I'm using the project per environment method to manage my staging and production environment on GCP, but I'm not sure how I can make sure the two environments have the same configurations.
For example, can I export the IAM config from one project and import it into another project? Or is there a way that I can make sure that the configuration of the two projects is close enough?
Thanks.
You can use “get-iam-policy” and “set-iam-policy” in your projects to perfectly duplicate the policies from one project onto another (the command is singular but it copies all parts of the policy you do not need to iterate through the roles or anything of the sort).
Here are the links that you can refer more information on the gcloud commands mentioned
https://cloud.google.com/sdk/gcloud/reference/projects/get-iam-policy
https://cloud.google.com/sdk/gcloud/reference/projects/set-iam-policy
Related
Our organization uses Google Cloud APIs for integrating Maps and other services in a number of websites.
We have often used the same API key, without creating a distinct Google Cloud project (and credentials) for each website/project.
We are trying to better organize our API usage, but we are facing an issue.
While we can consult the reports of our Billing account and see the quota for the unique API project used for every implementation, we cannot see and manage this project (it does not appear in the list) even though it seems to belong to the same organization. (EDIT: I am not sure that the organization id is the same, but the name of the organizazion appears as a prefix to the project name in the billing reports)
This project has been created years ago (and the person that created it appears not to have access to it either), but we need to access it to get a clear understanding of where and how APIs are used.
The connected APIs are still in use and working, so we assume the project exists.
Can someone point out the possible reasons why a project is not shown even though it belongs to an organization for which we have access as administrators?
Thank you in advance
In order to see a project in lists, you need the resourcemanager.projects.list IAM permission on the project and to get it's metadata, the resourcemanager.projects.get permission.
How did you find that it has the same organizationId? If you managed to get the metadata via gcloud projects describe, you are likely missing the list permission.
In any case, if the project is indeed part of the organization, an org admin should be able to use gcloud projects add-iam-policy-binding to add a new owner/editor.
There is a special case with Apps Scripts: Those create a hidden project.
If all fails, reach out to GCP Support. Keep in mind though that they will not be able to help you if the project is not within your organization (eg. created with an unrelated gmail.com account or similar)
I have two GCP projects communicating with each over over a Classic VPN, I'd like to duplicate this entire configuration to another GCP account with two projects. So in addition to the tunnels and gateways, I have one network in each project to duplicate, some firewall rules, and a custom routing rule on one project.
I've found how I can largely dump these using various
gcloud compute [networks | vpn-tunnels | target-vpn-gateways] describe
commands, but looking at the create commands they don't seem setup to be piped to, nor use this output data as a file, not to mention there are some items that won't be applicable in the new projects.
I'm not just trying to save time, I'm trying to make sure I don't miss anything and I also want a hard copy of sorts, of my current configuration.
Is there any way to do this? thank you!
As clarified in other similar cases - like here and here - it's not possible to clone or duplicate entire projects in Google Cloud Platform. As explained in these other cases, you can use Terraformer as to generate Terraform files from existing infrastructure (reverse Terraform) and then, recreate the files in your new instance as explained here.
To summarize, you can try this CLI as a possible alternative to copy part of your structure, but as emphasized in this answer here, there is no automatic way or magic tool that will copy everything, so even your VMs configuration, your app contents, your data content, won't be duplicated.
Is there a way to duplicate an entire project?
The project contains:
2x Cloud SQL: main + backup
1x Cloud Storage
4x Google Compute Engine
We have an exactly the same project already built up and configured, so it would be much easier for us if we could just make a copy of those.
The projects are not under the same account.
There is no such a way to replicate as-is a project.
However, you can use Terraformer starting from your current project: this CLI tool will generate Terraform template files starting from the existing infrastructure (reverse Terraform). Then, you can use these files to re-create the target resources within a second GCP project in a programmatic fashion (see https://cloud.google.com/community/tutorials/getting-started-on-gcp-with-terraform).
Disclaimer: Comments and opinions are my own and not the views of my employer.
First of all, I'm new to the GCloud platform and to everything cloud related in general.
I want to work with multiple users (with different Google Accounts) on one project in the GCloud.
I already granted the users all the necessary rights, to access my project.
I plan on running a Kubernetes Cluster. I followed this tutorial and everything worked fine. But now I figured out, that other users can't acces my project folder, because it is in /home/USERNAME.
Also when saving some dummy file to /tmp the other users can't see it and I read, that the GCloud Shell is per user and not per project.
My question is, where can I clone my git project to on the GCloud platform so that other users can git pull when there are code changes? Or should I setup my project differently? Also they would need acces to the dockerfile in order to build a new image for Kubernetes.
Do I have to use a CI/CD solution? As I'm working on a school project currently, there is no need for CI/CD.
Github, Gitlab, Bitbucket or any other SCM should do. That way each of the users can have their own local repository of the code you are working on.
CI/CD is not obligatory and you can deploy your applications without it, however it can make your life easier when working with large codebases and when you are deploying often.
I've got an env.config in source control but pretty much the only things I can put in it are things that relate to all my various environments (production, staging). I've got environment specific settings that I want to add to the env.config file (for instance, the DB host) that will change from environment to environment. How can I handle these differences? Right now I'm doing it from the AWS console where I can manage it in the GUI on a per-environment basis, but I'd love to be able to change a lot of this stuff from git so I don't have to be logging into the console whenever I want to change something.
Is there any way to have multiple, environment specific config files?
So this has been posted before in the AWS forums. (https://forums.aws.amazon.com/thread.jspa?messageID=529373) So far there's only workarounds! The problem is that the .config files would require some logic to figure out what environment you're attempting to target. Personally I don't think any logic is required, as you could simply namespace the config settings based on the AWS environment name you're targeting.
I think your usecase is similar to what is discussed in How to configure Elastic Beanstalk for RDS
You may want to use 'eb branch'. You can then have multiple environments with different configurations.
More documentation on eb branch here