Page tree

Versions Compared

Key

  • This line was added.
  • This line was removed.
  • Formatting was changed.

...

Code Block
themeMidnight
michael@cloudshell:~ (clouddeploy-ol)$ gcloud container clusters create-auto quickstart-cluster-qsdev --project=clouddeploy-ol --region=us-central1 && gcloud container clusters create-auto quickstart-cluster-qsprod --project=clouddeploy-ol --region=us-central1
Note: The Pod address range limits the maximum size of the cluster. Please refer to https://cloud.google.com/kubernetes-engine/docs/how-to/flexible-pod-cidr to learn how to optimize IP address allocation.
Creating cluster quickstart-cluster-qsdev in us-central1... Cluster is being deployed...working 
5min
Creating cluster quickstart-cluster-qsdev in us-central1... Cluster is being health-checked (master is healthy)...working. 
Created [https://container.googleapis.com/v1/projects/clouddeploy-ol/zones/us-central1/clusters/quickstart-cluster-qsdev].
To inspect the contents of your cluster, go to: https://console.cloud.google.com/kubernetes/workload_/gcloud/us-central1/quickstart-cluster-qsdev?project=clouddeploy-ol
kubeconfig entry generated for quickstart-cluster-qsdev.
NAME: quickstart-cluster-qsdev
LOCATION: us-central1
MASTER_VERSION: 1.21.6-gke.1503
MASTER_IP: 35.188.77.181
MACHINE_TYPE: e2-medium
NODE_VERSION: 1.21.6-gke.1503
NUM_NODES: 3
STATUS: RUNNING
Note: The Pod address range limits the maximum size of the cluster. Please refer to https://cloud.google.com/kubernetes-engine/docs/how-to/flexible-pod-cidr to learn how to optimize IP address allocation.
Creating cluster quickstart-cluster-qsprod in us-central1...working..



20220927: Cloud Deploy Quickstart - Cloud Run


https://console.cloud.google.com/deploy/delivery-pipelines?referrer=search&project=clouddeploy-gz


Code Block
themeMidnight

Welcome to Cloud Shell! Type "help" to get started.
To set your Cloud Platform project in this session use “gcloud config set project [PROJECT_ID]”
michael@cloudshell:~$ gcloud config set project clouddeploy-gz
Updated property [core/project].
michael@cloudshell:~ (clouddeploy-gz)$ gcloud projects add-iam-policy-binding clouddeploy-ol \
    --member=serviceAccount:$(gcloud projects describe clouddeploy-ol \
    --format="value(projectNumber)")-compute@developer.gserviceaccount.com \
    --role="roles/clouddeploy.jobRunner"
ERROR: (gcloud.projects.describe) User [michael@gcp.zone] does not have permission to access projects instance [clouddeploy-ol] (or it may not exist): The caller does not have permission
ERROR: (gcloud.projects.add-iam-policy-binding) User [michael@gcp.zone] does not have permission to access projects instance [clouddeploy-ol:getIamPolicy] (or it may not exist): The caller does not have permission
michael@cloudshell:~ (clouddeploy-gz)$ gcloud projects add-iam-policy-binding clouddeploy-gz     --member=serviceAccount:$(gcloud projects describe clouddeploy-gz \
    --format="value(projectNumber)")-compute@developer.gserviceaccount.com     --role="roles/clouddeploy.jobRunner"
ERROR: Policy modification failed. For a binding with condition, run "gcloud alpha iam policies lint-condition" to identify issues in condition.
ERROR: (gcloud.projects.add-iam-policy-binding) INVALID_ARGUMENT: Service account 400677570484-compute@developer.gserviceaccount.com does not exist.


Enable APIs (get them)


  • Google Cloud Deploy API
  • Cloud Build API
  • Cloud Storage
  • Cloud Run Admin API


Code Block
themeMidnight

michael@cloudshell:~ (clouddeploy-gz)$ gcloud projects add-iam-policy-binding clouddeploy-gz     --member=serviceAccount:$(gcloud projects describe clouddeploy-gz \
    --format="value(projectNumber)")-compute@developer.gserviceaccount.com     --role="roles/clouddeploy.jobRunner"
Updated IAM policy for project [clouddeploy-gz].
bindings:
- members:
  - serviceAccount:400677570484@cloudbuild.gserviceaccount.com
  role: roles/cloudbuild.builds.builder
- members:
  - serviceAccount:service-400677570484@gcp-sa-cloudbuild.iam.gserviceaccount.com
  role: roles/cloudbuild.serviceAgent
- members:
  - serviceAccount:400677570484-compute@developer.gserviceaccount.com
  role: roles/clouddeploy.jobRunner
- members:
  - serviceAccount:service-400677570484@containerregistry.iam.gserviceaccount.com
  role: roles/containerregistry.ServiceAgent
- members:
  - serviceAccount:400677570484-compute@developer.gserviceaccount.com
  role: roles/editor
- members:
  - user:michael@gcp.zone
  role: roles/owner
- members:
  - serviceAccount:service-400677570484@gcp-sa-pubsub.iam.gserviceaccount.com
  role: roles/pubsub.serviceAgent
- members:
  - serviceAccount:service-400677570484@serverless-robot-prod.iam.gserviceaccount.com
  role: roles/run.serviceAgent
etag: BwXpqM


Review

20220927-1: add PROJECT_ID var


https://cloud.google.com/deploy/docs/deploy-app-run

michael@cloudshell:~ (clouddeploy-gz)$ export PROJECT_ID=clouddeploy-gz
michael@cloudshell:~ (clouddeploy-gz)$ gcloud projects add-iam-policy-binding PROJECT_ID \
    --member=serviceAccount:$(gcloud projects describe PROJECT_ID \
    --format="value(projectNumber)")-compute@developer.gserviceaccount.com \
    --role="roles/clouddeploy.jobRunner"
ERROR: (gcloud.projects.describe) INVALID_ARGUMENT: Request contains an invalid argument.
ERROR: (gcloud.projects.add-iam-policy-binding) INVALID_ARGUMENT: Request contains an invalid argument.

michael@cloudshell:~ (clouddeploy-gz)$ gcloud projects add-iam-policy-binding $PROJECT_ID     --member=serviceAccount:$(gcloud projects describe $PROJECT_ID \
    --format="value(projectNumber)")-compute@developer.gserviceaccount.com     --role="roles/clouddeploy.jobRunner"
Updated IAM policy for project [clouddeploy-gz].
bindings:
- members:
  - serviceAccount:400677570484@cloudbuild.gserviceaccount.com
  role: roles/cloudbuild.builds.builder
- members:
  - serviceAccount:service-400677570484@gcp-sa-cloudbuild.iam.gserviceaccount.com
  role: roles/cloudbuild.serviceAgent
- members:
  - serviceAccount:400677570484-compute@developer.gserviceaccount.com
  role: roles/clouddeploy.jobRunner
- members:
  - serviceAccount:service-400677570484@containerregistry.iam.gserviceaccount.com
  role: roles/containerregistry.ServiceAgent
- members:
  - serviceAccount:400677570484-compute@developer.gserviceaccount.com
  role: roles/editor
- members:
  - user:michael@gcp.zone
  role: roles/owner
- members:
  - serviceAccount:service-400677570484@gcp-sa-pubsub.iam.gserviceaccount.com
  role: roles/pubsub.serviceAgent
- members:
  - serviceAccount:service-400677570484@serverless-robot-prod.iam.gserviceaccount.com
  role: roles/run.serviceAgent
etag: BwXpqN_aKDo=
version: 1