I started learning Google Cloud Platform recently. So, created a trial account. Can I deploy my learning web application to the VM I created and browse it from my local? I tried running gcloud app deploy from my vm but getting error...
== ERROR: (gcloud.app.deploy) PERMISSION_DENIED: The caller does not have permission==
VM (Compute Engine) and App engine are two different things, you can read more in this answer. gcloud app deploy is app engine utility and used to deploy your application to app engine.
If you have your code in compute engine and want to deploy to app engine, make sure service account associated with your vm has necessary scopes and permissions. Please check this answer.
On addition to that you can start with cloud shell for deploying your web application.
Related
I have an app that is built in Java and runs on app engine. This app will be installed by users in their own GCP account.
I want to build the capability where
Users can come to my website
Users can use “login with google” and provide access to my website.
My website app will use GCP API to create a project and install the application with app engine.
Also, want this permission to be temporary for 1 hr.
Is there a guide or documentation to do this?
I am a first time cloud user:
I have created an application using Docker Image, then stored it in Google Container Registry (GCR) and then deployed it in Google Kubernetes Engine (GKE). Now the application is working fast and properly. I was wondering what service should I disable after that?
Because, to make this project, I have enabled Cloud Build API and Container Registry API. Should I disable those services? And after disabling those services, will me application stops?
Cloud is pay per use and GCP is also which you are using.
You will be charged of the usage only enabling the API won't cost much. Plus Container Registry API disabling this API can create the issue for application docker image to pull and push.
Keep them as it is, so you don't have to enable everytime when you build the image of the application again.
I am very new to GCP and I would greatly appreciate some help here ...
I have a docker containerized application that runs in AWS/Azure but needs to access gcloud SDK as well as through "Google cloud client libraries".
what is the best way to setup gcloud authentication from an application that runs outside of GCP?
In my Dockerfile, I have this (cut short for brevity)
ENV CLOUDSDK_INSTALL_DIR /usr/local/gcloud/
RUN curl -sSL https://sdk.cloud.google.com | bash
ENV PATH $PATH:$CLOUDSDK_INSTALL_DIR/google-cloud-sdk/bin
RUN gcloud components install app-engine-java kubectl
This container is currently provisioned from an Azure app service & AWS Fargate. When a new container instance is spawned, we would like it to be gcloud enabled with a service account attached already so our application can deploy stuff on GCP using its deployment manager.
I understand gcloud requires us to run gcloud auth login to authenticate to your account. How we can automate the provisioning of our container if this step has to be manual?
Also, from what I understand, for cloud client libraries, we can store the path to service account key json file in an environment variable (GOOGLE_APPLICATION_CREDENTIALS). So this file either has to be stored inside the docker image itself OR has to be mounted from an external storage at the very least?
How safe is it to store this service account key file in an external storage. What are the best practices around this?
There are two main means of authentication in Google Cloud Platform:
User Accounts: Belong to people, represent people involved in your project and they're associated to a Google Account
Service Accounts: Used by an application or an instance.
Learn more about their differences here.
Therefore, you are not required to use the command gcloud auth login to perform gcloud commands.
You should be using gcloud auth activate-service-account instead, along with the --key-file=<path-to-key-file> flag, which will allow you to authenticate without the need of signing into a Google Account with access to your project every time you need to call an API.
This key should be stored securely, preferably encrypted in the platform of your choice. Learn how to do it in GCP here following these steps as an example.
Take a look at these useful links for storing secrets in Microsoft Azure and AWS.
On the other hand, you can deploy services to GCP programmatically either using Cloud Libraries with your programming language of choice, or using Terraform is very intuitive if you prefer to do so over using the Google Cloud SDK through the CLI.
Hope this helped.
I want to know what service in Google cloud Platform that i need to deploy my backend django + postgresql? I'm developing a mobile app using flutter.
There are multiple ways to host a Django app with PostgreSQL on GCP. The documentation covers the following available options:
App Engine standard environment
App Engine flexible Environment
Cloud Run
Google Kubernetes Engine (GKE)
Compute Engine
For the PostgreSQL database, you can use the Cloud SQL.
If you need a Django package that already includes PostgreSQL, you can use the Django in Google Cloud Marketplace and deploy your app on the Compute Engine.
Google Cloud's Flexible App Engine Service can definitely work in this case .
About App Engine
Google App Engine lets app developers build scalable web and mobile back ends in any programming language on a fully managed serverless platform.
For more detail please check the below link, on how you can achieve the same
https://codeburst.io/beginners-guide-to-deploying-a-django-postgresql-project-on-google-cloud-s-flexible-app-engine-e3357b601b91
I receive an error message while attempting to deploy anything from the marketplace into a specific GCP project.
You must have a valid default service account in order to create a
deployment, but this account could not be detected. Contact support
for help restoring the account.
Things I've Tried:
Every VM from the marketplace shows the same error message
I can deploy regular VM instance
I can see there is an enabled service account for the project with the name "Compute Engine default service account".
I am able to deploy VM's from the marketplace into other projects under the same organization
I've contacted GCP Billing support and they cannot find anything wrong from a billing perspective
Researching online shows that others that have had this issue have just rebuilt the project. It appears that service account is created by default when the project is spun up.
I'm hoping there is another way around it as this project is a host for a shared VPC deployment. There are already other projects with deployed VM's that are utilizing the host projects networks.
Thank you!
Looks like you deleted a default service account.
As mentioned in one comment some can be recreated by disable/enable the corresponding API
Below are the default service accounts I have in my project, hope it helps you to find the root cause. (these service accounts let me deploy a wordpress solution depending on what you are trying to deploy you might need more service accounts)
PROJECT-NUMBER-compute#developer.gserviceaccount.com Compute Engine
default service account
PROJECT-NUMBER#cloudservices.gserviceaccount.com Google APIs Service
Agent
PROJECT-ID#appspot.gserviceaccount.com App Engine default service
account
service-ORG-ID3#gcp-sa-cloudasset.iam.gserviceaccount.com Cloud Asset
Service Agent
service-PROJECT-NUMBER#cloud-ml.google.com.iam.gserviceaccount.com Google
Cloud ML Engine Service Agent
service-PROJECT-NUMBER#compute-system.iam.gserviceaccount.com Compute
Engine Service Agent
service-PROJECT-NUMBER#container-engine-robot.iam.gserviceaccount.com Kubernetes
Engine Service Agent
service-PROJECT-NUMBER#containerregistry.iam.gserviceaccount.com Google
Container Registry Service Agent
service-PROJECT-NUMBER#dataflow-service-producer-prod.iam.gserviceaccount.com Cloud
Dataflow Service Account
service-PROJECT-NUMBER#service-networking.iam.gserviceaccount.com Service
Networking Service Agent
The service account was intact and had the same permissions as other service accounts for working projects.
We purchased and opened a case with GCP technical support. After a little more than a week of them troubleshooting the issues, they determined there was no way to correct the problem. Their root cause was that something happened during the initial project deployment that caused some backend configuration issues. For what its worth, the project was deployed using Terraform, but its uncertain if that was a factor.
After recreating the host project, we were able to deploy from the marketplace again successfully.
If you run into this problem, save yourself the hassle and time and just recreate the project.