search

GoogleCloudPlatform / pubsec-declarative-toolkit

The GCP PubSec Declarative Toolkit is a collection of declarative solutions to help you on your Journey to Google Cloud. Solutions are designed using Config Connector and deployed using Config Controller.
Apache License 2.0
31 stars 28 forks source link

As a CD automation service account or developer I need to completely delete/recreate the Anthos cluster and associated solution projects from the target organization - in step #91

Closed fmichaelobrien closed 1 year ago

fmichaelobrien commented 2 years ago

use case: full 2 part CD automation of the KCC cluster and the lz solution - with full tear down of everything or just the lz solution

Indirect collaboration on: https://github.com/GoogleCloudPlatform/pbmm-on-gcp-onboarding/issues/166

Notes:

removing the solution via arete

create arete create landing-zone-controller --region=$REGION

delete (option 2) arete delete landing-zone-controller --region=$REGION

removing the solution via kubernetes cli (thanks Chris for reminding me to think granular k8s again)

# removing the solution via kpt cli

# removing the solution via gcloud cli

# removing the solution manually
- all projects under pdt
<img width="741" alt="Screen Shot 2022-09-02 at 2 24 19 PM" src="https://user-images.githubusercontent.com/94715080/188215147-527a7165-64fa-4e19-a6e0-44b73958d526.png">

check arete cache - pending on delete command

admin_root@cloudshell:~$ ls -la .arete/ total 20 drwxr--r-- 2 admin_root admin_root 4096 Sep 2 18:15 . drwxr-xr-x 11 admin_root admin_root 4096 Sep 1 19:27 .. -rw-r--r-- 1 admin_root admin_root 46 Aug 31 15:06 config.yaml -rw------- 1 admin_root admin_root 100 Aug 31 15:32 .create -rw-r--r-- 1 admin_root admin_root 1318 Sep 2 18:15 solutions.yaml admin_root@cloudshell:~$ cat .arete/solutions.yaml solutions:

Rerun the CC cluster creation and LZ solution

admin_root@cloudshell:~ (landing-zone-controller-w8hwa)$ arete create pdt-cno-kcc --region=northamerica-northeast1 --project=pubsec-declarative-toolkit-cno 2:40PM INF Enabling required services... 2:40PM INF Operation "operations/acat.p2-491974186555-2e6beaa9-f3df-4413-9a28-419db485c8e0" finished successfully. 2:41PM INF Creating Config Controller Cluster.... 2:41PM FTL error="ERROR: (gcloud.anthos.config.controller.create) ALREADY_EXISTS: Resource 'projects/pubsec-declarative-toolkit-cno/locations/northamerica-northeast1/krmApiHosts/pdt-cno-kcc' already exists- '@type': type.googleapis.com/google.rpc.ResourceInfo resourceName: projects/pubsec-declarative-toolkit-cno/locations/northamerica-northeast1/krmApiHosts/pdt-cno-kcc"

deleting project - attempt to reuse may fail on 30 day deleted cache - will try admin_root@cloudshell:~ (landing-zone-controller-w8hwa)$ gcloud projects delete pubsec-declarative-toolkit-cno Your project will be deleted.

Do you want to continue (Y/n)? y

Deleted [https://cloudresourcemanager.googleapis.com/v1/projects/pubsec-declarative-toolkit-cno].

You can undo this operation for a limited period by running the command below. $ gcloud projects undelete pubsec-declarative-toolkit-cno

See https://cloud.google.com/resource-manager/docs/creating-managing-projects for information on shutting down projects. admin_root@cloudshell:~ (landing-zone-controller-w8hwa)$ arete create pdt-cno-kcc --region=northamerica-northeast1 --project=pubsec-declarative-toolkit-cno ✔ My Billing Account - 019..3D ✔ nuage-cloud.org - 471..7 ✔ Folder Level ✔ pdt - 346..8 2:44PM FTL error="ERROR: (gcloud.projects.create) Project creation failed. The project ID you specified is already in use by another project. Please try an alternative ID."

