restricted-mtls.yaml: -------------------------------------------------------------------------------- 1 | kubectl apply -n strict-mtls-service -f - < myfile.txt 44 | 45 | # Commit the file using the following Git commands: 46 | git config --global user.email "you@example.com" 47 | 48 | git config --global user.name "Your Name" 49 | 50 | git add myfile.txt 51 | 52 | git commit -m "First file using Cloud Source Repositories" myfile.txt 53 | 54 | # Once you've committed code to the local repository, add its contents to Cloud Source Repositories using the git push command: 55 | git push origin master 56 | ``` 57 | 58 | ## Browse files in the Google Cloud Source Repository 59 | 60 | ```bash 61 | gcloud source repos list 62 | ``` 63 | 64 | ## View a file in the Google Cloud repository 65 | 66 | - In the Console go to Navigation menu > Source Repositories. 67 | 68 | - Click REPO_DEMO > myfile.txt to view the file's contents in the source code browser. 69 | 70 | -------------------------------------------------------------------------------- /home/cloud/gcp/taskset/task-028-managing-deployments-using-kubernetes-engine/.images/blue-green-deployments.png: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/thecloudterminal01/learn-devops/d6cc45268dd93258ffc70c253e28ec44fcfbd541/home/cloud/gcp/taskset/task-028-managing-deployments-using-kubernetes-engine/.images/blue-green-deployments.png -------------------------------------------------------------------------------- /home/cloud/gcp/taskset/task-028-managing-deployments-using-kubernetes-engine/.images/canary-deployments.png: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/thecloudterminal01/learn-devops/d6cc45268dd93258ffc70c253e28ec44fcfbd541/home/cloud/gcp/taskset/task-028-managing-deployments-using-kubernetes-engine/.images/canary-deployments.png -------------------------------------------------------------------------------- /home/cloud/gcp/taskset/task-028-managing-deployments-using-kubernetes-engine/.images/rolling-update.png: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/thecloudterminal01/learn-devops/d6cc45268dd93258ffc70c253e28ec44fcfbd541/home/cloud/gcp/taskset/task-028-managing-deployments-using-kubernetes-engine/.images/rolling-update.png -------------------------------------------------------------------------------- /home/cloud/gcp/taskset/task-028-managing-deployments-using-kubernetes-engine/cleanup.sh: -------------------------------------------------------------------------------- 1 | kubectl delete pods healthy-monolith monolith secure-monolith 2 | kubectl delete services monolith auth frontend hello 3 | kubectl delete deployments auth frontend hello hello-canary hello-green 4 | kubectl delete secrets tls-certs 5 | kubectl delete configmaps nginx-frontend-conf nginx-proxy-conf 6 | -------------------------------------------------------------------------------- /home/cloud/gcp/taskset/task-028-managing-deployments-using-kubernetes-engine/deployments/auth.yaml: -------------------------------------------------------------------------------- 1 | apiVersion: apps/v1 2 | kind: Deployment 3 | metadata: 4 | name: auth 5 | spec: 6 | replicas: 1 7 | selector: 8 | matchLabels: 9 | app: auth 10 | template: 11 | metadata: 12 | labels: 13 | app: auth 14 | track: stable 15 | spec: 16 | containers: 17 | - name: auth 18 | image: "kelseyhightower/auth:2.0.0" 19 | ports: 20 | - name: http 21 | containerPort: 80 22 | - name: health 23 | containerPort: 81 24 | resources: 25 | limits: 26 | cpu: 0.2 27 | memory: "10Mi" 28 | livenessProbe: 29 | httpGet: 30 | path: /healthz 31 | port: 81 32 | scheme: HTTP 33 | initialDelaySeconds: 5 34 | periodSeconds: 15 35 | timeoutSeconds: 5 36 | readinessProbe: 37 | httpGet: 38 | path: /readiness 39 | port: 81 40 | scheme: HTTP 41 | initialDelaySeconds: 5 42 | timeoutSeconds: 1 43 | -------------------------------------------------------------------------------- /home/cloud/gcp/taskset/task-028-managing-deployments-using-kubernetes-engine/deployments/frontend.yaml: -------------------------------------------------------------------------------- 1 | apiVersion: apps/v1 2 | kind: Deployment 3 | metadata: 4 | name: frontend 5 | spec: 6 | replicas: 1 7 | selector: 8 | matchLabels: 9 | app: frontend 10 | template: 11 | metadata: 12 | labels: 13 | app: frontend 14 | track: stable 15 | spec: 16 | containers: 17 | - name: nginx 18 | image: "nginx:1.9.14" 19 | lifecycle: 20 | preStop: 21 | exec: 22 | command: ["/usr/sbin/nginx","-s","quit"] 23 | volumeMounts: 24 | - name: "nginx-frontend-conf" 25 | mountPath: "/etc/nginx/conf.d" 26 | - name: "tls-certs" 27 | mountPath: "/etc/tls" 28 | volumes: 29 | - name: "tls-certs" 30 | secret: 31 | secretName: "tls-certs" 32 | - name: "nginx-frontend-conf" 33 | configMap: 34 | name: "nginx-frontend-conf" 35 | items: 36 | - key: "frontend.conf" 37 | path: "frontend.conf" 38 | -------------------------------------------------------------------------------- /home/cloud/gcp/taskset/task-028-managing-deployments-using-kubernetes-engine/deployments/hello-canary.yaml: -------------------------------------------------------------------------------- 1 | apiVersion: apps/v1 2 | kind: Deployment 3 | metadata: 4 | name: hello-canary 5 | spec: 6 | replicas: 1 7 | selector: 8 | matchLabels: 9 | app: hello 10 | template: 11 | metadata: 12 | labels: 13 | app: hello 14 | track: canary 15 | version: 2.0.0 16 | spec: 17 | containers: 18 | - name: hello 19 | image: kelseyhightower/hello:2.0.0 20 | ports: 21 | - name: http 22 | containerPort: 80 23 | - name: health 24 | containerPort: 81 25 | resources: 26 | limits: 27 | cpu: 0.2 28 | memory: 10Mi 29 | livenessProbe: 30 | httpGet: 31 | path: /healthz 32 | port: 81 33 | scheme: HTTP 34 | initialDelaySeconds: 5 35 | periodSeconds: 15 36 | timeoutSeconds: 5 37 | readinessProbe: 38 | httpGet: 39 | path: /readiness 40 | port: 81 41 | scheme: HTTP 42 | initialDelaySeconds: 5 43 | timeoutSeconds: 1 44 | -------------------------------------------------------------------------------- /home/cloud/gcp/taskset/task-028-managing-deployments-using-kubernetes-engine/deployments/hello-green.yaml: -------------------------------------------------------------------------------- 1 | apiVersion: apps/v1 2 | kind: Deployment 3 | metadata: 4 | name: hello-green 5 | spec: 6 | replicas: 3 7 | selector: 8 | matchLabels: 9 | app: hello 10 | template: 11 | metadata: 12 | labels: 13 | app: hello 14 | track: stable 15 | version: 2.0.0 16 | spec: 17 | containers: 18 | - name: hello 19 | image: kelseyhightower/hello:2.0.0 20 | ports: 21 | - name: http 22 | containerPort: 80 23 | - name: health 24 | containerPort: 81 25 | resources: 26 | limits: 27 | cpu: 0.2 28 | memory: 10Mi 29 | livenessProbe: 30 | httpGet: 31 | path: /healthz 32 | port: 81 33 | scheme: HTTP 34 | initialDelaySeconds: 5 35 | periodSeconds: 15 36 | timeoutSeconds: 5 37 | readinessProbe: 38 | httpGet: 39 | path: /readiness 40 | port: 81 41 | scheme: HTTP 42 | initialDelaySeconds: 5 43 | timeoutSeconds: 1 44 | -------------------------------------------------------------------------------- /home/cloud/gcp/taskset/task-028-managing-deployments-using-kubernetes-engine/deployments/hello.yaml: -------------------------------------------------------------------------------- 1 | apiVersion: apps/v1 2 | kind: Deployment 3 | metadata: 4 | name: hello 5 | spec: 6 | replicas: 3 7 | selector: 8 | matchLabels: 9 | app: hello 10 | template: 11 | metadata: 12 | labels: 13 | app: hello 14 | track: stable 15 | version: 1.0.0 16 | spec: 17 | containers: 18 | - name: hello 19 | image: "kelseyhightower/hello:1.0.0" 20 | ports: 21 | - name: http 22 | containerPort: 80 23 | - name: health 24 | containerPort: 81 25 | resources: 26 | limits: 27 | cpu: 0.2 28 | memory: "10Mi" 29 | livenessProbe: 30 | httpGet: 31 | path: /healthz 32 | port: 81 33 | scheme: HTTP 34 | initialDelaySeconds: 5 35 | periodSeconds: 15 36 | timeoutSeconds: 5 37 | readinessProbe: 38 | httpGet: 39 | path: /readiness 40 | port: 81 41 | scheme: HTTP 42 | initialDelaySeconds: 5 43 | timeoutSeconds: 1 44 | -------------------------------------------------------------------------------- /home/cloud/gcp/taskset/task-028-managing-deployments-using-kubernetes-engine/nginx/frontend.conf: -------------------------------------------------------------------------------- 1 | upstream hello { 2 | server hello.default.svc.cluster.local; 3 | } 4 | 5 | upstream auth { 6 | server auth.default.svc.cluster.local; 7 | } 8 | 9 | server { 10 | listen 443; 11 | ssl on; 12 | 13 | ssl_certificate /etc/tls/cert.pem; 14 | ssl_certificate_key /etc/tls/key.pem; 15 | 16 | location / { 17 | proxy_pass http://hello; 18 | } 19 | 20 | location /login { 21 | proxy_pass http://auth; 22 | } 23 | } 24 | -------------------------------------------------------------------------------- /home/cloud/gcp/taskset/task-028-managing-deployments-using-kubernetes-engine/nginx/proxy.conf: -------------------------------------------------------------------------------- 1 | server { 2 | listen 443; 3 | ssl on; 4 | 5 | ssl_certificate /etc/tls/cert.pem; 6 | ssl_certificate_key /etc/tls/key.pem; 7 | 8 | location / { 9 | proxy_pass http://127.0.0.1:80; 10 | } 11 | } 12 | -------------------------------------------------------------------------------- /home/cloud/gcp/taskset/task-028-managing-deployments-using-kubernetes-engine/pods/healthy-monolith.yaml: -------------------------------------------------------------------------------- 1 | apiVersion: v1 2 | kind: Pod 3 | metadata: 4 | name: "healthy-monolith" 5 | labels: 6 | app: monolith 7 | spec: 8 | containers: 9 | - name: monolith 10 | image: kelseyhightower/monolith:1.0.0 11 | ports: 12 | - name: http 13 | containerPort: 80 14 | - name: health 15 | containerPort: 81 16 | resources: 17 | limits: 18 | cpu: 0.2 19 | memory: "10Mi" 20 | livenessProbe: 21 | httpGet: 22 | path: /healthz 23 | port: 81 24 | scheme: HTTP 25 | initialDelaySeconds: 5 26 | periodSeconds: 15 27 | timeoutSeconds: 5 28 | readinessProbe: 29 | httpGet: 30 | path: /readiness 31 | port: 81 32 | scheme: HTTP 33 | initialDelaySeconds: 5 34 | timeoutSeconds: 1 35 | -------------------------------------------------------------------------------- /home/cloud/gcp/taskset/task-028-managing-deployments-using-kubernetes-engine/pods/monolith.yaml: -------------------------------------------------------------------------------- 1 | apiVersion: v1 2 | kind: Pod 3 | metadata: 4 | name: monolith 5 | labels: 6 | app: monolith 7 | spec: 8 | containers: 9 | - name: monolith 10 | image: kelseyhightower/monolith:1.0.0 11 | args: 12 | - "-http=0.0.0.0:80" 13 | - "-health=0.0.0.0:81" 14 | - "-secret=secret" 15 | ports: 16 | - name: http 17 | containerPort: 80 18 | - name: health 19 | containerPort: 81 20 | resources: 21 | limits: 22 | cpu: 0.2 23 | memory: "10Mi" 24 | -------------------------------------------------------------------------------- /home/cloud/gcp/taskset/task-028-managing-deployments-using-kubernetes-engine/pods/secure-monolith.yaml: -------------------------------------------------------------------------------- 1 | apiVersion: v1 2 | kind: Pod 3 | metadata: 4 | name: "secure-monolith" 5 | labels: 6 | app: monolith 7 | spec: 8 | containers: 9 | - name: nginx 10 | image: "nginx:1.9.14" 11 | lifecycle: 12 | preStop: 13 | exec: 14 | command: ["/usr/sbin/nginx","-s","quit"] 15 | volumeMounts: 16 | - name: "nginx-proxy-conf" 17 | mountPath: "/etc/nginx/conf.d" 18 | - name: "tls-certs" 19 | mountPath: "/etc/tls" 20 | - name: monolith 21 | image: "kelseyhightower/monolith:1.0.0" 22 | ports: 23 | - name: http 24 | containerPort: 80 25 | - name: health 26 | containerPort: 81 27 | resources: 28 | limits: 29 | cpu: 0.2 30 | memory: "10Mi" 31 | livenessProbe: 32 | httpGet: 33 | path: /healthz 34 | port: 81 35 | scheme: HTTP 36 | initialDelaySeconds: 5 37 | periodSeconds: 15 38 | timeoutSeconds: 5 39 | readinessProbe: 40 | httpGet: 41 | path: /readiness 42 | port: 81 43 | scheme: HTTP 44 | initialDelaySeconds: 5 45 | timeoutSeconds: 1 46 | volumes: 47 | - name: "tls-certs" 48 | secret: 49 | secretName: "tls-certs" 50 | - name: "nginx-proxy-conf" 51 | configMap: 52 | name: "nginx-proxy-conf" 53 | items: 54 | - key: "proxy.conf" 55 | path: "proxy.conf" 56 | -------------------------------------------------------------------------------- /home/cloud/gcp/taskset/task-028-managing-deployments-using-kubernetes-engine/services/auth.yaml: -------------------------------------------------------------------------------- 1 | kind: Service 2 | apiVersion: v1 3 | metadata: 4 | name: "auth" 5 | spec: 6 | selector: 7 | app: "auth" 8 | ports: 9 | - protocol: "TCP" 10 | port: 80 11 | targetPort: 80 12 | -------------------------------------------------------------------------------- /home/cloud/gcp/taskset/task-028-managing-deployments-using-kubernetes-engine/services/frontend.yaml: -------------------------------------------------------------------------------- 1 | kind: Service 2 | apiVersion: v1 3 | metadata: 4 | name: "frontend" 5 | spec: 6 | selector: 7 | app: "frontend" 8 | ports: 9 | - protocol: "TCP" 10 | port: 443 11 | targetPort: 443 12 | type: LoadBalancer 13 | -------------------------------------------------------------------------------- /home/cloud/gcp/taskset/task-028-managing-deployments-using-kubernetes-engine/services/hello-blue.yaml: -------------------------------------------------------------------------------- 1 | kind: Service 2 | apiVersion: v1 3 | metadata: 4 | name: "hello" 5 | spec: 6 | selector: 7 | app: "hello" 8 | version: 1.0.0 9 | ports: 10 | - protocol: "TCP" 11 | port: 80 12 | targetPort: 80 13 | -------------------------------------------------------------------------------- /home/cloud/gcp/taskset/task-028-managing-deployments-using-kubernetes-engine/services/hello-green.yaml: -------------------------------------------------------------------------------- 1 | kind: Service 2 | apiVersion: v1 3 | metadata: 4 | name: hello 5 | spec: 6 | selector: 7 | app: hello 8 | version: 2.0.0 9 | ports: 10 | - protocol: TCP 11 | port: 80 12 | targetPort: 80 13 | -------------------------------------------------------------------------------- /home/cloud/gcp/taskset/task-028-managing-deployments-using-kubernetes-engine/services/hello.yaml: -------------------------------------------------------------------------------- 1 | kind: Service 2 | apiVersion: v1 3 | metadata: 4 | name: "hello" 5 | spec: 6 | selector: 7 | app: "hello" 8 | ports: 9 | - protocol: "TCP" 10 | port: 80 11 | targetPort: 80 12 | -------------------------------------------------------------------------------- /home/cloud/gcp/taskset/task-028-managing-deployments-using-kubernetes-engine/services/monolith.yaml: -------------------------------------------------------------------------------- 1 | kind: Service 2 | apiVersion: v1 3 | metadata: 4 | name: "monolith" 5 | spec: 6 | selector: 7 | app: "monolith" 8 | secure: "enabled" 9 | ports: 10 | - protocol: "TCP" 11 | port: 443 12 | targetPort: 443 13 | nodePort: 31000 14 | type: NodePort 15 | -------------------------------------------------------------------------------- /home/cloud/gcp/taskset/task-030-minimal-nodejs-app-dockerize-google-artifact-registry/test/Dockerfile: -------------------------------------------------------------------------------- 1 | # Use an official Node runtime as the parent image 2 | FROM node:lts 3 | # Set the working directory in the container to /app 4 | WORKDIR /app 5 | # Copy the current directory contents into the container at /app 6 | ADD . /app 7 | # Make the container's port 80 available to the outside world 8 | EXPOSE 80 9 | # Run app.js using node when the container launches 10 | CMD ["node", "app.js"] 11 | -------------------------------------------------------------------------------- /home/cloud/gcp/taskset/task-030-minimal-nodejs-app-dockerize-google-artifact-registry/test/app.js: -------------------------------------------------------------------------------- 1 | /* 2 | This is a Node.js server that listens for HTTP requests on port 80 (the standard HTTP port) 3 | and responds with a "Hello World" message in plain text format 4 | */ 5 | 6 | // imports the Node.js http module, which provides functionality for creating an HTTP server. 