Provision Cloud Infrastructure with Gemini
Gemini for Google Cloud is an always-on AI collaborator that provides help to users of all skill levels where they need it.
Enable Gemini Explore various Google services that you can use to deploy an app to GKE by asking Gemini context-based questions. Prompt Gemini to provide commands that you can use to deploy a basic app to a GKE cluster. Create, explore, and modify the GKE cluster by using Gemini to explain and generate the shell commands.
Enable Gemini
You will first enable Gemini in your Google Cloud project and configure the necessary permissions for your Google Cloud Qwiklabs user account. Enable the Cloud AI Companion API for Gemini: To use Gemini, grant the necessary IAM roles to your Google Cloud Qwiklabs user account:
Welcome to Cloud Shell! Type "help" to get started.
Your Cloud Platform project in this session is set to qwiklabs-gcp-01-03762c2d44fe.
Use “gcloud config set project [PROJECT_ID]” to change to a different project.
student_01_3c1bb184aaad@cloudshell:~ (qwiklabs-gcp-01-03762c2d44fe)$ PROJECT_ID=$(gcloud config get-value project)
REGION=us-west1
echo "PROJECT_ID=${PROJECT_ID}"
echo "REGION=${REGION}"
Your active configuration is: [cloudshell-4771]
PROJECT_ID=qwiklabs-gcp-01-03762c2d44fe
REGION=us-west1
student_01_3c1bb184aaad@cloudshell:~ (qwiklabs-gcp-01-03762c2d44fe)$ USER=$(gcloud config get-value account 2> /dev/null)
echo "USER=${USER}"
USER=student-01-3c1bb184aaad@qwiklabs.net
student_01_3c1bb184aaad@cloudshell:~ (qwiklabs-gcp-01-03762c2d44fe)$ gcloud services enable cloudaicompanion.googleapis.com --project ${PROJECT_ID}
Operation "operations/acat.p2-730940802334-37539881-5066-4e72-9bce-6dbd703949e3" finished successfully.
student_01_3c1bb184aaad@cloudshell:~ (qwiklabs-gcp-01-03762c2d44fe)$ gcloud projects add-iam-policy-binding ${PROJECT_ID} --member user:${USER} --role=roles/cloudaicompanion.user
gcloud projects add-iam-policy-binding ${PROJECT_ID} --member user:${USER} --role=roles/serviceusage.serviceUsageViewer
Updated IAM policy for project [qwiklabs-gcp-01-03762c2d44fe].
bindings:
- members:
- serviceAccount:qwiklabs-gcp-01-03762c2d44fe@qwiklabs-gcp-01-03762c2d44fe.iam.gserviceaccount.com
role: roles/bigquery.admin
- members:
- user:student-01-3c1bb184aaad@qwiklabs.net
role: roles/cloudaicompanion.user
- members:
- serviceAccount:730940802334@cloudbuild.gserviceaccount.com
role: roles/cloudbuild.builds.builder
- members:
- serviceAccount:service-730940802334@gcp-sa-cloudbuild.iam.gserviceaccount.com
role: roles/cloudbuild.serviceAgent
- members:
- user:student-01-3c1bb184aaad@qwiklabs.net
role: roles/compute.orgFirewallPolicyAdmin
- members:
- user:student-01-3c1bb184aaad@qwiklabs.net
role: roles/compute.orgSecurityPolicyAdmin
- members:
- user:student-01-3c1bb184aaad@qwiklabs.net
role: roles/compute.publicIpAdmin
- members:
- serviceAccount:service-730940802334@compute-system.iam.gserviceaccount.com
role: roles/compute.serviceAgent
- members:
- serviceAccount:service-730940802334@container-engine-robot.iam.gserviceaccount.com
role: roles/container.serviceAgent
- members:
- serviceAccount:730940802334-compute@developer.gserviceaccount.com
