...
| Code Block | ||
|---|---|---|
| ||
michael@cloudshell:~ (clouddeploy-ol)$ gcloud container clusters create-auto quickstart-cluster-qsdev --project=clouddeploy-ol --region=us-central1 && gcloud container clusters create-auto quickstart-cluster-qsprod --project=clouddeploy-ol --region=us-central1 Note: The Pod address range limits the maximum size of the cluster. Please refer to https://cloud.google.com/kubernetes-engine/docs/how-to/flexible-pod-cidr to learn how to optimize IP address allocation. Creating cluster quickstart-cluster-qsdev in us-central1... Cluster is being deployed...working 5min Creating cluster quickstart-cluster-qsdev in us-central1... Cluster is being health-checked (master is healthy)...working. Created [https://container.googleapis.com/v1/projects/clouddeploy-ol/zones/us-central1/clusters/quickstart-cluster-qsdev]. To inspect the contents of your cluster, go to: https://console.cloud.google.com/kubernetes/workload_/gcloud/us-central1/quickstart-cluster-qsdev?project=clouddeploy-ol kubeconfig entry generated for quickstart-cluster-qsdev. NAME: quickstart-cluster-qsdev LOCATION: us-central1 MASTER_VERSION: 1.21.6-gke.1503 MASTER_IP: 35.188.77.181 MACHINE_TYPE: e2-medium NODE_VERSION: 1.21.6-gke.1503 NUM_NODES: 3 STATUS: RUNNING Note: The Pod address range limits the maximum size of the cluster. Please refer to https://cloud.google.com/kubernetes-engine/docs/how-to/flexible-pod-cidr to learn how to optimize IP address allocation. Creating cluster quickstart-cluster-qsprod in us-central1...working.. |
20220927: Cloud Deploy Quickstart - Cloud Run
https://console.cloud.google.com/deploy/delivery-pipelines?referrer=search&project=clouddeploy-gz
| Code Block | ||
|---|---|---|
| ||
Welcome to Cloud Shell! Type "help" to get started.
To set your Cloud Platform project in this session use “gcloud config set project [PROJECT_ID]”
michael@cloudshell:~$ gcloud config set project clouddeploy-gz
Updated property [core/project].
michael@cloudshell:~ (clouddeploy-gz)$ gcloud projects add-iam-policy-binding clouddeploy-ol \
--member=serviceAccount:$(gcloud projects describe clouddeploy-ol \
--format="value(projectNumber)")-compute@developer.gserviceaccount.com \
--role="roles/clouddeploy.jobRunner"
ERROR: (gcloud.projects.describe) User [michael@gcp.zone] does not have permission to access projects instance [clouddeploy-ol] (or it may not exist): The caller does not have permission
ERROR: (gcloud.projects.add-iam-policy-binding) User [michael@gcp.zone] does not have permission to access projects instance [clouddeploy-ol:getIamPolicy] (or it may not exist): The caller does not have permission
michael@cloudshell:~ (clouddeploy-gz)$ gcloud projects add-iam-policy-binding clouddeploy-gz --member=serviceAccount:$(gcloud projects describe clouddeploy-gz \
--format="value(projectNumber)")-compute@developer.gserviceaccount.com --role="roles/clouddeploy.jobRunner"
ERROR: Policy modification failed. For a binding with condition, run "gcloud alpha iam policies lint-condition" to identify issues in condition.
ERROR: (gcloud.projects.add-iam-policy-binding) INVALID_ARGUMENT: Service account 400677570484-compute@developer.gserviceaccount.com does not exist.
|
Enable APIs (get them)
|
| Code Block | ||
|---|---|---|
| ||
michael@cloudshell:~ (clouddeploy-gz)$ gcloud projects add-iam-policy-binding clouddeploy-gz --member=serviceAccount:$(gcloud projects describe clouddeploy-gz \
--format="value(projectNumber)")-compute@developer.gserviceaccount.com --role="roles/clouddeploy.jobRunner"
Updated IAM policy for project [clouddeploy-gz].
bindings:
- members:
- serviceAccount:400677570484@cloudbuild.gserviceaccount.com
role: roles/cloudbuild.builds.builder
- members:
- serviceAccount:service-400677570484@gcp-sa-cloudbuild.iam.gserviceaccount.com
role: roles/cloudbuild.serviceAgent
- members:
- serviceAccount:400677570484-compute@developer.gserviceaccount.com
role: roles/clouddeploy.jobRunner
- members:
- serviceAccount:service-400677570484@containerregistry.iam.gserviceaccount.com
role: roles/containerregistry.ServiceAgent
- members:
- serviceAccount:400677570484-compute@developer.gserviceaccount.com
role: roles/editor
- members:
- user:michael@gcp.zone
role: roles/owner
- members:
- serviceAccount:service-400677570484@gcp-sa-pubsub.iam.gserviceaccount.com
role: roles/pubsub.serviceAgent
- members:
- serviceAccount:service-400677570484@serverless-robot-prod.iam.gserviceaccount.com
role: roles/run.serviceAgent
etag: BwXpqM |
Review
20220927-1: add PROJECT_ID var
https://cloud.google.com/deploy/docs/deploy-app-run
michael@cloudshell:~ (clouddeploy-gz)$ export PROJECT_ID=clouddeploy-gz
michael@cloudshell:~ (clouddeploy-gz)$ gcloud projects add-iam-policy-binding PROJECT_ID \
--member=serviceAccount:$(gcloud projects describe PROJECT_ID \
--format="value(projectNumber)")-compute@developer.gserviceaccount.com \
--role="roles/clouddeploy.jobRunner"
ERROR: (gcloud.projects.describe) INVALID_ARGUMENT: Request contains an invalid argument.
ERROR: (gcloud.projects.add-iam-policy-binding) INVALID_ARGUMENT: Request contains an invalid argument.
michael@cloudshell:~ (clouddeploy-gz)$ gcloud projects add-iam-policy-binding $PROJECT_ID --member=serviceAccount:$(gcloud projects describe $PROJECT_ID \
--format="value(projectNumber)")-compute@developer.gserviceaccount.com --role="roles/clouddeploy.jobRunner"
Updated IAM policy for project [clouddeploy-gz].
bindings:
- members:
- serviceAccount:400677570484@cloudbuild.gserviceaccount.com
role: roles/cloudbuild.builds.builder
- members:
- serviceAccount:service-400677570484@gcp-sa-cloudbuild.iam.gserviceaccount.com
role: roles/cloudbuild.serviceAgent
- members:
- serviceAccount:400677570484-compute@developer.gserviceaccount.com
role: roles/clouddeploy.jobRunner
- members:
- serviceAccount:service-400677570484@containerregistry.iam.gserviceaccount.com
role: roles/containerregistry.ServiceAgent
- members:
- serviceAccount:400677570484-compute@developer.gserviceaccount.com
role: roles/editor
- members:
- user:michael@gcp.zone
role: roles/owner
- members:
- serviceAccount:service-400677570484@gcp-sa-pubsub.iam.gserviceaccount.com
role: roles/pubsub.serviceAgent
- members:
- serviceAccount:service-400677570484@serverless-robot-prod.iam.gserviceaccount.com
role: roles/run.serviceAgent
etag: BwXpqN_aKDo=
version: 1