7 | const http = require('http'); 8 | 9 | // defines two constants, hostname and port, which specify the address and port number that the server will listen on 10 | const hostname = '0.0.0.0'; 11 | const port = 80; 12 | 13 | // creates an HTTP server using the http.createServer() method, which takes a callback 14 | // function as its argument. 15 | // This callback function is called whenever a client makes a request to the server. 16 | const server = http.createServer((req, res) => { 17 | // The callback function sets the HTTP response status code to 200 (OK), 18 | res.statusCode = 200; 19 | //sets the Content-Type header to text/plain, 20 | res.setHeader('Content-Type', 'text/plain'); 21 | // and sends the "Hello World" message as the response body. 22 | res.end('Hello World\n'); 23 | }); 24 | 25 | // The server.listen() method is called to start the server listening on the 26 | // specified hostname and port number. It also takes a callback function that 27 | // is called once the server starts listening. 28 | // This callback function just logs a message to the console to indicate that the server is running. 29 | server.listen(port, hostname, () => { 30 | console.log('Server running at http://%s:%s/', hostname, port); 31 | }); 32 | 33 | // Finally, a SIGINT event listener is added to the process object. 34 | // This listener is triggered when the user presses Ctrl-C to stop the server. 35 | // When the listener is triggered, it logs a message to the console and exits the process. 36 | process.on('SIGINT', function() { 37 | console.log('Caught interrupt signal and will exit'); 38 | process.exit(); 39 | }); 40 | -------------------------------------------------------------------------------- /home/cloud/gcp/taskset/task-031-hello-node-kubernetes--node/.images/moving-parts.png: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/thecloudterminal01/learn-devops/d6cc45268dd93258ffc70c253e28ec44fcfbd541/home/cloud/gcp/taskset/task-031-hello-node-kubernetes--node/.images/moving-parts.png -------------------------------------------------------------------------------- /home/cloud/gcp/taskset/task-031-hello-node-kubernetes--node/.images/state-of-cluster.png: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/thecloudterminal01/learn-devops/d6cc45268dd93258ffc70c253e28ec44fcfbd541/home/cloud/gcp/taskset/task-031-hello-node-kubernetes--node/.images/state-of-cluster.png -------------------------------------------------------------------------------- /home/cloud/gcp/taskset/task-031-hello-node-kubernetes--node/Dockerfile: -------------------------------------------------------------------------------- 1 | # Use Node.js v6.9.2 as base image 2 | FROM node:6.9.2 3 | 4 | # Expose port 8080 for incoming traffic 5 | EXPOSE 8080 6 | 7 | # Copy the server.js file from the current directory to the image 8 | COPY server.js . 9 | 10 | # Set the default command to run the server.js file with Node.js 11 | CMD node server.js 12 | -------------------------------------------------------------------------------- /home/cloud/gcp/taskset/task-031-hello-node-kubernetes--node/server.js: -------------------------------------------------------------------------------- 1 | /* 2 | This is a basic Node.js code that creates an HTTP server and listens for 3 | incoming requests on port 8080. When a request is received, it responds with a HTTP 4 | 200 status code and the message "Hello World!". 5 | */ 6 | 7 | // we are importing the Node.js http module and defining a function called handleRequest 8 | // which takes in two arguments, request and response. When a request is received by the server, 9 | // this function is called to handle the request. 10 | var http = require('http'); 11 | // Inside the handleRequest function, the response is set to return a HTTP 200 12 | // status code using the writeHead method of the response object, and the response 13 | // body is set to "Hello World!" using the end method of the response object. 14 | var handleRequest = function(request, response) { 15 | response.writeHead(200); 16 | response.end("Hello World!"); 17 | } 18 | // The http.createServer method is used to create an HTTP server and 19 | // assign the handleRequest function as the request handler. Finally, 20 | // the server is started by calling the listen method of the server object 21 | // and specifying the port to listen on. 22 | var www = http.createServer(handleRequest); 23 | www.listen(8080); -------------------------------------------------------------------------------- /home/cloud/gcp/taskset/task-032-setting-up-jenkins-on-kubernetes-engine/ReadMe.md: -------------------------------------------------------------------------------- 1 | 2 | 3 | 4 | **High Level Objectives** 5 | - Prepare the environment 6 | - Configure Helm 7 | - Configure and install Jenkins 8 | - Connect to Jenkins 9 | 10 | 11 | **Skills** 12 | - gcp 13 | - kubernetes 14 | - docker 15 | - nodejs 16 | - pods 17 | - jenkins 18 | - helm 19 | - deployments 20 | - services 21 | 22 | 23 | ## Prepare the environment 24 | 25 | 26 | ```bash 27 | # Set the default Compute Engine zone to us-central1-c: 28 | gcloud config set compute/zone us-central1-c 29 | 30 | # Clone the sample code: 31 | git clone https://github.com/GoogleCloudPlatform/continuous-deployment-on-kubernetes.git 32 | 33 | # Navigate to the sample code directory: 34 | cd continuous-deployment-on-kubernetes 35 | ``` 36 | 37 | 38 | - Creating a Kubernetes cluster 39 | 40 | ```bash 41 | gcloud container clusters create jenkins-cd \ 42 | --num-nodes 2 \ 43 | --scopes "https://www.googleapis.com/auth/projecthosting,cloud-platform" 44 | ``` 45 | 46 | - confirm cluster is running 47 | 48 | ```bash 49 | gcloud container clusters list 50 | ``` 51 | 52 | - Get the credentials for your cluster. Kubernetes Engine uses these credentials to access your newly provisioned cluster. 53 | 54 | ```bash 55 | gcloud container clusters get-credentials jenkins-cd 56 | 57 | # Verify that you can access your cluster by running the following command: 58 | kubectl cluster-info 59 | ``` 60 | 61 | 62 | ## Configure Helm 63 | 64 | - Add Helm's jenkins chart repository: 65 | 66 | ```bash 67 | helm repo add jenkins https://charts.jenkins.io 68 | 69 | # Update the repo to ensure you get the latest list of charts: 70 | helm repo update 71 | ``` 72 | 73 | ## Configure and install Jenkins 74 | 75 | ```bash 76 | # Use the Helm CLI to deploy the chart with your configuration set: 77 | helm upgrade --install -f jenkins/values.yaml myjenkins jenkins/jenkins 78 | ``` 79 | 80 | - Once that command completes ensure the Jenkins pod goes to the Running state and the container is in the READY state. 81 | 82 | ```bash 83 | kubectl get pods 84 | ``` 85 | 86 | - Run the following command to setup port forwarding to the Jenkins UI from the Cloud Shell: 87 | 88 | ```bash 89 | echo http://127.0.0.1:8080 90 | kubectl --namespace default port-forward svc/myjenkins 8080:8080 >> /dev/null & 91 | ``` 92 | 93 | - Now, check that the Jenkins Service was created properly: 94 | 95 | ```bash 96 | kubectl get svc 97 | ``` 98 | 99 | ## Connect to Jenkins 100 | 101 | - The Jenkins chart will automatically create an admin password for you. To retrieve it, run: 102 | 103 | ```bash 104 | kubectl exec --namespace default -it svc/myjenkins -c jenkins -- /bin/cat /run/secrets/additional/chart-admin-password && echo 105 | ``` -------------------------------------------------------------------------------- /home/cloud/gcp/taskset/task-032-setting-up-jenkins-on-kubernetes-engine/values.yaml: -------------------------------------------------------------------------------- 1 | controller: 2 | installPlugins: 3 | - kubernetes:latest 4 | - workflow-job:latest 5 | - workflow-aggregator:latest 6 | - credentials-binding:latest 7 | - git:latest 8 | - google-oauth-plugin:latest 9 | - google-source-plugin:latest 10 | - google-kubernetes-engine:latest 11 | - google-storage-plugin:latest 12 | resources: 13 | requests: 14 | cpu: "50m" 15 | memory: "1024Mi" 16 | limits: 17 | cpu: "1" 18 | memory: "3500Mi" 19 | javaOpts: "-Xms3500m -Xmx3500m" 20 | serviceType: ClusterIP 21 | agent: 22 | resources: 23 | requests: 24 | cpu: "500m" 25 | memory: "256Mi" 26 | limits: 27 | cpu: "1" 28 | memory: "512Mi" 29 | persistence: 30 | size: 100Gi 31 | serviceAccount: 32 | name: cd-jenkins 33 | -------------------------------------------------------------------------------- /home/cloud/gcp/taskset/task-033-continuous-delivery-with-jenkins-in-kubernetes-engine/values.yaml: -------------------------------------------------------------------------------- 1 | controller: 2 | installPlugins: 3 | - kubernetes:latest 4 | - workflow-job:latest 5 | - workflow-aggregator:latest 6 | - credentials-binding:latest 7 | - git:latest 8 | - google-oauth-plugin:latest 9 | - google-source-plugin:latest 10 | - google-kubernetes-engine:latest 11 | - google-storage-plugin:latest 12 | resources: 13 | requests: 14 | cpu: "50m" 15 | memory: "1024Mi" 16 | limits: 17 | cpu: "1" 18 | memory: "3500Mi" 19 | javaOpts: "-Xms3500m -Xmx3500m" 20 | serviceType: ClusterIP 21 | agent: 22 | resources: 23 | requests: 24 | cpu: "500m" 25 | memory: "256Mi" 26 | limits: 27 | cpu: "1" 28 | memory: "512Mi" 29 | persistence: 30 | size: 100Gi 31 | serviceAccount: 32 | name: cd-jenkins 33 | -------------------------------------------------------------------------------- /home/containers/ReadMe.md: -------------------------------------------------------------------------------- 1 | # Containers 2 | 3 | 4 | - [task-001 : docker overview](task-001-docker-overview) 5 | - [task-002 : docker-run--detached-vs-foreground](task-002-docker-run--detached-vs-foreground) 6 | - [task-003 : docker-run--assign-name-and-allocate-pseudo-tty](task-003-docker-run--assign-name-and-allocate-pseudo-tty) 7 | - [task-004 : docker-run--pid-setting-and-choosing-image-with-tag](task-004-docker-run--pid-setting-and-choosing-image-with-tag) 8 | - [task-005 : docker-run--expose-port-and-pull-policy-and-environment-vars](task-005-docker-run--expose-port-and-pull-policy-and-environment-vars) 9 | - [task-006 : docker-run--full-container-capabilities-and-set-working-dir-and-volume-mounts](task-006-docker-run--full-container-capabilities-and-set-working-dir-and-volume-mounts) 10 | - [task-007 : docker-run--metadata-and-network-and-attach-to-stdout](task-007-docker-run--metadata-and-network-and-attach-to-stdout) 11 | - [task-008 : docker-run--hostsfile-ulimit-mem-limit](task-008-docker-run--hostsfile-ulimit-mem-limit) -------------------------------------------------------------------------------- /home/containers/task-001-docker-overview/ReadMe.md: -------------------------------------------------------------------------------- 1 | # Docker overview 2 | 3 | 4 | [docs.docker.com/get-started/overview](https://docs.docker.com/get-started/overview) 5 | 6 | Version Stack 7 | 8 | | Stack | Version | 9 | |--------|----------| 10 | | Docker | 20.10.14 | 11 | 12 | 13 | ## Usecase to solve actual problem 14 | 15 | ### docker run 16 | 17 | The following command runs an `ubuntu` container, attaches interactively to your local command-line session, and runs `/bin/bash`. 18 | 19 | 20 | 21 | ```bash 22 | # Version 23 | ❯ docker -v 24 | Docker version 20.10.14, build a224086 25 | 26 | # run : Run a command in a new container 27 | # -i : interactively 28 | # -t : attached to your terminal 29 | # ubuntu : is the image we will be downloading 30 | # /bin/bash : the command that will run inside the container started with ubuntu image 31 | ❯ docker run -i -t ubuntu /bin/bash 32 | 33 | root@f3d2356faadc:/# ls 34 | bin boot dev etc home lib media mnt opt proc root run sbin srv sys tmp usr var 35 | 36 | # exit 37 | 38 | 39 | ❯ docker ps # To show all running containers 40 | CONTAINER ID IMAGE COMMAND CREATED STATUS PORTS NAMES 41 | 42 | ❯ docker ps -a # To show all containers including stopped ones 43 | CONTAINER ID IMAGE COMMAND CREATED STATUS PORTS NAMES 44 | 864a03e87269 ubuntu "sh" 23 seconds ago Exited (0) 17 seconds ago unruffled_margulis 45 | 46 | ❯ docker rm unruffled_margulis # Remove the container 47 | unruffled_margulis 48 | 49 | ❯ docker ps -a 50 | CONTAINER ID IMAGE COMMAND CREATED STATUS PORTS NAMES 51 | 52 | ❯ 53 | ``` 54 | 55 | Docker starts the container and executes /bin/bash. Because the container is running interactively and attached to your terminal (due to the -i and -t flags), you can provide input using your keyboard while the output is logged to your terminal. 56 | 57 | That's all for today! -------------------------------------------------------------------------------- /home/containers/task-002-docker-run--detached-vs-foreground/ReadMe.md: -------------------------------------------------------------------------------- 1 | ## Detached vs Foreground 2 | 3 | - [docs.docker.com/engine/reference/run](https://docs.docker.com/engine/reference/run) 4 | 5 | - [docs.docker.com/engine/reference/commandline/run](https://docs.docker.com/engine/reference/commandline/run) 6 | 7 | Version Stack 8 | 9 | | Stack | Version | 10 | |--------|----------| 11 | | Docker | 20.10.14 | 12 | 13 | By design, containers started in detached mode exit when the root process used to run the container exits 14 | 15 | 16 | 17 | ### Detached Mode 18 | 19 | ```bash 20 | # Note: No --rm option 21 | ❯ docker run -d -p 80:80 nginx service nginx start 22 | 3fdd6761951aeba2a8936a54a7fea982b1b7073a0d2892cab9a4c095d080900b 23 | 24 | # Note the container exited after starting 25 | ❯ docker ps -a 26 | CONTAINER ID IMAGE COMMAND CREATED STATUS PORTS NAMES 27 | 3fdd6761951a nginx "/docker-entrypoint.…" 4 seconds ago Exited (0) 4 seconds ago wonderful_fermi 28 | 29 | # Note: We added --rm option 30 | ❯ docker run --rm -d -p 80:80 nginx service nginx start 31 | e836a7703057577b1aa58ac5cf9ca4e9bb85767069651f9fd8ac1972c4d041c0 32 | 33 | # The container also exited after being stopped 34 | ❯ docker ps -a 35 | CONTAINER ID IMAGE COMMAND CREATED STATUS PORTS NAMES 36 | ❯ 37 | 38 | # You can start an ubuntu container as well in detached mode 39 | ❯ docker run -d ubuntu /bin/bash 40 | 63e90449bddb96856fb2cebcb33c5b8f12859ac59bea39645d5c9877215a8cac 41 | 42 | ❯ docker ps -a 43 | CONTAINER ID IMAGE COMMAND CREATED STATUS PORTS NAMES 44 | 63e90449bddb ubuntu "/bin/bash" 2 seconds ago Exited (0) 1 second ago distracted_pasteur 45 | 46 | ❯ docker run -d ubuntu sleep 100 47 | a979bd34e5c4d34e8dcc30c464ed3b432fe77938ae3df3ea3983da24d0c649c4 48 | 49 | ❯ docker ps -a 50 | CONTAINER ID IMAGE COMMAND CREATED STATUS PORTS NAMES 51 | a979bd34e5c4 ubuntu "sleep 100" 3 seconds ago Up 3 seconds sweet_wozniak 52 | 63e90449bddb ubuntu "/bin/bash" 30 seconds ago Exited (0) 29 seconds ago distracted_pasteur 53 | ``` 54 | 55 | 56 | ### Foreground Mode 57 | 58 | In foreground mode (the default when -d is not specified), docker run can start the process in the container and attach the console to the process’s standard input, output, and standard error 59 | 60 | For interactive processes (like a shell), you must use -i -t together in order to allocate a tty for the container process 61 | 62 | ```bash 63 | ❯ docker run -it ubuntu /bin/bash 64 | root@6036032b640a:/# ls 65 | bin dev home media opt root sbin sys usr 66 | boot etc lib mnt proc run srv tmp var 67 | root@6036032b640a:/# exit 68 | exit 69 | 70 | ❯ 71 | ``` -------------------------------------------------------------------------------- /home/containers/task-003-docker-run--assign-name-and-allocate-pseudo-tty/ReadMe.md: -------------------------------------------------------------------------------- 1 | ## Assign name and allocate pseudo tty 2 | 3 | [assign-name-and-allocate-pseudo-tty---name--it](https://docs.docker.com/engine/reference/commandline/run/#assign-name-and-allocate-pseudo-tty---name--it) 4 | 5 | Version Stack 6 | 7 | | Stack | Version | 8 | |--------|----------| 9 | | Docker | 20.10.14 | 10 | 11 | 12 | - Let's begin 13 | 14 | 15 | ```bash 16 | # allocate pseudo tty : -it 17 | # --name for container name 18 | ❯ docker run --name test -it debian 19 | 20 | root@d6c0fe130dba:/# exit 13 21 | 22 | # Note the exit code is passed to the caller of docker run. 23 | ❯ echo $? 