- serviceAccount:730940802334@cloudservices.gserviceaccount.com
role: roles/editor
- members:
- serviceAccount:service-730940802334@gcp-sa-notebooks.iam.gserviceaccount.com
role: roles/notebooks.serviceAgent
- members:
- serviceAccount:admiral@qwiklabs-services-prod.iam.gserviceaccount.com
- serviceAccount:qwiklabs-gcp-01-03762c2d44fe@qwiklabs-gcp-01-03762c2d44fe.iam.gserviceaccount.com
- user:student-01-3c1bb184aaad@qwiklabs.net
role: roles/owner
- members:
- serviceAccount:qwiklabs-gcp-01-03762c2d44fe@qwiklabs-gcp-01-03762c2d44fe.iam.gserviceaccount.com
role: roles/storage.admin
- members:
- user:student-01-3c1bb184aaad@qwiklabs.net
role: roles/viewer
- members:
- serviceAccount:service-730940802334@gcp-sa-websecurityscanner.iam.gserviceaccount.com
role: roles/websecurityscanner.serviceAgent
- members:
- user:student-01-3c1bb184aaad@qwiklabs.net
role: roles/workstations.networkAdmin
etag: BwYXXxHk6t0=
version: 1
Updated IAM policy for project [qwiklabs-gcp-01-03762c2d44fe].
bindings:
- members:
- serviceAccount:qwiklabs-gcp-01-03762c2d44fe@qwiklabs-gcp-01-03762c2d44fe.iam.gserviceaccount.com
role: roles/bigquery.admin
- members:
- user:student-01-3c1bb184aaad@qwiklabs.net
role: roles/cloudaicompanion.user
- members:
- serviceAccount:730940802334@cloudbuild.gserviceaccount.com
role: roles/cloudbuild.builds.builder
- members:
- serviceAccount:service-730940802334@gcp-sa-cloudbuild.iam.gserviceaccount.com
role: roles/cloudbuild.serviceAgent
- members:
- user:student-01-3c1bb184aaad@qwiklabs.net
role: roles/compute.orgFirewallPolicyAdmin
- members:
- user:student-01-3c1bb184aaad@qwiklabs.net
role: roles/compute.orgSecurityPolicyAdmin
- members:
- user:student-01-3c1bb184aaad@qwiklabs.net
role: roles/compute.publicIpAdmin
- members:
- serviceAccount:service-730940802334@compute-system.iam.gserviceaccount.com
role: roles/compute.serviceAgent
- members:
- serviceAccount:service-730940802334@container-engine-robot.iam.gserviceaccount.com
role: roles/container.serviceAgent
- members:
- serviceAccount:730940802334-compute@developer.gserviceaccount.com
- serviceAccount:730940802334@cloudservices.gserviceaccount.com
role: roles/editor
- members:
- serviceAccount:service-730940802334@gcp-sa-notebooks.iam.gserviceaccount.com
role: roles/notebooks.serviceAgent
- members:
- serviceAccount:admiral@qwiklabs-services-prod.iam.gserviceaccount.com
- serviceAccount:qwiklabs-gcp-01-03762c2d44fe@qwiklabs-gcp-01-03762c2d44fe.iam.gserviceaccount.com
- user:student-01-3c1bb184aaad@qwiklabs.net
role: roles/owner
- members:
- user:student-01-3c1bb184aaad@qwiklabs.net
role: roles/serviceusage.serviceUsageViewer
- members:
- serviceAccount:qwiklabs-gcp-01-03762c2d44fe@qwiklabs-gcp-01-03762c2d44fe.iam.gserviceaccount.com
role: roles/storage.admin
- members:
- user:student-01-3c1bb184aaad@qwiklabs.net
role: roles/viewer
- members:
- serviceAccount:service-730940802334@gcp-sa-websecurityscanner.iam.gserviceaccount.com
role: roles/websecurityscanner.serviceAgent
- members:
- user:student-01-3c1bb184aaad@qwiklabs.net
role: roles/workstations.networkAdmin
etag: BwYXXxILSjk=
version: 1
student_01_3c1bb184aaad@cloudshell:~ (qwiklabs-gcp-01-03762c2d44fe)$
Adding these roles lets the user use Gemini assistance.
