본문 바로가기

GCP20

workload identity federation with keycloak workload identity federation with keycloak -> Authenticate without gcp service account json key by linking keycloak with oidc provider workload identity federation https://cloud.google.com/iam/docs/workload-identity-federation Integrate Cloud Run and workload identity federation https://cloud.google.com/iam/docs/tutorial-cloud-run-workload-id-federation Configure workload identity federation wit.. 2023. 7. 9.
workload identity federation with k8s cluster This post covers how to use Kubernetes as an OIDC provider role to use GCP's workload identity federation service by delegating an IAM role without a json key for your GCP service account. It can be used when an application running on a Kubernetes cluster in a non-GCP environment wants to access GCP's services, or when an application running on a server in a non-GCP environment wants to access G.. 2023. 7. 2.
GKE workload identity # Grant gcp permissions to pods using workload identity -> Rather than granting a gcp service account to individual nodes or the entire cluster, a k8s service account is created, and the k8s service account is set to assume the gcp service account role, thereby granting gcp specific service permissions only to the pod. https://cloud.google.com/kubernetes-engine/docs/how-to/workload-identity?hl=k.. 2023. 7. 1.
Restore from CloudSQL MSSQL backup data Restore from CloudSQL MSSQL backup data https://cloud.google.com/sql/docs/sqlserver/import-export/import-export-bak#import # Grant GCS permissions to the CloudSQL service account Check the service account for your CloudSQL instance gcloud sql instances describe premisan-test-mssql --project my-project | grep serviceAccountEmailAddress Add access to GCS bucket gcloud projects add-iam-policy-bindi.. 2023. 5. 12.
Restoring from a GCP CloudSQL MySQL snapshot Restoring from a GCP CloudSQL MySQL snapshot https://cloud.google.com/sql/docs/postgres/backup-recovery/restoring?hl=ko # Check backup id curl -X GET \ -H "Authorization: Bearer "$(gcloud auth print-access-token) \ "https://sqladmin.googleapis.com/v1/projects/my-project-a/instances/premisan-test/backupRuns" Output { "kind": "sql#backupRunsList", "items": [ { "kind": "sql#backupRun", "status": "S.. 2023. 5. 12.
Setting up a GCP CloudSQL maintenance window Setting up a GCP CloudSQL maintenance window Maintenance information for Cloud SQL instances https://cloud.google.com/sql/docs/mysql/maintenance?hl=ko Check and set maintenance windows https://cloud.google.com/sql/docs/mysql/set-maintenance-window?hl=ko Self-service maintenance https://cloud.google.com/sql/docs/mysql/self-service-maintenance?hl=ko (memorystore redis) maintenance policy https://c.. 2023. 5. 12.
Create GCP Internal TCP Proxy LB Create GCP Internal TCP Proxy LB -> Currently, it can only be created through the gcloud CLI, not in the GCP console. https://cloud.google.com/load-balancing/docs/tcp/set-up-int-tcp-proxy-zonal#configure-the-load-balancer https://registry.terraform.io/providers/hashicorp/google-beta/latest/docs/resources/compute_forwarding_rule # Create a subnet dedicated to regional proxy Migrate an existing ht.. 2023. 5. 12.
gcsfuse gcsfuse -> Utility to mount gcs like a file system https://github.com/GoogleCloudPlatform/gcsfuse/ # installation https://github.com/GoogleCloudPlatform/gcsfuse/blob/master/docs/installing.md ## centos sudo tee /etc/yum.repos.d/gcsfuse.repo > /dev/null Modify Instance -> Manage API and Identity -> Cloud API Access Scope -> Storage -> Change to Full # use # mount gcsfuse premisan-test-bucket-123 .. 2023. 5. 12.
GCS(Google Cloud Storage) GCS(Google Cloud Storage) # google cloud storage -> Same as s3 in aws # Bucket storage class and s3 storage class Standard - Standard Nearline - Standard-Infrequent Access Coldline - One Zone-Infrequent Access Archive - Glacier # gsutil -> cli command for google cloud storage -> Installed together with cloud SDK installation # Command example Check bucket list gsutil list Check the object list i.. 2023. 5. 12.