24 | 13 25 | ❯ docker ps -a 26 | CONTAINER ID IMAGE COMMAND CREATED STATUS PORTS NAMES 27 | 4a94928d6520 debian "bash" About a minute ago Exited (13) 54 seconds ago test 28 | ``` 29 | 30 | ## Capture container ID 31 | 32 | [capture-container-id---cidfile](https://docs.docker.com/engine/reference/commandline/run/#capture-container-id---cidfile) 33 | 34 | - This will create a container and print `test` to the console. The `cidfile` flag makes Docker attempt to create a new file and write the container ID to it. 35 | 36 | ```bash 37 | ❯ docker run --cidfile /tmp/docker_test.cid ubuntu echo "test" 38 | test 39 | 40 | ❯ docker ps -a 41 | CONTAINER ID IMAGE COMMAND CREATED STATUS PORTS NAMES 42 | c2683f80d7bf ubuntu "echo test" 5 seconds ago Exited (0) 4 seconds ago youthful_hypatia 43 | 44 | # Note the container ID got captured in the file 45 | ❯ cat /tmp/docker_test.cid 46 | c2683f80d7bf613f4004911904a908377a43fb1ab556988f3aa9992647cd184a 47 | 48 | 49 | ``` 50 | 51 | -------------------------------------------------------------------------------- /home/containers/task-004-docker-run--pid-setting-and-choosing-image-with-tag/ReadMe.md: -------------------------------------------------------------------------------- 1 | ## PID Setting and choosing image with Specific Tag 2 | 3 | Version Stack 4 | 5 | | Stack | Version | 6 | |--------|----------| 7 | | Docker | 20.10.14 | 8 | 9 | 10 | ### ImageTag 11 | 12 | [imagetag](https://docs.docker.com/engine/reference/run/#imagetag) 13 | 14 | - Run image with specific tag say ubuntu:14.04 15 | ```bash 16 | ❯ docker run --rm -it -d ubuntu:14.04 sh 17 | 32bd86340d4773b17d5a9ba5c2f8f448ab4d29186801a6d989ad53a2a0a48af3 18 | 19 | ❯ docker ps -a 20 | CONTAINER ID IMAGE COMMAND CREATED STATUS PORTS NAMES 21 | 32bd86340d47 ubuntu:14.04 "sh" 5 seconds ago Up 4 seconds practical_ishizaka 22 | ``` 23 | 24 | ### PID 25 | 26 | [pid-settings---pid](https://docs.docker.com/engine/reference/run/#pid-settings---pid) 27 | 28 | Let's create two containers a1 and a2, and we want container a2 to be able to see the processes running in container a1 29 | 30 | ```bash 31 | # Terminal session 1 32 | ❯ docker run --rm --name=a1 -it ubuntu /bin/bash 33 | root@fefc7f52750f:/# sleep 10000 34 | 35 | 36 | 37 | # Terminal session 2 38 | ❯ docker ps -a 39 | CONTAINER ID IMAGE COMMAND CREATED STATUS PORTS NAMES 40 | fefc7f52750f ubuntu "/bin/bash" 33 seconds ago Up 32 seconds a1 41 | 42 | 43 | # Note that a2 cannot see the processes running inside of a1 yet. 44 | ❯ docker run --rm --name=a2 -it ubuntu /bin/bash 45 | root@9630d2dd813f:/# ps -ef 46 | UID PID PPID C STIME TTY TIME CMD 47 | root 1 0 0 10:34 pts/0 00:00:00 /bin/bash 48 | root 9 1 0 10:34 pts/0 00:00:00 ps -ef 49 | root@9630d2dd813f:/# #let's exit 50 | root@9630d2dd813f:/# exit 51 | exit 52 | 53 | ❯ docker ps -a 54 | CONTAINER ID IMAGE COMMAND CREATED STATUS PORTS NAMES 55 | fefc7f52750f ubuntu "/bin/bash" About a minute ago Up About a minute a1 56 | 57 | 58 | # Now let's start the second container a2 using pid=container:a1 59 | # Note that now it's able to see the process sleep running in a1 60 | ❯ docker run --rm --name=a2 --pid=container:a1 -it ubuntu /bin/bash 61 | root@0bfaed14e83d:/# ps -ef 62 | UID PID PPID C STIME TTY TIME CMD 63 | root 1 0 0 10:33 pts/0 00:00:00 /bin/bash 64 | root 10 1 0 10:33 pts/0 00:00:00 sleep 10000 65 | root 11 0 0 10:35 pts/0 00:00:00 /bin/bash 66 | root 20 11 0 10:35 pts/0 00:00:00 ps -ef 67 | 68 | ``` 69 | -------------------------------------------------------------------------------- /home/containers/task-005-docker-run--expose-port-and-pull-policy-and-environment-vars/.env: -------------------------------------------------------------------------------- 1 | VAR3=value 2 | -------------------------------------------------------------------------------- /home/containers/task-005-docker-run--expose-port-and-pull-policy-and-environment-vars/.images/nginx.png: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/thecloudterminal01/learn-devops/d6cc45268dd93258ffc70c253e28ec44fcfbd541/home/containers/task-005-docker-run--expose-port-and-pull-policy-and-environment-vars/.images/nginx.png -------------------------------------------------------------------------------- /home/containers/task-005-docker-run--expose-port-and-pull-policy-and-environment-vars/ReadMe.md: -------------------------------------------------------------------------------- 1 | ## Expose Port, Pull Policy And Environment Variables 2 | 3 | 4 | Version Stack 5 | 6 | | Stack | Version | 7 | |--------|----------| 8 | | Docker | 20.10.14 | 9 | 10 | 11 | ### Expose Port 12 | 13 | [publish-or-expose-port--p---expose](https://docs.docker.com/engine/reference/commandline/run/#publish-or-expose-port--p---expose) 14 | 15 | ```bash 16 | ❯ docker run --rm -d -p 8081:80 nginx nginx -g 'daemon off;' 17 | f73315b8a038d94192802c894c72fa3957ca4db019f312e829c3a612fbf17d63 18 | 19 | ❯ curl localhost:8081 -I 20 | HTTP/1.1 200 OK 21 | Server: nginx/1.23.2 22 | Date: Mon, 14 Nov 2022 14:59:15 GMT 23 | Content-Type: text/html 24 | Content-Length: 615 25 | Last-Modified: Wed, 19 Oct 2022 07:56:21 GMT 26 | Connection: keep-alive 27 | ETag: "634fada5-267" 28 | Accept-Ranges: bytes 29 | ``` 30 | 31 | You can visit the same in browser 32 | 33 | ![nginx.png](.images/nginx.png) 34 | 35 | ## Pull Policy 36 | 37 | [set-the-pull-policy---pull](https://docs.docker.com/engine/reference/commandline/run/#-set-the-pull-policy---pull) 38 | 39 | ```bash 40 | ❯ docker pull ubuntu 41 | ❯ docker images | grep ubuntu 42 | ubuntu latest 3c2df5585507 2 weeks ago 69.2MB 43 | 44 | ❯ docker rmi ubuntu 45 | 46 | 47 | ❯ docker run --pull=never ubuntu 48 | docker: Error response from daemon: No such image: ubuntu:latest. 49 | 50 | # As there is no image with this tag locally 51 | ❯ docker images | grep ubuntu | wc -l 52 | 0 53 | ``` 54 | 55 | 56 | ## Environment 57 | 58 | [set-environment-variables--e---env---env-file](https://docs.docker.com/engine/reference/commandline/run/#set-environment-variables--e---env---env-file) 59 | 60 | ```bash 61 | # Let's create a file 62 | ❯ echo "VAR3=value" > .env 63 | ❯ cat .env 64 | VAR3=value 65 | 66 | ❯ docker run --rm -it -e MYVAR1=bar --env MYVAR2=foo --env-file ./.env ubuntu bash 67 | root@9cb685c53176:/# env | grep VAR 68 | MYVAR2=foo 69 | MYVAR1=bar 70 | VAR3=value 71 | root@9cb685c53176:/# exit 72 | exit 73 | 74 | ❯ docker run --rm -it -e MYVAR1=bar --env MYVAR2=foo --env-file ./.env ubuntu env | grep VAR 75 | VAR3=value 76 | MYVAR1=bar 77 | MYVAR2=foo 78 | 79 | ``` -------------------------------------------------------------------------------- /home/containers/task-006-docker-run--full-container-capabilities-and-set-working-dir-and-volume-mounts/ReadMe.md: -------------------------------------------------------------------------------- 1 | ## Full container capabilities, Set working directory And Mount Volumes 2 | 3 | Version Stack 4 | 5 | | Stack | Version | 6 | |--------|----------| 7 | | Docker | 20.10.14 | 8 | 9 | ### Full container capabilities 10 | 11 | [full-container-capabilities---privileged](https://docs.docker.com/engine/reference/commandline/run/#full-container-capabilities---privileged) 12 | 13 | ```bash 14 | ❯ docker run -t -i --rm ubuntu bash 15 | root@ae4994d93a27:/# mount -t tmpfs none /mnt 16 | mount: /mnt: permission denied. 17 | root@ae4994d93a27:/# exit 18 | exit 19 | 20 | 21 | ❯ docker run -t -i --privileged ubuntu bash 22 | root@6ad992ced205:/# mount -t tmpfs none /mnt 23 | root@6ad992ced205:/# df -h | egrep "Filesystem|tmpfs" 24 | Filesystem Size Used Avail Use% Mounted on 25 | tmpfs 64M 0 64M 0% /dev 26 | ``` 27 | 28 | 29 | ### Set working directory 30 | 31 | [set-working-directory--w](https://docs.docker.com/engine/reference/commandline/run/#set-working-directory--w) 32 | 33 | ```bash 34 | ❯ docker run -w /path/to/dir/ -i -t ubuntu pwd 35 | /path/to/dir 36 | ``` 37 | 38 | 39 | ### Mount Volumes 40 | 41 | [mount-volume](https://docs.docker.com/engine/reference/commandline/run/#mount-volume--v---read-only) 42 | 43 | ```bash 44 | ## Terminal session 1 45 | ❯ ls 46 | ReadMe.md 47 | 48 | # Note that the container also see the file ReadMe.md as we have mounted the same using pwd 49 | ❯ docker run -v `pwd`:`pwd` -w `pwd` -i -t ubuntu ls 50 | ReadMe.md 51 | 52 | ## Terminal session 2 53 | # Let's create another directory and see 54 | ❯ mkdir -p /tmp/test 55 | ❯ cd /tmp/test 56 | ❯ touch test.txt 57 | 58 | 59 | # Terminal session 1 60 | ❯ docker run --rm -v /tmp/test:/foo -w /foo -i -t ubuntu bash 61 | # Let's see if the container can see the file 62 | root@0e19af311731:/foo# ls 63 | test.txt 64 | root@0e19af311731:/foo# exit 65 | exit 66 | 67 | ## The same can also be achieved using mount flag 68 | ❯ docker run -t -i -w /foo --mount type=bind,src=/tmp/test,dst=/foo busybox sh 69 | /foo # ls 70 | test.txt 71 | /foo # touch newfile.txt 72 | /foo # exit 73 | ❯ ls /tmp/test 74 | newfile.txt test.txt 75 | ``` -------------------------------------------------------------------------------- /home/containers/task-007-docker-run--metadata-and-network-and-attach-to-stdout/ReadMe.md: -------------------------------------------------------------------------------- 1 | ## Metadata, Network and Attach to stdout/stdin/stderr 2 | 3 | ### Set metadata on container 4 | 5 | [set-metadata-on-container--l---label---label-file](https://docs.docker.com/engine/reference/commandline/run/#set-metadata-on-container--l---label---label-file) 6 | 7 | ```bash 8 | # Terminal session 1 9 | ❯ docker run --rm -l my-label --label com.example.foo=bar -it ubuntu bash 10 | root@877169a9c393:/# 11 | 12 | # Terminal session 2 13 | ❯ docker ps -a 14 | CONTAINER ID IMAGE COMMAND CREATED STATUS PORTS NAMES 15 | 877169a9c393 ubuntu "bash" 27 seconds ago Up 27 seconds lucid_heyrovsky 16 | 17 | ❯ docker inspect lucid_heyrovsky | egrep "my-label|com" 18 | "com.example.foo": "bar", 19 | "my-label": "" 20 | 21 | # Terminal session 1 22 | root@877169a9c393:/# exit 23 | exit 24 | ❯ 25 | ``` 26 | 27 | ### Connect to network 28 | 29 | Let's create a nework. Connect two containers `a1` and `a2` to the same network. 30 | Then we should be able to ping `a2` from `a1` 31 | 32 | [connect-a-container-to-a-network---network](https://docs.docker.com/engine/reference/commandline/run/#connect-a-container-to-a-network---network) 33 | 34 | ```bash 35 | # Terminal session 1 36 | # Create a network 37 | ❯ docker network create mynet 38 | 39 | ❯ docker network ls 40 | NETWORK ID NAME DRIVER SCOPE 41 | d94bd0d8c825 bridge bridge local 42 | 4173677fe745 host host local 43 | 92def2900117 mynet bridge local 44 | 2328a0a37fde none null local 45 | 46 | ❯ docker run --rm --name=a1 -it --network=mynet busybox 47 | 48 | 49 | # Terminal session 2 50 | ❯ docker run --rm --name=a2 -it --network=mynet busybox 51 | 52 | ## Note they are able to ping each other with just container names 53 | / # ping a1 54 | PING a1 (172.18.0.2): 56 data bytes 55 | 64 bytes from 172.18.0.2: seq=0 ttl=64 time=0.296 ms 56 | 64 bytes from 172.18.0.2: seq=1 ttl=64 time=0.371 ms 57 | . 58 | / # exit 59 | ❯ 60 | ``` 61 | 62 | ## Attach to stdout 63 | 64 | [attach-to-stdinstdoutstderr--a](https://docs.docker.com/engine/reference/commandline/run/#attach-to-stdinstdoutstderr--a) 65 | 66 | Let's do an example of attaching to container's stdout 67 | 68 | 69 | ```bash 70 | # The following attaches stdout to your container. 71 | # So the output generated by the container will be displayed on your terminal 72 | ❯ docker run -a stdout --rm --name ubuntu ubuntu ls var 73 | backups 74 | cache 75 | lib 76 | local 77 | lock 78 | log 79 | mail 80 | opt 81 | run 82 | spool 83 | tmp 84 | ``` -------------------------------------------------------------------------------- /home/containers/task-008-docker-run--hostsfile-ulimit-mem-limit/ReadMe.md: -------------------------------------------------------------------------------- 1 | # Hosts file, ulimit, memory limit 2 | 3 | ## Hosts file 4 | 5 | [add-entries-to-container-hosts-file---add-host](https://docs.docker.com/engine/reference/commandline/run/#add-entries-to-container-hosts-file---add-host) 6 | 7 | ```bash 8 | ## get IP from ping google.com 9 | ❯ docker run --add-host=myhost:142.250.181.78 --rm -it alpine 10 | / # ping myhost 11 | PING myhost (142.250.181.78): 56 data bytes 12 | 64 bytes from 142.250.181.78: seq=0 ttl=37 time=19.929 ms 13 | ``` 14 | 15 | ## ulimit 16 | 17 | [set-ulimits-in-container---ulimit](https://docs.docker.com/engine/reference/commandline/run/#set-ulimits-in-container---ulimit) 18 | 19 | ```bash 20 | ❯ docker run --rm debian sh -c "ulimit -n" 21 | 1048576 22 | 23 | ❯ docker run --ulimit nofile=1024:1024 --rm debian sh -c "ulimit -n" 24 | 1024 25 | ``` 26 | 27 | ## Memory limit 28 | 29 | [specify-hard-limits-on-memory-available-to-containers--m---memory](https://docs.docker.com/engine/reference/commandline/run/#specify-hard-limits-on-memory-available-to-containers--m---memory) 30 | 31 | ```bash 32 | ## Terminal session 1 33 | ❯ docker run --rm -it ubuntu 34 | 35 | ## Terminal session 2 36 | ❯ docker stats 37 | 38 | ## Terminal session 1 39 | ❯ docker run --rm -it --memory="2g" ubuntu 40 | 41 | ## Terminal session 2 42 | ❯ docker stats 43 | ``` -------------------------------------------------------------------------------- /home/containers/task-009-docker-attach/ReadMe.md: -------------------------------------------------------------------------------- 1 | # docker attach 2 | 3 | [https://docs.docker.com/engine/reference/commandline/attach/](https://docs.docker.com/engine/reference/commandline/attach/) 4 | 5 | Once you are attached to a container using docker attach 6 | - To stop a container, use CTRL-c. This key sequence sends SIGKILL to the container. 7 | - If the container was run with -i and -t, you can detach from a container and leave it running using the CTRL-p CTRL-q key sequence. 8 | ## Attach to and detach from a running container 9 | 10 | ```bash 11 | ❯ docker run -d --name topdemo ubuntu:22.04 /usr/bin/top -b 12 | 13 | ❯ docker attach topdemo 14 | 15 | # pressing CTRL-c terminates the container 16 | 17 | ❯ docker ps -a 18 | ``` 19 | 20 | - Repeating the example above, but this time with the -i and -t options set; 21 | 22 | ```bash 23 | ❯ docker run -dit --name topdemo2 ubuntu:22.04 /usr/bin/top -b 24 | 25 | ❯ docker attach topdemo2 26 | # pressing the CTRL-p CTRL-q the attach command is detached from the container 27 | # and the container is still running 28 | 29 | ❯ docker ps -a 30 | ``` 31 | 32 | 33 | ## Get the exit code of the container’s command 34 | 35 | - You can see the exit code returned by the bash process is returned by the docker attach command to its caller too 36 | 37 | ```bash 38 | ❯ docker run --name test -dit alpine 39 | ❯ docker attach test 40 | / # exit 13 41 | ❯ echo $? 42 | 13 43 | ❯ docker ps -a --filter name=test 44 | CONTAINER ID IMAGE COMMAND CREATED STATUS PORTS NAMES 45 | 7828441ca97a alpine "/bin/sh" 48 seconds ago Exited (13) 31 seconds ago test 46 | 47 | ``` 48 | 49 | - In the given example, a Docker container is started with the alpine image in detached mode using the docker run command. Then, the docker attach command is used to attach to the running container. 50 | - Inside the container, the exit 13 command is executed, which will cause the bash process to exit with a status code of 13. The docker attach command will then return the same exit code to its caller, which in this case is the shell where the command was executed. 51 | - This means that the exit code returned by the docker attach command will be the same as the exit code returned by the bash process running inside the container. In other words, if the container's main process exits with a non-zero status code, the docker attach command will also return a non-zero status code to indicate that the command failed. This behavior allows you to check the exit status of a command running inside a container, which can be useful for scripting or automation purposes. 52 | -------------------------------------------------------------------------------- /home/containers/task-010-docker-build/Dockerfile: -------------------------------------------------------------------------------- 1 | FROM nginx:latest 2 | COPY index.html /usr/share/nginx/html/ 3 | -------------------------------------------------------------------------------- /home/containers/task-010-docker-build/index.html: -------------------------------------------------------------------------------- 1 | 2 | 3 | Hello, Docker! 4 | 5 | 6 |

