GCP21 GCP VM(+UDP LB) 구성하여 Wireguard VPN 설치 GCP(Google Cloud Platform)에 GCE 인스턴스를 생성하여 오픈소스 VPN 인 wireguard 을 설치하고, UDP passthrough LB 를 추가하여 구성한다. # VPN VM 생성GCP 콘솔에서 생성하거나 gcloud 커맨드를 통해 생성해도 관계 없지만, 어떤 방법으로 생성하든 "IP forwarding"(terraform 에서는 "can_ip_forward") 옵션을 반드시 활성화해야한다. resource "google_compute_instance" "vpn" { name = "test-vpn" project = var.gcp_project machine_type = "e2-medium" zone = "asia-northeast3.. 2025. 3. 31. workload identity federation with keycloak workload identity federation with keycloak -> Authenticate without gcp service account json key by linking keycloak with oidc provider workload identity federation https://cloud.google.com/iam/docs/workload-identity-federation Integrate Cloud Run and workload identity federation https://cloud.google.com/iam/docs/tutorial-cloud-run-workload-id-federation Configure workload identity federation wit.. 2023. 7. 9. workload identity federation with k8s cluster This post covers how to use Kubernetes as an OIDC provider role to use GCP's workload identity federation service by delegating an IAM role without a json key for your GCP service account. It can be used when an application running on a Kubernetes cluster in a non-GCP environment wants to access GCP's services, or when an application running on a server in a non-GCP environment wants to access G.. 2023. 7. 2. GKE workload identity # Grant gcp permissions to pods using workload identity -> Rather than granting a gcp service account to individual nodes or the entire cluster, a k8s service account is created, and the k8s service account is set to assume the gcp service account role, thereby granting gcp specific service permissions only to the pod. https://cloud.google.com/kubernetes-engine/docs/how-to/workload-identity?hl=k.. 2023. 7. 1. Restore from CloudSQL MSSQL backup data Restore from CloudSQL MSSQL backup data https://cloud.google.com/sql/docs/sqlserver/import-export/import-export-bak#import # Grant GCS permissions to the CloudSQL service account Check the service account for your CloudSQL instance gcloud sql instances describe premisan-test-mssql --project my-project | grep serviceAccountEmailAddress Add access to GCS bucket gcloud projects add-iam-policy-bindi.. 2023. 5. 12. Restoring from a GCP CloudSQL MySQL snapshot Restoring from a GCP CloudSQL MySQL snapshot https://cloud.google.com/sql/docs/postgres/backup-recovery/restoring?hl=ko # Check backup id curl -X GET \ -H "Authorization: Bearer "$(gcloud auth print-access-token) \ "https://sqladmin.googleapis.com/v1/projects/my-project-a/instances/premisan-test/backupRuns" Output { "kind": "sql#backupRunsList", "items": [ { "kind": "sql#backupRun", "status": "S.. 2023. 5. 12. Setting up a GCP CloudSQL maintenance window Setting up a GCP CloudSQL maintenance window Maintenance information for Cloud SQL instances https://cloud.google.com/sql/docs/mysql/maintenance?hl=ko Check and set maintenance windows https://cloud.google.com/sql/docs/mysql/set-maintenance-window?hl=ko Self-service maintenance https://cloud.google.com/sql/docs/mysql/self-service-maintenance?hl=ko (memorystore redis) maintenance policy https://c.. 2023. 5. 12. Create GCP Internal TCP Proxy LB Create GCP Internal TCP Proxy LB -> Currently, it can only be created through the gcloud CLI, not in the GCP console. https://cloud.google.com/load-balancing/docs/tcp/set-up-int-tcp-proxy-zonal#configure-the-load-balancer https://registry.terraform.io/providers/hashicorp/google-beta/latest/docs/resources/compute_forwarding_rule # Create a subnet dedicated to regional proxy Migrate an existing ht.. 2023. 5. 12. gcsfuse gcsfuse -> Utility to mount gcs like a file system https://github.com/GoogleCloudPlatform/gcsfuse/ # installation https://github.com/GoogleCloudPlatform/gcsfuse/blob/master/docs/installing.md ## centos sudo tee /etc/yum.repos.d/gcsfuse.repo > /dev/null Modify Instance -> Manage API and Identity -> Cloud API Access Scope -> Storage -> Change to Full # use # mount gcsfuse premisan-test-bucket-123 .. 2023. 5. 12. 이전 1 2 3 다음