admin_root@cloudshell:~ (landing-zone-controller-w8hwa)$ arete create pdt-cno-kcc --region=northamerica-northeast1 --project=pubsec-declarative-toolkit-cno2 ✔ My Billing Account - 01..3D ✔ nuage-cloud.org - 471924274947 ✔ Folder Level ✔ pdt - 346242644868 2:45PM FTL error="ERROR: (gcloud.projects.create) argument PROJECT_ID: Bad value [pubsec-declarative-toolkit-cno2]: Project IDs are immutable and can be set only during project creation. They must start with a lowercase letter and can have lowercase ASCII letters, digits or hyphens. Project IDs must be between 6 and 30 characters.Usage: gcloud projects create [PROJECT_ID] [optional flags] optional flags may be --enable-cloud-apis | --folder | --help | --labels | --name | --organization | --set-as-defaultFor detailed information on this command and its flags, run: gcloud projects create --help"

30 char limit

admin_root@cloudshell:~ (landing-zone-controller-w8hwa)$ arete create pdt-cno-kcc --region=northamerica-northeast1 --project=pubsec-declarative-tk-cno2 ✔ My Billing Account - 019952-0D0AAC-777E3D ✔ nuage-cloud.org - 471924274947 ✔ Folder Level ✔ pdt - 346242644868 2:48PM INF Create in progress for [https://cloudresourcemanager.googleapis.com/v1/projects/pubsec-declarative-tk-cno2].Waiting for [operations/cp.7885851846085518239] to finish.....done.Enabling service [cloudapis.googleapis.com] on project [pubsec-declarative-tk-cno2]...Operation "operations/acat.p2-153970848512-8ffc1200-8c5a-42fd-b142-e11cdaf69191" finished successfully.Updated property [core/project] to [pubsec-declarative-tk-cno2]. 2:48PM INF Creating Config Controller Cluster.... 2:48PM FTL error="API [krmapihosting.googleapis.com] not enabled on project [153970848512]. Would you like to enable and retry (this will take a few minutes)? (y/N)? ERROR: (gcloud.anthos.config.controller.create) PERMISSION_DENIED: KRM API Hosting API has not been used in project 153970848512 before or it is disabled. Enable it by visiting https://console.developers.google.com/apis/api/krmapihosting.googleapis.com/overview?project=153970848512 then retry. If you enabled this API recently, wait a few minutes for the action to propagate to our systems and retry.- '@type': type.googleapis.com/google.rpc.Help links: - description: Google developers console API activation url: https://console.developers.google.com/apis/api/krmapihosting.googleapis.com/overview?project=153970848512- '@type': type.googleapis.com/google.rpc.ErrorInfo domain: googleapis.com metadata: consumer: projects/153970848512 service: krmapihosting.googleapis.com reason: SERVICE_DISABLED"

rerun on recently created project - or run on an existing project to avoid the service enablement missing wait timer

                                                  arete create pdt-cno-kcc --region=northamerica-northeast1 --project=pubsec-declarative-tk-cno2

4:39PM INF Enabling required services... 4:40PM INF Operation "operations/acf.p2-153970848512-b3d4a2a6-fe02-4a5b-8f5d-d27d917f6527" finished successfully. 4:40PM INF Creating Network...

........................................................................................done.Created instance [pdt-cno-kcc].Fetching cluster endpoint and auth data.kubeconfig entrgenerated for krmapihost-pdt-cno-kcc. 5:09PM INF Add SA to roles/owner role... 5:09PM INF Config Controller setup complete

Reference
- https://github.com/GoogleCloudPlatform/pubsec-declarative-toolkit/issues/93
- https://github.com/GoogleCloudPlatform/pubsec-declarative-toolkit/issues/94

# deletion using anthos delete
Trying Chris's suggested

gcloud anthos config controller delete


Or the previous anthos cluster deletion doc
http://wiki.obrienlabs.cloud/display/DEV/Deploying+a+Landing+Zone+on+Google+Cloud#DeployingaLandingZoneonGoogleCloud-Pausingtheanthoscluster
via
http://wiki.obrienlabs.cloud/display/DEV/Deploying+a+Landing+Zone+on+Google+Cloud#DeployingaLandingZoneonGoogleCloud-Pausingtheanthoscluster

reviewing
https://cloud.google.com/anthos-config-management/docs/tutorials/landing-zone#removing_resources