Hello, Docker!

7 |

Welcome to my Docker container!

8 | 9 | 10 | -------------------------------------------------------------------------------- /home/infrastructure-as-code/terraform-gcp/taskset/task-001-vpc-2inst-cloudshell/.images/infra-diagram.png: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/thecloudterminal01/learn-devops/d6cc45268dd93258ffc70c253e28ec44fcfbd541/home/infrastructure-as-code/terraform-gcp/taskset/task-001-vpc-2inst-cloudshell/.images/infra-diagram.png -------------------------------------------------------------------------------- /home/infrastructure-as-code/terraform-gcp/taskset/task-001-vpc-2inst-cloudshell/ReadMe.md: -------------------------------------------------------------------------------- 1 | # Using Terraform in GCP console 2 | 3 | **High Level Objectives** 4 | 5 | - Create a VPC network 6 | - Attached Internet Gateway 7 | - Instances in 2 regions with subnets created using auto-mode 8 | 9 | **Skills** 10 | - VPC 11 | - Internet Gateway 12 | - instances 13 | - subnets using auto-mode 14 | - terraform 15 | 16 | **Version Stack** 17 | 18 | | Stack | Version | 19 | |-----------|---------| 20 | | Terraform | 1.3.4 | 21 | 22 | 23 | ![infra-diagram.png](.images/infra-diagram.png) 24 | 25 | 26 | - Let's go through the code together 27 | 28 | - Begin 29 | 30 | ```bash 31 | terraform --version 32 | ``` 33 | 34 | - Create the required files 35 | 36 | ```bash 37 | terraform init 38 | 39 | terraform plan 40 | 41 | terraform apply 42 | ``` 43 | 44 | - View the resources created on the console 45 | 46 | - SSH into the instance 47 | 48 | ```bash 49 | ping google.com # So we have internet access 50 | 51 | ## SSH into one instance and 52 | 53 | ping = 0.12", which means that Terraform version 0.12 or above is 3 | required to apply this configuration. This is done to ensure that the configuration can be applied 4 | consistently and accurately across different environments and systems. 5 | */ 6 | terraform { 7 | required_version = ">= 0.12" 8 | } 9 | -------------------------------------------------------------------------------- /home/infrastructure-as-code/terraform-gcp/taskset/task-006-modular-load-balancing-regional-load-balancer/.images/app-with--basic-load-balancer-default.png: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/thecloudterminal01/learn-devops/d6cc45268dd93258ffc70c253e28ec44fcfbd541/home/infrastructure-as-code/terraform-gcp/taskset/task-006-modular-load-balancing-regional-load-balancer/.images/app-with--basic-load-balancer-default.png -------------------------------------------------------------------------------- /home/infrastructure-as-code/terraform-gcp/taskset/task-006-modular-load-balancing-regional-load-balancer/.images/basic-load-balancer-custom-hc-hc.png: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/thecloudterminal01/learn-devops/d6cc45268dd93258ffc70c253e28ec44fcfbd541/home/infrastructure-as-code/terraform-gcp/taskset/task-006-modular-load-balancing-regional-load-balancer/.images/basic-load-balancer-custom-hc-hc.png -------------------------------------------------------------------------------- /home/infrastructure-as-code/terraform-gcp/taskset/task-006-modular-load-balancing-regional-load-balancer/.images/basic-load-balancer-default-hc-firewall-rule.png: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/thecloudterminal01/learn-devops/d6cc45268dd93258ffc70c253e28ec44fcfbd541/home/infrastructure-as-code/terraform-gcp/taskset/task-006-modular-load-balancing-regional-load-balancer/.images/basic-load-balancer-default-hc-firewall-rule.png -------------------------------------------------------------------------------- /home/infrastructure-as-code/terraform-gcp/taskset/task-006-modular-load-balancing-regional-load-balancer/.images/basic-load-balancer-default.png: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/thecloudterminal01/learn-devops/d6cc45268dd93258ffc70c253e28ec44fcfbd541/home/infrastructure-as-code/terraform-gcp/taskset/task-006-modular-load-balancing-regional-load-balancer/.images/basic-load-balancer-default.png -------------------------------------------------------------------------------- /home/infrastructure-as-code/terraform-gcp/taskset/task-006-modular-load-balancing-regional-load-balancer/.images/cloud-nat-details.png: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/thecloudterminal01/learn-devops/d6cc45268dd93258ffc70c253e28ec44fcfbd541/home/infrastructure-as-code/terraform-gcp/taskset/task-006-modular-load-balancing-regional-load-balancer/.images/cloud-nat-details.png -------------------------------------------------------------------------------- /home/infrastructure-as-code/terraform-gcp/taskset/task-006-modular-load-balancing-regional-load-balancer/.images/cloud-nat.png: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/thecloudterminal01/learn-devops/d6cc45268dd93258ffc70c253e28ec44fcfbd541/home/infrastructure-as-code/terraform-gcp/taskset/task-006-modular-load-balancing-regional-load-balancer/.images/cloud-nat.png -------------------------------------------------------------------------------- /home/infrastructure-as-code/terraform-gcp/taskset/task-006-modular-load-balancing-regional-load-balancer/.images/cloud-router-details.png: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/thecloudterminal01/learn-devops/d6cc45268dd93258ffc70c253e28ec44fcfbd541/home/infrastructure-as-code/terraform-gcp/taskset/task-006-modular-load-balancing-regional-load-balancer/.images/cloud-router-details.png -------------------------------------------------------------------------------- /home/infrastructure-as-code/terraform-gcp/taskset/task-006-modular-load-balancing-regional-load-balancer/.images/cloud-router.png: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/thecloudterminal01/learn-devops/d6cc45268dd93258ffc70c253e28ec44fcfbd541/home/infrastructure-as-code/terraform-gcp/taskset/task-006-modular-load-balancing-regional-load-balancer/.images/cloud-router.png -------------------------------------------------------------------------------- /home/infrastructure-as-code/terraform-gcp/taskset/task-006-modular-load-balancing-regional-load-balancer/.images/firewall-rules.png: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/thecloudterminal01/learn-devops/d6cc45268dd93258ffc70c253e28ec44fcfbd541/home/infrastructure-as-code/terraform-gcp/taskset/task-006-modular-load-balancing-regional-load-balancer/.images/firewall-rules.png -------------------------------------------------------------------------------- /home/infrastructure-as-code/terraform-gcp/taskset/task-006-modular-load-balancing-regional-load-balancer/.images/forwarding-rules.png: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/thecloudterminal01/learn-devops/d6cc45268dd93258ffc70c253e28ec44fcfbd541/home/infrastructure-as-code/terraform-gcp/taskset/task-006-modular-load-balancing-regional-load-balancer/.images/forwarding-rules.png -------------------------------------------------------------------------------- /home/infrastructure-as-code/terraform-gcp/taskset/task-006-modular-load-balancing-regional-load-balancer/.images/health-checks.png: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/thecloudterminal01/learn-devops/d6cc45268dd93258ffc70c253e28ec44fcfbd541/home/infrastructure-as-code/terraform-gcp/taskset/task-006-modular-load-balancing-regional-load-balancer/.images/health-checks.png -------------------------------------------------------------------------------- /home/infrastructure-as-code/terraform-gcp/taskset/task-006-modular-load-balancing-regional-load-balancer/.images/instance-template-details.png: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/thecloudterminal01/learn-devops/d6cc45268dd93258ffc70c253e28ec44fcfbd541/home/infrastructure-as-code/terraform-gcp/taskset/task-006-modular-load-balancing-regional-load-balancer/.images/instance-template-details.png -------------------------------------------------------------------------------- /home/infrastructure-as-code/terraform-gcp/taskset/task-006-modular-load-balancing-regional-load-balancer/.images/instance-template.png: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/thecloudterminal01/learn-devops/d6cc45268dd93258ffc70c253e28ec44fcfbd541/home/infrastructure-as-code/terraform-gcp/taskset/task-006-modular-load-balancing-regional-load-balancer/.images/instance-template.png -------------------------------------------------------------------------------- /home/infrastructure-as-code/terraform-gcp/taskset/task-006-modular-load-balancing-regional-load-balancer/.images/load-balancers.png: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/thecloudterminal01/learn-devops/d6cc45268dd93258ffc70c253e28ec44fcfbd541/home/infrastructure-as-code/terraform-gcp/taskset/task-006-modular-load-balancing-regional-load-balancer/.images/load-balancers.png -------------------------------------------------------------------------------- /home/infrastructure-as-code/terraform-gcp/taskset/task-006-modular-load-balancing-regional-load-balancer/.images/mig-details.png: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/thecloudterminal01/learn-devops/d6cc45268dd93258ffc70c253e28ec44fcfbd541/home/infrastructure-as-code/terraform-gcp/taskset/task-006-modular-load-balancing-regional-load-balancer/.images/mig-details.png -------------------------------------------------------------------------------- /home/infrastructure-as-code/terraform-gcp/taskset/task-006-modular-load-balancing-regional-load-balancer/.images/mig.png: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/thecloudterminal01/learn-devops/d6cc45268dd93258ffc70c253e28ec44fcfbd541/home/infrastructure-as-code/terraform-gcp/taskset/task-006-modular-load-balancing-regional-load-balancer/.images/mig.png -------------------------------------------------------------------------------- /home/infrastructure-as-code/terraform-gcp/taskset/task-006-modular-load-balancing-regional-load-balancer/.images/service-account.png: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/thecloudterminal01/learn-devops/d6cc45268dd93258ffc70c253e28ec44fcfbd541/home/infrastructure-as-code/terraform-gcp/taskset/task-006-modular-load-balancing-regional-load-balancer/.images/service-account.png -------------------------------------------------------------------------------- /home/infrastructure-as-code/terraform-gcp/taskset/task-006-modular-load-balancing-regional-load-balancer/.images/target-pools.png: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/thecloudterminal01/learn-devops/d6cc45268dd93258ffc70c253e28ec44fcfbd541/home/infrastructure-as-code/terraform-gcp/taskset/task-006-modular-load-balancing-regional-load-balancer/.images/target-pools.png -------------------------------------------------------------------------------- /home/infrastructure-as-code/terraform-gcp/taskset/task-006-modular-load-balancing-regional-load-balancer/.images/vm-instances.png: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/thecloudterminal01/learn-devops/d6cc45268dd93258ffc70c253e28ec44fcfbd541/home/infrastructure-as-code/terraform-gcp/taskset/task-006-modular-load-balancing-regional-load-balancer/.images/vm-instances.png -------------------------------------------------------------------------------- /home/infrastructure-as-code/terraform-gcp/taskset/task-006-modular-load-balancing-regional-load-balancer/.images/vpc-networks.png: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/thecloudterminal01/learn-devops/d6cc45268dd93258ffc70c253e28ec44fcfbd541/home/infrastructure-as-code/terraform-gcp/taskset/task-006-modular-load-balancing-regional-load-balancer/.images/vpc-networks.png -------------------------------------------------------------------------------- /home/infrastructure-as-code/terraform-gcp/taskset/task-006-modular-load-balancing-regional-load-balancer/.images/vpc-subnetworks.png: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/thecloudterminal01/learn-devops/d6cc45268dd93258ffc70c253e28ec44fcfbd541/home/infrastructure-as-code/terraform-gcp/taskset/task-006-modular-load-balancing-regional-load-balancer/.images/vpc-subnetworks.png -------------------------------------------------------------------------------- /home/infrastructure-as-code/terraform-gcp/taskset/task-006-modular-load-balancing-regional-load-balancer/outputs.tf: -------------------------------------------------------------------------------- 1 | output "target_pool" { 2 | description = "The `self_link` to the target pool resource created." 3 | value = google_compute_target_pool.default.self_link 4 | } 5 | 6 | output "external_ip" { 7 | description = "The external ip address of the forwarding rule." 8 | value = google_compute_forwarding_rule.default.ip_address 9 | } 10 | -------------------------------------------------------------------------------- /home/infrastructure-as-code/terraform-gcp/taskset/task-006-modular-load-balancing-regional-load-balancer/terraform-google-lb/examples/basic/docs/diagram.png: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/thecloudterminal01/learn-devops/d6cc45268dd93258ffc70c253e28ec44fcfbd541/home/infrastructure-as-code/terraform-gcp/taskset/task-006-modular-load-balancing-regional-load-balancer/terraform-google-lb/examples/basic/docs/diagram.png -------------------------------------------------------------------------------- /home/infrastructure-as-code/terraform-gcp/taskset/task-006-modular-load-balancing-regional-load-balancer/terraform-google-lb/examples/basic/locals.tf: -------------------------------------------------------------------------------- 1 | /* 2 | The code below is an example of using Terraform's "locals" block to define a variable with a nested object. 3 | 4 | The object defined in the "health_check" variable represents a health check configuration for a load 5 | balancer or other similar infrastructure component. Here's what each key-value pair means: 6 | 7 | - check_interval_sec: The number of seconds between each health check. 8 | - healthy_threshold: The number of consecutive successful health checks required to mark an instance as healthy. 9 | - timeout_sec: The number of seconds to wait for a response before considering the health check to have failed. 10 | - unhealthy_threshold: The number of consecutive failed health checks required to mark an instance as unhealthy. 11 | - port: The port number to use for the health check request. 12 | - request_path: The path to use for the health check request. 13 | - host: The IP address or domain name of the instance to perform the health check on. 14 | By defining this configuration in a "locals" block, the values can be easily reused throughout the Terraform codebase without having to repeat the configuration details every time. 15 | */ 16 | 17 | locals { 18 | health_check = { 19 | check_interval_sec = 1 20 | healthy_threshold = 4 21 | timeout_sec = 1 22 | unhealthy_threshold = 5 23 | port = 8080 24 | request_path = "/mypath" 25 | host = "1.2.3.4" 26 | } 27 | } 28 | -------------------------------------------------------------------------------- /home/infrastructure-as-code/terraform-gcp/taskset/task-006-modular-load-balancing-regional-load-balancer/terraform-google-lb/examples/basic/network.tf: -------------------------------------------------------------------------------- 1 | 2 | 3 | resource "google_compute_network" "network" { 4 | name = "load-balancer-module-network" 5 | auto_create_subnetworks = "false" 6 | } 7 | 8 | 9 | resource "google_compute_subnetwork" "subnetwork" { 10 | name = "load-balancer-module-subnetwork" 11 | region = var.region 12 | network = google_compute_network.network.self_link 13 | ip_cidr_range = "10.0.0.0/16" 14 | } 15 | 16 | resource "google_compute_router" "router" { 17 | name = "load-balancer-module-router" 18 | region = var.region 19 | network = google_compute_network.network.self_link 20 | } 21 | 22 | module "cloud_nat" { 23 | project_id = var.project_id 24 | region = var.region 25 | name = "load-balancer-module-nat" 26 | source = "terraform-google-modules/cloud-nat/google" 27 | version = "~> 2.2" 28 | router = google_compute_router.router.name 29 | } 30 | -------------------------------------------------------------------------------- /home/infrastructure-as-code/terraform-gcp/taskset/task-006-modular-load-balancing-regional-load-balancer/terraform-google-lb/examples/basic/outputs.tf: -------------------------------------------------------------------------------- 1 | output "load_balancer_default_ip" { 2 | description = "The external ip address of the forwarding rule for default lb." 3 | value = module.load_balancer_default.external_ip 4 | } 5 | -------------------------------------------------------------------------------- /home/infrastructure-as-code/terraform-gcp/taskset/task-006-modular-load-balancing-regional-load-balancer/terraform-google-lb/examples/basic/provider.tf: -------------------------------------------------------------------------------- 1 | /* 2 | By using provider blocks, Terraform can manage resources across multiple cloud providers or services. 