Anton TETERIN 5 months ago
 # installing NextCloud container to GCP GKE
+2024-05-23  + initial deployment demo /A
+2024-09-15  * review and refresh doc /A
+              this will install Nextcloud instance with Cloud SQL DB backend,
+              without SSL and no storage configured /A
-gcloud ini
-gcloud config set accessibility/screen_reader false
 gcloud auth list
+gcloud auth login (GCP account)
+gcloud config set account (GCP account)
+gcloud projects list
+gcloud init
 gcloud config list project
+gcloud config set accessibility/screen_reader false
 gcloud config set compute/region europe-north1
 gcloud config set compute/zone europe-north1-c
 gcloud config set project spry-analyzer-xxxxxx
 ## Create DB, DB user in Cloud SQL:
+public IP address:   34.88.xx.xx
+internal IP address: 172.21.xx.xx
 DB: hub2_2dz_fi_nextcloud
-u: hub2_2dz_fi_nextcloud
-p: (StrongPass)
+u:  hub2_2dz_fi_nextcloud
+p:  (StrongPass)
-## Create repostory in Artifact Registry
+Make local tmp dir, clone repo
+mkdir delme22
+cd delme22
+git clone
-Docker Hub
+Copy templates
+cd docker
+cp .examples/dockerfiles/full/apache/Dockerfile .
+cp .examples/dockerfiles/full/apache/supervisord.conf .
+cp .examples/docker-compose/insecure/mariadb/apache/db.env .
+cp .examples/docker-compose/insecure/mariadb/apache/docker-compose.yml .
+Provide credentials (earlier created for DB) and configure settings (which port to publish to (internal to external)
+vi db.env
+vi docker-compose.yml
+  app:
+    ports:
+      -
+Create repostory in Artifact Registry
 Create, check
+gcloud auth configure-docker
 gcloud artifacts repositories create nc-docker-local \
    --repository-format=docker \
    --mode=standard-repository \
-Get URL for repository
+Get URL for repository, will need it later
 gcloud artifacts repositories describe nc-docker-local --location=europe-north1
-Make local tmp dir, clone repo
-mkdir delme11
-cd delme11/docker
-git clone
+Registry URL:
-Copy templates
-cp .examples/dockerfiles/full/apache/Dockerfile .
-cp .examples/dockerfiles/full/apache/supervisord.conf .
-cp .examples/docker-compose/insecure/mariadb/apache/db.env .
-Provide ecredentials
+Install docker on Debian and give local permissions
-vi db.env
-cp .examples/docker-compose/insecure/mariadb/apache/docker-compose.yml .
-vi docker-compose.yml
+sudo groupadd docker
+sudo usermod -aG docker (your username)
+cat /etc/group | grep docker
+# login again
-Build application, tag it and push it to repository
+Build application, tag it and push it to repository (use repo URL extracted earlier) and check
-docker build -t .
+cd delme22/docker
+gcloud artifacts repositories describe nc-docker-local --location=europe-north1 | grep URL
+# note a dot in the end.
+docker build -t (! repo URL here without https !)/nc-docker-app:v1 .
 docker images
-Give permissions. Get project iD number.
+Give permissions. Get project number, not project name, not project ID and substitute it. Grant permissions for service account to read from "nc-docker-local" repository.
 gcloud projects list
+spry-analyzer-xxxxxx  infra-pvt  853xxxxxxx34
 gcloud artifacts repositories add-iam-policy-binding nc-docker-local \
     --location=europe-north1 \ \
+Open necessary ports in firewalls (basically from everywhere to deployment machine on port tcp/8081):
-ERROR: (gcloud.artifacts.repositories.add-iam-policy-binding) PERMISSION_DENIED: The caller does not have permission
+gcloud compute --project=spry-analyzer-xxxxxx firewall-rules create \
+  untrust--gcp1mx1-tcp8081 \
+  --description="temporary testing internal image docker" \
+  --direction=INGRESS \
+  --priority=1000 \
+  --network=default \
+  --action=ALLOW \
+  --rules=tcp:8081 \
+  --source-ranges= \
+  --destination-ranges=10.xx.0.xx/32 \
+  --enable-logging
 Run docker locally (will be exposed to 8080)
-docker run --rm -p 8080:80
+gcloud artifacts repositories list
+gcloud artifacts repositories describe nc-docker-local --location=europe-north1 | grep URL
+tmux a
+# in this example we publish internal port 80 (inside of container) on port 8081 (host machine)
+docker run --rm -p 8081:80 (repo URL)/nc-docker-app:v1
+C-B n
+docker ps -a
+sudo ss -ntap | grep docker
+sudo ss -ntap | grep 8081
+Open with workstation local browser
+open -a firefox http://(IP address from output above):8081/
+At this point, if deployment is successful, we are ready to publish image to repo (Artifact Registry)
 Pushing docker image into Artifact Registry
 gcloud auth configure-docker
-docker push
+docker push (repo URL)/nc-docker-app:v1
 Create a GKE cluster
+sudo apt-get install kubectl google-cloud-cli-gke-gcloud-auth-plugin
 gcloud components install kubectl
 gcloud container clusters create --machine-type=e2-micro --zone=europe-north1-c twodz-nc-demo
 gcloud container clusters list
 Deploy an application to the cluster
-kubectl create deployment nc-demo-app
+kubectl create deployment nc-demo-app
 kubectl get deployments
 kubectl scale deployment nc-demo-app --replicas=1
 kubectl autoscale deployment nc-demo-app --cpu-percent=80 --min=1 --max=1
+Get into pods
 kubectl get pods --output=wide
 kubectl exec --stdin --tty nc-demo-app-54dc479f5-crvhx -- /bin/bash
 kubectl expose deployment nc-demo-app --name=nc-demo-app-service --type=LoadBalancer --port 80 --target-port 80
 # wait for external IP be assigned from '<pending> state'
+watch -n1 kubectl get services --output=wide
 kubectl get services --output=wide
-firefox http://[EXTERNAL-IP]:80
+When external IP is assigned, open it using local browser
+open -a firefox http://(external load balancer's IP address)
 ## Cleaning
 kubectl delete  deployment nc-demo-app
+# takes some time
 gcloud container clusters delete twodz-nc-demo --zone=europe-north1-c
 docker rmi -f 0fa923cc879e
 apt install net-tools
 netstat -ntap
+On welcome page, provide !internal IP address for Cloud SQL (earlier created)
+login: admin