* review /A

storage/NextCloud-as-container@GCP.md

@@ -5,42 +5,55 @@
 2024-09-15  * review and refresh doc /A
               this will install Nextcloud instance with Cloud SQL DB backend,
               without SSL and no storage configured /A
+2024-09-16  * review and refresh /A
+              new organization in GCP and fresh deployment
 ```
 
 
+APIs:
+- Cloud SQL
+- Cloud SQL - network connect
+- [artifactregistry.googleapis.com] not enabled on project [metal-sky-xx]
+- message=Kubernetes Engine API has not been used in project metal-sky-xx
+  https://console.cloud.google.com/apis/library/container.googleapis.com?project=metal-sky-xx
 
 
-Preparations
+## Create DB, DB user in Cloud SQL:
+```
+# takes 10-15 minutes
+public IP address:   34.88.xx.xx
+internal IP address: 172.21.xx.xx
+DB: hub2_2dz_fi_nextcloud
+u:  hub2_2dz_fi_nextcloud_nc
+p:  (StrongPass)
+```
+
+
+
+Preparations (check where are you running commands from)
 ```shell
+uname -a
+hostname
+
+gcloud init
 gcloud auth list
 gcloud auth login (GCP account)
 gcloud config set account (GCP account)
 gcloud projects list
-gcloud init
+# reauthenticate
 gcloud config list project
+gcloud config set project spry-analyzer-xxxxxx
 gcloud config set accessibility/screen_reader false
 gcloud config set compute/region europe-north1
 gcloud config set compute/zone europe-north1-c
-gcloud config set project spry-analyzer-xxxxxx
 ```
 
 
-
-## Create DB, DB user in Cloud SQL:
-```
-public IP address:   34.88.xx.xx
-internal IP address: 172.21.xx.xx
-DB: hub2_2dz_fi_nextcloud
-u:  hub2_2dz_fi_nextcloud
-p:  (StrongPass)
-```
-
-
-
 Make local tmp dir, clone repo
 ```bash
-mkdir delme22
-cd delme22
+cd
+mkdir -p delme/GCP.2024-09-16.1155
+cd delme/GCP.2024-09-16.1155
 git clone https://github.com/nextcloud/docker.git
 ```
 
@@ -59,6 +72,7 @@ Provide credentials (earlier created for DB) and configure settings (which port
 vi db.env
 vi docker-compose.yml
 ```
+Check port mapping (should be defaults)
 ```bash
   app:
     ports:
@@ -66,8 +80,7 @@ vi docker-compose.yml
 ```
 
 
-Create repostory in Artifact Registry
-Create, check
+Create repostory in Artifact Registry, check
 ```bash
 gcloud auth configure-docker europe-north1-docker.pkg.dev
 gcloud artifacts repositories create nc-docker-local \
@@ -83,26 +96,29 @@ Get URL for repository, will need it later
 gcloud artifacts repositories describe nc-docker-local --location=europe-north1
 ```
 ```bash
-Registry URL: europe-north1-docker.pkg.dev/spry-analyzer-xxxxxx/nc-docker-local
+Registry URL: europe-north1-docker.pkg.dev/spry-analyzer-xx/nc-docker-local
 ```
 
 
-Install docker on Debian and give local permissions
+Install docker on Debian and check/give local permissions
 ```bash
 https://docs.docker.com/engine/install/debian/#install-using-the-repository
-
+cat /etc/group | grep docker
 sudo groupadd docker
 sudo usermod -aG docker (your username)
-cat /etc/group | grep docker
 logout
 # login again
 ```
 
+Install docker on MacOS
+```zsh
+brew install --cask docker
+```
 
 Build application, tag it and push it to repository (use repo URL extracted earlier) and check
 ```bash
-cd delme22/docker
-gcloud artifacts repositories describe nc-docker-local --location=europe-north1 | grep URL
+cd
+cd delme/GCP.2024-09-16.1155
 # note a dot in the end.
 docker build -t (! repo URL here without https !)/nc-docker-app:v1 .
 docker images
@@ -128,7 +144,8 @@ gcloud artifacts repositories add-iam-policy-binding nc-docker-local \
     --role="roles/artifactregistry.writer"
 ```
 
