Claud Shell commands-Virtual Networks Module 1.2.5 Flashcards
create the privatenet
gcloud compute networks create privatenet –subnet-mode=custom
create the privatesubnet-us subnet
gcloud compute networks subnets create privatesubnet-us –network=privatenet –region=Lab region –range=172.16.0.0/24
list the available VPC networks
gcloud compute networks list
To list the available VPC subnets (sorted by VPC network)
gcloud compute networks subnets list –sort-by=NETWORK
create the privatenet-allow-icmp-ssh-rdp firewall rule
gcloud compute firewall-rules create privatenet-allow-icmp-ssh-rdp –direction=INGRESS –priority=1000 –network=privatenet –action=ALLOW –rules=icmp,tcp:22,tcp:3389 –source-ranges=0.0.0.0/0
list all the firewall rules
gcloud compute firewall-rules list –sort-by=NETWORK
create the privatenet-us-vm instance
gcloud compute instances create privatenet-us-vm –zone=Lab Zone –machine-type=e2-micro –subnet=privatesubnet-us –image-family=debian-11 –image-project=debian-cloud –boot-disk-size=10GB –boot-disk-type=pd-standard –boot-disk-device-name=privatenet-us-vm
all the VM instances (sorted by zone)
gcloud compute instances list –sort-by=ZONE
ssh to vm-internal through IAP tunel
gcloud compute ssh vm-internal –zone us-central1-c –tunnel-through-iap.
iap needs to be enabled by firewall
If instance doesn’t have external IP we can’t simple ssh to it from cloud shel
set the project Id
gcloud config set project [projectID]
Copy an image from a public Cloud Storage bucket to your own bucket.
gsutil cp gs://cloud-training/gcpnet/private/access.svg gs://$MY_BUCKET
cloud bucket get the default access list that’s been assigned to setup.html
gsutil acl get gs://$BUCKET_NAME_1/setup.html
cloud bucket set the access list to private
gsutil acl set private gs://$BUCKET_NAME_1/setup.html
cloud bucket update the access list to make the file publicly readable
gsutil acl ch -u AllUsers:R gs://$BUCKET_NAME_1/setup.html
cloud bucket create boto file for configuring your own encryption keys
gsutil config -n
cloud bucket add own encryption keys to bucket conf
add key generated by
python3 -c ‘import base64; import os; print(base64.encodebytes(os.urandom(32)))’
to boto file and it is used automatically when uploading files to the bucket
cloud bucket rewrite a file
When a file is encrypted, rewriting the file decrypts it
gsutil rewrite -k gs://$BUCKET_NAME_1/setup.html
Co
cloud bucket view cloud lifecycle policy
view the current lifecycle policy
cloud bucket set lifecycle policy
gsutil lifecycle set life.json gs://$BUCKET_NAME_1
Copie
cloud bucket view the current versioning status
gsutil versioning get gs://$BUCKET_NAME_1
cloud bucket enable versioning
gsutil versioning set on gs://$BUCKET_NAME_1
synchronise a directory to a bucket
gsutil rsync -r ./firstlevel
authorize the VM to use the Google Cloud API
gcloud auth activate-service-account –key-file credentials.json
deploy the application to App Engine using yaml file
gcloud app deploy app.yaml
create a VPC network called vpc-demo
gcloud compute networks create vpc-demo –subnet-mode custom
create subnet vpc-demo-subnet1 in the region <filled></filled>
gcloud compute networks subnets create vpc-demo-subnet1 \
–network vpc-demo –range 10.1.1.0/24 –region “filled at lab start”
Create a firewall rule to allow all custom traffic within the network:
gcloud compute firewall-rules create vpc-demo-allow-custom \
–network vpc-demo \
–allow tcp:0-65535,udp:0-65535,icmp \
–source-ranges 10.0.0.0/8
Create a firewall rule to allow SSH, ICMP traffic from anywhere:
gcloud compute firewall-rules create vpc-demo-allow-ssh-icmp \
–network vpc-demo \
–allow tcp:22,icmp
Create a VM instance vpc-demo-instance1 in zone <filled></filled>
gcloud compute instances create vpc-demo-instance1 –machine-type=e2-medium –zone “filled at lab start” –subnet vpc-demo-subnet1
create an HA VPN in the vpc-demo network:
gcloud compute vpn-gateways create vpc-demo-vpn-gw1 –network vpc-demo –region “filled at lab start”
View details of the vpc-demo-vpn-gw1 gateway to verify its settings:
gcloud compute vpn-gateways describe vpc-demo-vpn-gw1 –region “filled at lab start”
Create a cloud router in the vpc-demo network
gcloud compute routers create vpc-demo-router1 \
–region “filled at lab start” \
–network vpc-demo \
–asn 65001
Create the first VPN tunnel in the vpc-demo network:
gcloud compute vpn-tunnels create vpc-demo-tunnel0 \
–peer-gcp-gateway on-prem-vpn-gw1 \
–region “filled at lab start” \
–ike-version 2 \
–shared-secret [SHARED_SECRET] \
–router vpc-demo-router1 \
–vpn-gateway vpc-demo-vpn-gw1 \
–interface 0
Create the second VPN tunnel in the vpc-demo network
gcloud compute vpn-tunnels create vpc-demo-tunnel1 \
–peer-gcp-gateway on-prem-vpn-gw1 \
–region “filled at lab start” \
–ike-version 2 \
–shared-secret [SHARED_SECRET] \
–router vpc-demo-router1 \
–vpn-gateway vpc-demo-vpn-gw1 \
–interface 1
Create the router interface for tunnel0 in network vpc-demo
gcloud compute routers add-interface vpc-demo-router1 \
–interface-name if-tunnel0-to-on-prem \
–ip-address 169.254.0.1 \
–mask-length 30 \
–vpn-tunnel vpc-demo-tunnel0 \
–region “filled at lab start”
Create the BGP peer for tunnel0 in network vpc-demo:
gcloud compute routers add-bgp-peer vpc-demo-router1 \
–peer-name bgp-on-prem-tunnel0 \
–interface if-tunnel0-to-on-prem \
–peer-ip-address 169.254.0.2 \
–peer-asn 65002 \
–region “filled at lab start”
Allow traffic from network VPC on-prem to vpc-demo:
gcloud compute firewall-rules create vpc-demo-allow-subnets-from-on-prem \
–network vpc-demo \
–allow tcp,udp,icmp \
–source-ranges 192.168.1.0/24
List the VPN tunnels you just created
gcloud compute vpn-tunnels list