Post

GCP PCA certification notes

Notes from GCP Professional Cloud Architect certification preparation covering gcloud profiles, Cloud Functions, Cloud Run, and container image management.

Posted Updated
Preview Image
By Jan Toth
3 min read

Using multiple gcloud configurations/profile

You can maintain multiple gcloud configuration profiles to switch between different GCP accounts and projects. Each profile stores its own core settings such as the account, custom CA certificates, and authentication preferences. This is especially useful when working across several GCP organizations or behind a corporate proxy.

1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27

v ~/.config/gcloud/configurations/config_profile1
...
[core]
custom_ca_certs_file = /Users/AAAA/Documents/proxyCA.crt
account = user1@address.net

[auth]
disable_ssl_validation = True
...
:wq!


v ~/.config/gcloud/configurations/config_profile2
...
[core]
custom_ca_certs_file = /Users/AAAA/Documents/proxyCA.crt
account = user2@address.net

[auth]
disable_ssl_validation = True
...
:wq!


gcloud auth list
gcloud config configurations activate profile1
gcloud config configurations activate profile2

Cloud Functions 2nd gen.

Cloud Functions 2nd generation is backed by Cloud Run under the hood. You can list, invoke, and inspect Cloud Functions using gcloud functions commands. To retrieve the function URL, use jq to parse the JSON output.

1
2
3
4
5
6
7
8
9

gcloud functions list
gcloud functions call function-2 --region europe-west3  --data='{"name": "Hello World!"}'
gcloud functions describe --format="json"  function-2 --region europe-west3 | jq -r '.serviceConfig.uri'
gcloud functions describe --format="json"  function-2 --region europe-west3 | jq -r '.url'

# since this function is 2nd gen -> backed by Cloud Run
gcloud run services list

Cloud Run

Building container image via nerdctl/lima at macOS. The following Dockerfile creates a simple Nginx container that serves a static page, which can then be deployed to Cloud Run.

1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20

Dockerfile

...
# Pull base image
FROM nginx

# Dockerfile Maintainer
MAINTAINER Jan Toth "helo@jan.com"


RUN echo "Hello PCA" > /usr/share/nginx/html/index.html

# Expose HTTP
EXPOSE 8080
...
:wq


nerdctl build -t europe-west3-docker.pkg.dev/vocal-park-416917/pca/nginx:v1 -f Dockerfile .

After building the image, authenticate to the Artifact Registry using an OAuth2 access token and push the image.

1
2
3
4
5

gcloud auth print-access-token k3scourse@gmail.com
nerdctl.lima login -u oauth2accesstoken  https://europe-west3-docker.pkg.dev

nerdctl.lima push europe-west3-docker.pkg.dev/vocal-park-416917/pca/nginx:v1

List container images

1
2
3
4
5

gcloud artifacts docker images list europe-west3-docker.pkg.dev/vocal-park-416917/pca/

IMAGE                                                    DIGEST                                                                   CREATE_TIME          UPDATE_TIME
europe-west3-docker.pkg.dev/vocal-park-416917/pca/nginx  sha256:e16a4b9c7dde084c0c8657a19adeefee92cf71ab60db71f47eaf8145e49f8a76  2024-04-24T16:41:57  2024-04-24T16:41:57

Deploy Cloud Run from local Dockerfile. There is no need to build container locally. Simply use the flag --source .

Cloud Run can build and deploy directly from source using --source ., which runs Cloud Build behind the scenes. The --no-traffic flag lets you deploy a new revision without routing traffic to it, enabling gradual rollouts.

1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29

# This command is equivalent to running `gcloud builds submit --tag [IMAGE] .` and `gcloud run deploy jans-cr --image [IMAGE]`


# Version5 (RUN echo "This is PCA Cloud run v5" >  /usr/share/nginx/html/index.html)
gcloud run deploy crun-source --source . --region=europe-west1 --allow-unauthenticated --port=80

# Version 6 (RUN echo "This is PCA Cloud run v6" >  /usr/share/nginx/html/index.html)
# This version is not being served yet
gcloud run deploy crun-source --source . --region=europe-west1 --allow-unauthenticated --port=80 --no-traffic


# Serve both revision 50:50
gcloud run revisions list --service crun-source --region europe-west1
   REVISION               ACTIVE  SERVICE      DEPLOYED                 DEPLOYED BY
✔  crun-source-00003-hvt  yes     crun-source  2024-04-24 19:03:07 UTC  aaaaaaaae@gmail.com
✔  crun-source-00002-nbm  yes     crun-source  2024-04-24 19:01:27 UTC  aaaaaaaae@gmail.com
✔  crun-source-00001-zhp          crun-source  2024-04-24 18:56:30 UTC  aaaaaaaae@gmail.com

gcloud run services update-traffic crun-source --to-revisions=crun-source-00003-hvt=50,crun-source-00002-nbm=50 --region=europe-west1

# Promote latest tested version
gcloud run services update-traffic crun-source --to-revisions=crun-source-00003-hvt=100 --region=europe-west1

curl https://crun-source-k3ep63kthq-ew.a.run.app
This is PCA Cloud run v6


# Delete Cloud Run service
gcloud run services delete cr --region=europe-west3
GCP
bash gcp gcloud devopsinuse
This post is licensed under CC BY 4.0 by the author.