3 | In this case, the provider blocks allow Terraform to interact with the Google Cloud Platform using both 4 | stable and beta versions of the API. 5 | */ 6 | 7 | provider "google" { 8 | project = var.project_id 9 | } 10 | 11 | provider "google-beta" { 12 | project = var.project_id 13 | } 14 | -------------------------------------------------------------------------------- /home/infrastructure-as-code/terraform-gcp/taskset/task-006-modular-load-balancing-regional-load-balancer/terraform-google-lb/examples/basic/variables.tf: -------------------------------------------------------------------------------- 1 | 2 | 3 | variable "region" { 4 | default = "us-central1" 5 | } 6 | 7 | variable "project_id" { 8 | description = "GCP Project used to create resources." 9 | } 10 | 11 | variable "image_family" { 12 | description = "Image used for compute VMs." 13 | default = "debian-11" 14 | } 15 | 16 | variable "image_project" { 17 | description = "GCP Project where source image comes from." 18 | default = "debian-cloud" 19 | } 20 | -------------------------------------------------------------------------------- /home/infrastructure-as-code/terraform-gcp/taskset/task-006-modular-load-balancing-regional-load-balancer/terraform-google-lb/examples/basic/versions.tf: -------------------------------------------------------------------------------- 1 | 2 | 3 | terraform { 4 | required_version = ">= 0.13" 5 | required_providers { 6 | google = { 7 | source = "hashicorp/google" 8 | version = ">= 3.53, < 5.0" 9 | } 10 | google-beta = { 11 | source = "hashicorp/google-beta" 12 | version = ">= 3.53, < 5.0" 13 | } 14 | template = { 15 | source = "hashicorp/template" 16 | } 17 | } 18 | } 19 | -------------------------------------------------------------------------------- /home/infrastructure-as-code/terraform-gcp/taskset/task-006-modular-load-balancing-regional-load-balancer/variables.tf: -------------------------------------------------------------------------------- 1 | 2 | variable "project" { 3 | type = string 4 | description = "The project to deploy to, if not set the default provider project is used." 5 | default = "" 6 | } 7 | 8 | variable "region" { 9 | type = string 10 | description = "Region used for GCP resources." 11 | } 12 | 13 | variable "network" { 14 | type = string 15 | description = "Name of the network to create resources in." 16 | default = "default" 17 | } 18 | 19 | variable "firewall_project" { 20 | type = string 21 | description = "Name of the project to create the firewall rule in. Useful for shared VPC. Default is var.project." 22 | default = "" 23 | } 24 | 25 | variable "name" { 26 | type = string 27 | description = "Name for the forwarding rule and prefix for supporting resources." 28 | } 29 | 30 | variable "service_port" { 31 | type = number 32 | description = "TCP port your service is listening on." 33 | } 34 | 35 | variable "target_tags" { 36 | description = "List of target tags to allow traffic using firewall rule." 37 | type = list(string) 38 | default = null 39 | } 40 | 41 | variable "target_service_accounts" { 42 | description = "List of target service accounts to allow traffic using firewall rule." 43 | type = list(string) 44 | default = null 45 | } 46 | 47 | variable "session_affinity" { 48 | type = string 49 | description = "How to distribute load. Options are `NONE`, `CLIENT_IP` and `CLIENT_IP_PROTO`" 50 | default = "NONE" 51 | } 52 | 53 | variable "disable_health_check" { 54 | type = bool 55 | description = "Disables the health check on the target pool." 56 | default = false 57 | } 58 | 59 | variable "health_check" { 60 | description = "Health check to determine whether instances are responsive and able to do work" 61 | type = object({ 62 | check_interval_sec = number 63 | healthy_threshold = number 64 | timeout_sec = number 65 | unhealthy_threshold = number 66 | port = number 67 | request_path = string 68 | host = string 69 | }) 70 | default = { 71 | check_interval_sec = null 72 | healthy_threshold = null 73 | timeout_sec = null 74 | unhealthy_threshold = null 75 | port = null 76 | request_path = null 77 | host = null 78 | } 79 | } 80 | 81 | variable "ip_address" { 82 | description = "IP address of the external load balancer, if empty one will be assigned." 83 | type = string 84 | default = null 85 | } 86 | 87 | variable "ip_protocol" { 88 | description = "The IP protocol for the frontend forwarding rule and firewall rule. TCP, UDP, ESP, AH, SCTP or ICMP." 89 | type = string 90 | default = "TCP" 91 | } 92 | 93 | variable "allowed_ips" { 94 | description = "The IP address ranges which can access the load balancer." 95 | default = ["0.0.0.0/0"] 96 | type = list(string) 97 | } 98 | 99 | variable "labels" { 100 | description = "The labels to attach to resources created by this module." 101 | default = {} 102 | type = map(string) 103 | } 104 | -------------------------------------------------------------------------------- /home/infrastructure-as-code/terraform-gcp/taskset/task-006-modular-load-balancing-regional-load-balancer/versions.tf: -------------------------------------------------------------------------------- 1 | terraform { 2 | required_version = ">= 0.13" 3 | required_providers { 4 | google = { 5 | source = "hashicorp/google" 6 | version = ">= 3.53, < 5.0" 7 | } 8 | 9 | google-beta = { 10 | source = "hashicorp/google-beta" 11 | version = ">= 3.53, < 5.0" 12 | } 13 | } 14 | 15 | provider_meta "google" { 16 | module_name = "blueprints/terraform/terraform-google-lb/v4.0.1" 17 | } 18 | 19 | provider_meta "google-beta" { 20 | module_name = "blueprints/terraform/terraform-google-lb/v4.0.1" 21 | } 22 | } 23 | -------------------------------------------------------------------------------- /home/infrastructure-as-code/terraform-gcp/taskset/task-007-cloud-sql/.images/cloud-sql-proxy-workings.png: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/thecloudterminal01/learn-devops/d6cc45268dd93258ffc70c253e28ec44fcfbd541/home/infrastructure-as-code/terraform-gcp/taskset/task-007-cloud-sql/.images/cloud-sql-proxy-workings.png -------------------------------------------------------------------------------- /home/infrastructure-as-code/terraform-gcp/taskset/task-007-cloud-sql/outputs.tf: -------------------------------------------------------------------------------- 1 | // This output value represents the name of the database instance created by the Terraform configuration. 2 | output "instance_name" { 3 | description = "The name of the database instance" 4 | value = google_sql_database_instance.master.name 5 | } 6 | 7 | // This output value represents the IPv4 address of the master database instance created by the Terraform configuration. 8 | output "instance_address" { 9 | description = "The IPv4 address of the master database instnace" 10 | value = google_sql_database_instance.master.ip_address.0.ip_address 11 | } 12 | 13 | // This output value represents the time when the IPv4 address of the master database instance created 14 | // by the Terraform configuration will be retired. 15 | output "instance_address_time_to_retire" { 16 | description = "The time the master instance IP address will be retired. RFC 3339 format." 17 | value = google_sql_database_instance.master.ip_address.0.time_to_retire 18 | } 19 | 20 | /* 21 | This Terraform output block is defining an output named "self_link". 22 | The output provides the self link to the Google Cloud SQL master instance created 23 | using the resource "google_sql_database_instance". 24 | 25 | The "self_link" attribute in Google Cloud SQL is a unique identifier for a resource, 26 | and it is used to retrieve, update or delete the resource. The value of the "self_link" 27 | output is set to the value of the "self_link" attribute of the "google_sql_database_instance" 28 | resource created in the Terraform code. 29 | 30 | Once this Terraform code is executed, the "self_link" output value can be 31 | retrieved using the Terraform CLI command terraform output self_link. 32 | */ 33 | output "self_link" { 34 | description = "Self link to the master instance" 35 | value = google_sql_database_instance.master.self_link 36 | } 37 | 38 | // This output value represents the auto-generated default user password if no input password was provided. 39 | // This value is marked as sensitive to ensure that it is not accidentally exposed. 40 | output "generated_user_password" { 41 | description = "The auto generated default user password if no input password was provided" 42 | value = random_id.user-password.hex 43 | sensitive = true 44 | } 45 | 46 | 47 | -------------------------------------------------------------------------------- /home/infrastructure-as-code/terraform-gcp/taskset/task-008-building-a-vpn-between-gcp-and-aws/.images/aws-compute.png: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/thecloudterminal01/learn-devops/d6cc45268dd93258ffc70c253e28ec44fcfbd541/home/infrastructure-as-code/terraform-gcp/taskset/task-008-building-a-vpn-between-gcp-and-aws/.images/aws-compute.png -------------------------------------------------------------------------------- /home/infrastructure-as-code/terraform-gcp/taskset/task-008-building-a-vpn-between-gcp-and-aws/.images/aws-customer-gatways.png: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/thecloudterminal01/learn-devops/d6cc45268dd93258ffc70c253e28ec44fcfbd541/home/infrastructure-as-code/terraform-gcp/taskset/task-008-building-a-vpn-between-gcp-and-aws/.images/aws-customer-gatways.png -------------------------------------------------------------------------------- /home/infrastructure-as-code/terraform-gcp/taskset/task-008-building-a-vpn-between-gcp-and-aws/.images/aws-intenet-gatway.png: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/thecloudterminal01/learn-devops/d6cc45268dd93258ffc70c253e28ec44fcfbd541/home/infrastructure-as-code/terraform-gcp/taskset/task-008-building-a-vpn-between-gcp-and-aws/.images/aws-intenet-gatway.png -------------------------------------------------------------------------------- /home/infrastructure-as-code/terraform-gcp/taskset/task-008-building-a-vpn-between-gcp-and-aws/.images/aws-subnets.png: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/thecloudterminal01/learn-devops/d6cc45268dd93258ffc70c253e28ec44fcfbd541/home/infrastructure-as-code/terraform-gcp/taskset/task-008-building-a-vpn-between-gcp-and-aws/.images/aws-subnets.png -------------------------------------------------------------------------------- /home/infrastructure-as-code/terraform-gcp/taskset/task-008-building-a-vpn-between-gcp-and-aws/.images/aws-virtual-private-gateway-gatway.png: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/thecloudterminal01/learn-devops/d6cc45268dd93258ffc70c253e28ec44fcfbd541/home/infrastructure-as-code/terraform-gcp/taskset/task-008-building-a-vpn-between-gcp-and-aws/.images/aws-virtual-private-gateway-gatway.png -------------------------------------------------------------------------------- /home/infrastructure-as-code/terraform-gcp/taskset/task-008-building-a-vpn-between-gcp-and-aws/.images/aws-vpc.png: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/thecloudterminal01/learn-devops/d6cc45268dd93258ffc70c253e28ec44fcfbd541/home/infrastructure-as-code/terraform-gcp/taskset/task-008-building-a-vpn-between-gcp-and-aws/.images/aws-vpc.png -------------------------------------------------------------------------------- /home/infrastructure-as-code/terraform-gcp/taskset/task-008-building-a-vpn-between-gcp-and-aws/.images/aws-vpn-connections.png: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/thecloudterminal01/learn-devops/d6cc45268dd93258ffc70c253e28ec44fcfbd541/home/infrastructure-as-code/terraform-gcp/taskset/task-008-building-a-vpn-between-gcp-and-aws/.images/aws-vpn-connections.png -------------------------------------------------------------------------------- /home/infrastructure-as-code/terraform-gcp/taskset/task-008-building-a-vpn-between-gcp-and-aws/.images/gcp-cloud-firewall.png: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/thecloudterminal01/learn-devops/d6cc45268dd93258ffc70c253e28ec44fcfbd541/home/infrastructure-as-code/terraform-gcp/taskset/task-008-building-a-vpn-between-gcp-and-aws/.images/gcp-cloud-firewall.png -------------------------------------------------------------------------------- /home/infrastructure-as-code/terraform-gcp/taskset/task-008-building-a-vpn-between-gcp-and-aws/.images/gcp-cloud-ip-addresses.png: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/thecloudterminal01/learn-devops/d6cc45268dd93258ffc70c253e28ec44fcfbd541/home/infrastructure-as-code/terraform-gcp/taskset/task-008-building-a-vpn-between-gcp-and-aws/.images/gcp-cloud-ip-addresses.png -------------------------------------------------------------------------------- /home/infrastructure-as-code/terraform-gcp/taskset/task-008-building-a-vpn-between-gcp-and-aws/.images/gcp-cloud-router-details.png: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/thecloudterminal01/learn-devops/d6cc45268dd93258ffc70c253e28ec44fcfbd541/home/infrastructure-as-code/terraform-gcp/taskset/task-008-building-a-vpn-between-gcp-and-aws/.images/gcp-cloud-router-details.png -------------------------------------------------------------------------------- /home/infrastructure-as-code/terraform-gcp/taskset/task-008-building-a-vpn-between-gcp-and-aws/.images/gcp-cloud-router.png: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/thecloudterminal01/learn-devops/d6cc45268dd93258ffc70c253e28ec44fcfbd541/home/infrastructure-as-code/terraform-gcp/taskset/task-008-building-a-vpn-between-gcp-and-aws/.images/gcp-cloud-router.png -------------------------------------------------------------------------------- /home/infrastructure-as-code/terraform-gcp/taskset/task-008-building-a-vpn-between-gcp-and-aws/.images/gcp-cloud-routes.png: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/thecloudterminal01/learn-devops/d6cc45268dd93258ffc70c253e28ec44fcfbd541/home/infrastructure-as-code/terraform-gcp/taskset/task-008-building-a-vpn-between-gcp-and-aws/.images/gcp-cloud-routes.png -------------------------------------------------------------------------------- /home/infrastructure-as-code/terraform-gcp/taskset/task-008-building-a-vpn-between-gcp-and-aws/.images/gcp-cloud-vpn-gatways.png: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/thecloudterminal01/learn-devops/d6cc45268dd93258ffc70c253e28ec44fcfbd541/home/infrastructure-as-code/terraform-gcp/taskset/task-008-building-a-vpn-between-gcp-and-aws/.images/gcp-cloud-vpn-gatways.png -------------------------------------------------------------------------------- /home/infrastructure-as-code/terraform-gcp/taskset/task-008-building-a-vpn-between-gcp-and-aws/.images/gcp-cloud-vpn-tunnels.png: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/thecloudterminal01/learn-devops/d6cc45268dd93258ffc70c253e28ec44fcfbd541/home/infrastructure-as-code/terraform-gcp/taskset/task-008-building-a-vpn-between-gcp-and-aws/.images/gcp-cloud-vpn-tunnels.png -------------------------------------------------------------------------------- /home/infrastructure-as-code/terraform-gcp/taskset/task-008-building-a-vpn-between-gcp-and-aws/.images/gcp-compute.png: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/thecloudterminal01/learn-devops/d6cc45268dd93258ffc70c253e28ec44fcfbd541/home/infrastructure-as-code/terraform-gcp/taskset/task-008-building-a-vpn-between-gcp-and-aws/.images/gcp-compute.png -------------------------------------------------------------------------------- /home/infrastructure-as-code/terraform-gcp/taskset/task-008-building-a-vpn-between-gcp-and-aws/.images/gcp-network.png: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/thecloudterminal01/learn-devops/d6cc45268dd93258ffc70c253e28ec44fcfbd541/home/infrastructure-as-code/terraform-gcp/taskset/task-008-building-a-vpn-between-gcp-and-aws/.images/gcp-network.png -------------------------------------------------------------------------------- /home/infrastructure-as-code/terraform-gcp/taskset/task-008-building-a-vpn-between-gcp-and-aws/.images/gcp-peer-vpn-gatway.png: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/thecloudterminal01/learn-devops/d6cc45268dd93258ffc70c253e28ec44fcfbd541/home/infrastructure-as-code/terraform-gcp/taskset/task-008-building-a-vpn-between-gcp-and-aws/.images/gcp-peer-vpn-gatway.png -------------------------------------------------------------------------------- /home/infrastructure-as-code/terraform-gcp/taskset/task-008-building-a-vpn-between-gcp-and-aws/autonetdeploy-multicloudvpn/create_instance.sh: -------------------------------------------------------------------------------- 1 | #!