* redeployed demo /A

storage/NextCloud-as-container@GCP.md

@@ -1,14 +1,24 @@
 # installing NextCloud container to GCP GKE
 
+```
+2024-05-23  + initial deployment demo /A
+2024-09-15  * review and refresh doc /A
+              this will install Nextcloud instance with Cloud SQL DB backend,
+              without SSL and no storage configured /A
+```
+
 
 
 
 Preparations
 ```shell
-gcloud ini
-gcloud config set accessibility/screen_reader false
 gcloud auth list
+gcloud auth login (GCP account)
+gcloud config set account (GCP account)
+gcloud projects list
+gcloud init
 gcloud config list project
+gcloud config set accessibility/screen_reader false
 gcloud config set compute/region europe-north1
 gcloud config set compute/zone europe-north1-c
 gcloud config set project spry-analyzer-xxxxxx
@@ -18,27 +28,48 @@ gcloud config set project spry-analyzer-xxxxxx
 
 ## Create DB, DB user in Cloud SQL:
 ```
-34.88.xx.xx
-172.21.xx.xx
+public IP address:   34.88.xx.xx
+internal IP address: 172.21.xx.xx
 DB: hub2_2dz_fi_nextcloud
-u: hub2_2dz_fi_nextcloud
-p: (StrongPass)
+u:  hub2_2dz_fi_nextcloud
+p:  (StrongPass)
 ```
 
 
 
-## Create repostory in Artifact Registry
+Make local tmp dir, clone repo
+```bash
+mkdir delme22
+cd delme22
+git clone https://github.com/nextcloud/docker.git
 ```
-Docker
-Remote
-Docker Hub
-Unauthenticated
+
+Copy templates
+```bash
+cd docker
+cp .examples/dockerfiles/full/apache/Dockerfile .
+cp .examples/dockerfiles/full/apache/supervisord.conf .
+cp .examples/docker-compose/insecure/mariadb/apache/db.env .
+cp .examples/docker-compose/insecure/mariadb/apache/docker-compose.yml .
 ```
 
 
+Provide credentials (earlier created for DB) and configure settings (which port to publish to (internal to external)
+```bash
+vi db.env
+vi docker-compose.yml
+```
+```bash
+  app:
+    ports:
+      - 127.0.0.1:8080:80
+```
+
 
+Create repostory in Artifact Registry
 Create, check
 ```bash
+gcloud auth configure-docker europe-north1-docker.pkg.dev
 gcloud artifacts repositories create nc-docker-local \
    --repository-format=docker \
    --mode=standard-repository \
@@ -47,44 +78,45 @@ gcloud artifacts repositories list
 ```
 
 
-Get URL for repository
+Get URL for repository, will need it later
 ```bash
 gcloud artifacts repositories describe nc-docker-local --location=europe-north1
 ```
-
-
-Make local tmp dir, clone repo
 ```bash
-mkdir delme11
-cd delme11/docker
-git clone https://github.com/nextcloud/docker.git
+Registry URL: europe-north1-docker.pkg.dev/spry-analyzer-xxxxxx/nc-docker-local
 ```
 
-Copy templates
-```bash
-cp .examples/dockerfiles/full/apache/Dockerfile .
-cp .examples/dockerfiles/full/apache/supervisord.conf .
-cp .examples/docker-compose/insecure/mariadb/apache/db.env .
-```
 
-Provide ecredentials
+Install docker on Debian and give local permissions
 ```bash
-vi db.env
-cp .examples/docker-compose/insecure/mariadb/apache/docker-compose.yml .
-vi docker-compose.yml
+https://docs.docker.com/engine/install/debian/#install-using-the-repository
+
+sudo groupadd docker
+sudo usermod -aG docker (your username)
+cat /etc/group | grep docker
+logout
+# login again
 ```
 
-Build application, tag it and push it to repository
+
+Build application, tag it and push it to repository (use repo URL extracted earlier) and check
 ```bash
-docker build -t europe-north1-docker.pkg.dev/spry-analyzer-xxxxxx/nc-docker-local/nc-docker-app:v1 .
+cd delme22/docker
+gcloud artifacts repositories describe nc-docker-local --location=europe-north1 | grep URL
+# note a dot in the end.
+docker build -t (! repo URL here without https !)/nc-docker-app:v1 .
 docker images
 ```
 
-Give permissions. Get project iD number.
+Give permissions. Get project number, not project name, not project ID and substitute it. Grant permissions for service account to read from "nc-docker-local" repository.
 ```bash
 gcloud projects list
-853xxxxxxx034
-
+```
+```bash
+PROJECT_ID            NAME       PROJECT_NUMBER
+spry-analyzer-xxxxxx  infra-pvt  853xxxxxxx34
+```
+```bash
 gcloud artifacts repositories add-iam-policy-binding nc-docker-local \
     --location=europe-north1 \
     --member=serviceAccount:853xxxxxxx34-compute@developer.gserviceaccount.com \
@@ -96,23 +128,48 @@ gcloud artifacts repositories add-iam-policy-binding nc-docker-local \
     --role="roles/artifactregistry.writer"
 ```
 
-Issue:
+Open necessary ports in firewalls (basically from everywhere to deployment machine on port tcp/8081):
 ```bash
-ERROR: (gcloud.artifacts.repositories.add-iam-policy-binding) PERMISSION_DENIED: The caller does not have permission
+gcloud compute --project=spry-analyzer-xxxxxx firewall-rules create \
+  untrust--gcp1mx1-tcp8081 \
+  --description="temporary testing internal image docker" \
+  --direction=INGRESS \
+  --priority=1000 \
+  --network=default \
+  --action=ALLOW \
+  --rules=tcp:8081 \
+  --source-ranges=0.0.0.0/0 \
+  --destination-ranges=10.xx.0.xx/32 \
+  --enable-logging
 ```
 
-
 Run docker locally (will be exposed to 8080)
 ```bash
-docker run --rm -p 8080:80 europe-north1-docker.pkg.dev/spry-analyzer-xxxxxx/nc-docker-local/nc-docker-app:v1
+gcloud artifacts repositories list
+gcloud artifacts repositories describe nc-docker-local --location=europe-north1 | grep URL
+tmux a
+tmux
+# in this example we publish internal port 80 (inside of container) on port 8081 (host machine)
+docker run --rm -p 8081:80 (repo URL)/nc-docker-app:v1
+C-B n
+docker ps -a
+sudo ss -ntap | grep docker
+sudo ss -ntap | grep 8081
+curl http://127.0.0.1:8081
+curl ifconfig.io
 ```
 
+Open with workstation local browser
+```bash
+open -a firefox http://(IP address from output above):8081/
+```
 
+At this point, if deployment is successful, we are ready to publish image to repo (Artifact Registry)
 
 Pushing docker image into Artifact Registry
 ```bash
 gcloud auth configure-docker europe-north1-docker.pkg.dev
-docker push europe-north1-docker.pkg.dev/spry-analyzer-xxxxxx/nc-docker-local/nc-docker-app:v1
+docker push (repo URL)/nc-docker-app:v1
 ```
 
 
@@ -124,6 +181,7 @@ gcloud artifacts files list --location=europe-north1 --project=spry-analyzer-xxx
 
 Create a GKE cluster
 ```shell
+sudo apt-get install kubectl google-cloud-cli-gke-gcloud-auth-plugin
 gcloud components install kubectl
 gcloud container clusters create --machine-type=e2-micro --zone=europe-north1-c twodz-nc-demo
 gcloud container clusters list
@@ -140,10 +198,14 @@ kubectl cluster-info
 