# Temporary CC cluster shutdown and restart
cartyc commented 2 years ago

This might not fully answer the question but for CD I would nudge you to using either kpt directly from something like cloud build or you're favorite CD tool (working on a skaffold example) or using GitOps via either Git or OCI (docs coming soon). Deploying via CD with arete is currently out of scope for the tool.

Is there a preferred method of deployment you would like to see or some gaps in the docs that we should fill in?

fmichaelobrien commented 2 years ago

I'll start with cloud build keyed off our workload example https://github.com/GoogleCloudPlatform/pbmm-on-gcp-onboarding/blob/main/docs/google-cloud-landingzone-traffic-generation.md#add-cloud-build-triggers and likely move to cloud deploy and fill in the docs.

For deletion following https://cloud.google.com/anthos-config-management/docs/tutorials/landing-zone#removing_resources

admin_root@cloudshell:~$ gcloud config set project pubsec-declarative-tk-cno2
Updated property [core/project].
admin_root@cloudshell:~ (pubsec-declarative-tk-cno2)$ kubectl get nodes
NAME                                                  STATUS   ROLES    AGE    VERSION
gke-krmapihost-pdt-c-krmapihost-pdt-c-23345ad9-6094   Ready    <none>   7h9m   v1.22.11-gke.400
gke-krmapihost-pdt-c-krmapihost-pdt-c-6515adfd-2kgt   Ready    <none>   7h9m   v1.22.11-gke.400
gke-krmapihost-pdt-c-krmapihost-pdt-c-ce2512f1-46tj   Ready    <none>   7h9m   v1.22.11-gke.400
admin_root@cloudshell:~ (pubsec-declarative-tk-cno2)$ gcloud anthos config controller list
NAME: pdt-cno-kcc
LOCATION: northamerica-northeast1
STATE: RUNNING
admin_root@cloudshell:~ (pubsec-declarative-tk-cno2)$ gcloud anthos config controller delete pdt-cno-kcc --location=northamerica-northeast1
You are about to delete instance [pdt-cno-kcc]

Do you want to continue (Y/n)?  y

Delete request issued for: [pdt-cno-kcc]
Waiting for operation [projects/pubsec-declarative-tk-cno2/locations/northamerica-northeast1/operations/operation-1662509152408-5e80b137713f2-3980bef0-55096225] to complete...working.
shaunmitchellve commented 2 years ago

@fmichaelobrien

I'm confused on this issue. You mention deleting a solution like the landing zone but then also talk about deleting the KCC cluster? These are two different scenarios and I think needs to be in separate issues.

As @cartyc mentioned, arete is not intended to be used in any CD tool chain, this out-of-scope for the cli. The underlying tools that arete uses are much better suited for that use-case (for example kpt)

fmichaelobrien commented 2 years ago

sounds good Shaun, for CD yes ideally I would remove the solution and recreate it - using a trigger off the repo specific to the solutions or particular subfolder. I mentioned removing the entire GKE cluster (through anthos) as a wider option for changes to the repo in general. Yes, I see now that arete is a client tool, I will split this issue and use the advanced anthos level delete/install of the cluster for repo wide CD regression testing

fmichaelobrien commented 2 years ago

working out re-create procedure in https://github.com/GoogleCloudPlatform/pubsec-declarative-toolkit/blob/dev/solutions/landing-zone/architecture.md#deleting-the-anthos-cluster

Full scope of this issue is deleting the lz solution first and then deleting the cluster. There is another issue I will add on just deleting/restarting the cluster and re-associating with the existing lz deployment

fmichaelobrien commented 1 year ago

reconcile after manual change

michael@cloudshell:~ (landing-zone-controller-e4g7d)$ gcloud container clusters get-credentials krmapihost-landing-zone-controller9 --region northamerica-northeast2
Fetching cluster endpoint and auth data.
kubeconfig entry generated for krmapihost-landing-zone-controller9.

