本教程介绍了如何使用 Gemini for Google Cloud(Google Cloud 中 AI 赋能的协作工具)浏览日志并为 Google Kubernetes Engine 中的一组微服务设置构建环境。
本教程适用于任何经验水平的 DevOps 工程师。
目标
- 提示 Gemini 进行日志记录查询,以便您可以观察来自 Pod 的日志。
- 通过向 Gemini 询问基于上下文的问题,了解如何建立专用构建环境。
- 使用 Gemini 学习如何以私密和安全的方式存储容器映像。
使用的 Google Cloud 产品
本教程使用以下可计费的 Google Cloud 产品。您可使用价格计算器根据您的预计使用情况来估算费用。
Google Kubernetes Engine (GKE)。GKE 是一项代管式 Kubernetes 服务,可让您大规模部署和管理容器化应用。
Cloud Logging。Logging 是一个实时日志管理系统,支持存储、搜索、分析和监控。
Cloud Build。Cloud Build 服务可供您在 Google Cloud 基础架构上执行构建。Cloud Build 可以从各种代码库或 Cloud Storage 空间导入源代码,根据您的规范执行构建,并生成诸如 Docker 容器或 Java 归档等工件。
Artifact Registry。Artifact Registry 可让您集中管理容器映像和语言包。它可让您集中存储工件并构建依赖项,作为集成式 Google Cloud 体验的一部分。
双子座。Gemini 是 Google Cloud 中始终在线的协作工具,为广大用户(包括开发者和数据科学家)提供依托生成式 AI 技术的协助。为了提供集成式协助体验,Gemini 已嵌入到许多 Google Cloud 产品中。
准备工作
- 确保已为您的 Google Cloud 用户帐号和项目设置 Gemini。此外,请确保您已在首选 IDE 中安装 Cloud Code 插件。如果您希望使用 Cloud Shell Editor 或 Cloud Workstations 作为 IDE,那么 Cloud Code 和 Genmini Code Assist 默认已可用。
-
启用 Google Kubernetes Engine API。
-
在 Google Cloud 控制台中,激活 Cloud Shell。
Cloud Shell 会话随即会在 Google Cloud 控制台的底部启动,并显示命令行提示符。Cloud Shell 是一个已安装 Google Cloud CLI 且已为当前项目设置值的 Shell 环境。该会话可能需要几秒钟时间来完成初始化。
使用
gcloud container clusters create
命令创建 GKE 集群:gcloud container clusters create test --region us-central1
该命令需要几分钟才能运行。输出类似于以下内容:
Creating cluster test in us-central1... Cluster is being health-checked (master is healthy)...done. Created https://container.googleapis.com/v1/projects/agmsb-gke-lab/zones/us-central1/clusters/test. To inspect the contents of your cluster, go to: https://console.cloud.google.com/kubernetes/workload_/gcloud/us-central1/test?project=agmsb-gke-lab kubeconfig entry generated for test. NAME: test LOCATION: us-central1 MASTER_VERSION: 1.27.3-gke.100 MASTER_IP: 34.72.99.149 MACHINE_TYPE: e2-medium NODE_VERSION: 1.27.3-gke.100 NUM_NODES: 9 STATUS: RUNNING
克隆代码库并使用
kubectl
将构成电子商务 Web 应用的一组微服务部署到 GKE 集群:git clone https://github.com/GoogleCloudPlatform/microservices-demo && cd microservices-demo kubectl apply -f ./release/kubernetes-manifests.yaml
几分钟后,获取外部 IP 地址以在浏览器中访问您的 Web 应用:
kubectl get service frontend-external | awk '{print $4}'
了解 GKE 中工作负载的日志
在以下示例中,假设您是一位 DevOps 工程师,负责继承 GKE 集群中运行的一组现有微服务。如需了解环境,您需要检查来自各种微服务的日志。
在您的首选集成了 Code Assist 的 IDE 中,您可以通过与 Gemini 聊天来获取帮助。在 Gemini 窗格中输入提示(即描述您所需要的帮助的问题或语句),Gemini 会返回回复。
Gemini 不会将您的提示或其回答作为数据来训练模型。如需了解详情,请参阅 Gemini for Google Cloud 如何使用您的数据。
您知道微服务已部署到 default
命名空间。如需提示 Gemini 帮助您检查日志,请按以下步骤操作:
在 IDE 的活动栏中,点击 chat_spark Gemini Code Assist 以打开 Gemini Code Assist 窗格。
在 Gemini Code Assist 窗格中,输入以下提示:
How can I write a Cloud Logging query to search for logs from Pods in a namespace called "default" in a Google Kubernetes Engine cluster named "test"?