Deploy GKE clusters
In this task, you use the Google Cloud console and Cloud Shell to deploy GKE clusters.
For the following example, consider that you are an infrastructure admin who is responsible for setting up infrastructure for a team developing a web application. The organization at large has standardized on containers and Kubernetes, so the team wants to understand how to run their web application on Kubernetes in Google Cloud. The team also wants to understand how to do so with as little infrastructure management overhead as possible.
In this case, you have the existing GKE cluster running a set of microservices that make up an ecommerce web app. With Gemini assistance, you will now identify areas to improve.
Welcome to Gemini for Cloud console
Get help where you need it with a conversational assistant that answers your questions about Google Cloud, reviews code snippets, and troubleshoots issues quickly.
Gemini is an AI-powered collaborator to help you get more done faster. Get answers to your questions about how to get started with a Cloud solution, strategies for optimizing resources, or using the gcloud CLI to manage Google Cloud.
In addition to general knowledge about Google Cloud, it also has some awareness of your context, like your project and console page.
Q: How can I run Kubernetes on Google Cloud without having to own management of nodes and the control plane?
A:
To run Kubernetes on Google Cloud without having to own management of nodes and the control plane, you can use Google Kubernetes Engine (GKE) Autopilot. GKE Autopilot is a managed Kubernetes service that takes care of all the operational tasks associated with running Kubernetes, including node and control plane management, upgrades, and security patching. This allows you to focus on developing and deploying your applications without having to worry about the underlying infrastructure.
To create a GKE Autopilot cluster, you can use the Google Cloud console, the gcloud command-line tool, or the Kubernetes Engine API. Once your cluster is created, you can deploy your applications to it using the same tools and techniques that you would use with any other Kubernetes cluster.
Here are the steps on how to create a GKE Autopilot cluster using the Google Cloud console:
Go to the Kubernetes Engine page in the Google Cloud console. Click the Create cluster button. In the Cluster name field, enter a name for your cluster. In the Location field, select the region where you want to create your cluster. In the Node pool section, select the Autopilot option. Click the Create button.
Once your cluster is created, you can deploy your applications to it using the kubectl command-line tool. For example, to deploy a simple Nginx application, you can run the following command:
kubectl create deployment nginx --image=nginx
Generated code may be subject to license restrictions not shown here. Use code with care. Learn more
This will create a deployment object that will deploy an Nginx container to your cluster. You can then use the kubectl get pods command to check the status of your deployment.
For more information on GKE Autopilot, please refer to the GKE Autopilot documentation
Source:
Deploy a GKE Autopilot cluster
In this task, you prompt Gemini on how to deploy a GKE Autopliot cluster.
-
Enter the following prompt:
Q: How do I create a GKE Autopilot cluster?
A: To create a GKE Autopilot cluster, you can use the Google Cloud console, the gcloud command-line tool, or the Kubernetes Engine API.
Using the Google Cloud console
Go to the Kubernetes Engine page in the Google Cloud console. Click the Create cluster button. In the Cluster name field, enter a name for your cluster. In the Location field, select the region where you want to create your cluster. In the Node pool section, select the Autopilot option. Click the Create button.
Using the gcloud command-line tool
gcloud container clusters create CLUSTER_NAME \ --node-pool=default-pool \ --num-nodes=3 \ --enable-autopilot \ --location=europe-central2-b
Generated code may be subject to license restrictions not shown here. Use code with care. Learn more
Using the Kubernetes Engine API
apiVersion: v1 kind: Cluster metadata: name: my-cluster location: europe-central2-b nodePools: - name: default-pool config: autopilot: {}
Generated code may be subject to license restrictions not shown here. Use code with care. Learn more
Once your cluster is created, you can deploy your applications to it using the same tools and techniques that you would use with any other Kubernetes cluster.