michael@cloudshell:~ (landing-zone-controller-e4g7d)$ kubectl get nodes
NAME                                                  STATUS   ROLES    AGE   VERSION
gke-krmapihost-landi-krmapihost-landi-1ad6d226-0t58   Ready    <none>   10d   v1.23.8-gke.1900
gke-krmapihost-landi-krmapihost-landi-3c83b5c4-7n9m   Ready    <none>   10d   v1.23.8-gke.1900
gke-krmapihost-landi-krmapihost-landi-e79f699c-gsc2   Ready    <none>   10d   v1.23.8-gke.1900

history

gcp.zone
michael@cloudshell:~$ history
    1  ls
    2  ls -la
    3  ls
    4  ls -la
    5  ssh-add obrienlabs_org_github
    6  git config --global user.email "michael@obrienlabs.org"
    7  git config --global user.name "Michael OBrien"
    8  gcloud projects create gcp-zone-landing-stg --name="gcp-zone-landing-stg" --labels=type=dev
    9  git clone https://github.com/cloud-quickstart/private.git
   10  ls
   11  git clone https://github.com/cloud-quickstart/gcp-landing-zone.git
   12  rm -rf private/
   13  ls
   14  mkdir cloud-quickstart
   15  cd cloud-quickstart/
   16  rm -rf ../gcp-landing-zone/
   17  git clone https://github.com/cloud-quickstart/gcp-landing-zone.git
   18  gcloud config set project gcp-zone-landing-stg
   19  gcloud services list --enabled --project gcp-zone-landing-stg
   20  gcloud services list --enabled --project gcp-zone-landing-stg | grep NAME
   21  history
   22  cd cloud-quickstart/
   23  ls
   24  cd gcp-landing-zone/
   25  ls
   26  git status
   27  git pull
   28  ls
   29  mvn clean compile assembly:single
   30  mvn clean install -U
   31  ls
   32  history
   33  ls
   34  history
   35  gcloud config set project pubsec-declarative-tk-gz
   36  ls
   37  mkdir wse_github
   38  cd wse_github/
   39  mkdir GoogleCloudPlatform
   40  cd GoogleCloudPlatform/
   41  git clone https://github.com/GoogleCloudPlatform/pubsec-declarative-toolkit.git
   42  cd pubsec-declarative-toolkit/
   43  cd cli/
   44  go install
   45  cd ..
   46  export ORG_ID=925207728429
   47  export REGION=northamerica-northeast1
   48  cloud alpha logging settings update --organization=$ORG_ID --storage-location=$REGION
   49  gcloud alpha logging settings update --organization=$ORG_ID --storage-location=$REGION
   50  export PROJECT=pubsec-declarative-tk-gz
   51  export PROJECT_ID=pubsec-declarative-tk-gz
   52  export ORGANIZATION_ID=$(gcloud projects get-ancestors $PROJECT_ID --format='get(id)' | tail -1)
   53  echo ORGANIZATION_ID
   54  echo $ORGANIZATION_ID
   55  export ORG_ID=$(gcloud projects get-ancestors $PROJECT_ID --format='get(id)' | tail -1)
   56  export PROJECT_ID=$(gcloud config list --format 'value(core.project)')
   57  echo $PROJECT
   58  export ORG_ID=$(gcloud projects get-ancestors $PROJECT_ID --format='get(id)' | tail -1)
   59  echo $ORG_ID
   60  export EMAIL=michael@gcp.zone
   61  gcloud organizations add-iam-policy-binding "${ORG_ID}" --member "serviceAccount:${EMAIL}" --role roles/logging.admin
   62  gcloud organizations add-iam-policy-binding "${ORG_ID}" --member "user:${EMAIL}" --role roles/logging.admin
   63  cloud alpha logging settings update --organization=$ORG_ID --storage-location=$REGION
   64  gcloud alpha logging settings update --organization=$ORG_ID --storage-location=$REGION
   65  arete create landing-zone-controller --region=northamerica-northeast1
   66  export SA_EMAIL="$(kubectl get ConfigConnectorContext -n config-control -o jsonpath='{.items[0].spec.googleServiceAccount}' 2> /dev/null)"
   67  gcloud organizations add-iam-policy-binding "${ORG_ID}" --member "serviceAccount:${SA_EMAIL}" --role "roles/resourcemanager.folderAdmin"
   68  gcloud organizations add-iam-policy-binding "${ORG_ID}" --member "serviceAccount:${SA_EMAIL}" --role "roles/resourcemanager.projectCreator"
   69  gcloud organizations add-iam-policy-binding "${ORG_ID}" --member "serviceAccount:${SA_EMAIL}" --role "roles/resourcemanager.projectDeleter"
   70  gcloud organizations add-iam-policy-binding "${ORG_ID}" --member "serviceAccount:${SA_EMAIL}" --role "roles/iam.securityAdmin"