 Deploy an application to the cluster
 ```shell
-kubectl create deployment nc-demo-app --image=europe-north1-docker.pkg.dev/spry-analyzer-xxxxxx/nc-docker-local/nc-docker-app:v3
+kubectl create deployment nc-demo-app --image=europe-north1-docker.pkg.dev/spry-analyzer-xxxxxx/nc-docker-local/nc-docker-app:v1
 kubectl get deployments
 kubectl scale deployment nc-demo-app --replicas=1
 kubectl autoscale deployment nc-demo-app --cpu-percent=80 --min=1 --max=1
+```
+
+Get into pods
+```bash
 kubectl get pods --output=wide
 kubectl exec --stdin --tty nc-demo-app-54dc479f5-crvhx -- /bin/bash
 ```
@@ -154,15 +216,20 @@ kubectl exec --stdin --tty nc-demo-app-54dc479f5-crvhx -- /bin/bash
 ```bash
 kubectl expose deployment nc-demo-app --name=nc-demo-app-service --type=LoadBalancer --port 80 --target-port 80
 # wait for external IP be assigned from '<pending> state'
+watch -n1 kubectl get services --output=wide
 kubectl get services --output=wide
-firefox http://[EXTERNAL-IP]:80
 ```
 
+When external IP is assigned, open it using local browser
+```bash
+open -a firefox http://(external load balancer's IP address)
+```
 
 
 ## Cleaning
 ```shell
 kubectl delete  deployment nc-demo-app
+# takes some time
 gcloud container clusters delete twodz-nc-demo --zone=europe-north1-c
 docker rmi -f 0fa923cc879e
 ```
@@ -199,3 +266,8 @@ apt update
 apt install net-tools
 netstat -ntap
 ```
+
+
+
+On welcome page, provide !internal IP address for Cloud SQL (earlier created)
+login: admin