Site icon Learning & Doing

Ensure Access & Identity in Google Cloud: Challenge Lab

acces

“Ensure Access & Identity in Google Cloud: Challenge Lab”

Solusi

Task 1

nano role-definition.yaml

title: "orca_something_XXX" 
description: "Permissions"
stage: "ALPHA"
includedPermissions:
- storage.buckets.get
- storage.objects.get
- storage.objects.list
- storage.objects.update
- storage.objects.create


Ctrl + X --> Y --> Enter

gcloud iam roles create orca_something_XXX --project $DEVSHELL_PROJECT_ID \
--file role-definition.yaml

Task 2

gcloud iam service-accounts create orca-private-cluster-120-sa \
   --display-name "orca private cluster 120 sa"

Task 3

gcloud projects add-iam-policy-binding $DEVSHELL_PROJECT_ID \
   --member serviceAccount:orca-private-cluster-120-sa@$DEVSHELL_PROJECT_ID.iam.gserviceaccount.com --role projects/$DEVSHELL_PROJECT_ID/roles/orca_storage_editor_979

gcloud projects add-iam-policy-binding $DEVSHELL_PROJECT_ID \
   --member serviceAccount:orca-private-cluster-120-sa@$DEVSHELL_PROJECT_ID.iam.gserviceaccount.com --role roles/monitoring.viewer

gcloud projects add-iam-policy-binding $DEVSHELL_PROJECT_ID \
   --member serviceAccount:orca-private-cluster-120-sa@$DEVSHELL_PROJECT_ID.iam.gserviceaccount.com --role roles/monitoring.metricWriter

gcloud projects add-iam-policy-binding $DEVSHELL_PROJECT_ID \
   --member serviceAccount:orca-private-cluster-120-sa@$DEVSHELL_PROJECT_ID.iam.gserviceaccount.com --role roles/logging.logWriter

Task 4

gcloud container clusters create orca-cluster-316 \
--num-nodes 1 --master-ipv4-cidr=172.16.0.64/28 --network orca-build-vpc --subnetwork orca-build-subnet --enable-master-authorized-networks  \
--master-authorized-networks 192.168.10.2/32 --enable-ip-alias --enable-private-nodes --enable-private-endpoint \
--service-account orca-private-cluster-120-sa@<Project ID>.iam.gserviceaccount.com --zone us-east1-b

Task 5

Navigate to Compute Engine in the Cloud Console.
Click on the SSH button for the orca-jumphost instance.
In the SSH window, connect to the private cluster by running the following:

gcloud container clusters get-credentials orca-cluster-316 --internal-ip --zone us-east1-b --project <Project ID>

kubectl create deployment hello-server --image=gcr.io/google-samples/hello-app:1.0

kubectl expose deployment hello-server --name orca-cluster-316 \
   --type LoadBalancer --port 80 --target-port 8080

Penutup

Sahabat Blog Learning & Doing demikianlah penjelasan mengenai Ensure Access & Identity in Google Cloud: Challenge Lab. Semoga Bermanfaat . Sampai ketemu lagi di postingan berikut nya.

Exit mobile version