Browse By

Calendar

November 2024
M T W T F S S
 123
45678910
11121314151617
18192021222324
252627282930  

GSP342: Ensure Access & Identity in Google Cloud

by admin in BlogSpots

Overview

GSP342: Ensure Access & Identity in Google Cloud: In a challenge lab you’re given a scenario and a set of tasks. Instead of following step-by-step instructions, you will use the skills learned from the labs in the quest to figure out how to complete the tasks on your own! An automated scoring system (shown on this page) will provide feedback on whether you have completed your tasks correctly.

When you take a challenge lab, you will not be taught new Google Cloud concepts. You are expected to extend your learned skills, like changing default values and reading and researching error messages to fix your own mistakes.

To score 100% you must successfully complete all tasks within the time period!

This lab is recommended for students enrolled in the Ensure Access & Identity in Google Cloud quest. Are you ready for the challenge?

Topics tested

  • Create a custom security role.
  • Create a service account.
  • Bind IAM security roles to a service account.
  • Create a private Kubernetes Engine cluster in a custom subnet.
  • Deploy an application to a private Kubernetes Engine cluster

Task 1: Create a custom security role.

  1. nano role-definition.yaml

Copy the below content to file

2. copy in role-definition.yaml

title: “orca_storage_editor_498”
description: “Permissions”
stage: “ALPHA”
includedPermissions:
– storage.buckets.get
– storage.objects.get
– storage.objects.list
– storage.objects.update
– storage.objects.create
  • Save by : ctrl + o -> enter -> ctrl + x
gcloud iam roles create orca_storage_editor_498 –project $DEVSHELL_PROJECT_ID \
–file role-definition.yaml

Task 2 & 3 : Create a service account and Bind a custom security role to an account

  1. Navigate to IAM & Admin -> Service Accounts -> CREATE SERVICE ACCOUNT.
Service account name : orca-private-cluster-263-sa , then click create and add roles.
Roles : orca_storage_update
Monitoring Viewer
Monitoring Metric Writer
Logs Writer

Click CONTINUE -> DONE

Task 4 : Create and configure a new Kubernetes Engine private cluster

Replace the project id

gcloud container clusters create orca-cluster-479 –num-nodes 1 –master-ipv4-cidr=172.16.0.64/28 –network orca-build-vpc –subnetwork orca-build-subnet –enable-master-authorized-networks –master-authorized-networks 192.168.10.2/32 –enable-ip-alias –enable-private-nodes –enable-private-endpoint –service-account orca-private-cluster-263-sa@<project id>.iam.gserviceaccount.com –zone us-east1-b

Task 5 : Deploy an application to a private Kubernetes Engine cluster

  • SSH to orca-jumphost VM instance
  • Replace the project id
gcloud container clusters get-credentials orca-cluster-479 –internal-ip –zone us-east1-b –project <project id>

kubectl create deployment hello-server –image=gcr.io/google-samples/hello-app:1.0

Congratulations, you’re all done with the lab 😄