   71  gcloud organizations add-iam-policy-binding "${ORG_ID}" --member "serviceAccount:${SA_EMAIL}" --role "roles/orgpolicy.policyAdmin"
   72  gcloud organizations add-iam-policy-binding "${ORG_ID}" --member "serviceAccount:${SA_EMAIL}" --role "roles/serviceusage.serviceUsageConsumer"
   73  gcloud organizations add-iam-policy-binding "${ORG_ID}" --member "serviceAccount:${SA_EMAIL}" --role "roles/billing.user"
   74  gcloud organizations add-iam-policy-binding "${ORG_ID}" --member "serviceAccount:${SA_EMAIL}" --role roles/accesscontextmanager.policyAdmin
   75  gcloud organizations add-iam-policy-binding "${ORG_ID}" --member "serviceAccount:${SA_EMAIL}" --role roles/compute.xpnAdmin
   76  gcloud organizations add-iam-policy-binding "${ORG_ID}" --member "serviceAccount:${SA_EMAIL}" --role roles/iam.serviceAccountAdmin
   77  gcloud organizations add-iam-policy-binding "${ORG_ID}" --member "serviceAccount:${SA_EMAIL}" --role roles/serviceusage.serviceUsageConsumer
   78  gcloud organizations add-iam-policy-binding "${ORG_ID}" --member "serviceAccount:${SA_EMAIL}" --role roles/logging.admin
   79  pwd
   80  kpt pkg get https://github.com/GoogleCloudPlatform/pubsec-declarative-toolkit.git/solutions/landing-zone landing-zone
   81  vi landing-zone/.krmignore
   82  cat landing-zone/.krmignore
   83  kpt fn render
   84  cd landing-zone/
   85  kpt fn render
   86  kpt live init landing-zone --namespace config-control
   87  cd ..
   88  kpt live init landing-zone --namespace config-control
   89  kpt live apply landing-zone --reconcile-timeout=2m --output=table
   90  cat landing-zone/.krmignore
   91  kpt live apply landing-zone --reconcile-timeout=2m --output=table
   92  kubectl get pods --all-namespaces
   96  kubens config-control
   97  kubectl get gcp
   98  kpt live apply landing-zone --reconcile-timeout=2m --output=table
   99  kubectl get gcp --all-namespaces
  100  ls
  101  cat landing-zone/setters.yaml
  102  kpt live apply landing-zone --reconcile-timeout=2m
  103  kubectl get po -n crnm-system
  104  kubectl get po -n cnrm-system
  105  kubectl get logs po -n cnrm-system
  106  kubectl logs po -n cnrm-system
  107  kubectl logs -n cnrm-system cnrm-controller-manager-ccdnqj4gkgtcjgejpi10-0
  108  kubectl get gcp
  109  kpt live apply landing-zone --reconcile-timeout=2m --inventory-policy=adopt
  110  kubectl describe pod accesscontextmanageraccesslevel.accesscontextmanager.cnrm.cloud.google.com/commonaccesslevels
  111  kubectl describe pod accesscontextmanageraccesslevel.accesscontextmanager.cnrm.cloud.google.com/commonaccesslevels
  112  kubectl describe accesscontextmanageraccesslevel.accesscontextmanager.cnrm.cloud.google.com/commonaccesslevels
  113  kubectl get AccessContextManagerAccessPolicy
  114  kubectl describe AccessContextManagerAccessPolicy
  115  kubectl get gcpservice
  116  kubectl describe nonprod-nethost-service-compute
  117  kubectl describe gcpservice
  118  kubectl describe gcpservice nonprod-nethost-service-compute
  119  kubectl get projects
  120  gcloud projects describe audit-prj-id-gz1
  121  kubectl get projects guardrails-project-gz1 -o wide
  122  kubectl get projects guardrails-project-gz1 -o yaml
  123  kubectl get gcp
  124  history
  125  history
  126  kubectl get projects guardrails-project-gz1 -o yaml
  127  history
  128  export REGION=northamerica-northeast1
  129  export PROJECT_ID=$(gcloud config list --format 'value(core.project)')
  130  export ORG_ID=$(gcloud projects get-ancestors $PROJECT_ID --format='get(id)' | tail -1)
  131  export EMAIL=your-super-admin@email.com
  132  gcloud organizations add-iam-policy-binding "${ORG_ID}" --member "user:${EMAIL}" --role roles/logging.admin
  133  kubectl get projects guardrails-project-gz1 -o yaml
  134  kubectl get gcp
  135  gcloud projects describe audit-prj-id-gz1
  136  gcloud projects describe net-host-prj-prod-gz1
  137  history
  138  gcloug config set project landing-zone-controller-e4g7d
  139  gcloud config set project landing-zone-controller-e4g7d
  140  cd wse_github/
  141  ls
  142  cd GoogleCloudPlatform/
  143  ls
  144  cd landing-zone/
  145  ls
