Google Cloud Associate Certified Engineer — 100daysoflearning (Part 14)
Day 98–99
In continuation to the course for Google Cloud Associate Certified engineer lets move on with next set of learning topics.
In this section I will discuss about creating Compute Engine in custom VPC , ssh connection with custom keys
If you have been following along the Google Cloud Associate Certified Engineer Journey with me then by this time you already know about compute instance. Lets see how can we create a compute instance in custom VPC, for that lets first create our VPC.
As you can see you can add subnets and define region , CIDR range, allow private access to google cloud services, enable/disable flow logs and also you can create a regional level or Global level VPC. For now I will not create the firewall rule just to see what happens if we create an instance in this VPC and try to ssh into it.Lets create a compute instance in this VPC.
Focus here on the network area where I have chosen the VPC that I just created and selected the subnet which means that this compute instance will be created in saiyamvpc. Once its created and I try to ssh into it it will time out as no firewall rules are setup in the VPC to allow traffic from internet.
Now lets setup the firewall rule for the VPC created.
As you can see above when I click create firewall rule , I will select the network for which I want to create this rule for , next is is this rule ingress or egress (in our case since it is the ssh connection from internet means ingress). Targets section in important here you can select target as :
all instances: meaning all the instance in this VPC will have this firewall rule applied.
specified targets: you define a tag here and on whichever instance this tag is applied , firewall rule gets attached to that instance.
service accounts: you can apply firewall rules at service account level as well .
For this case I have chosen the specified target and also updated the instance with network tag.
After this you define the ip ranges and the ports which needs to be open(for ssh its 22). Now lets try again to connect to the instance via ssh in the google cloud console.
Yayyy its connected…!!
Till now I have shown you that you can connect to the instance via ssh using the cloud console but how about connecting it via google cloud sdk or other third party connections ?
SSH connection to compute instance via Google cloud sdk and third party custom key:
First I will show you how to connect via gcloud command.
The command to ssh into the instance is :
gcloud compute ssh user@instancename
ssh key is a metadata and when you run the gcloud compute ssh command it uploads the key automatically and update the project metadata and connects to that instance immediately without us to doing the work .
you can also use the command with extra information as mentioned in the Google cloud Console ssh area:
gcloud compute --project “PROJECT_ID” ssh --zone “asia-east1-b” “INSTANCE_NAME”
If you want to know what is happening internally when you run this command then you can use the --dry-run flag at the end.
You can also see the uploaded keys in the google cloud console.
Next lets move to the ssh connection with custom key . For this first you need to generate a rsa key pair.
Command: ssh-keygen -t rsa -f test-keys -C user
This creates two files for the user sam , now copy the contents of test_keys.pub and create a text file where you need to enter the key in a format :
user:ssh-rsa………… user
in this case just append “sam:” before the pasted content in the new text file created. Now you need to upload this key to the instance. Note that this will be instance level metadata not the project level.
Command: gcloud compute instance add-metadata INSTANCE_NAME — metadata-from-file ssh-keys=FILE_NAME
one the keys are uploaded to the instance you can now ssh using the test_keys which is the private key .
Command: ssh -i ./test_keys user@ipaddress
You can also see the key in the instance metadata , if you delete the key from the instance then you would not be able to login with this key. But you can still login using the gcloud command , even if you delete the project level keys you can login as the user has the permission to login using the gcloud command.
So now you should be able to create a VPC in Custom Subnet and ssh into it using the Google cloud SDK and the custom created key s as well.
Creating Snapshots : Creating snapshots of the disks is a great way of backing up your work. Snapshots are incremental means once you create a snapshot it will take full backup after then whenever you take the snapshot it will only take the incremental changes that happened and saving the space. Lets see how to create snapshots.
Command- gcloud compute disks snapshot DISK_NAME
the create command tells to create a snapshot of the disk provided. Since we can have same instances and disks name in different zones so you need to elect the region where the instance disk is present.
As you can see I created two snapshots with the above command and the size difference is hug as the second time I didn't change anything so its just around 1 mb. Incremental backups are very useful for keeping your instance backed up and you can spin up a compute instance from a snapshot while creating.
Creating Images: you can create the images based on the need. Images will show you that list of images available and images have size, family creator etc. Image Family is a good feature where you can keep your images versioned and you can always choose the latest image from the family, you can deprecate images as well inside image family. Lets create an Image out of the compute instance that we have. You can create image out of disk, Snapshot, Image and cloud storage where you can bring your own image.
You can create the instance out if this image same as snapshots:
So to summarize in this article I have explained about :
- Compute instance in custom VPC
- Firewall rules enabling
- ssh to compute instance using gcloud
- ssh to compute instance using custom keys
- project level and instance level metadata difference
- creation of snapshots and incremental snapshots
- creation of images and image family
Happy Learning & Happy Coding
Saiyam Pathak
https://www.linkedin.com/in/saiyam-pathak-97685a64/
https://twitter.com/SaiyamPathak
