google-site-verification=EmVnnySXehAfTr_j8ZJN48hwvxJtfNf80pkPX1ObQlA Fast Track News: March Week 2 || Lab 3 || HTTP Load Balancer with Cloud Armor

March Week 2 || Lab 3 || HTTP Load Balancer with Cloud Armor

 export REGION1=

export REGION2=

export VM_ZONE=



#creating firewall rules

gcloud compute --project=$DEVSHELL_PROJECT_ID firewall-rules create default-allow-http \

--direction=INGRESS \

--priority=1000 \

--network=default \

--action=ALLOW \

--rules=tcp:80 \

--source-ranges=0.0.0.0/0 \

--target-tags=http-server

gcloud compute firewall-rules create default-allow-health-check \

--project=$DEVSHELL_PROJECT_ID \

--direction=INGRESS \

--priority=1000 \

--network=default \

--action=ALLOW \

--rules=tcp \

--source-ranges=130.211.0.0/22,35.191.0.0/16 \

--target-tags=http-server

gcloud compute instance-templates create $REGION1-template \

--project=$DEVSHELL_PROJECT_ID \

--machine-type=e2-micro \

--network-interface=network-tier=PREMIUM,subnet=default \

--metadata=startup-script-url=gs://cloud-training/gcpnet/httplb/startup.sh,enable-oslogin=true \

--maintenance-policy=MIGRATE \

--provisioning-model=STANDARD \

--region=$REGION1 \

--tags=http-server,https-server \

--create-disk=auto-delete=yes,boot=yes,device-name=$REGION1-template,image=projects/debian-cloud/global/images/debian-11-bullseye-v20230629,mode=rw,size=10,type=pd-balanced \

--no-shielded-secure-boot \

--shielded-vtpm \

--shielded-integrity-monitoring \

--reservation-affinity=any

gcloud compute instance-templates create $REGION2-template \

--project=$DEVSHELL_PROJECT_ID \

--machine-type=e2-micro \

--network-interface=network-tier=PREMIUM,subnet=default \

--metadata=startup-script-url=gs://cloud-training/gcpnet/httplb/startup.sh,enable-oslogin=true \

--maintenance-policy=MIGRATE \

--provisioning-model=STANDARD \

--region=$REGION2 \

--tags=http-server,https-server \

--create-disk=auto-delete=yes,boot=yes,device-name=$REGION2-template,image=projects/debian-cloud/global/images/debian-11-bullseye-v20230629,mode=rw,size=10,type=pd-balanced \

--no-shielded-secure-boot \

--shielded-vtpm \

--shielded-integrity-monitoring \

--reservation-affinity=any

gcloud beta compute instance-groups managed create $REGION1-mig \

--project=$DEVSHELL_PROJECT_ID \

--base-instance-name=$REGION1-mig \

--size=1 \

--template=$REGION1-template \

--region=$REGION1 \

--target-distribution-shape=EVEN \

--instance-redistribution-type=PROACTIVE \

--list-managed-instances-results=PAGELESS \

--no-force-update-on-repair

gcloud beta compute instance-groups managed set-autoscaling $REGION1-mig \

--project=$DEVSHELL_PROJECT_ID \

--region=$REGION1 \

--cool-down-period=45 \

--max-num-replicas=2 \

--min-num-replicas=1 \

--mode=on \

--target-cpu-utilization=0.8

gcloud beta compute instance-groups managed create $REGION2-mig \

--project=$DEVSHELL_PROJECT_ID \

--base-instance-name=$REGION2-mig \

--size=1 \

--template=$REGION2-template \

--region=$REGION2 \

--target-distribution-shape=EVEN \

--instance-redistribution-type=PROACTIVE \

--list-managed-instances-results=PAGELESS \

--no-force-update-on-repair

gcloud beta compute instance-groups managed set-autoscaling $REGION2-mig \

--project=$DEVSHELL_PROJECT_ID \

--region=$REGION2 \

--cool-down-period=45 \

--max-num-replicas=2 \

--min-num-replicas=1 \

--mode=on \

--target-cpu-utilization=0.8

gcloud compute health-checks create tcp http-health-check \

--description="Hello there" \

--check-interval=5s \

--timeout=5s \

--unhealthy-threshold=2 \

--healthy-threshold=2 \

--port=80 \

--proxy-header=NONE

TOKEN=$(gcloud auth application-default print-access-token)

