$ gcloud iam service-accounts create callee
$ gcloud iam service-accounts create caller
$ gcloud builds submit -t gcr.io/${PROJECT_ID}/oidctest .
$ gcloud beta run deploy --image=gcr.io/${PROJECT_ID}/oidctest --allow-unauthenticated \
--service-account=caller@${PROJECT_ID}.iam.gserviceaccount.com caller
$ gcloud beta run deploy --image=gcr.io/${PROJECT_ID}/oidctest --no-allow-unauthenticated \
--service-account=callee@{PROJECT_ID}.iam.gserviceaccount.com callee
apstndb
apstndb
/ 0service-to-service-auth.md
Last active
June 17, 2019 04:37
Cloud Run service-to-service auth example
apstndb
/ Copy with hl=en.js
Last active
June 6, 2019 17:02
Copy URL with hl=en for Google Cloud docs
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| javascript: | |
| var global = window; | |
| global.COPY_TO_CLIPBOARD = global.COPY_TO_CLIPBOARD || {}; | |
| global.COPY_TO_CLIPBOARD.getUrl = function () { | |
| let url = new URL(location.href); | |
| url.searchParams.set("hl", "en"); | |
| return url.href; | |
| }; |
apstndb
/ Move to hl=en bookmarklet.js
Last active
June 6, 2019 10:52
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| javascript: | |
| let queries=location.search.length===0?{}:location.search.substr(1).split('&').reduce((p,c)=>{const cs=c.split('=');return Object.assign(p,{[cs[0]]:cs[1]})},{}); | |
| queries["hl"]="en"; | |
| location.search = "?" + Object.keys(queries).map(k => k + "=" + queries[k]).join("&"); |
apstndb
/ 0Datastore_Emulator_on_Cloud_Build.md
Last active
January 10, 2023 22:22
Datastore Emulator on Cloud Build
cloud-build-local --config=cloudbuild.yaml --dryrun=false .
https://cloud.google.com/cloud-build/docs/overview#build_configuration_and_build_steps
Each build step is run with its container attached to a local Docker network named cloudbuild. This allows build steps to communicate with each other and share data.
apstndb
/ 0_cloud_run_healthcheck_fail.md
Last active
July 6, 2021 09:10
Deployment of Cloud Run is fail when deployment probe is not passed
Cloud Run にデプロイするイメージはは $PORT(8080) を TCP で listen しなければならないことは Cloud Run のドキュメントに Listening for requests on PORT として書かれている。 listen しなかった場合はデプロイ自体に失敗する。 この挙動は Knative Serving Runtime Contract の Deployment Probe に書かれている仕様とも一致する。
よって、デプロイが成功して revision がアクティブになった時点で少なくとも deployment probe に通った1インスタンスは warm な状態になっていることが多いので、コールドスタートを計測する際には注意すると良さそう。
8080 ではなく 8081 を listen するプログラムとエラー内容を添付している。
apstndb
/ 0poormans-dmesg-server.md
Last active
May 10, 2019 06:13
https://cloud.google.com/compute/docs/instances/enable-nested-virtualization-vm-instances?hl=en を参考に Compute Engine で nested VM を構築。
gcloud config set compute/zone us-central1-b
gcloud compute disks create disk1 --image-project debian-cloud --image-family debian-9
gcloud compute images create nested-vm-image --source-disk disk1 --licenses "https://www.googleapis.com/compute/v1/projects/vm-options/global/licenses/enable-vmx"
gcloud compute instances create example-nested-vm --image nested-vm-image --min-cpu-platform="Intel Skylake"
apstndb
/ circle2png.md
Last active
November 15, 2018 11:20
CircleCI の workflow を GraphViz で画像にするワンライナー
kislyuk/yq と GraphViz を使って CircleCI の workflow の画像を出力するワンライナー(可読性のために改行)
yq -r '.workflows.build_and_test.jobs |
map(
if type=="string" then {(.): {}} else . end |
to_entries[] |
{name: (.value.name // .key), requires: .value.requires} |
if (.requires != null) then "\(.requires[]) -> \(.name);" else "\(.name)" end
) |
apstndb
/ GAE_NODEJS_GVISOR_EVAL.md
Last active
June 13, 2018 03:57
App Engine Standard Node.js Runtime uses gVisor.
It can be checked by the same method of Google Cloud Functions
$ gcloud app deploy --quiet app.yaml