  146  kpt fn render
  147  kubectl get pods --all-namespaces
  148  kpt fn render
  149  kpt live init landing-zone --namespace config-control
  150  cd ..
  151  kpt live init landing-zone --namespace config-control
  152  kpt live apply landing-zone --reconcile-timeout=2m --output=table
  153  gcloud config set project landing-zone-controller-e4g7d
  154  kubectl get gcp
  155  cd wse_github/GoogleCloudPlatform/landing-zone/
  156  ls
  157  history | grep live apply
  158  history | grep live
  159  kpt live init landing-zone --namespace config-control
  160  cd ..
  161  kpt live init landing-zone --namespace config-control
  162  cd landing-zone/
  163  kpt live apply landing-zone --reconcile-timeout=2m
  164  cd ..
  165  kpt live apply landing-zone --reconcile-timeout=2m
  166  pwd
  167  ls
  168  cd landing-zone/
  169  kpt fn render
  170  kpt live init landing-zone --namespace config-control
  171  kpt live init  --namespace config-control
  172  kpt live apply  --reconcile-timeout=2m
  173  history
  174  kpt version
  175  gcloud config set project landing-zone-controller-e4g7d
  176  gcloud config controller list
  177  gcloud config controller get --location northamerica-northeast1
  178  gcloud anthos config controller list
  179  gcloud config controller delete --location northamerica-northeast1 landing-zone-controller
  180  gcloud anthos config controller delete --location northamerica-northeast1 landing-zone-controller
  181  history
  182  gcloud anthos config controller list
  183  gcloud config set project landing-zone-controller-e4g7d
  184  gcloud anthos config controller create landing-zone-controller --location northamerica-northeast1 --network kcc-controller --subnet kcc-regional-subnet
  185  history | grep anthos
  186  gcloud anthos config controller create landing-zone-controller --location northamerica-northeast1 --network kcc-controller --subnet kcc-regional-subnet
  187  gcloud config set project landing-zone-controller-e4g7d
  188  gcloud anthos config controller create landing-zone-controller --location northamerica-northeast1 --network kcc-controller --subnet kcc-regional-subnet
  189  gcloud config set project landing-zone-controller-e4g7d
  190  gcloud anthos config controller create landing-zone-controller --location northamerica-northeast1 --network kcc-controller --subnet kcc-regional-subnet
  191  gcloud config set project landing-zone-controller-e4g7d
  192  gcloud anthos config controller create landing-zone-controller --location northamerica-northeast1 --network kcc-controller --subnet kcc-regional-subnet
  193  gcloud anthos config controller create landing-zone-controller2 --location northamerica-northeast1 --network kcc-controller --subnet kcc-regional-subnet
  194  gcloud config set project landing-zone-controller-e4g7d
  195  gcloud anthos config controller create landing-zone-controller3 --location us-east4-a --network kcc-controller --subnet kcc-regional-subnet
  196  gcloud anthos config controller create landing-zone-controller3 --location us-east4-1 --network kcc-controller --subnet kcc-regional-subnet
  197  gcloud anthos config controller create landing-zone-controller3 --location us-central-1a --network kcc-controller --subnet kcc-regional-subnet
  198  gcloud anthos config controller create landing-zone-controller3 --location us-central1-a --network kcc-controller --subnet kcc-regional-subnet
  199  gcloud anthos config controller create landing-zone-controller3 --location us-east4-a --network default --subnet default
  200  gcloud anthos config controller create landing-zone-controller3 --location us-east4 --network default --subnet default
  201  gcloud anthos config controller create landing-zone-controller3 --location us-central1 --network default --subnet default
  202  gcloud config set project landing-zone-controller-e4g7d
  203  gcloud anthos config controller delete --location us-central1 landing-zone-controller3
  204  gcloud config set project gcp-zone-landing-stg
  205  export PROJECT_ID=$(gcloud config list --format 'value(core.project)')
