Create and Manage Cloud Resources: Challenge Lab - Solution, Explanation and Comments (May 2023)

Overview

In a challenge lab you’re given a scenario and a set of tasks. Instead of following step-by-step instructions, you will use the skills learned from the labs in the quest to figure out how to complete the tasks on your own! An automated scoring system (shown on this page) will provide feedback on whether you have completed your tasks correctly.

When you take a challenge lab, you will not be taught new Google Cloud concepts. You are expected to extend your learned skills, like changing default values and reading and researching error messages to fix your own mistakes.

To score 100% you must successfully complete all tasks within the time period!

This lab is recommended for students who have enrolled in the Create and Manage Cloud Resources quest.

Topics tested:

1. Create an instance
2. Create a 3-node Kubernetes cluster and run a simple service
3. Create an HTTP(s) load balancer in front of two web servers

Solution

Before we start with the solution, note that you can complete the lab on two ways:

1. Using Google Cloud UI
2. Using gcloud command-line tool (Cloud Shell/SDK)

In this solution we are going to create the solution using gcloud command-line tool

First you must know the gcloud tool ;)

gcloud quick guide

The gcloud command-line tool is part of the Google Cloud SDK and provides a convenient way to interact with various Google Cloud Platform (GCP) services and resources from the command line. For beginners, it's essential to understand some key notes about using the gcloud command:

1. Installation: Before using gcloud, you need to install the Google Cloud SDK on your local machine. The SDK includes the necessary tools and libraries to work with GCP services. You can find installation instructions specific to your operating system on the official Google Cloud SDK documentation. The better option is to use Google Cloud Shell.

2. Authentication: To access and manage your GCP resources, you must authenticate with gcloud. The most common method is to run gcloud auth login, which will open a browser window prompting you to log in to your Google account and authorize gcloud to access your GCP resources. Once authenticated, gcloud will remember your credentials until you explicitly log out. Cloud Shell is the easiest way!

3. Project Selection: GCP organizes resources into projects. When using gcloud, you need to specify the project you want to work with. You can set the active project using the gcloud config set project [PROJECT_ID] command. Replace [PROJECT_ID] with the ID of your target project.

4. Command Structure: The general structure of a gcloud command is gcloud [SERVICE] [COMMAND] [FLAGS/OPTIONS]. The SERVICE represents the specific GCP service you want to interact with, such as compute, storage, or pubsub. The COMMAND refers to the action you want to perform on that service, like list, create, delete, etc. Flags and options are used to modify the behavior of the command.

5. Contextual Help: If you need assistance with a specific gcloud command or service, you can access the built-in help by appending --help to any gcloud command. For example, gcloud compute instances create --help will display detailed information about creating instances in the Compute Engine service.

6. Configurations: gcloud allows you to configure default settings to simplify command usage. You can set default values for properties like project, region, zone, and more. For instance, gcloud config set compute/zone us-central1-a sets the default zone to us-central1-a. These configurations are helpful to avoid repetitive input in subsequent commands.

7. API Access and Permissions: Some gcloud commands require specific API access or permissions to function correctly. Ensure that you have the necessary permissions within your GCP project and enable the required APIs for the services you want to use. The error messages provided by gcloud can help identify missing permissions or enabled APIs.

8. Up-to-date SDK: It's essential to keep your Google Cloud SDK up to date. Regularly run gcloud components update to ensure you have the latest version of the SDK and its components, which includes bug fixes, new features, and improvements. When you are working with Cloud Shell you will be safe and already updated!

At the end of this quick guide, you should know that practice and familiarity with the gcloud command will improve your understanding and proficiency. Consult the official Google Cloud SDK documentation and service-specific documentation for more detailed information on using gcloud commands for different GCP services.

Warnings related with the Solution!

The most important details are to spot the details (Your region, zone, port, and firewall rule!) from your current lab and set it properly using the script provided! You should execute the script step by step and read the explanation at the end for more insights!

This is my solution and code is here:

S O L U T I O N :

`# setup your zone and region!
gcloud auth list
gcloud config set compute/zone us-west4-c
gcloud config set compute/region us-west4

create an instance template

cat << EOF > startup.sh

! /bin/bash

apt-get update
apt-get install -y nginx
service nginx start
sed -i -- 's/nginx/Google Cloud Platform - '"\$HOSTNAME"'/' /var/www/html/index.nginx-debian.html
EOF

gcloud compute instance-templates create nginx-template \
--metadata-from-file startup-script=startup.sh

create a target pool

gcloud compute target-pools create nginx-pool

create a managed instance group of 2 nginx web servers

gcloud compute instance-groups managed create nginx-group \
--base-instance-name nginx \
--size 2 \
--template nginx-template \
--target-pool nginx-pool
gcloud compute instances list

create a firewall rule

gcloud compute firewall-rules create allow-tcp-rule-679 --allow tcp:80

create a forwarding rule -- skipped!