/bin/bash 2 | DEPLOYMENT="main" 3 | gcloud compute instances create velo-mgr \ 4 | --project=${DEVSHELL_PROJECT_ID} \ 5 | --image=velostrata-mgmt-4-5-1-27955-20129-os \ 6 | --image-project=velossandbox \ 7 | --zone=us-central1-a \ 8 | --machine-type=n1-standard-4 \ 9 | --boot-disk-size=60 \ 10 | --metadata=apiPassword=velo1234,defaultServiceAccount=migration-cloud-extension@${DEVSHELL_PROJECT_ID}.iam.gserviceaccount.com,secretsEncKey=qwiklabs \ 11 | --service-account=migration-manager@${DEVSHELL_PROJECT_ID}.iam.gserviceaccount.com \ 12 | --tags=https-server \ 13 | --scopes="https://www.googleapis.com/auth/cloud-platform","rpc://phrixus.googleapis.com/auth/cloudrpc" \ 14 | --network='gcp-network' \ 15 | --subnet='gcp-subnet1' -------------------------------------------------------------------------------- /home/infrastructure-as-code/terraform-gcp/taskset/task-008-building-a-vpn-between-gcp-and-aws/autonetdeploy-multicloudvpn/gcp_set_credentials.sh: -------------------------------------------------------------------------------- 1 | #!/bin/bash 2 | 3 | 4 | # Add GCP credentials path to configuration defaults file. 5 | 6 | # Check arguments for existing json key file. 7 | # arguments: -.json 8 | function checkArgs () { 9 | local FILE_ARG='' 10 | 11 | if [ -z "$1" ]; then 12 | echo 'Error: missing argument.' 13 | echo "$0 ${FILE_ARG}" 14 | exit 1 15 | fi 16 | 17 | if [ "$1" != "exists" ] && [ ! -e "$1" ]; then 18 | echo 'Error: file not found.' 19 | echo "$0 ${FILE_ARG}" 20 | exit 1 21 | fi 22 | } 23 | 24 | 25 | # Backup existing credentials and create new ones. 26 | # arguments: source_credentials_file target_file_path 27 | function backupAndCopyCredentials() { 28 | local BACKUP_FILE="$2.bak.$(date +%s)" 29 | if [ -e $2 ]; then 30 | cp "$2" "${BACKUP_FILE}" 31 | echo "Created backup (${BACKUP_FILE})." 32 | fi 33 | 34 | cp "$1" "$2" 35 | echo "Created $2 from $1." 36 | } 37 | 38 | 39 | # Start a new terraform.tfvars file. 40 | # arguments: full_path_file_name. 41 | function createTFVars() { 42 | if [ ! -e $1 ]; then 43 | echo "/*" > $1 44 | echo " * Initialized Terraform variables." >> $1 45 | echo " */" >> $1 46 | fi 47 | } 48 | 49 | 50 | # If not already present, add a key-value to tfvars file. 51 | # arguments: tfvars_path_file_name key value 52 | function addTFVar() { 53 | if [ -z "$1" ] || [ -z "$2" ] || [ -z "$3" ]; then 54 | echo 'Error: missing argument for addTFVar().' 55 | exit 1 56 | fi 57 | 58 | local VAR_NAME="$2" 59 | local KEY_EXISTS="$(cat $1 | grep $2)" 60 | 61 | if [ -z "${KEY_EXISTS}" ]; then 62 | echo "" >> $1 63 | echo "$2 = \"$3\"" >> $1 64 | echo "Updated $2 in $1." 65 | fi 66 | } 67 | 68 | 69 | # Create fresh GCP credentials file and point Terraform at it. 70 | # arguments: -.json 71 | function createCredentials () { 72 | # ~ only expands when NOT quoted (below). 73 | local CREDS_FILE_DIR=~/.config/gcloud 74 | local CREDS_FILE_PATH="${CREDS_FILE_DIR}/credentials_autonetdeploy.json" 75 | local THIS_DIR="$( cd "$( dirname "${BASH_SOURCE[0]}" )" && pwd )" 76 | local TFVARS_DIR_PATH="${THIS_DIR}/terraform" 77 | local TFVARS_FILE_PATH="${TFVARS_DIR_PATH}/terraform.tfvars" 78 | local TFVAR_CREDS='gcp_credentials_file_path' 79 | 80 | if [ "$1" != "exists" ]; then 81 | mkdir -p ${CREDS_FILE_DIR} 82 | backupAndCopyCredentials $1 ${CREDS_FILE_PATH} 83 | fi 84 | 85 | createTFVars "${TFVARS_FILE_PATH}" 86 | addTFVar "${TFVARS_FILE_PATH}" "${TFVAR_CREDS}" "${CREDS_FILE_PATH}" 87 | } 88 | 89 | 90 | # Copy/create file under ~/.config/gcloud 91 | checkArgs $1 92 | # Pass "exists" to skip credential file copying. 93 | createCredentials $1 94 | -------------------------------------------------------------------------------- /home/infrastructure-as-code/terraform-gcp/taskset/task-008-building-a-vpn-between-gcp-and-aws/autonetdeploy-multicloudvpn/gcp_set_project.sh: -------------------------------------------------------------------------------- 1 | #!/bin/bash 2 | 3 | 4 | 5 | 6 | # Add GCP project to configuration files. 7 | 8 | # Check function arguments for project. 9 | # arguments: project 10 | function checkArgs () { 11 | if [ -z "$1" ]; then 12 | echo "Error: missing argument. $0 " 13 | exit 1 14 | fi 15 | } 16 | 17 | 18 | # Update project_id in DM config file. 19 | # arguments: project_id dm_project_file 20 | function fixDMProject() { 21 | local DM_PROJECT_FILE="${2}" 22 | local SED_EX="s/project_id: .*/project_id: $1/" 23 | sed -i -e "${SED_EX}" ${DM_PROJECT_FILE} 24 | echo "Updated project_id: ${1} in ${DM_PROJECT_FILE}." 25 | } 26 | 27 | 28 | # Start a new terraform.tfvars file. 29 | # arguments: full_path_file_name. 30 | function createTFVars() { 31 | if [ ! -e $1 ]; then 32 | echo "/*" > $1 33 | echo " * Initialized Terraform variables." >> $1 34 | echo " */" >> $1 35 | fi 36 | } 37 | 38 | 39 | # If not already present, add a key-value to tfvars file. 40 | # arguments: tfvars_path_file_name key value 41 | function addTFVar() { 42 | if [ -z "$1" ] || [ -z "$2" ] || [ -z "$3" ]; then 43 | echo 'Error: missing argument for addTFVar().' 44 | exit 1 45 | fi 46 | 47 | local VAR_NAME="$2" 48 | local KEY_EXISTS="$(cat $1 | grep $2)" 49 | 50 | if [ -z "${KEY_EXISTS}" ]; then 51 | echo "" >> $1 52 | echo "$2 = \"$3\"" >> $1 53 | echo "Updated $2 in $1." 54 | fi 55 | } 56 | 57 | 58 | # Add projects to configuration file(s) if existing. 59 | # arguments: project 60 | function addProject() { 61 | local PROJECT_ID="$1" 62 | local THIS_DIR="$( cd "$( dirname "${BASH_SOURCE[0]}" )" && pwd )" 63 | local DM_PROJECT_FILE='autonetdeploy_config.yaml' 64 | local DM_PROJECT_FILE_PATH="${THIS_DIR}/deploymentmanager/${DM_PROJECT_FILE}" 65 | local TFVARS_DIR_PATH="${THIS_DIR}/terraform" 66 | local TFVARS_FILE_PATH="${TFVARS_DIR_PATH}/terraform.tfvars" 67 | local TFVAR_PROJECT='gcp_project_id' 68 | 69 | checkArgs ${PROJECT_ID} 70 | 71 | if [ -e ${DM_PROJECT_FILE_PATH} ]; then 72 | fixDMProject ${PROJECT_ID} ${DM_PROJECT_FILE_PATH} 73 | fi 74 | 75 | # Always create terraform.tfvars file even if dir does not exist already. 76 | mkdir -p "${TFVARS_DIR_PATH}" 77 | createTFVars "${TFVARS_FILE_PATH}" 78 | addTFVar "${TFVARS_FILE_PATH}" "${TFVAR_PROJECT}" "${PROJECT_ID}" 79 | } 80 | 81 | addProject $(gcloud config get-value project 2> /dev/null) 82 | -------------------------------------------------------------------------------- /home/infrastructure-as-code/terraform-gcp/taskset/task-008-building-a-vpn-between-gcp-and-aws/autonetdeploy-multicloudvpn/get_terraform.sh: -------------------------------------------------------------------------------- 1 | #!/bin/bash 2 | 3 | 4 | 5 | 6 | # Download Terraform utility. 7 | 8 | # Download and extract Terraform utility in the terraform directory. 9 | function getTerraform() { 10 | # Places terraform in ~/terraform dir. 11 | local T_VERSION='0.12.4/terraform_0.12.4_linux_amd64' 12 | local T_URL="https://releases.hashicorp.com/terraform/${T_VERSION}.zip" 13 | # ~ only expands when NOT quoted (below). 14 | local T_DIR=~/terraform 15 | local T_ZIP="${T_DIR}/terraform.zip" 16 | local T_EXE="${T_DIR}/terraform" 17 | 18 | if [ -e ${T_EXE} ]; then 19 | echo "${T_EXE} already exists. Exiting." 20 | echo '' 21 | echo "To adjust your path: export PATH=${T_DIR}:\${PATH}" 22 | exit 0 23 | fi 24 | 25 | mkdir -p ${T_DIR} 26 | pushd ${T_DIR} > /dev/null 27 | curl -o "${T_ZIP}" "${T_URL}" 28 | unzip -q "${T_ZIP}" 29 | rm "${T_ZIP}" 30 | popd > /dev/null 31 | 32 | if [ -e ${T_EXE} ]; then 33 | echo "Successfully retrieved ${T_EXE}." 34 | echo '' 35 | echo "To adjust your path: export PATH=${T_DIR}:\${PATH}" 36 | else 37 | echo "Could not retrieve ${T_EXE}." 38 | fi 39 | } 40 | 41 | getTerraform 42 | -------------------------------------------------------------------------------- /home/infrastructure-as-code/terraform-gcp/taskset/task-008-building-a-vpn-between-gcp-and-aws/autonetdeploy-multicloudvpn/images/autonetdeploy_gcpawsvpn_arch.png: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/thecloudterminal01/learn-devops/d6cc45268dd93258ffc70c253e28ec44fcfbd541/home/infrastructure-as-code/terraform-gcp/taskset/task-008-building-a-vpn-between-gcp-and-aws/autonetdeploy-multicloudvpn/images/autonetdeploy_gcpawsvpn_arch.png -------------------------------------------------------------------------------- /home/infrastructure-as-code/terraform-gcp/taskset/task-008-building-a-vpn-between-gcp-and-aws/autonetdeploy-multicloudvpn/migrate_sa_roles.sh: -------------------------------------------------------------------------------- 1 | # Create migration manager 2 | gcloud iam service-accounts create "migration-manager" --display-name "migration-manager" 3 | 4 | # Assign roles to migration manager 5 | gcloud projects add-iam-policy-binding $DEVSHELL_PROJECT_ID --member \ 6 | serviceAccount:"migration-manager@$DEVSHELL_PROJECT_ID.iam.gserviceaccount.com" \ 7 | --role "roles/cloudmigration.inframanager" \ 8 | --no-user-output-enabled --quiet 9 | 10 | gcloud projects add-iam-policy-binding $DEVSHELL_PROJECT_ID --member \ 11 | serviceAccount:"migration-manager@$DEVSHELL_PROJECT_ID.iam.gserviceaccount.com" \ 12 | --role "roles/cloudmigration.storageaccess" \ 13 | --no-user-output-enabled --quiet 14 | 15 | gcloud projects add-iam-policy-binding $DEVSHELL_PROJECT_ID --member \ 16 | serviceAccount:"migration-manager@$DEVSHELL_PROJECT_ID.iam.gserviceaccount.com" \ 17 | --role "roles/iam.serviceAccountUser" \ 18 | --no-user-output-enabled --quiet 19 | 20 | gcloud projects add-iam-policy-binding $DEVSHELL_PROJECT_ID --member \ 21 | serviceAccount:"migration-manager@$DEVSHELL_PROJECT_ID.iam.gserviceaccount.com" \ 22 | --role "roles/logging.logWriter" \ 23 | --no-user-output-enabled --quiet 24 | 25 | gcloud projects add-iam-policy-binding $DEVSHELL_PROJECT_ID --member \ 26 | serviceAccount:"migration-manager@$DEVSHELL_PROJECT_ID.iam.gserviceaccount.com" \ 27 | --role "roles/monitoring.metricWriter" \ 28 | --no-user-output-enabled --quiet 29 | 30 | gcloud projects add-iam-policy-binding $DEVSHELL_PROJECT_ID --member \ 31 | serviceAccount:"migration-manager@$DEVSHELL_PROJECT_ID.iam.gserviceaccount.com" \ 32 | --role "roles/monitoring.viewer" \ 33 | --no-user-output-enabled --quiet 34 | 35 | gcloud iam service-accounts add-iam-policy-binding \ 36 | "migration-manager@$DEVSHELL_PROJECT_ID.iam.gserviceaccount.com" \ 37 | --member=serviceAccount:"migration-manager@$DEVSHELL_PROJECT_ID.iam.gserviceaccount.com" \ 38 | --role=roles/iam.serviceAccountTokenCreator --project $DEVSHELL_PROJECT_ID 39 | 40 | # Create cloud extension account 41 | gcloud iam service-accounts create "migration-cloud-extension" \ 42 | --display-name "migration-cloud-extension" 43 | 44 | # Assign roles to cloud extension account 45 | gcloud projects add-iam-policy-binding $DEVSHELL_PROJECT_ID \ 46 | --member serviceAccount:"migration-cloud-extension@$DEVSHELL_PROJECT_ID.iam.gserviceaccount.com" \ 47 | --role "roles/cloudmigration.storageaccess" \ 48 | --no-user-output-enabled --quiet 49 | 50 | gcloud projects add-iam-policy-binding $DEVSHELL_PROJECT_ID \ 51 | --member serviceAccount:"migration-cloud-extension@$DEVSHELL_PROJECT_ID.iam.gserviceaccount.com" \ 52 | --role "roles/logging.logWriter" \ 53 | --no-user-output-enabled --quiet 54 | 55 | gcloud projects add-iam-policy-binding $DEVSHELL_PROJECT_ID \ 56 | --member serviceAccount:"migration-cloud-extension@$DEVSHELL_PROJECT_ID.iam.gserviceaccount.com" \ 57 | --role "roles/monitoring.metricWriter" \ 58 | --no-user-output-enabled --quiet -------------------------------------------------------------------------------- /home/infrastructure-as-code/terraform-gcp/taskset/task-008-building-a-vpn-between-gcp-and-aws/autonetdeploy-multicloudvpn/terraform/aws_compute.tf: -------------------------------------------------------------------------------- 1 | 2 | /* 3 | * Terraform compute resources for AWS. 4 | */ 5 | 6 | data "aws_ami" "ubuntu" { 7 | most_recent = true 8 | 9 | filter { 10 | name = "name" 11 | values = [var.aws_disk_image] 12 | } 13 | 14 | filter { 15 | name = "virtualization-type" 16 | values = ["hvm"] 17 | } 18 | 19 | owners = ["099720109477"] # Canonical 20 | } 21 | 22 | resource "aws_eip" "aws-ip" { 23 | vpc = true 24 | 25 | instance = aws_instance.aws-vm.id 26 | associate_with_private_ip = var.aws_vm_address 27 | } 28 | 29 | resource "aws_instance" "aws-vm" { 30 | ami = data.aws_ami.ubuntu.id 31 | instance_type = var.aws_instance_type 32 | subnet_id = aws_subnet.aws-subnet1.id 33 | key_name = "vm-ssh-key" 34 | 35 | associate_public_ip_address = true 36 | private_ip = var.aws_vm_address 37 | 38 | vpc_security_group_ids = [ 39 | aws_security_group.aws-allow-icmp.id, 40 | aws_security_group.aws-allow-ssh.id, 41 | aws_security_group.aws-allow-vpn.id, 42 | aws_security_group.aws-allow-internet.id, 43 | ] 44 | 45 | user_data = replace( 46 | replace( 47 | file("vm_userdata.sh"), 48 | "", 49 | google_compute_address.gcp-ip.address, 50 | ), 51 | "", 52 | var.gcp_vm_address, 53 | ) 54 | 55 | tags = { 56 | Name = "aws-vm-${var.aws_region}" 57 | } 58 | } 59 | 60 | -------------------------------------------------------------------------------- /home/infrastructure-as-code/terraform-gcp/taskset/task-008-building-a-vpn-between-gcp-and-aws/autonetdeploy-multicloudvpn/terraform/aws_networking.tf: -------------------------------------------------------------------------------- 1 | 2 | 3 | /* 4 | * Terraform networking resources for AWS. 5 | */ 6 | 7 | resource "aws_vpc" "aws-vpc" { 8 | cidr_block = var.aws_network_cidr 9 | enable_dns_support = true 10 | enable_dns_hostnames = true 11 | tags = { 12 | "Name" = "aws-vpc" 13 | } 14 | } 15 | 16 | resource "aws_subnet" "aws-subnet1" { 17 | vpc_id = aws_vpc.aws-vpc.id 18 | cidr_block = var.aws_subnet1_cidr 19 | 20 | tags = { 21 | Name = "aws-vpn-subnet" 22 | } 23 | } 24 | 25 | resource "aws_internet_gateway" "aws-vpc-igw" { 26 | vpc_id = aws_vpc.aws-vpc.id 27 | 28 | tags = { 29 | Name = "aws-vpc-igw" 30 | } 31 | } 32 | 33 | /* 34 | * ----------VPN Connection---------- 35 | */ 36 | 37 | resource "aws_vpn_gateway" "aws-vpn-gw" { 38 | vpc_id = aws_vpc.aws-vpc.id 39 | } 40 | 41 | resource "aws_customer_gateway" "aws-cgw-1" { 42 | bgp_asn = 65000 43 | ip_address = google_compute_ha_vpn_gateway.gcp-vpn-gw.vpn_interfaces[0].ip_address 44 | type = "ipsec.1" 45 | tags = { 46 | "Name" = "aws-customer-gw" 47 | } 48 | } 49 | resource "aws_customer_gateway" "aws-cgw-2" { 50 | bgp_asn = 65000 51 | ip_address = google_compute_ha_vpn_gateway.gcp-vpn-gw.vpn_interfaces[1].ip_address 52 | type = "ipsec.1" 53 | tags = { 54 | "Name" = "aws-customer-gw" 55 | } 56 | } 57 | 58 | resource "aws_default_route_table" "aws-vpc" { 59 | default_route_table_id = aws_vpc.aws-vpc.default_route_table_id 60 | route { 61 | cidr_block = "0.0.0.0/0" 62 | gateway_id = aws_internet_gateway.aws-vpc-igw.id 63 | } 64 | propagating_vgws = [ 65 | aws_vpn_gateway.aws-vpn-gw.id, 66 | ] 67 | } 68 | 69 | resource "aws_vpn_connection" "aws-vpn-connection1" { 70 | vpn_gateway_id = aws_vpn_gateway.aws-vpn-gw.id 71 | customer_gateway_id = aws_customer_gateway.aws-cgw-1.id 72 | type = "ipsec.1" 73 | static_routes_only = false 74 | tags = { 75 | "Name" = "aws-vpn-connection1" 76 | } 77 | } 78 | 79 | resource "aws_vpn_connection" "aws-vpn-connection2" { 80 | vpn_gateway_id = aws_vpn_gateway.aws-vpn-gw.id 81 | customer_gateway_id = aws_customer_gateway.aws-cgw-2.id 82 | type = "ipsec.1" 83 | static_routes_only = false 84 | tags = { 85 | "Name" = "aws-vpn-connection2" 86 | } 87 | } 88 | 89 | 90 | -------------------------------------------------------------------------------- /home/infrastructure-as-code/terraform-gcp/taskset/task-008-building-a-vpn-between-gcp-and-aws/autonetdeploy-multicloudvpn/terraform/aws_outputs.tf: -------------------------------------------------------------------------------- 1 | 2 | 3 | /* 4 | * Terraform output variables for AWS. 5 | */ 6 | 7 | output "aws_instance_external_ip" { 8 | value = aws_eip.aws-ip.public_ip 9 | } 10 | 11 | output "aws_instance_internal_ip" { 12 | value = aws_instance.aws-vm.private_ip 13 | } 14 | 15 | -------------------------------------------------------------------------------- /home/infrastructure-as-code/terraform-gcp/taskset/task-008-building-a-vpn-between-gcp-and-aws/autonetdeploy-multicloudvpn/terraform/aws_security.tf: -------------------------------------------------------------------------------- 1 | 2 | 3 | /* 4 | * Terraform security (firewall) resources for AWS. 5 | */ 6 | 7 | # Allow PING testing. 