  206  export ORG_ID=$(gcloud projects get-ancestors $PROJECT_ID --format='get(id)' | tail -1)
  207  export SA_PREFIX=tfsa-example
  208  gcloud iam service-accounts create "${SA_PREFIX}" --display-name "Terraform example service account" --project=${PROJECT_ID}
  209  act=`gcloud iam service-accounts list --project="${PROJECT_ID}" --filter=tfsa --format="value(email)"`
  210  export SA_EMAIL=`gcloud iam service-accounts list --project="${PROJECT_ID}" --filter=tfsa --format="value(email)"`
  211  echo $SA_EMAIL
  212  gcloud organizations get-iam-policy $ORG_ID --filter="bindings.members:$SA_EMAIL" --flatten="bindings[].members" --format="table(bindings.role)
  213  gcloud organizations get-iam-policy $ORG_ID --filter="bindings.members:$SA_EMAIL" --flatten="bindings[].members" --format="table(bindings.role)"
  214  gcloud organizations add-iam-policy-binding ${ORG_ID}  --member=serviceAccount:${SA_EMAIL} --role=roles/billing.user
  215  gcloud organizations get-iam-policy $ORG_ID --filter="bindings.members:$SA_EMAIL" --flatten="bindings[].members" --format="table(bindings.role)"
  216  gcloud config set project landing-zone-controller-e4g7d
  217  gcloud anthos config controller create landing-zone-controller3 --location northamerica-northeast1 --network kcc-controller --subnet kcc-regional-subnet
  218  gcloud anthos config controller create landing-zone-controller5 --location us-central1 --network default --subnet default
  219  gcloud config controller delete --location us-central1 landing-zone-controller5
  220  gcloud anthos config controller delete --location us-central1 landing-zone-controller5
  221  gcloud compute networks create kcc --subnet-mode=custom
  222  gcloud compute networks subnets create kcc  --network kcc --range 192.168.0.0/16 --region northamerica-northeast2
  223  gcloud anthos config controller create landing-zone-controller7 --location northamerica-northeast2 --network kcc --subnet kcc
  224  gcloud config controller delete --location northamerica-northeast2 landing-zone-controller7
  225  gcloud anthos config controller delete --location northamerica-northeast2 landing-zone-controller7
  226  gcloud services list --available
  227  gcloud config set project landing-zone-controller-e4g7d
  228  gcloud services list --available
  229  gcloud services list --available | grep TITLE
  230  gcloud services enable compute.googleapis.com
  231  gcloud services list --available | grep compute
  232  gcloud services list  | grep compute
  233  gcloud services list
  234  gcloud config set project test-20222022
  235  gcloud services list
  236  gcloud services list | grep TITLE
  237  history  | grep delete
  238  gcloud config set project landing-zone-controller-e4g7d
  239  ls
  240  cd wse_github/
  241  ls
  242  cd GoogleCloudPlatform/
  243  ls
  244  cd landing-zone/
  245  gcloud anthos config controller create landing-zone-controller8 --location northamerica-northeast1 --network kcc-controller --subnet kcc-regional-subnet
  246  export CLUSTER=kcc
  247  export NETWORK=kcc
  248  export SUBNET=kcc
  249  export REGION=northamerica-northeast2
  250  gcloud compute networks create $NETWORK --subnet-mode=custom
  251  export CLUSTER=kcc2
  252  export NETWORK=kcc2
  253  export SUBNET=kcc2
  254  export REGION=northamerica-northeast2
  255  gcloud compute networks create $NETWORK --subnet-mode=custom
  256  gcloud compute networks subnets create $SUBNET  --network $NETWORK --range 192.168.0.0/16 --region $REGION
  257  gcloud anthos config controller create landing-zone-controller9 --location $REGION --network $NETWORK --subnet $SUBNET
  258  gcloud config set project landing-zone-controller-e4g7d
  259  export PROJECT_ID=landing-zone-controller-e4g7d
  260  export ORG_ID=$(gcloud projects get-ancestors $BOOT_PROJECT_ID --format='get(id)' | tail -1)
  261  export ORG_ID=$(gcloud projects get-ancestors $PROJECT_ID --format='get(id)' | tail -1)
  262  gcloud organizations get-iam-policy $ORG_ID
  263  gcloud config set project landing-zone-controller-e4g7d
fmichaelobrien commented 1 year ago

