sakajunquality · September 17, 2019 14:26
diff --git a/setup.sh b/setup.sh
 // Fix [SOMETHING]

 gcloud config set project [YOUR PROJECT ID]

 // APIs
 gcloud services enable \
    cloudapis.googleapis.com \
    container.googleapis.com \
    containerregistry.googleapis.com \
    cloudbuild.googleapis.com


 // VPC
 gcloud compute networks create sakajun-network --subnet-mode=custom

 gcloud compute networks subnets create sakajun-subnet \
    --network=sakajun-network \
    --region=us-west1 \
    --range=10.100.0.0/22 \
    --secondary-range pod1=10.100.4.0/22,svc1=10.100.8.0/22,pod2=10.100.12.0/22,svc2=10.100.16.0/22

 gcloud beta compute networks subnets create sakajun-proxy-subnet \
    --purpose=INTERNAL_HTTPS_LOAD_BALANCER \
    --role=ACTIVE \
    --network=sakajun-network \
    --region=us-west1 \
    --range=10.129.0.0/26

 gcloud compute firewall-rules create fw-allow-sakajun-subnet \
    --network=sakajun-network \
    --action=allow \
    --direction=ingress \
    --source-ranges=10.100.0.0/16 \
    --rules=tcp,udp,icmp

 gcloud compute firewall-rules create fw-allow-health-check \
    --network=sakajun-network \
    --action=allow \
    --direction=ingress \
    --source-ranges=130.211.0.0/22,35.191.0.0/16 \
    --target-tags=load-balanced-backend \
    --rules=tcp

 gcloud compute firewall-rules create fw-allow-proxies \
    --network=sakajun-network \
    --action=allow \
    --direction=ingress \
    --source-ranges=10.129.0.0/26 \
    --target-tags=load-balanced-backend \
    --rules=tcp:80,tcp:443,tcp:8000

 // GKE
 gcloud beta container clusters create sakajun-cluster-primary \
    --cluster-version latest \
    --machine-type=g1-small \
    --num-nodes=1 \
    --image-type=cos_containerd \
    --enable-stackdriver-kubernetes \
    --no-enable-basic-auth \
    --no-issue-client-certificate \
    --cluster-secondary-range-name=pod1 \
    --services-secondary-range-name=svc1 \
    --enable-shielded-nodes \
    --zone=us-west1-a \
    --network=sakajun-network \
    --subnetwork=sakajun-subnet \
    --enable-ip-alias \
    --tags=allow-ssh,load-balanced-backend

 gcloud beta container clusters create sakajun-cluster-secondary \
    --cluster-version latest \
    --machine-type=g1-small \
    --num-nodes=1 \
    --image-type=cos_containerd \
    --enable-stackdriver-kubernetes \
    --no-enable-basic-auth \
    --no-issue-client-certificate \
    --cluster-secondary-range-name=pod2 \
    --services-secondary-range-name=svc2 \
    --enable-shielded-nodes \
    --zone=us-west1-b \
    --network=sakajun-network \
    --subnetwork=sakajun-subnet \
    --enable-ip-alias \
    --tags=allow-ssh,load-balanced-backend


 gcloud container clusters get-credentials sakajun-cluster-primary --zone=us-west1-a
 // deploy workloads to primary cluster

 gcloud container clusters get-credentials sakajun-cluster-secondary --zone=us-west1-b
 // deploy workloads to secondary cluster


 // Get NEG names of clusters
 gcloud compute network-endpoint-groups list \
   --filter="us-west1-a AND [YOUR SERVICE]" \
   --format="get(name)"
   
 gcloud compute network-endpoint-groups list \
   --filter="us-west1-b AND [YOUR SERVICE]" \
   --format="get(name)"

 // LB
 gcloud beta compute health-checks create http sakajun-health-check \
    --region=us-west1 \
    --use-serving-port

