The The Google Cloud Toolbox A simple, opinionated and minimalist documentation site for google cloud.
The goal of this site is make easier use Google Cloud for anybody. Ths site is always under construction so use carefully.
This site uses Hugo and the Relearn theme. Thanks to all contributors of these projects.
Useful information about command line tools, terraform and more.
The gcloud CLI lets you manage resources and services from the command line. It also contains service and data emulators to speed up local development. Here for install instructions
You have already install the last version and your user logged in the Cloud Shell.
gcloud init
Set the default project,
gcloud config set project myproject001
Be careful with the default project, especially if is a production one. You can modificate the default this value using the --project in all the gcloud commands that afects a project. Example gcloud run deploy --project myproject001. Use always this flag if not sure of the default project or you are working with more than one project.
If you work with more than one profile you can create named configurations
gcloud config configurations create myconf
gcloud config configurations list
gcloud config configurations activate myconf
You can get all the resources of a project in HCL (terraform lang) with this command gcloud beta resource-config bulk-export \ --project=PROJECT_ID \ --resource-format=terraform
ID of a folder gcloud resource-manager folders list --organization=1111111111 --filter="display_name: My Folder" --format="get(ID)" | sed 's/folders\///'
For login with another google account. You will be redirected to the browser to login
gcloud auth login
Get a token with your identity for authenticated apis calls (like to authenticated Cloud Run service)
gcloud auth print-access-token
Login as a service account is a good way to test the permision of a service account are the correct for some task before code the cicd
gcloud auth activate-service-account --key-file mykey.json
Some flags are available throughout the gcloud CLI experience, like:
Use this when if using gcloud in cicd pipelines or similar
--quiet: Disabling interactive prompting (and applying default values for inputs).--verbosity: Can set verbosity levels at debug, info, warning, error, critical, and none.--format: Set output format as config, csv, default, diff, disable, flattened, get, json, list, multi, none, object, table, text, value, or yaml.To load a service account credential for local dev:
export GOOGLE_APPLICATION_CREDENTIALS="/home/user/Downloads/service-account-file.json"
The firebase CLI lets you manage your firebase proyects and services from the command line. It also contains service and data emulators to speed up local development.
A lot of things in Firebase can managed in the website but its allways recommended use the cli and Git repo
firebase init
firebase deploy
firebase deploy --only hosting
firebase deploy --only functions
firebase deploy --only firestore:rules
firebase emulators:start
firebase emulators:exec "mocha ./test.js" //execute test of emulators
firebase login:ci //get token for ci integration like gitlab cicd
The gcloud CLI lets you manage resources and services from the command line. It also contains service and data emulators to speed up local development. Here for install instructions
You have already install the last version and your user logged in the Cloud Shell.
The CLI has these command line tools:
To set the cache contol
‘‘‘gsutil -h “Content-Type:text/html”
-h “Cache-Control:public, max-age=3600” cp -r images
gs://bucket/images’’’
Set cors in a bucket
Create a file
[ { “origin”: ["*"], //poner los dominios autorizados “method”: [“GET”], “responseHeader”: [“Content-Type”], “maxAgeSeconds”: 3600 } ]
gsutil cors set cors gs://my-awesome-bucket
You have already install the terraform client and your user logged in the Cloud Shell.
You can get all the resources of a project in HCL (terraform lang) with this command gcloud beta resource-config bulk-export --project=PROJECT_ID --resource-format=terraform
main.tf
terraform {
required_providers {
google = {
source = "hashicorp/google"
version = "3.5.0"
}
}
backend "gcs" {
bucket = "tf-state-prod"
prefix = "terraform/state"
}
}
provider "google" {
credentials = file("<NAME>.json")
project = "<PROJECT_ID>"
region = "us-central1"
zone = "us-central1-c"
}
resource "google_compute_network" "vpc_network" {
name = "terraform-network"
}
GCS backend for status
terraform {
backend "gcs" {
bucket = "tf-state-prod"
prefix = "terraform/state"
}
}
Find out useful information and use advise about Google Cloud best services.
Rerun the startup script
sudo google_metadata_script_runner startup
View the result
sudo journalctl -u google-startup-scripts.service
The The Google Cloud Toolbox A simple, opinionated and minimalist documentation site for google cloud.
Cloud Run is a serveless for run containers, you can do over managed platform o GKE. IMO the best place for your workloads
Create
gcloud run deploy run-service --image gcr.io/...... --set-env-vars foo=lol --memory 1G --allow-unauthenticated --region europe-west1 --project myproject
delete
gcloud run services delete run-service --region europe-west1 --project=myProject --quiet
auth call to cloud run
curl -X GET -H "Authorization: Bearer $(gcloud auth print-identity-token)" https://hello-cloudunuri-uc.a.run.app
You can find example images here Google containers images repo
There is a very good list of resources in Awesome Cloud Run
Schedulled function in europe
exports.scheduledFunction = functions.region('europe-west1').pubsub.schedule('every 5 minutes').onRun((context) => {
console.log('This will be run every 5 minutes!');
return null;
});
Upload an image to gcloud
gcloud auth login
gcloud auth configure-docker
docker pull busybox
docker tag busybox gcr.io/my-project/busybox
docker push gcr.io/my-project/busybox
Firestore can use directly from GCP but there is extra features if you use in Firebase
Rules
rules_version = '2';
service cloud.firestore {
match /databases/{database}/documents {
match /Users/{document} {
allow create:
if request.auth.uid == document
&& request.resource.data.keys().hasAll(["name", "nick", "created_at"])
&& request.resource.data.keys().hasOnly(["name", "nick", "created_at"]);
allow read: if request.auth.uid == document;
allow update:
if request.auth.uid == document
&& (request.resource.data.diff(resource.data).affectedKeys()
.hasOnly(["name", "nick"]));
allow delete: if request.auth.uid == document;
}
}
}
Rules example for subscriptions
rules_version = '2';
service cloud.firestore {
match /databases/{database}/documents {
function hasBasicSubs() {
return request.auth.token.stripeRole == "basic";
}
function hasPremiumSubs() {
return request.auth.token.stripeRole == "premium";
}
match /content-basic/{doc} {
allow read: if hasBasicSubs() || hasPremiumSubs();
}
match /content-premium/{doc} {
allow read: if hasPremiumSubs();
}
match /customers/{uid} {
allow read: if request.auth.uid == uid;
match /checkout_sessions/{id} {
allow read, write: if request.auth.uid == uid;
}
match /subscriptions/{id} {
allow read: if request.auth.uid == uid;
}
}
match /products/{id} {
allow read: if true;
allow write: if false;
match /prices/{id} {
allow read: if true;
allow write: if false;
}
}
}
}
Is allways a good idea manage the rules from code and store in a git repo and deploy with firebase cli
firebase init
firebase deploy