For more information on GKE Autopilot, please refer to the GKE Autopilot documentation
Q: What is the command to create a GKE Autopilot cluster in my current project and in the us-west1 region named gemini-demo using the gcloud CLI?
A: The command to create a GKE Autopilot cluster in your current project and in the us-west1 region named gemini-demo using the gcloud CLI is:
gcloud container clusters create gemini-demo \
--node-pool=default-pool \
--num-nodes=3 \
--enable-autopilot \
--location=us-west1
This command will create a cluster with the following configuration:
Name: gemini-demo Region: us-west1 Node pool: default-pool with 3 nodes Autopilot: enabled
Once the cluster is created, you can deploy your applications to it using the same tools and techniques that you would use with any other Kubernetes cluster.
student_01_3c1bb184aaad@cloudshell:~ (qwiklabs-gcp-01-03762c2d44fe)$ gcloud container clusters create gemini-demo \
--node-pool=default-pool \
--num-nodes=3 \
--enable-autopilot \
--location=us-west1
ERROR: (gcloud.container.clusters.create) unrecognized arguments:
--node-pool=default-pool (did you mean '--max-nodes-per-pool'?)
--enable-autopilot (did you mean '--enable-autorepair'?)
To search the help text of gcloud commands, run:
gcloud help -- SEARCH_TERMS
student_01_3c1bb184aaad@cloudshell:~ (qwiklabs-gcp-01-03762c2d44fe)$
This seems to be wrong command.
Here is the correct method of creating autopilot GKE cluster
student_01_3c1bb184aaad@cloudshell:~ (qwiklabs-gcp-01-03762c2d44fe)$ gcloud container clusters create-auto gemini-demo --region us-west1
Creating cluster gemini-demo in us-west1... Cluster is being health-checked (master is healthy)...working...
Creating cluster gemini-demo in us-west1... Cluster is being health-checked (master is healthy)...done.
Created [https://container.googleapis.com/v1/projects/qwiklabs-gcp-01-03762c2d44fe/zones/us-west1/clusters/gemini-demo].
To inspect the contents of your cluster, go to: https://console.cloud.google.com/kubernetes/workload_/gcloud/us-west1/gemini-demo?project=qwiklabs-gcp-01-03762c2d44fe
kubeconfig entry generated for gemini-demo.
NAME: gemini-demo
LOCATION: us-west1
MASTER_VERSION: 1.28.7-gke.1026000
MASTER_IP: 34.83.24.75
MACHINE_TYPE: e2-small
NODE_VERSION: 1.28.7-gke.1026000
NUM_NODES: 3
STATUS: RUNNING
student_01_3c1bb184aaad@cloudshell:~ (qwiklabs-gcp-01-03762c2d44fe)$
student_01_3c1bb184aaad@cloudshell:~ (qwiklabs-gcp-01-03762c2d44fe)$
Deploy a sample web application
Now that you have created a GKE cluster in Autopilot mode, you now decide you would like to test running a sample web application similar to the web application your team will run on this infrastructure. Internally, you see that you have the following container image from Google us-docker.pkg.dev/google-samples/containers/gke/hello-app:1.0 bookmarked for testing a containerized web application:
Q: What is the kubectl command to create a deployment called hello-server for the image us-docker.pkg.dev/google-samples/containers/gke/hello-app:1.0?
A:
kubectl create deployment hello-server --image=us-docker.pkg.dev/google-samples/containers/gke/hello-app:1.0
student_01_3c1bb184aaad@cloudshell:~ (qwiklabs-gcp-01-03762c2d44fe)$ kubectl create deployment hello-server --image=us-docker.pkg.dev/google-samples/containers/gke/hello-app:1.0
deployment.apps/hello-server created
student_01_3c1bb184aaad@cloudshell:~ (qwiklabs-gcp-01-03762c2d44fe)$
Q: What is the kubectl command to expose this deployment on port 80 and target port 8080 with a load balancer?