 // primary backend service
 gcloud beta compute backend-services create sakajun-primary-service \
    --load-balancing-scheme=INTERNAL_MANAGED \
    --protocol=HTTP \
    --health-checks=sakajun-health-check \
    --health-checks-region=us-west1 \
    --region=us-west1

 gcloud beta compute backend-services add-backend sakajun-primary-service \
    --network-endpoint-group=[YOUR PRIMARY NEG NAME] \
    --network-endpoint-group-zone=us-west1-a \
    --region=us-west1 \
    --balancing-mode=RATE \
    --max-rate-per-endpoint=5

 // secondary backend service
 gcloud beta compute backend-services create sakajun-secondary-service \
    --load-balancing-scheme=INTERNAL_MANAGED \
    --protocol=HTTP \
    --health-checks=sakajun-health-check \
    --health-checks-region=us-west1 \
    --region=us-west1

 gcloud beta compute backend-services add-backend sakajun-secondary-service \
    --network-endpoint-group=[YOUR SECONDARY NEG NAME] \
    --network-endpoint-group-zone=us-west1-b \
    --region=us-west1 \
    --balancing-mode=RATE \
    --max-rate-per-endpoint=5

 // URL MAPS
 gcloud beta compute url-maps create sakajun-map \
    --default-service=sakajun-primary-service \
    --region=us-west1

 gcloud beta compute target-http-proxies create sakajun-proxy \
    --url-map=sakajun-map \
    --url-map-region=us-west1 \
    --region=us-west1

 gcloud beta compute forwarding-rules create sakajun-forwarding-rule \
    --load-balancing-scheme=INTERNAL_MANAGED \
    --network=sakajun-network \
    --subnet=sakajun-subnet \
    --address=10.100.1.199 \ // fix me if necessary
    --ports=80 \
    --region=us-west1 \
    --target-http-proxy=sakajun-proxy \
    --target-http-proxy-region=us-west1

 // export the config
 gcloud beta compute url-maps export sakajun-map \
    --region=us-west1 \
    --destination=config.yaml
	// Fix [SOMETHING]

	gcloud config set project [YOUR PROJECT ID]

	// APIs
	gcloud services enable \
	cloudapis.googleapis.com \
	container.googleapis.com \
	containerregistry.googleapis.com \
	cloudbuild.googleapis.com


	// VPC
	gcloud compute networks create sakajun-network --subnet-mode=custom

	gcloud compute networks subnets create sakajun-subnet \
	--network=sakajun-network \
	--region=us-west1 \
	--range=10.100.0.0/22 \
	--secondary-range pod1=10.100.4.0/22,svc1=10.100.8.0/22,pod2=10.100.12.0/22,svc2=10.100.16.0/22

	gcloud beta compute networks subnets create sakajun-proxy-subnet \
	--purpose=INTERNAL_HTTPS_LOAD_BALANCER \
	--role=ACTIVE \
	--network=sakajun-network \
	--region=us-west1 \
	--range=10.129.0.0/26

	gcloud compute firewall-rules create fw-allow-sakajun-subnet \
	--network=sakajun-network \
	--action=allow \
	--direction=ingress \
	--source-ranges=10.100.0.0/16 \
	--rules=tcp,udp,icmp

	gcloud compute firewall-rules create fw-allow-health-check \
	--network=sakajun-network \
	--action=allow \
	--direction=ingress \
	--source-ranges=130.211.0.0/22,35.191.0.0/16 \
	--target-tags=load-balanced-backend \
	--rules=tcp

	gcloud compute firewall-rules create fw-allow-proxies \
	--network=sakajun-network \
	--action=allow \
	--direction=ingress \
	--source-ranges=10.129.0.0/26 \
	--target-tags=load-balanced-backend \
	--rules=tcp:80,tcp:443,tcp:8000