-Open necessary ports in firewalls (basically from everywhere to deployment machine on port tcp/8081):
+
+If deployment machine is in GCP itself, open necessary ports in firewalls (basically from everywhere to deployment machine on port tcp/8081):
 ```bash
 gcloud compute --project=spry-analyzer-xxxxxx firewall-rules create \
   untrust--gcp1mx1-tcp8081 \
@@ -145,13 +162,12 @@ gcloud compute --project=spry-analyzer-xxxxxx firewall-rules create \
 
 Run docker locally (will be exposed to 8080)
 ```bash
-gcloud artifacts repositories list
-gcloud artifacts repositories describe nc-docker-local --location=europe-north1 | grep URL
 tmux a
 tmux
 # in this example we publish internal port 80 (inside of container) on port 8081 (host machine)
+docker images
 docker run --rm -p 8081:80 (repo URL)/nc-docker-app:v1
-C-B n
+C-B c
 docker ps -a
 sudo ss -ntap | grep docker
 sudo ss -ntap | grep 8081
@@ -175,15 +191,29 @@ docker push (repo URL)/nc-docker-app:v1
 
 List content of repostiory
 ```bash
-gcloud artifacts files list --location=europe-north1 --project=spry-analyzer-xxxxxx --repository=nc-docker-local
+gcloud artifacts repositories list
+gcloud artifacts files list \
+  --location=europe-north1 \
+  --project=spry-analyzer-xxxxxx \
+  --repository=nc-docker-local
 ```
 
 
 Create a GKE cluster
 ```shell
+# for Debian
 sudo apt-get install kubectl google-cloud-cli-gke-gcloud-auth-plugin
+# for Mac
+gcloud components install gke-gcloud-auth-plugin
+
 gcloud components install kubectl
-gcloud container clusters create --machine-type=e2-micro --zone=europe-north1-c twodz-nc-demo
+gcloud container clusters list
+# add scale and autosclae parameters to creation process
+gcloud container clusters create \
+  twodz-nc-demo \
+  --machine-type=e2-micro \
+  --zone=europe-north1-c
+# will take some time
 gcloud container clusters list
 ```
 
@@ -198,23 +228,30 @@ kubectl cluster-info
 
 Deploy an application to the cluster
 ```shell
-kubectl create deployment nc-demo-app --image=europe-north1-docker.pkg.dev/spry-analyzer-xxxxxx/nc-docker-local/nc-docker-app:v1
+kubectl create deployment nc-demo-app \
+  --image=europe-north1-docker.pkg.dev/spry-analyzer-xxxxxx/nc-docker-local/nc-docker-app:v1
+kubectl edit deployment nc-demo-app
 kubectl get deployments
 kubectl scale deployment nc-demo-app --replicas=1
-kubectl autoscale deployment nc-demo-app --cpu-percent=80 --min=1 --max=1
+# kubectl autoscale deployment nc-demo-app --cpu-percent=80 --min=1 --max=3
+kubectl autoscale deployment nc-demo-app --min=1 --max=1
 ```
 
 Get into pods
 ```bash
 kubectl get pods --output=wide
-kubectl exec --stdin --tty nc-demo-app-54dc479f5-crvhx -- /bin/bash
+kubectl get pods -o=wide
+kubectl exec --stdin --tty nc-demo-app-xx-yy -- /bin/bash
 ```
 
-
-
 ## Publish to Internet (create load balancer)
 ```bash
-kubectl expose deployment nc-demo-app --name=nc-demo-app-service --type=LoadBalancer --port 80 --target-port 80
+kubectl expose deployment \
+  nc-demo-app \
+  --name=nc-demo-app-service \
+  --type=LoadBalancer \
+  --port 80 \
+  --target-port 80
 # wait for external IP be assigned from '<pending> state'
 watch -n1 kubectl get services --output=wide
 kubectl get services --output=wide
@@ -229,7 +266,7 @@ open -a firefox http://(external load balancer's IP address)
 ## Cleaning
 ```shell
 # takes some time...
-kubectl delete  deployment nc-demo-app
+kubectl delete deployment nc-demo-app
 gcloud container clusters list
 # takes some time ...
 gcloud container clusters delete twodz-nc-demo --zone=europe-north1-c