cat > 1.json <<EOF

{

  "backends": [

    {

      "balancingMode": "RATE",

      "capacityScaler": 1,

      "group": "projects/$DEVSHELL_PROJECT_ID/regions/$REGION1/instanceGroups/$REGION1-mig",

      "maxRatePerInstance": 50

    },

    {

      "balancingMode": "UTILIZATION",

      "capacityScaler": 1,

      "group": "projects/$DEVSHELL_PROJECT_ID/regions/$REGION2/instanceGroups/$REGION2-mig",

      "maxRatePerInstance": 80,

      "maxUtilization": 0.8

    }

  ],

  "cdnPolicy": {

    "cacheKeyPolicy": {

      "includeHost": true,

      "includeProtocol": true,

      "includeQueryString": true

    },

    "cacheMode": "CACHE_ALL_STATIC",

    "clientTtl": 3600,

    "defaultTtl": 3600,

    "maxTtl": 86400,

    "negativeCaching": false,

    "serveWhileStale": 0

  },

  "compressionMode": "DISABLED",

  "connectionDraining": {

    "drainingTimeoutSec": 300

  },

  "description": "Hello there

",

  "enableCDN": true,

  "healthChecks": [

    "projects/$DEVSHELL_PROJECT_ID/global/healthChecks/http-health-check"

  ],

  "loadBalancingScheme": "EXTERNAL",

  "logConfig": {

    "enable": true,

    "sampleRate": 1

  },

  "name": "http-backend"

}

EOF

curl -X POST -H "Content-Type: application/json" \

-H "Authorization: Bearer $TOKEN" \

-d @1.json \

"https://compute.googleapis.com/compute/v1/projects/$DEVSHELL_PROJECT_ID/global/backendServices"

sleep 25

gcloud compute url-maps create http-lb \

--default-service=projects/$DEVSHELL_PROJECT_ID/global/backendServices/http-backend

gcloud compute target-http-proxies create http-lb-target-proxy \

--url-map=projects/$DEVSHELL_PROJECT_ID/global/urlMaps/http-lb

gcloud compute target-http-proxies create http-lb-target-proxy-2 \

--url-map=projects/$DEVSHELL_PROJECT_ID/global/urlMaps/http-lb

cat > 2.json <<EOF

{

    "IPProtocol": "TCP",

    "ipVersion": "IPV4",

    "loadBalancingScheme": "EXTERNAL",

    "name": "http-lb-forwarding-rule",

    "networkTier": "PREMIUM",

    "portRange": "80",

    "target": "projects/$DEVSHELL_PROJECT_ID/global/targetHttpProxies/http-lb-target-proxy"

}

EOF

curl -X POST -H "Content-Type: application/json" \

-H "Authorization: Bearer $TOKEN" \

-d @2.json \

"https://compute.googleapis.com/compute/v1/projects/$DEVSHELL_PROJECT_ID/global/forwardingRules"

cat > 3.json <<EOF

{

    "IPProtocol": "TCP",

    "ipVersion": "IPV6",

    "loadBalancingScheme": "EXTERNAL",

    "name": "http-lb-forwarding-rule-2",

    "networkTier": "PREMIUM",

    "portRange": "80",

    "target": "projects/$DEVSHELL_PROJECT_ID/global/targetHttpProxies/http-lb-target-proxy-2"

