GCP Notes

 retrieve gserviceaccount key:


gcloud iam service-accounts keys create key.json --iam-account=drx-payment-deployer@ld-drx-prod.iam.gserviceaccount.com


Activate Service Account:

gcloud auth activate-service-account --key-file=service-account-key-file.json


gcloud auth activate-service-account serves the same function as gcloud auth login but uses a service account rather than Google user credentials.



See list of active account:

gcloud auth list


See configuration for log sink:

gcloud logging sinks describe ld-drx-prod  --project=ld-shipyard | grep serviceAccount



gcloud container clusters get-credentials prod-nezbleu --region us-east1 --project ld-shipyard



In stateless we don't need blue green. We can use rolling deployment.


*********************************  GCE  *********************************


Login to a machine you own which does not have an external IP. This will work only if IAP is enabled.


gcloud compute ssh machine-name --tunnel-through-iap



*********************************  SERVICES  *********************************


Command to check the list of services that are enable currently for this project

gcloud services list



*********************************  ORG  *********************************


If you don't want default VPC create on project creation you can disable it at organization level




*********************************  GKE  *********************************

How do you upgrade the GKE Cluster


-----------------------------------------------------------------------------------------------------------------

Connect to a GKE cluster using a service account. SSH into a POD using a service account


# kubectl config view - just to check current kubectl config

gcloud auth activate-service-account --key-file=/Documents/code/payment-dec-sa.json

# gcloud auth list - to verify that service account has been activated

gcloud container clusters get-credentials prod-blue --region us-east1 --project my-shipyard

kubectl config use-context gke_ld-shipyard_us-east1_prod-blue

kubectl config set-context --current --namespace=drx-payment-dev

# kubectl config view - to verify the changes

# kubectl get pods -n drx-payment-dev  - to verify access

kubectl exec my-payment-service-f87794d64-gxp4g -it -- /bin/bash


-----------------------------------------------------------------------------------------------------------------


export GOOGLE_APPLICATION_CREDENTIALS="[PATH]"


Comments

Post a Comment

Popular posts from this blog

Unix Commands

 https://devhints.io/bash  which -- locate a program file in the user's path  Example: which helm echo $OLDPWD - OLDPWD holds the location where you were previously groups - command displays the groups to which current user belongs umask chgrp - Change groupname for a file/folder chown - change owner of a file/folder find . -mtime 0 - files created in last 24 hours Iperf - a tool for network performance measurement and tuning. passwd < username > - change password for the user workload identity GKE set -x enables a mode of the shell where all executed commands are printed to the terminal set +x disables it df -h free -m uptime iostat To run a cammand assigned to a variable: l = ls $l -------------------------------------- There are a few shortcuts if you want all of the arguments from the previous command, or just the last argument. For all of the arguments: <command> !* For just the last argument: <command> !$ I/O Redirection: Crontab: crontab -l Will l...
Read more

Git Commands

 ----------------------------------------------------- Git squash: git reset -soft d0b8a84d git commit -m "squashed everything after d0b8a84d" git push -f git checkout my_branch git reset --soft HEAD~4 git commit git push --force origin my_branch ------------------------------------------------------- git fetch: is the command that tells your local git to retrieve the latest meta-data info from the original (yet doesn’t do any file transferring. It’s more like just checking to see if there are any changes available). git pull: on the other hand does that AND brings (copy) those changes from the remote repository. git config --global user.email "dharmendra.patel@myorg.ca" git submodule: git rm --cached file-name: removes the file from staging area git branch -m <old> <new>: To rename a specific branch git push origin -d branch_name: Remove a remote branch git branch -d branch_name: Delete a branch locally git remote add upstream git-url-from-which-fork-wa...
Read more