mike link to issues above for deletion

fmichaelobrien commented 1 year ago

211

212

obriensystems commented 1 year ago

delete liens first

michael@cloudshell:~/wse_github/GoogleCloudPlatform (landing-zone-controller-e4g7d)$ gcloud config set project audit-prj-id-gz1 Updated property [core/project]. michael@cloudshell:~/wse_github/GoogleCloudPlatform (audit-prj-id-gz1)$ export AUDIT_LIEN=$(gcloud alpha resource-manager liens list --format json | jq .[0].name | sed 's/"//g' | sed 's/liens\///g') michael@cloudshell:~/wse_github/GoogleCloudPlatform (audit-prj-id-gz1)$ echo $AUDIT_LIEN p402270513653-lec39ae31-1d37-48f0-bbe7-59b0d41541a1 michael@cloudshell:~/wse_github/GoogleCloudPlatform (audit-prj-id-gz1)$ gcloud alpha resource-manager liens delete $AUDIT_LIEN Deleted [liens/p402270513653-lec39ae31-1d37-48f0-bbe7-59b0d41541a1]. michael@cloudshell:~/wse_github/GoogleCloudPlatform (audit-prj-id-gz1)$ gcloud config set project net-host-prj-prod-gz1 Updated property [core/project]. michael@cloudshell:~/wse_github/GoogleCloudPlatform (net-host-prj-prod-gz1)$ export AUDIT_LIEN=$(gcloud alpha resource-manager liens list --format json | jq .[0].name | sed 's/"//g' | sed 's/liens\///g') michael@cloudshell:~/wse_github/GoogleCloudPlatform (net-host-prj-prod-gz1)$ echo $AUDIT_LIEN p698859936700-l9cf73dda-4423-454a-b137-c838b6357574 michael@cloudshell:~/wse_github/GoogleCloudPlatform (net-host-prj-prod-gz1)$ gcloud alpha resource-manager liens delete $AUDIT_LIEN Deleted [liens/p698859936700-l9cf73dda-4423-454a-b137-c838b6357574].