gcloud compute forwarding-rules create nginx-lb \
--region us-west4 \
--ports=80 \
--target-pool nginx-pool
gcloud compute forwarding-rules list

create a health check

gcloud compute http-health-checks create http-basic-check

create a backend service and attach the managed instasnce group

gcloud compute instance-groups managed \
set-named-ports nginx-group \
--named-ports http:80

gcloud compute backend-services create nginx-backend \
--protocol HTTP \
--http-health-checks http-basic-check \
--global

gcloud compute backend-services add-backend nginx-backend \
--instance-group nginx-group \
--instance-group-zone us-west4-c \
--global

create a url map and target the HTTP proxy

gcloud compute url-maps create web-map \
--default-service nginx-backend

gcloud compute target-http-proxies create http-lb-proxy \
--url-map web-map

create a forwarding rule (Use your rule!!!)

gcloud compute forwarding-rules create allow-tcp-rule-679 \
--global \
--target-http-proxy http-lb-proxy \
--ports 80
gcloud compute forwarding-rules list`

Explanation and Comments:

The script provided is a sequence of commands using the Google Cloud SDK (gcloud) to set up a basic load-balanced web server infrastructure on Google Cloud Platform (GCP). Let's break down each command and its purpose:

gcloud auth list: Lists the currently authenticated account(s) for GCP. It helps verify the active account before performing any operations.

gcloud config set compute/zone us-west4-c: Sets the default compute zone to "us-west4-c." This ensures that subsequent commands will be executed in this particular zone.

gcloud config set compute/region us-west4: Sets the default compute region to "us-west4." This specifies the region for subsequent commands, and in this case, it aligns with the previously set compute zone.

gcloud compute instance-templates create nginx-template --metadata-from-file startup-script=startup.sh: Creates an instance template named "nginx-template" that will be used as a blueprint for creating instances. The template includes a startup script (startup.sh) that will be executed when the instances are created.

gcloud compute target-pools create nginx-pool: Creates a target pool named "nginx-pool." Target pools are used by load balancers to distribute traffic to instances in a managed instance group.

gcloud compute instance-groups managed create nginx-group --base-instance-name nginx --size 2 --template nginx-template --target-pool nginx-pool: Creates a managed instance group named "nginx-group" with two instances based on the "nginx-template" template. The instances will be added to the "nginx-pool" target pool.

gcloud compute instances list: Lists the created instances in the project.

gcloud compute firewall-rules create allow-tcp-rule-679 --allow tcp:80: Creates a firewall rule named "allow-tcp-rule-679" that allows incoming TCP traffic on port 80. This rule is necessary to enable web access to the instances.

gcloud compute forwarding-rules create nginx-lb --region us-west4 --ports=80 --target-pool nginx-pool: Creates a forwarding rule named "nginx-lb" to forward incoming traffic on port 80 to the instances in the "nginx-pool" target pool. This step is skipped in the script.

gcloud compute forwarding-rules list: Lists the forwarding rules in the project.

gcloud compute http-health-checks create http-basic-check: Creates an HTTP health check named "http-basic-check" that will be used to monitor the health of the instances.

gcloud compute instance-groups managed set-named-ports nginx-group --named-ports http:80: Configures the named port "http" with port 80 for the managed instance group "nginx-group." This step ensures that traffic is correctly directed to the instances' port 80.

gcloud compute backend-services create nginx-backend --protocol HTTP --http-health-checks http-basic-check --global: Creates a backend service named "nginx-backend" that uses HTTP as the protocol and associates it with the "http-basic-check" health check. The backend service will handle load balancing for the instances.

gcloud compute backend-services add-backend nginx-backend --instance-group nginx-group --instance-group-zone us-west4-c --global: Adds the "nginx-group" instance group as a backend to the "nginx-backend" backend service. This step specifies the zone for the instance group.

gcloud compute url-maps create web-map --default-service nginx-backend: Creates a URL map named "web-map" that maps incoming requests to the "nginx-backend" backend service as the default service.

gcloud compute target-http-proxies create http-lb-proxy --url-map web-map: Creates an HTTP target proxy named "http-lb-proxy" and associates it with the "web-map" URL map.

gcloud compute forwarding-rules create allow-tcp-rule-679 --global --target-http-proxy http-lb-proxy --ports 80: Creates a forwarding rule to forward incoming traffic on port 80 to the "http-lb-proxy" target proxy. This rule enables external access to the load balancer.

gcloud compute forwarding-rules list: Lists the forwarding rules in the project.

Summary

The script combines several commands to set up a load-balanced web server infrastructure on GCP. It includes creating instance templates, managed instance groups, target pools, firewall rules, health checks, backend services, URL maps, target proxies, and forwarding rules.

Please note that the script assumes you have the necessary permissions and have authenticated with gcloud before executing these commands.