main
  • About
  • Civil Engineering
    • Interview questions
    • Bridge design
  • Google Cloud
    • Code samples
    • kafka
    • Cloud Run
    • persistent disks
    • Spinnaker
    • Assessment questions
    • IAM
    • Cloud Storage
    • VPC
    • Cost optimization
    • Compute Engine
    • App Engine
    • Cloud Vision
    • Spanner
    • Cloud SQL
    • Solutions
      • Static IP - WIP
      • Network performance
      • Building a VPN
      • Build a streaming app
      • ML train with taxi data
    • Dataproc
    • Dataprep
    • BigTable
    • Cloud Fusion
    • Data flow
    • CloudFront
    • APIGEE
    • BigQuery
    • Cloud logging
    • Pubsub
    • Identity Aware Proxy
    • Data center migration
    • Deployment Manager
    • Kubeflow
    • Kubernetes Engine
    • Istio
    • Read the following
    • Storage for cloud shell
    • kms
    • kpt
    • Hybrid cloud with Anthos
    • helm
    • Architecture
    • terraform
    • Network
    • Data studio
    • Actions
    • Jenkins
  • Data Processing
    • Data Lake
    • Data ingestion
    • Data Cleaning - Deduplication
    • Data Cleaning - Transformation
    • Data cleaning - rule definition
    • ETL
  • Machine Learning
    • Tensorflow
    • Tensorflow tips
    • Keras
    • Scikit-learn
    • Machine learning uses
    • Working with Pytorch
    • Federated learning
  • AWS cloud
    • Billing
    • Decrease volume size of EC2
    • Run CVE search engine
    • DataSync
    • EC2 spot instances
  • Java
    • Java
    • NIO
    • System Design
      • Zero trust framework
    • Collections
  • Azure
    • Enterprise Scale
    • API
    • Resource group
    • Create an sql database
  • UBUNTU
    • No Release file
    • STRATO blockchain
    • iperf
    • Rsync
    • curl
    • Shell
    • FAQ - git
  • PH test
    • Syllabus
    • Opportunities
    • Aptitude test
  • Development
    • Course creation
    • web.dev
    • docfx template
  • npm
  • Docker Desktop
  • Nginx
  • English rules
  • Confluent
  • sanity theme
  • Java Native Interface tutorial
  • Putty
  • Personal website host
  • Google search SEO
  • Reading a textbook
  • DFCC Progress
  • STORAGE
    • Untitled
  • Services Definition
    • Cloud VPN and routing
  • Microservices design and Architecture
    • Untitled
  • Hybrid network architecture
    • Untitled
  • Deployment
    • Untitled
  • Reliability
    • Untitled
  • Security
    • Untitled
  • Maintenance and Monitoring
    • Peering
  • Archive
    • parse dml to markdown
Powered by GitBook
On this page

Was this helpful?

  1. Google Cloud

kpt

Infrastructure management tool

PreviouskmsNextHybrid cloud with Anthos

Last updated 4 years ago

Was this helpful?

.

.

    1  export CLUSTER_NAME=gke
    2  export CLUSTER_ZONE=us-central1-b
    3  export GCLOUD_PROJECT=$(gcloud config get-value project)
    4  gcloud container clusters get-credentials $CLUSTER_NAME     --zone $CLUSTER_ZONE --project $GCLOUD_PROJECT
    5  gcloud container clusters list
    6  kubectl get pods -n istio-system
    7  kubectl get service -n istio-system
    8  kubectl get service -n asm-system
    9  kubectl get pods
   10  kubectl get services
   11  sudo apt install siege
   12  kubectl svc describe istio-ingressgateway
   13  kubectl describe svc istio-ingressgateway
   14  kubectl describe svc istio-ingressgateway -n istio-system
   15  export GATEWAY_URL=$(kubectl get svc istio-ingressgateway \
   16  -o=jsonpath='{.status.loadBalancer.ingress[0].ip}' -n istio-system)
   17  echo The gateway address is $GATEWAY_URL
   18  export CLUSTER_NAME=gke
   19  export CLUSTER_ZONE=us-central1-b
   20  export GCLOUD_PROJECT=$(gcloud config get-value project)
   21  gcloud container clusters get-credentials $CLUSTER_NAME     --zone $CLUSTER_ZONE --project $GCLOUD_PROJECT
   22  export GATEWAY_URL=$(kubectl get svc istio-ingressgateway \
   23  -o=jsonpath='{.status.loadBalancer.ingress[0].ip}' -n istio-system)
   24  kubectl describe svc gateway
   25  kubectl describe svc gateway -n istio-system
   26  kubectl describe svc gateway -n bookinfo-gateway
   27  kubectl describe gateway bookinfo-gateway
   28  kubectl desribe virtualservices bookinfo
   29  kubectl describe virtualservices bookinfo
   30  kubectl exec -it $(kubectl get pod -l app=ratings -o jsonpath='{.items[0].metadata.name}') -c ratings -- curl productpage:9080/productpage | grep -o "<title>.*</title>"
   31  curl -I http://${GATEWAY_URL}/productpage
   32  kubectl get virtualservices
   33  kubectl describe virtualservices
   34  kubectl get destinationrules
   35  kubectl get destination-rules

  119  cat <<EOF > /tmp/config-management.yaml
apiVersion: configmanagement.gke.io/v1
kind: ConfigManagement
metadata:
  name: config-management
spec:
  clusterName: kpt-tutorial
  git:
    syncRepo: ssh://${EMAIL}@source.developers.google.com:2022/p/${PROJECT}/r/config-management
    syncBranch: main
    secretType: ssh
EOF

  120  kubectl -n config-management-system     apply -f /tmp/config-management.yaml
  121  nomos status --contexts=$(kubectl config current-context)
  122  cd ~
  123  kpt pkg get https://github.com/GoogleCloudPlatform/anthos-security-blueprints.git/restricting-traffic/default-deny ./
  124  mkdir -p ~/config-management/namespaces/default
  125  cat >> ~/config-management/namespaces/default/namespace.yaml <<EOF
apiVersion: v1
kind: Namespace
metadata:
  name: default
EOF

  126  kpt fn source default-deny/ |     kpt fn run --image=gcr.io/kpt-functions/annotate-config --     annotation_name=anthos-security-blueprint     annotation_value=restricting-traffic |     kpt fn sink ~/config-management/namespaces/default/
  127  cat config-management/namespaces/default/default-deny.yaml
  128  cd ~/config-management/
  129  git add namespaces/default/
  130  git commit -m "Default deny"
  131  git push
  132  kubectl get networkpolicies
  133  kubectl -n default run -i --tty --rm test         --image=busybox --restart=Never -- sh
  134  wget --timeout=3 https://${KUBERNETES_SERVICE_HOST}
  135  gcloud source repos delete config-management --quiet
  136  gcloud container clusters delete kpt-tutorial     --async --quiet --zone=us-central1-a
  137  history
https://cloud.google.com/solutions/managing-cloud-infrastructure-using-kpt
https://github.com/GoogleCloudPlatform/anthos-security-blueprints