mikesparr

apiVersion: v1
kind: PersistentVolumeClaim
metadata:
  name: test-pvc
spec:
  accessModes:
    - ReadWriteOnce
  resources:
    requests:
      storage: 1Gi

mikesparr

SSH

OS Login enables centralized SSH key management with IAM, and it disables metadata-based SSH key configuration on all instances in a project. OS Login can be enabled on the project level or on the instance level. Instance-level values override the project-level value.

• OS Login Reference

Instructions

1. Access project
   • https://console.cloud.google.com/compute/instances?project=[project-id]
2. Click Metadata
3. Click Edit, and then click Add item.

mikesparr

#!/usr/bin/env bash

# Reference: https://cloud.google.com/memorystore/docs/redis/connect-redis-instance-functions#python

# enable APIs
gcloud services enable redis.googleapis.com
gcloud services enable cloudfunctions.googleapis.com
gcloud services enable vpcaccess.googleapis.com

# set these to your specific environment

mikesparr

#!/usr/bin/env bash

# Reference: https://gist.github.com/mikesparr/8985378640242d8e453cc2212509814d 

# set these to your specific environment
export PROJECT_ID=db-cluster-tests
export REDIS_INSTANCE=myinstance
export REDIS_VERSION="redis_4_0"
export GCP_REGION=us-central1
export GCP_NETWORK=default

mikesparr

kubectl get nodes

mikesparr

apiVersion: argoproj.io/v1alpha1
kind: Application
metadata:
  name: applications
  namespace: argocd
  finalizers:
  - resources-finalizer.argocd.argoproj.io
spec:
  destination:
    namespace: argocd

mikesparr

#!/usr/bin/env bash

export PROJECT_ID=<YOUR-PROJECT-ID>
export AUTH_NETWORK="<YOUR-IP-ADDRESS>/32" # change to your IP or use dotenv of course

# enable apis
gcloud services enable container.googleapis.com # Kubernetes Engine API

# helper functions
set_location () {

mikesparr

apiVersion: argoproj.io/v1alpha1
kind: Application
metadata:
  name: k8s-config
  namespace: argocd
  finalizers:
  - resources-finalizer.argocd.argoproj.io
spec:
  destination:
    namespace: argocd

mikesparr

Security

Assign IAM roles to buckets:

gsutil iam ch user:(user_email):(role1,role2) gs://(BUCKET)

Remove IAM role from bucket:

gsutil iam ch -d user:(user_email):(role1,role2) gs://(BUCKET)

Remove all roles from bucket for given user:

gsutil iam ch -d user:(user_email) gs://(BUCKET)

mikesparr

#!/usr/bin/env bash

# enable GCP apis
gcloud services enable appengine.googleapis.com

export APP_NAME="app-engine-react-demo"
export PROJECT_ID="mike-stage"

# bootstrap app using create-react-app
npx create-react-app $APP_NAME