Google Cloud Platform(GCP) 学习笔记

GCP 基础知识

GCP 于 AWS 很相似，通过不同云平台的一些概念对比，快速了解GCP。

Also read the services mapping table between different cloud providers here.

	GCP	AWS	Azure
Compute	Compute Engine	EC2	Azure Virtual Machines
Block storage	Persistent Disk	Amazon Elastic Block Store (EBS)	Azure Managed Disks
File storage	Filestore	Amazon Elastic File System (EFS)	Azure Disk Storage, Azure Files
Object storage	Cloud Storage	AWS Simple Storage Service (S3)	Azure Blob Storage
Containers	Google Kubernetes Engine	Amazon Elastic Kubernetes Service (EKS), Amazon Elastic Container Service (ECS)	Azure Kubernetes Service (AKS)
Containers	Artifact Registry	Amazon Elastic Container Registry (ECR)	Azure Container Registry
No SQL	Cloud Bigtable	Amazon DynamoDB	Azure Cosmos DB
Command-line interface (CLI)	Cloud SDK	AWS CLI	Azure CLI
networking	Virtual Private Cloud (VPC)	Amazon Virtual Private Cloud (VPC)	Azure Virtual Network
networking	Cloud NAT 没有 internet GW	Amazon VPC NAT instances	Azure NAT
Monitoring	Cloud Monitoring	Amazon CloudWatch	Azure Monitor
IAM	Cloud Identity	AWS Identity Services	Azure Active Directory
IAM	Identity and Access Management	Amazon Identity and Access Management	Azure Identity Management
	API Service account		service principal
	project		subscription

Install Cloud SDK

official method

用官方的方法安装CLI 出了问题，我使用下面的方式
Below steps are verified on WSL ubuntu 16.04

$ export https_proxy=xxx
$ curl https://sdk.cloud.google.com | bash

update path for gcloud tool and then set browser on Windows for popup browser.

$ export BROWSER="/mnt/c/Program Files (x86)/Microsoft/Edge/Application/msedge.exe"

Cloud SDK 基础使用

gcloud cheatsheet

Verify basic usage.

gcloud init --console-only

gcloud auth login

gcloud projects list

gcloud config set project PROJECT_ID

gcloud compute networks create NETWORK \
    --subnet-mode=custom \
    [ --enable-ula-internal-ipv6 [ --internal-ipv6-range=ULA_IPV6_RANGE ]] \
    --bgp-routing-mode=DYNAMIC_ROUTING_MODE \
    --mtu=MTU

gcloud compute networks subnets create SUBNET \
    --network=NETWORK \
    --range=PRIMARY_RANGE \
    --region=REGION
   
gcloud compute instances create VM_NAME \
    --network=NETWORK_NAME \
    --subnet=SUBNET_NAME \
    --zone=ZONE

Create VM via gcloud cli

相关的组件必须一个一个创建，不如 Azure CLI 使用那么方便。

create network via gcloud command

Create VPC

$ gcloud compute networks create roy-vpc \
    --subnet-mode=custom \
    --bgp-routing-mode=global
Created [https://www.googleapis.com/compute/v1/projects/xxx/global/networks/roy-vpc].
NAME     SUBNET_MODE  BGP_ROUTING_MODE  IPV4_RANGE  GATEWAY_IPV4
roy-vpc  CUSTOM       GLOBAL

Instances on this network will not be reachable until firewall rules
are created. As an example, you can allow all internal traffic between
instances as well as SSH, RDP, and ICMP by running:

    $ gcloud compute firewall-rules create  --network roy-vpc --allow tcp,udp,icmp --source-ranges 
    $ gcloud compute firewall-rules create  --network roy-vpc --allow tcp:22,tcp:3389,icmp
    
$ gcloud compute firewall-rules create allow-ssh --network roy-vpc --allow tcp:22,tcp:3389,icmp
Creating firewall...⠹Created [https://www.googleapis.com/compute/v1/projects/xxx/global/firewalls/allow-ssh].
Creating firewall...done.
NAME       NETWORK  DIRECTION  PRIORITY  ALLOW                 DENY  DISABLED
allow-ssh  roy-vpc  INGRESS    1000      tcp:22,tcp:3389,icmp        False

$ gcloud compute networks subnets create roy-pub-subnet \
    --network=roy-vpc \
    --range=10.2.2.0/24 \
    --region=us-west1
Created [https://www.googleapis.com/compute/v1/projects/xxx/regions/us-west1/subnetworks/roy-pub-subnet].
NAME            REGION    NETWORK  RANGE        STACK_TYPE  IPV6_ACCESS_TYPE  INTERNAL_IPV6_PREFIX  EXTERNAL_IPV6_PREFIX
roy-pub-subnet  us-west1  roy-vpc  10.2.2.0/24  IPV4_ONLY

Create VM

$ gcloud compute instances create roy-cli-vm \
    --network=roy-vpc \
    --subnet=roy-pub-subnet \
    --zone=us-west1-a
Created [https://www.googleapis.com/compute/v1/projects/xxx/zones/us-west1-a/instances/roy-cli-vm].
NAME        ZONE        MACHINE_TYPE   PREEMPTIBLE  INTERNAL_IP  EXTERNAL_IP   STATUS
roy-cli-vm  us-west1-a  n1-standard-1               10.2.2.2     34.145.101.0  RUNNING

Connect to the new VM

It will generate new ssh key -> update instance ssh metadata -> ssh connect

gcloud compute ssh --project=PROJECT_ID --zone=ZONE VM_NAME

e.g.

Delete VM

$ gcloud compute instances delete roy-cli-vm --zone=us-west1-a
The following instances will be deleted. Any attached disks configured to be auto-deleted will be deleted unless they are
attached to any other instances or the `--keep-disks` flag is given and specifies them for keeping. Deleting a disk is
irreversible and any data on the disk will be lost.
 - [roy-cli-vm] in [us-west1-a]

Do you want to continue (Y/n)?

Deleted [https://www.googleapis.com/compute/v1/projects/xxx/zones/us-west1-a/instances/roy-cli-vm].

Delete VPC

should delete firewall, subnet, vpc one by one.

$ gcloud compute networks subnets delete roy-pub-subnet --region=us-west1

$ gcloud compute firewall-rules delete allow-ssh

$ gcloud compute networks delete roy-vpc

通过 Terraform 创建VM

official doc

Read the google provider Terraform documentation.

Enable ADCs:

gcloud auth application-default login

Try terraform deploy.

Get example from github https://github.com/act-labs/gcp-terraform.git

$ cd gcp-terraform
$ vi variables.tf #for prefer setting
$ cp ~/.ssh/id_rsa.pub ./ssh-key.pub
$ vi main.tf   # for ssh key

setting for ssh key in VM.

resource "google_compute_instance" "webservers" {
...

  metadata = {
    ssh-keys = "${var.ssh_user}:${file(var.ssh_pub_key_file)}"
  }

verify

$ terraform init .
$ terraform apply --auto-approve

Create VM from Web Console

login https://console.cloud.google.com/

create VPC -> create VM

参考 https://cloud.google.com/compute/docs/instances/create-start-instance
略