Gemini 会返回类似于以下内容的响应:
To write a Cloud Logging query to search for logs from Pods in a namespace called "default" in GKE cluster called "test", you can use the following query: resource.type="k8s_container" resource.labels.namespace_name="default" resource.labels.cluster_name="test" This query will search for all logs from Pods in the "default" namespace in the "test" GKE cluster. You can also use the Cloud Logging console to search for logs from Pods in a specific namespace and cluster. To do this, follow these steps: 1. Go to the Cloud Logging console. 2. In the Query builder pane, click Resource. 3. In the Resource type list, select Kubernetes Container. 4. In the Namespace name field, enter default. 5. In the Cluster name field, enter test. 6. Click Add. 7. In the Query results pane, you will see a list of logs from Pods in the "default" namespace in the "test" GKE cluster.
如需检查这些日志,请点击从查询返回的每个日志。在单个日志上,如果您点击 Explain this query,则响应类似于以下内容:
Sure. Here are the bullet points that explain the log entry: • The log entry is about a GET request to the /_healthz path. • The request was successful and returned a 200 status code. • The request took 0 milliseconds to complete. • The request was made by the x-liveness-probe session. • The request was made from the frontend-755cdc7957-pv8x5 pod in the default namespace.
为容器映像创建专用构建环境
现在,您已经通过观察日志对工作负载有了更深入的了解,接下来决定在一组专用工作器上设置基础架构并构建您团队的未来容器映像。在本部分中,您将提示 Gemini 帮助您了解如何运行构建环境,以便将构建迁移到 Google Cloud 项目。
在 IDE 的活动栏中,点击 chat_spark Gemini Code Assist 以打开 Gemini Code Assist 窗格。
在 Gemini Code Assist 窗格中,输入以下提示:
How can I build a private build environment that is not connected to the internet in Google Cloud? I want to be able to use Docker to build my container images in this environment.
Gemini 会返回类似于以下内容的响应:
To build a private build environment that is not connected to the internet in Google Cloud, you can use a Cloud Build private pool. A private pool is a group of build workers that are not connected to the public internet. You can create a private pool in a Virtual Private Cloud (VPC) network, which provides an additional layer of security for your build environment. To create a private pool, you will need to: 1. Create a VPC network. 2. Create a private pool in the VPC network. 3. Configure your build config file to use the private pool. Once you have created a private pool, you can use it to build your container images using Docker. To do this, you will need to: 1. Create a Dockerfile. 2. Create a build config file. 3. Run the `gcloud builds submit` command. The `gcloud builds submit` command will build your container image using the private pool. Find more information for your question here: • https://cloud.google.com/build/docs/private-pools/create-manage-private-pools
Cloud Build 专用池似乎是一条可行的前进之路,因此建议您向 Gemini 寻求帮助,以创建您的第一个专用池。输入以下提示:
Can you give me a gcloud command to create my first Cloud Build private worker pool?
Gemini 会返回类似于以下内容的响应:
Here's how you can create your first private worker pool using the gcloud command: 1. Define your pool configuration: First, you need to define the configuration of your private pool. This includes details like the pool name, region, machine type, disk size, and network settings. You can do this by creating a JSON file named workerpool.json with the following structure: { "name": "my-first-privatepool", "location": "us-central1", "machineType": "e2-standard-2", "diskSizeGb": 800, "network": "projects/your-project-id/global/networks/default", "assignExternalIP": true } 2. Create the pool using gcloud: Once you have the configuration file ready, you can use the following gcloud command to create the private worker pool: gcloud builds worker-pools create \ --project=gsm-project-382212 \ --location=us-central1 \ --worker-pool-id=my-first-privatepool \ --file=workerpool.json Explanation of the command: - gcloud builds worker-pools create : This is the command to create a new worker pool. - --project=gsm-project-382212 : This specifies the project ID where you want to create the pool. - --location=us-central1 : This specifies the region where you want to create the pool. - --worker-pool-id=my-first-privatepool : This specifies the ID for your private pool. - --file=workerpool.json : This specifies the path to your configuration file. 3. Verify the pool creation: After running the command, you can verify that the pool has been created by running the following command: gcloud builds worker-pools list Additional notes: - You can customize the configuration file to meet your specific needs. For example, you can change the machine type, disk size, or network settings. - You can also create private worker pools using the Cloud Build API or th Cloud Console. I hope this helps! Let me know if you have any other questions.
从前面的响应中,您似乎需要传递配置文件来替换变量 PRIVATEPOOL_CONFIG_FILE,因此您请求 Gemini 帮助您创建配置文件。输入以下提示:
Can you show me an example of a Cloud Build private pool config file?