}

EOF

curl -X POST -H "Content-Type: application/json" \

-H "Authorization: Bearer $TOKEN" \

-d @3.json \

"https://compute.googleapis.com/compute/v1/projects/$DEVSHELL_PROJECT_ID/global/forwardingRules"

gcloud compute instance-groups set-named-ports $REGION1-mig \

--named-ports="http:80" \

--region=$REGION1

gcloud compute instance-groups set-named-ports $REGION2-mig \

--named-ports="http:80" \

--region=$REGION2

gcloud compute instances create siege-vm \

--project=$DEVSHELL_PROJECT_ID \

--zone=$VM_ZONE \

--machine-type=e2-medium \

--network-interface=network-tier=PREMIUM,stack-type=IPV4_ONLY,subnet=default \

--metadata=enable-oslogin=true \

--maintenance-policy=MIGRATE \

--provisioning-model=STANDARD \

--create-disk=auto-delete=yes,boot=yes,device-name=siege-vm,image=projects/debian-cloud/global/images/debian-11-bullseye-v20230629,mode=rw,size=10,type=projects/$DEVSHELL_PROJECT_ID/zones/us-central1-c/diskTypes/pd-balanced \

--no-shielded-secure-boot \

--shielded-vtpm \

--shielded-integrity-monitoring \

--labels=goog-ec-src=vm_add-gcloud \

--reservation-affinity=any

export SIEGE_VM_IP=$(gcloud compute instances describe siege-vm --project=$DEVSHELL_PROJECT_ID --zone=$VM_ZONE --format="value(networkInterfaces[0].accessConfigs[0].natIP)")

cat > 4.json <<EOF

{

    "adaptiveProtectionConfig": {

      "layer7DdosDefenseConfig": {

        "enable": false

      }

    },

    "description": "",

    "name": "denylist-siege",

    "rules": [

      {

        "action": "deny(403)",

        "description": "",

        "match": {

          "config": {

            "srcIpRanges": [

               "$SIEGE_VM_IP"

            ]

          },

          "versionedExpr": "SRC_IPS_V1"

        },

        "preview": false,

        "priority": 1000

      },

      {

        "action": "allow",

        "description": "Default rule, higher priority overrides it",

        "match": {

          "config": {

            "srcIpRanges": [

              "*"

            ]

          },

          "versionedExpr": "SRC_IPS_V1"

        },

        "preview": false,

        "priority": 2147483647

      }

    ],

    "type": "CLOUD_ARMOR"

  }

EOF

curl -X POST -H "Authorization: Bearer $(gcloud auth print-access-token)" -H "Content-Type: application/json" \

-d @4.json \

"https://compute.googleapis.com/compute/v1/projects/$DEVSHELL_PROJECT_ID/global/securityPolicies"

cat > 5.json <<EOF

{

    "securityPolicy": "projects/$DEVSHELL_PROJECT_ID/global/securityPolicies/denylist-siege"

}

EOF

curl -X PATCH -H "Authorization: Bearer $(gcloud auth print-access-token)" -H "Content-Type: application/json" \

-d @5.json \

"https://compute.googleapis.com/compute/v1/projects/$DEVSHELL_PROJECT_ID/global/backendServices/http-backend"

export RULE_IP=$(gcloud compute forwarding-rules describe http-lb-forwarding-rule --global --format="value(IPAddress)")

gcloud compute ssh --zone "$VM_ZONE" "siege-vm"


at

No comments:

Post a Comment

Subscribe to: Post Comments (Atom)

April Week 2 || Lab 2 || Troubleshooting Data Models in Looker

  CREATE NEW FILE NAME: user_order_lifetime view: user_order_lifetime { derived_table: { sql: SELECT order_items.user_id as us...

  • The Joy Of Computing Using Python
    EXAM PREPARATION PDF PART 1 ABOUT THE COURSE : A fun filled whirlwind tour of 30 hrs, covering everything you need to know to fall in love w...
  • Introduction To Industry 4.0 And IIOT
      Exam Preparation PDF ABOUT THE COURSE : Industry 4.0 concerns the transformation of industrial processes through the integration of modern...
  • Introduction To Machine Learning
    Exam Preparation PDF ABOUT THE COURSE : With the increased availability of data from varied sources there has been increasing attention paid...