A:
kubectl expose deployment hello-server --port 80 --target-port 8080 --type LoadBalancer
student_01_3c1bb184aaad@cloudshell:~ (qwiklabs-gcp-01-03762c2d44fe)$ kubectl expose deployment hello-server --port 80 --target-port 8080 --type LoadBalancer
service/hello-server exposed
student_01_3c1bb184aaad@cloudshell:~ (qwiklabs-gcp-01-03762c2d44fe)$
Q: What is the kubectl command to see the external IP address associated with this load balancer?
A:
kubectl get service hello-server -o jsonpath='{.status.loadBalancer.ingress[0].ip}'
student_01_3c1bb184aaad@cloudshell:~ (qwiklabs-gcp-01-03762c2d44fe)$ kubectl get service hello-server -o jsonpath='{.status.loadBalancer.ingress[0].ip}'
34.127.34.64student_01_3c1bb184aaad@cloudshell:~ (qwiklabs-gcp-01-03762c2d44fe)$
student_01_3c1bb184aaad@cloudshell:~ (qwiklabs-gcp-01-03762c2d44fe)$ curl 34.127.34.64
Hello, world!
Version: 1.0.0
Hostname: hello-server-545d5cf56d-s9bmb
student_01_3c1bb184aaad@cloudshell:~ (qwiklabs-gcp-01-03762c2d44fe)$
Summary
student_01_3c1bb184aaad@cloudshell:~ (qwiklabs-gcp-01-03762c2d44fe)$ history
1 PROJECT_ID=$(gcloud config get-value project)
2 REGION=us-west1
3 echo "PROJECT_ID=${PROJECT_ID}"
4 echo "REGION=${REGION}"
5 USER=$(gcloud config get-value account 2> /dev/null)
6 echo "USER=${USER}"
7 gcloud services enable cloudaicompanion.googleapis.com --project ${PROJECT_ID}
8 gcloud projects add-iam-policy-binding ${PROJECT_ID} --member user:${USER} --role=roles/cloudaicompanion.user
9 gcloud projects add-iam-policy-binding ${PROJECT_ID} --member user:${USER} --role=roles/serviceusage.serviceUsageViewer
10 gcloud container clusters create gemini-demo --node-pool=default-pool --num-nodes=3 --enable-autopilot --location=us-west1
11 gcloud container clusters create-auto gemini-demo --region us-west1
12 kubectl create deployment hello-server --image=us-docker.pkg.dev/google-samples/containers/gke/hello-app:1.0
13 kubectl expose deployment hello-server --port 80 --target-port 8080 --type LoadBalancer
14 kubectl get service hello-server -o jsonpath='{.status.loadBalancer.ingress[0].ip}'
15 curl 34.127.34.64
16 history
student_01_3c1bb184aaad@cloudshell:~ (qwiklabs-gcp-01-03762c2d44fe)$
The following is a summary of all gcloud commands suggested so far:
gcloud container clusters create gemini-demo \ --node-pool=default-pool \ --num-nodes=3 \ --enable-autopilot \ --location=us-west1
This command creates a GKE Autopilot cluster named gemini-demo in the us-west1 region with 3 nodes.
kubectl create deployment hello-server --image=us-docker.pkg.dev/google-samples/containers/gke/hello-app:1.0
This command creates a deployment called hello-server that runs the image us-docker.pkg.dev/google-samples/containers/gke/hello-app:1.0 .
kubectl expose deployment hello-server --port 80 --target-port 8080 --type LoadBalancer
This command creates a service called hello-server that exposes the deployment hello-server on port 80 with a load balancer.
kubectl get service hello-server -o jsonpath='{.status.loadBalancer.ingress[0].ip}'
This command prints the external IP address of the load balancer associated with the service hello-server .