Gemini 会返回类似于以下内容的响应:
Sure. Here is an example of a Cloud Build private pool config file: privatePoolV1Config: networkConfig: egressOption: NO_PUBLIC_EGRESS<br> peeredNetwork: 'projects/my-project/global/networks/my-network' peeredNetworkIpRange: '10.1.2.0/24' workerConfig: diskSizeGb: '100' machineType: 'e2-standard-4' This config file creates a private pool with the following properties: • The pool is not connected to the public internet. • The pool is connected to the `my-network` VPC network. • The pool's workers have a `100GB` boot disk and a `e2-standard-4` machine type. For more information, see the Cloud Build documentation.
您将开始编写自己的配置文件,其中 build 工作器无权访问公共互联网。导航到 Google Cloud 控制台并启动 Cloud Shell Editor。
在 Cloud Shell 中运行以下命令,将
egressOption
设置为NO_PUBLIC_EGRESS
:cat << EOF >> cloudbuild-privatepool-config.yaml privatePoolV1Config: networkConfig: egressOption: NO_PUBLIC_EGRESS EOF
您不确定配置文件中的其他选项,因此提示 Gemini 寻求帮助:
Is there a default value for any of these options?
Gemini 会返回类似于以下内容的响应:
Yes, there are default values for some of the options in the private pool config file. For example, the default value for egressOption is ALLOW_PUBLIC_EGRESS, which means that the private pool will have access to the public internet. The default value for diskSizeGb is 100, and the default value for machineType is e2-medium. For a full list of the default values, see the Cloud Build documentation.
您会看到 Gemini 提供了配置文件中已设置的一些默认值,在阅读文档后,您确定您的配置文件未发生变化。在 Cloud Shell 中,传递 Gemini 之前在新创建的配置文件中提供的
gcloud
命令:gcloud builds worker-pools create max-pool-test \ --config-from-file cloudbuild-privatepool-config.yaml \ --region us-central1
创建工作器后,您会意识到容器将无法访问公共软件包管理器,例如
pip
。您希望确认您已了解如何托管专用软件包。输入以下提示:If I create a private pool with NO_PUBLIC_EGRESS enabled, can I use Artifact Registry to host my packages privately and access them from a private pool?
Gemini 会返回类似于以下内容的响应:
Yes, you can use Artifact Registry to host your packages privately and access them from a private pool. To do this, you will need to create a private pool with NO_PUBLIC_EGRESS enabled and then configure your Artifact Registry repository to use the private pool. For more information, see the Cloud Build documentation.
您决定继续创建 Artifact Registry 代码库。在 Gemini 窗格中,输入以下提示:
How can I use gcloud to create a private Docker repository for container images in Artifact Registry?
Gemini 会返回类似于以下内容的响应:
To create a private Docker repository for container images in Artifact Registry, you can use the following command: gcloud artifacts repositories create REPOSITORY_NAME \\\ --repository-format=docker \\\ --location=LOCATION \\\ --description="DESCRIPTION" \\\ --kms-key=KMS_KEY Where: • REPOSITORY_NAME is the name of your repository. • LOCATION is the location of your repository. • DESCRIPTION is a description of your repository. • KMS_KEY is the name of your Cloud Key Management Service key that you want to use to encrypt your repository data. For more information, see the gcloud artifacts repositories create documentation.
如果看到 KMS_KEY 变量,则表示您尚未创建 Cloud KMS 密钥。输入以下提示:
Do I need a KMS_KEY?
Gemini 会返回类似于以下内容的响应:
No, you don't need a KMS_KEY to create a private Docker repository for container images in Artifact Registry. However, if you want to encrypt your container images, you can use a Cloud Key Management Service key. For more information, see the Artifact Registry CMEK documentation.
您的问题得到解答后,在 Cloud Shell 中,运行 Gemini 为您提供的
gcloud
命令:gcloud artifacts repositories create max-docker-repo-test \ --repository-format=docker \ --location=us-central1 \ --description="test container repository"
在 Gemini 的协助下,您已成功创建专用工作器集和私有代码库来构建和托管工件。
清理
为避免系统因本教程中使用的资源向您的 Google Cloud 帐号收取费用,您可以删除为本教程创建的 Google Cloud 项目。或者,您也可以删除各个资源。
- 在 Google Cloud 控制台中,进入管理资源页面。
- 在项目列表中,选择要删除的项目,然后点击删除。
- 在对话框中输入项目 ID,然后点击关闭以删除项目。
后续步骤
- 阅读 Gemini for Google Cloud 概览。
- 了解 Gemini 配额和限制。
- 了解 Gemini 所在位置。