	// GKE
	gcloud beta container clusters create sakajun-cluster-primary \
	--cluster-version latest \
	--machine-type=g1-small \
	--num-nodes=1 \
	--image-type=cos_containerd \
	--enable-stackdriver-kubernetes \
	--no-enable-basic-auth \
	--no-issue-client-certificate \
	--cluster-secondary-range-name=pod1 \
	--services-secondary-range-name=svc1 \
	--enable-shielded-nodes \
	--zone=us-west1-a \
	--network=sakajun-network \
	--subnetwork=sakajun-subnet \
	--enable-ip-alias \
	--tags=allow-ssh,load-balanced-backend

	gcloud beta container clusters create sakajun-cluster-secondary \
	--cluster-version latest \
	--machine-type=g1-small \
	--num-nodes=1 \
	--image-type=cos_containerd \
	--enable-stackdriver-kubernetes \
	--no-enable-basic-auth \
	--no-issue-client-certificate \
	--cluster-secondary-range-name=pod2 \
	--services-secondary-range-name=svc2 \
	--enable-shielded-nodes \
	--zone=us-west1-b \
	--network=sakajun-network \
	--subnetwork=sakajun-subnet \
	--enable-ip-alias \
	--tags=allow-ssh,load-balanced-backend


	gcloud container clusters get-credentials sakajun-cluster-primary --zone=us-west1-a
	// deploy workloads to primary cluster

	gcloud container clusters get-credentials sakajun-cluster-secondary --zone=us-west1-b
	// deploy workloads to secondary cluster


	// Get NEG names of clusters
	gcloud compute network-endpoint-groups list \
	--filter="us-west1-a AND [YOUR SERVICE]" \
	--format="get(name)"

	gcloud compute network-endpoint-groups list \
	--filter="us-west1-b AND [YOUR SERVICE]" \
	--format="get(name)"

	// LB
	gcloud beta compute health-checks create http sakajun-health-check \
	--region=us-west1 \
	--use-serving-port

	// primary backend service
	gcloud beta compute backend-services create sakajun-primary-service \
	--load-balancing-scheme=INTERNAL_MANAGED \
	--protocol=HTTP \
	--health-checks=sakajun-health-check \
	--health-checks-region=us-west1 \
	--region=us-west1

	gcloud beta compute backend-services add-backend sakajun-primary-service \
	--network-endpoint-group=[YOUR PRIMARY NEG NAME] \
	--network-endpoint-group-zone=us-west1-a \
	--region=us-west1 \
	--balancing-mode=RATE \
	--max-rate-per-endpoint=5

	// secondary backend service
	gcloud beta compute backend-services create sakajun-secondary-service \
	--load-balancing-scheme=INTERNAL_MANAGED \
	--protocol=HTTP \
	--health-checks=sakajun-health-check \
	--health-checks-region=us-west1 \
	--region=us-west1

	gcloud beta compute backend-services add-backend sakajun-secondary-service \
	--network-endpoint-group=[YOUR SECONDARY NEG NAME] \
	--network-endpoint-group-zone=us-west1-b \
	--region=us-west1 \
	--balancing-mode=RATE \
	--max-rate-per-endpoint=5

	// URL MAPS
	gcloud beta compute url-maps create sakajun-map \
	--default-service=sakajun-primary-service \
	--region=us-west1

	gcloud beta compute target-http-proxies create sakajun-proxy \
	--url-map=sakajun-map \
	--url-map-region=us-west1 \
	--region=us-west1

	gcloud beta compute forwarding-rules create sakajun-forwarding-rule \
	--load-balancing-scheme=INTERNAL_MANAGED \
	--network=sakajun-network \
	--subnet=sakajun-subnet \
	--address=10.100.1.199 \ // fix me if necessary
	--ports=80 \
	--region=us-west1 \
	--target-http-proxy=sakajun-proxy \
	--target-http-proxy-region=us-west1

	// export the config
	gcloud beta compute url-maps export sakajun-map \
	--region=us-west1 \
	--destination=config.yaml