8 | resource "aws_security_group" "aws-allow-icmp" { 9 | name = "aws-allow-icmp" 10 | description = "Allow icmp access from anywhere" 11 | vpc_id = aws_vpc.aws-vpc.id 12 | 13 | ingress { 14 | from_port = 8 15 | to_port = 0 16 | protocol = "icmp" 17 | cidr_blocks = ["0.0.0.0/0"] 18 | } 19 | } 20 | 21 | # Allow SSH for iperf testing. 22 | resource "aws_security_group" "aws-allow-ssh" { 23 | name = "aws-allow-ssh" 24 | description = "Allow ssh access from anywhere" 25 | vpc_id = aws_vpc.aws-vpc.id 26 | 27 | ingress { 28 | from_port = 22 29 | to_port = 22 30 | protocol = "tcp" 31 | cidr_blocks = ["0.0.0.0/0"] 32 | } 33 | } 34 | 35 | # Allow traffic from the VPN subnets. 36 | resource "aws_security_group" "aws-allow-vpn" { 37 | name = "aws-allow-vpn" 38 | description = "Allow all traffic from vpn resources" 39 | vpc_id = aws_vpc.aws-vpc.id 40 | 41 | ingress { 42 | from_port = 0 43 | to_port = 0 44 | protocol = "-1" 45 | cidr_blocks = [var.gcp_subnet1_cidr] 46 | } 47 | } 48 | 49 | # Allow TCP traffic from the Internet. 50 | resource "aws_security_group" "aws-allow-internet" { 51 | name = "aws-allow-internet" 52 | description = "Allow http traffic from the internet" 53 | vpc_id = aws_vpc.aws-vpc.id 54 | 55 | ingress { 56 | from_port = 80 57 | to_port = 80 58 | protocol = "tcp" 59 | cidr_blocks = ["0.0.0.0/0"] 60 | } 61 | 62 | egress { 63 | from_port = 0 64 | to_port = 0 65 | protocol = "-1" 66 | cidr_blocks = ["0.0.0.0/0"] 67 | } 68 | } 69 | 70 | resource "aws_default_security_group" "default" { 71 | vpc_id = aws_vpc.aws-vpc.id 72 | 73 | ingress { 74 | protocol = -1 75 | self = true 76 | from_port = 0 77 | to_port = 0 78 | cidr_blocks = ["0.0.0.0/0"] 79 | } 80 | 81 | egress { 82 | from_port = 0 83 | to_port = 0 84 | protocol = "-1" 85 | cidr_blocks = ["0.0.0.0/0"] 86 | } 87 | } -------------------------------------------------------------------------------- /home/infrastructure-as-code/terraform-gcp/taskset/task-008-building-a-vpn-between-gcp-and-aws/autonetdeploy-multicloudvpn/terraform/aws_variables.tf: -------------------------------------------------------------------------------- 1 | 2 | 3 | /* 4 | * Terraform variable declarations for AWS. 5 | */ 6 | 7 | variable "aws_credentials_file_path" { 8 | description = "Locate the AWS credentials file." 9 | type = string 10 | } 11 | 12 | variable "aws_region" { 13 | description = "Default to Oregon region." 14 | default = "us-east-1" 15 | } 16 | 17 | variable "aws_instance_type" { 18 | description = "Machine Type. Includes 'Enhanced Networking' via ENA." 19 | default = "t2.micro" 20 | } 21 | 22 | variable "aws_disk_image" { 23 | description = "Boot disk for gcp_instance_type." 24 | default = "ubuntu/images/hvm-ssd/ubuntu-xenial-16.04-amd64-server-*" 25 | } 26 | 27 | variable "aws_network_cidr" { 28 | description = "VPC network ip block." 29 | default = "172.16.0.0/16" 30 | } 31 | 32 | variable "aws_subnet1_cidr" { 33 | description = "Subset block from VPC network ip block." 34 | default = "172.16.0.0/24" 35 | } 36 | 37 | variable "aws_vm_address" { 38 | description = "Private IP address for AWS VM instance." 39 | default = "172.16.0.100" 40 | } 41 | 42 | -------------------------------------------------------------------------------- /home/infrastructure-as-code/terraform-gcp/taskset/task-008-building-a-vpn-between-gcp-and-aws/autonetdeploy-multicloudvpn/terraform/gcp_compute.tf: -------------------------------------------------------------------------------- 1 | 2 | 3 | /* 4 | * Terraform compute resources for GCP. 5 | * Acquire all zones and choose one randomly. 6 | */ 7 | 8 | data "google_compute_zones" "available" { 9 | region = var.gcp_region 10 | } 11 | 12 | resource "google_compute_address" "gcp-ip" { 13 | name = "gcp-vm-ip-${var.gcp_region}" 14 | region = var.gcp_region 15 | } 16 | 17 | resource "google_compute_instance" "gcp-vm" { 18 | name = "gcp-vm-${var.gcp_region}" 19 | machine_type = var.gcp_instance_type 20 | zone = data.google_compute_zones.available.names[0] 21 | 22 | boot_disk { 23 | initialize_params { 24 | image = var.gcp_disk_image 25 | } 26 | } 27 | 28 | network_interface { 29 | subnetwork = google_compute_subnetwork.gcp-subnet1.name 30 | network_ip = var.gcp_vm_address 31 | 32 | access_config { 33 | # Static IP 34 | nat_ip = google_compute_address.gcp-ip.address 35 | } 36 | } 37 | 38 | # Cannot pre-load both gcp and aws since that creates a circular dependency. 39 | # Can pre-populate the AWS IPs to make it easier to run tests. 40 | metadata_startup_script = replace( 41 | replace(file("vm_userdata.sh"), "", aws_eip.aws-ip.public_ip), 42 | "", 43 | var.aws_vm_address, 44 | ) 45 | } 46 | 47 | -------------------------------------------------------------------------------- /home/infrastructure-as-code/terraform-gcp/taskset/task-008-building-a-vpn-between-gcp-and-aws/autonetdeploy-multicloudvpn/terraform/gcp_outputs.tf: -------------------------------------------------------------------------------- 1 | 2 | 3 | /* 4 | * Terraform output variables for GCP. 5 | */ 6 | 7 | output "gcp_instance_external_ip" { 8 | value = <<-EOF 9 | ${google_compute_instance.gcp-vm.network_interface[0].access_config[0].nat_ip} 10 | EOF 11 | 12 | } 13 | 14 | output "gcp_instance_internal_ip" { 15 | value = google_compute_instance.gcp-vm.network_interface[0].network_ip 16 | } 17 | 18 | -------------------------------------------------------------------------------- /home/infrastructure-as-code/terraform-gcp/taskset/task-008-building-a-vpn-between-gcp-and-aws/autonetdeploy-multicloudvpn/terraform/gcp_security.tf: -------------------------------------------------------------------------------- 1 | 2 | 3 | /* 4 | * Terraform security (firewall) resources for GCP. 5 | */ 6 | 7 | # Allow PING testing. 8 | resource "google_compute_firewall" "gcp-allow-icmp" { 9 | name = "${google_compute_network.gcp-network.name}-gcp-allow-icmp" 10 | network = google_compute_network.gcp-network.name 11 | 12 | allow { 13 | protocol = "icmp" 14 | } 15 | 16 | source_ranges = [ 17 | "0.0.0.0/0", 18 | ] 19 | } 20 | 21 | # Allow SSH for iperf testing. 22 | resource "google_compute_firewall" "gcp-allow-ssh" { 23 | name = "${google_compute_network.gcp-network.name}-gcp-allow-ssh" 24 | network = google_compute_network.gcp-network.name 25 | 26 | allow { 27 | protocol = "tcp" 28 | ports = ["22"] 29 | } 30 | 31 | source_ranges = [ 32 | "0.0.0.0/0", 33 | ] 34 | } 35 | 36 | # Allow traffic from the VPN subnets. 37 | resource "google_compute_firewall" "gcp-allow-vpn" { 38 | name = "${google_compute_network.gcp-network.name}-gcp-allow-vpn" 39 | network = google_compute_network.gcp-network.name 40 | 41 | allow { 42 | protocol = "tcp" 43 | ports = ["0-65535"] 44 | } 45 | 46 | allow { 47 | protocol = "udp" 48 | ports = ["0-65535"] 49 | } 50 | 51 | source_ranges = [ 52 | var.aws_subnet1_cidr, 53 | ] 54 | } 55 | 56 | # Allow TCP traffic from the Internet. 57 | resource "google_compute_firewall" "gcp-allow-internet" { 58 | name = "${google_compute_network.gcp-network.name}-gcp-allow-internet" 59 | network = google_compute_network.gcp-network.name 60 | 61 | allow { 62 | protocol = "tcp" 63 | ports = ["80"] 64 | } 65 | 66 | source_ranges = [ 67 | "0.0.0.0/0", 68 | ] 69 | } 70 | 71 | resource "google_compute_firewall" "https" { 72 | name = "gcp-network-https" 73 | network = google_compute_network.gcp-network.name 74 | allow { 75 | protocol = "tcp" 76 | ports = ["443"] 77 | } 78 | direction = "INGRESS" 79 | source_ranges = ["0.0.0.0/0"] 80 | } 81 | 82 | resource "google_compute_firewall" "gcp-allow-all" { 83 | name = "gcp-network-allow-all" 84 | network = google_compute_network.gcp-network.name 85 | allow { 86 | protocol = "all" 87 | } 88 | direction = "INGRESS" 89 | source_ranges = ["0.0.0.0/0"] 90 | } -------------------------------------------------------------------------------- /home/infrastructure-as-code/terraform-gcp/taskset/task-008-building-a-vpn-between-gcp-and-aws/autonetdeploy-multicloudvpn/terraform/gcp_variables.tf: -------------------------------------------------------------------------------- 1 | 2 | 3 | /* 4 | * Terraform variable declarations for GCP. 5 | */ 6 | 7 | variable "gcp_credentials_file_path" { 8 | description = "Locate the GCP credentials .json file." 9 | type = string 10 | } 11 | 12 | variable "gcp_project_id" { 13 | description = "GCP Project ID." 14 | type = string 15 | } 16 | 17 | variable "gcp_region" { 18 | description = "Default to Oregon region." 19 | default = "us-central1" 20 | } 21 | 22 | variable "gcp_instance_type" { 23 | description = "Machine Type. Correlates to an network egress cap." 24 | default = "n1-standard-1" 25 | } 26 | 27 | variable "gcp_disk_image" { 28 | description = "Boot disk for gcp_instance_type." 29 | default = "projects/ubuntu-os-cloud/global/images/family/ubuntu-1804-lts" 30 | } 31 | 32 | variable "gcp_network_cidr" { 33 | default = "10.240.0.0/16" 34 | } 35 | 36 | variable "gcp_subnet1_cidr" { 37 | default = "10.240.0.0/24" 38 | } 39 | 40 | variable "gcp_vm_address" { 41 | description = "Private IP address for GCP VM instance." 42 | default = "10.240.0.100" 43 | } 44 | 45 | variable "GCP_TUN1_VPN_GW_ASN" { 46 | description = "Tunnel 1 - Virtual Private Gateway ASN, from the AWS VPN Customer Gateway Configuration" 47 | default = "64512" 48 | } 49 | 50 | variable "GCP_TUN1_CUSTOMER_GW_INSIDE_NETWORK_CIDR" { 51 | description = "Tunnel 1 - Customer Gateway from Inside IP Address CIDR block, from AWS VPN Customer Gateway Configuration" 52 | default = "30" 53 | } 54 | 55 | variable "GCP_TUN2_VPN_GW_ASN" { 56 | description = "Tunnel 2 - Virtual Private Gateway ASN, from the AWS VPN Customer Gateway Configuration" 57 | default = "64512" 58 | } 59 | 60 | variable "GCP_TUN2_CUSTOMER_GW_INSIDE_NETWORK_CIDR" { 61 | description = "Tunnel 2 - Customer Gateway from Inside IP Address CIDR block, from AWS VPN Customer Gateway Configuration" 62 | default = "30" 63 | } 64 | 65 | -------------------------------------------------------------------------------- /home/infrastructure-as-code/terraform-gcp/taskset/task-008-building-a-vpn-between-gcp-and-aws/autonetdeploy-multicloudvpn/terraform/main.tf: -------------------------------------------------------------------------------- 1 | 2 | /* 3 | * Terraform main configuration file (with provider definitions). 4 | */ 5 | 6 | provider "google" { 7 | version = "4.18.0" 8 | 9 | credentials = file(var.gcp_credentials_file_path) 10 | 11 | # Should be able to parse project from credentials file but cannot. 12 | # Cannot convert string to map and cannot interpolate within variables. 13 | project = var.gcp_project_id 14 | 15 | region = var.gcp_region 16 | } 17 | 18 | provider "aws" { 19 | version = "4.10.0" 20 | 21 | shared_credentials_file = pathexpand(var.aws_credentials_file_path) 22 | 23 | region = var.aws_region 24 | } 25 | 26 | -------------------------------------------------------------------------------- /home/infrastructure-as-code/terraform-gcp/taskset/task-008-building-a-vpn-between-gcp-and-aws/autonetdeploy-multicloudvpn/terraform/run_graph.sh: -------------------------------------------------------------------------------- 1 | #!/bin/bash 2 | 3 | 4 | # Run Terraform graph command with some color-formatting and emit a png. 5 | # terraform graph -type plan | dot -Tpng > graph.png 6 | # 7 | # Useful graphviz links: 8 | # graphviz docs: http://www.graphviz.org/doc/info/attrs.html 9 | # graphviz colors: http://www.graphviz.org/doc/info/colors.html 10 | # webgraphviz viewer: http://www.webgraphviz.com 11 | 12 | 13 | function runGraph() { 14 | local THIS_DIR="$( cd "$( dirname "${BASH_SOURCE[0]}" )" && pwd )" 15 | local T_CMD="terraform graph -type plan" 16 | local D_CMD='dot -Tpng' 17 | local SED_EX1='s/\[root\] //g' 18 | local SED_EX2='/.*aws.*shape = "box"/ s/shape = "box"/shape = "box", style = "filled", fillcolor = "coral"/' 19 | local SED_EX3='/.*google.*shape = "box"/ s/shape = "box"/shape = "box", style = "filled", fillcolor = "deepskyblue"/' 20 | local SED_EX4='s/shape = "diamond"/shape = "diamond", style = "filled", fillcolor = "aquamarine"/' 21 | local OUT_FILE="${THIS_DIR}/gcpawsvpn_plan_graph.png" 22 | 23 | if [ -e ${OUT_FILE} ]; then 24 | echo "${OUT_FILE} already exists. Exiting." 25 | exit 1 26 | fi 27 | 28 | ${T_CMD} | sed -e "${SED_EX1}" -e "${SED_EX2}" -e "${SED_EX3}" \ 29 | -e "${SED_EX4}" | ${D_CMD} > ${OUT_FILE} 30 | echo "Wrote ${OUT_FILE}." 31 | } 32 | 33 | runGraph 34 | -------------------------------------------------------------------------------- /home/infrastructure-as-code/terraform-gcp/taskset/task-008-building-a-vpn-between-gcp-and-aws/autonetdeploy-multicloudvpn/terraform/vm_userdata.sh: -------------------------------------------------------------------------------- 1 | #!/bin/bash -xe 2 | 3 | 4 | # Make it easy to run iperf3. 5 | echo "iperf3 -c -p 80 -i 1 -t 30 -P 8 -V" > /tmp/run_iperf_to_ext.sh 6 | chmod 755 /tmp/run_iperf_to_ext.sh 7 | echo "iperf3 -c -p 80 -i 1 -t 30 -P 8 -V" > /tmp/run_iperf_to_int.sh 8 | chmod 755 /tmp/run_iperf_to_int.sh 9 | 10 | # Setup iperf3. 11 | apt-get update 12 | apt-get install -y iperf3 13 | 14 | cat > /etc/systemd/system/iperf3.service <', $line); 16 | if (!empty($line)) { 17 | // $line = '`'.$line.'`'; 18 | // $objectives .= ($objectives ? ', ' : '') . $line; 19 | $objectives .= ($objectives ? '
' : '') . $line; 20 | } 21 | } 22 | } else { 23 | echo "\nNo matches found."; 24 | } 25 | 26 | $patter_for_skills = '/\*\*Skills\*\*(.*?)\*\*Version Stack\*\*/s'; 27 | if (preg_match($patter_for_skills, $file_contents, $matches_for_keywords)) { 28 | $matched_lines_between_pattern_for_keywords = explode("\n", $matches_for_keywords[1]); 29 | $skills = ''; 30 | foreach ($matched_lines_between_pattern_for_keywords as $line) { 31 | $line = trim($line); 32 | $line = str_replace('-', '', $line); 33 | if (!empty($line)) { 34 | $line = '`'.$line.'`'; 35 | $skills .= ($skills ? ', ' : '') . $line; 36 | // $skills .= ($skills ? '
' : '') . $line; 37 | } 38 | } 39 | } else { 40 | echo "No matches found."; 41 | } 42 | 43 | $task_name = basename($task_folder); 44 | $task_name = substr($task_name, 5, 3); 45 | 46 | $row = "| [$task_name]($task_folder) | $skills | $objectives |"; 47 | array_push($rows, $row); 48 | } 49 | 50 | $table = $header_row . "\n" . implode("\n", $rows); 51 | 52 | echo $table; 53 | file_put_contents("ReadMe.md", $table); 54 | 55 | # https://github.com/nvuillam/markdown-table-formatter 56 | # npm install markdown-table-formatter -g 57 | exec('markdown-table-formatter'); 58 | 59 | ?> 60 | -------------------------------------------------------------------------------- /home/web-servers/nginx/ReadMe.md: -------------------------------------------------------------------------------- 1 | # Nginx Tasks 2 | 3 | 4 | 5 | 6 | ## Learning Tasks 7 | 8 | 9 | | S.No | Stack | Tasks | High Level Objective | 10 | |------|---------------|------------------------------------------|-----------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------| 11 | | 1 | Nginx, Docker | [task-001-run-nginx](task-001-run-nginx) |
  • Running nginx on local using docker run
    Exploring the config file /etc/nginx/conf.d/default.conf
  • Exploring files /etc/nginx/conf.d/default.conf,/usr/share/nginx/html index.html and 50x.html
  • Copy the files to local directory | 12 | 13 | 14 | 15 | 16 | 17 | 18 | 19 | 20 | 21 | 22 | 23 | 24 | []() -------------------------------------------------------------------------------- /home/web-servers/nginx/task-001-run-nginx/50x.html: -------------------------------------------------------------------------------- 1 | 2 | 3 | 4 | Error 5 | 10 | 11 | 12 |

