Open fmichaelobrien opened 1 year ago
fmichaelobrien
commented
1 year ago https://github.com/GoogleCloudPlatform/pubsec-declarative-toolkit/blob/dev/solutions/landing-zone/architecture.md#di-25-continuous-delivery-pipelines ref: #432 ref: #430 ref: #339 ref: #344 ref: #192 ref: #409
fmichaelobrien
commented
1 year ago https://github.com/GoogleCloudPlatform/pubsec-declarative-toolkit/blob/dev/solutions/landing-zone/architecture.md#di-25-continuous-delivery-pipelines ref: #432 ref: #430 ref: #418 ref: #339 ref: #344 ref: #192 ref: #409
obriensystems
commented
6 months ago gcloud compute instances create-with-container instance-20240227-002215 --project=cuda-old --zone=us-central1-a --machine-type=e2-medium --network-interface=address=34.69.213.211,network-tier=PREMIUM,stack-type=IPV4_ONLY,subnet=default --maintenance-policy=MIGRATE --provisioning-model=STANDARD --service-account=196717963363-compute@developer.gserviceaccount.com --scopes=https://www.googleapis.com/auth/cloud-platform --image=projects/cos-cloud/global/images/cos-stable-109-17800-147-15 --boot-disk-size=10GB --boot-disk-type=pd-balanced --boot-disk-device-name=instance-20240227-002215 --container-image=obrienlabs/magellan-nbi:0.0.3-ia64 --container-restart-policy=always --no-shielded-secure-boot --shielded-vtpm --shielded-integrity-monitoring --labels=goog-ec-src=vm_add-gcloud,container-vm=cos-stable-109-17800-147-15
Just need to expose the ports
michael@instance-20240227-002215 ~ $ docker ps -a
CONTAINER ID IMAGE COMMAND CREATED STATUS PORTS NAMES
d56ed6dbcdde obrienlabs/magellan-nbi:0.0.3-ia64 "java -Djava.securit…" About an hour ago Up About an hour klt-instance-20240227-002215-mdvq
michael@instance-20240227-002215 ~ $ docker exec -it d56ed6dbcdde bash
root@instance-20240227-002215:/# curl http://127.0.0.1:8080/nbi/api
{"id":1,"content":"PASS remoteAddr: 127.0.0.1 localAddr: 127.0.0.1 remoteHost: 127.0.0.1 serverName: 127.0.0.1"}root@instance-20240227-002215:/#
stop and restart
michael@instance-20240227-002215 ~ $ docker run --name magellan -d -p 80:8080 obrienlabs/magellan-nbi:0.0.3-ia64
d126be243fa0525de04bf7d4a60cb734d9159233e380e3b58d1521ab5671f9f9
michael@instance-20240227-002215 ~ $ docker ps
CONTAINER ID IMAGE COMMAND CREATED STATUS PORTS NAMES
d126be243fa0 obrienlabs/magellan-nbi:0.0.3-ia64 "java -Djava.securit…" 3 seconds ago Up 2 seconds 0.0.0.0:80->8080/tcp, :::80->8080/tcp magellan
michael@instance-20240227-002215 ~ $
michael@instance-20240227-002215 ~ $ curl http://127.0.0.1/nbi/api
{"id":1,"content":"PASS remoteAddr: 172.17.0.1 localAddr: 172.17.0.2 remoteHost: 172.17.0.1 serverName: 127.0.0.1"}
open up the firewall to instances not just tags
{
"allowed": [
{
"IPProtocol": "tcp",
"ports": [
"80"
]
}
],
"creationTimestamp": "2023-11-30T10:27:00.856-08:00",
"description": "",
"direction": "INGRESS",
"disabled": false,
"enableLogging": false,
"id": "1173403927618874651",
"kind": "compute#firewall",
"logConfig": {
"enable": false
},
"name": "default-allow-http",
"network": "projects/cuda-old/global/networks/default",
"priority": 1000,
"selfLink": "projects/cuda-old/global/firewalls/default-allow-http",
"sourceRanges": [
"0.0.0.0/0"
],
"targetTags": [
"http-server"
]
}
Design/implement a POC KCC deployment via Cloud Deploy of a cloud run application on an ASM/Istio (Anthos Service Mesh) GKE cluster. Add Cloud Armor, CDN, WAF (WAAP https://cloud.google.com/solutions/web-app-and-api-protection), PSC/VPC-SC, Shared-VPC, DNS
Assets
Diagrams