    An error occurred.

    13 |

    Sorry, the page you are looking for is currently unavailable.
    14 | Please try again later.

    15 |

    If you are the system administrator of this resource then you should check 16 | the error log for details.

    17 |

    Faithfully yours, nginx.

    18 | 19 | 20 | -------------------------------------------------------------------------------- /home/web-servers/nginx/task-001-run-nginx/ReadMe.md: -------------------------------------------------------------------------------- 1 | # Run Nginx on local 2 | 3 | - [docs.docker.com/samples/nginx](https://docs.docker.com/samples/nginx) 4 | - [docs.nginx.com/nginx/admin-guide/installing-nginx/installing-nginx-docker](https://docs.nginx.com/nginx/admin-guide/installing-nginx/installing-nginx-docker) 5 | - [hub.docker.com/_/nginx](https://hub.docker.com/_/nginx) 6 | 7 | **High Level Objectives** 8 | - Running nginx on local using docker run 9 | - Exploring files /etc/nginx/conf.d/default.conf,/usr/share/nginx/html index.html and 50x.html 10 | - Copy the files to local directory 11 | 12 | **Skills** 13 | - nginx 14 | - docker 15 | - default.conf 16 | 17 | 18 | **Version Stack** 19 | 20 | | Stack | Version | 21 | |-------|--------------| 22 | | nginx | nginx/1.23.2 | 23 | 24 | 25 | ### Running nginx using docker and access on port 80 of host 26 | 27 | ```bash 28 | ❯ docker run -it --rm -d -p 8080:80 --name nginx nginx 29 | 92268273c3173345ac4a00a480cc05971de55bd5280b85b03e0968af4e600e9e 30 | 31 | ❯ docker ps -a 32 | CONTAINER ID IMAGE COMMAND CREATED STATUS PORTS NAMES 33 | 92268273c317 nginx "/docker-entrypoint.…" 22 seconds ago Up 21 seconds 0.0.0.0:8080->80/tcp nginx 34 | ``` 35 | 36 | Accessing on [http://localhost:8080](http://localhost:8080) 37 | 38 | ```bash 39 | ❯ curl -s -o /dev/null localhost:8080 -I -w "%{http_code}" 40 | 200 41 | ``` 42 | 43 | ## Exploring the files 44 | 45 | ```bash 46 | ❯ docker exec -it nginx bash 47 | root@92268273c317:/# ls /etc/nginx/conf.d/ 48 | default.conf 49 | root@92268273c317:/# ls /usr/share/nginx/html 50 | 50x.html index.html 51 | root@92268273c317:/# exit 52 | ❯ 53 | ``` 54 | 55 | ## Copy the files to local 56 | 57 | ```bash 58 | ❯ docker cp nginx:/usr/share/nginx/html/50x.html 50x.html 59 | ❯ docker cp nginx:/usr/share/nginx/html/index.html index.html 60 | ❯ docker cp nginx:/etc/nginx/conf.d/default.conf default.conf 61 | ❯ ls 62 | 50x.html ReadMe.md default.conf index.html 63 | ``` 64 | 65 | -------------------------------------------------------------------------------- /home/web-servers/nginx/task-001-run-nginx/default.conf: -------------------------------------------------------------------------------- 1 | server { 2 | listen 80; 3 | listen [::]:80; 4 | server_name localhost; 5 | 6 | #access_log /var/log/nginx/host.access.log main; 7 | 8 | location / { 9 | root /usr/share/nginx/html; 10 | index index.html index.htm; 11 | } 12 | 13 | #error_page 404 /404.html; 14 | 15 | # redirect server error pages to the static page /50x.html 16 | # 17 | error_page 500 502 503 504 /50x.html; 18 | location = /50x.html { 19 | root /usr/share/nginx/html; 20 | } 21 | 22 | # proxy the PHP scripts to Apache listening on 127.0.0.1:80 23 | # 24 | #location ~ \.php$ { 25 | # proxy_pass http://127.0.0.1; 26 | #} 27 | 28 | # pass the PHP scripts to FastCGI server listening on 127.0.0.1:9000 29 | # 30 | #location ~ \.php$ { 31 | # root html; 32 | # fastcgi_pass 127.0.0.1:9000; 33 | # fastcgi_index index.php; 34 | # fastcgi_param SCRIPT_FILENAME /scripts$fastcgi_script_name; 35 | # include fastcgi_params; 36 | #} 37 | 38 | # deny access to .htaccess files, if Apache's document root 39 | # concurs with nginx's one 40 | # 41 | #location ~ /\.ht { 42 | # deny all; 43 | #} 44 | } 45 | 46 | -------------------------------------------------------------------------------- /home/web-servers/nginx/task-001-run-nginx/index.html: -------------------------------------------------------------------------------- 1 | 2 | 3 | 4 | Welcome to nginx! 5 | 10 | 11 | 12 |

    Welcome to nginx!

    13 |

    If you see this page, the nginx web server is successfully installed and 14 | working. Further configuration is required.

    15 | 16 |

    For online documentation and support please refer to 17 | nginx.org.
    18 | Commercial support is available at 19 | nginx.com.

    20 | 21 |

    Thank you for using nginx.

    22 | 23 | 24 | -------------------------------------------------------------------------------- /home/web-servers/nginx/task-002-nginx-conf/conf.d/default.conf: -------------------------------------------------------------------------------- 1 | # This block defines the main server configuration. 2 | server { 3 | # It specifies that the server will listen on port 80, 4 | listen 80; 5 | # accept IPv6 connections 6 | listen [::]:80; 7 | # and have a server name of "localhost". 8 | server_name localhost; 9 | 10 | # This block defines the configuration for access logging. It specifies the location of the access log file and the log format. 11 | access_log /var/log/nginx/host.access.log main; 12 | 13 | # This block defines the configuration for the root location. 14 | # It specifies that any request to the root URL ("/") should be served from the "/usr/share/nginx/html" 15 | # directory and that the server should look for "index.html" or "index.htm" files in that directory. 16 | location / { 17 | root /usr/share/nginx/html; 18 | index index.html index.htm; 19 | } 20 | 21 | # This block defines the configuration for the 404 error page. 22 | # It specifies that the server should look for the "/usr/share/nginx/html/404.html" file when it encounters a 404 error. 23 | #error_page 404 /404.html; 24 | 25 | # redirect server error pages to the static page /50x.html 26 | # 27 | # This block defines the error pages that will be displayed when the server encounters certain errors. 28 | # In this case, if the server encounters a 500, 502, 503, or 504 error, it will display the "/usr/share/nginx/html/50x.html" file. 29 | error_page 500 502 503 504 /50x.html; 30 | 31 | # This block defines the configuration for the "/50x.html" URL. 32 | # It specifies that the server should look for the file in the "/usr/share/nginx/html" directory. 33 | location = /50x.html { 34 | root /usr/share/nginx/html; 35 | } 36 | 37 | # proxy the PHP scripts to Apache listening on 127.0.0.1:80 38 | # 39 | # This block provides an example of how to proxy PHP scripts to an Apache server listening on localhost:80. 40 | #location ~ \.php$ { 41 | # proxy_pass http://127.0.0.1; 42 | #} 43 | location /proxyme { 44 | proxy_pass http://localhost:1337/index.html; 45 | } 46 | 47 | 48 | # pass the PHP scripts to FastCGI server listening on 127.0.0.1:9000 49 | # 50 | # This block provides an example of how to pass PHP scripts to a FastCGI server listening on localhost:9000. 51 | # It also specifies the location of the FastCGI server, the FastCGI index file, and the FastCGI parameters. 52 | #location ~ \.php$ { 53 | # root html; 54 | # fastcgi_pass 127.0.0.1:9000; 55 | # fastcgi_index index.php; 56 | # fastcgi_param SCRIPT_FILENAME /scripts$fastcgi_script_name; 57 | # include fastcgi_params; 58 | #} 59 | 60 | # deny access to .htaccess files, if Apache's document root 61 | # concurs with nginx's one 62 | # 63 | # This block provides an example of how to deny access to .htaccess files. 64 | # It specifies that any request that starts with a "." followed by "ht" (i.e., a request for a .htaccess file) should be denied access. 65 | #location ~ /\.ht { 66 | # deny all; 67 | #} 68 | location /denyme { 69 | deny all; 70 | } 71 | } -------------------------------------------------------------------------------- /home/web-servers/nginx/task-002-nginx-conf/html/50x.html: -------------------------------------------------------------------------------- 1 | 2 | 3 | 4 | Error 5 | 10 | 11 | 12 |

    An error occurred.

    13 |

    Sorry, the page you are looking for is currently unavailable.
    14 | Please try again later.

    15 |

    If you are the system administrator of this resource then you should check 16 | the error log for details.

    17 |

    Faithfully yours, nginx.

    18 | 19 | 20 | -------------------------------------------------------------------------------- /home/web-servers/nginx/task-002-nginx-conf/html/index.html: -------------------------------------------------------------------------------- 1 | 2 | 3 | Docker nginx Tutorial 4 | 5 | 6 |
    7 |

    Hello Nginx

    8 |

    This nginx page is brought to you by Docker

    9 |
    10 | 11 | --------------------------------------------------------------------------------