借助 Gemini for Google Cloud 协助创建专用 build

本教程将介绍如何使用 适用于 Google Cloud 的 Gemini Google Cloud 中依托 AI 技术的协作工具,可用于浏览日志和设置构建作业 Google Kubernetes Engine 中的一组微服务。

本教程适用于任何经验水平的 DevOps 工程师。

目标

  • 提示 Gemini 进行日志记录查询,以便您可以观察 日志
  • 了解如何通过提示来建立私有构建环境 使用 Gemini 来回答基于上下文的问题。
  • 使用 Gemini 了解如何存储容器映像 从而保护用户隐私

使用的 Google Cloud 产品

本教程使用以下可计费的 Google Cloud 产品。使用 价格计算器 根据您的预计使用情况来估算费用。

  • Google Kubernetes Engine (GKE)。GKE 是一个代管式 Kubernetes 服务 可让您大规模部署和管理容器化应用的服务。

  • Cloud Logging。Logging 是一种实时日志管理 具有存储、搜索、分析和监控支持的系统。

  • Cloud Build。Cloud Build 是一种服务 构建于 Google Cloud 基础架构之上。Cloud Build 可以 从各种代码库或 Cloud Storage 中导入源代码 按照您的规范执行构建,并生成 Docker 容器或 Java 归档

  • Artifact Registry。借助 Artifact Registry,您可以在一个位置 管理容器映像和语言包它让您可以 将工件和构建依赖项作为 拥有 Google Cloud 经验。

  • Gemini。Gemini 是一款始终在线的产品 是 Google Cloud 的协作工具,提供由生成式 AI 赋能的 为广大用户提供帮助,包括开发者和数据 科学家。为了提供综合性辅助体验, Gemini 嵌入在许多 Google Cloud 产品中。

准备工作

  1. 确保已针对 您的 Google Cloud 用户账号和项目。此外,请确保您已 在首选 IDE 中安装了 Cloud Code 插件。 如果您想使用 Cloud Shell Editor 或 将 Cloud Workstations 用作 IDE Gemini Code Assist 已默认处于启用状态。

  2. 启用 Google Kubernetes Engine API。

    启用 API

  3. 在 Google Cloud 控制台中,激活 Cloud Shell。

    激活 Cloud Shell

    Cloud Shell 会话随即会在 Google Cloud 控制台的底部启动,并显示命令行提示符。Cloud Shell 是一个已安装 Google Cloud CLI 且已为当前项目设置值的 Shell 环境。该会话可能需要几秒钟时间来完成初始化。

  4. 使用 gcloud container clusters create 命令

    gcloud container clusters create test --region us-central1

    该命令需要几分钟才能运行完毕。输出类似于以下内容:

    Creating cluster test in us-central1... Cluster is being health-checked (master is healthy)...done.

Created https://container.googleapis.com/v1/projects/agmsb-gke-lab/zones/us-central1/clusters/test.

To inspect the contents of your cluster, go to: https://console.cloud.google.com/kubernetes/workload_/gcloud/us-central1/test?project=agmsb-gke-lab
kubeconfig entry generated for test.

NAME: test
LOCATION: us-central1
MASTER_VERSION: 1.27.3-gke.100
MASTER_IP: 34.72.99.149
MACHINE_TYPE: e2-medium
NODE_VERSION: 1.27.3-gke.100
NUM_NODES: 9
STATUS: RUNNING

  5. 克隆代码库并使用 kubectl 部署一组微服务 构成电子商务 Web 应用的组件添加到 GKE 集群:

    git clone https://github.com/GoogleCloudPlatform/microservices-demo && cd microservices-demo

kubectl apply -f ./release/kubernetes-manifests.yaml

  6. 几分钟后,请获取外部 IP 地址以访问您的 Web 应用 在浏览器中打开:

    kubectl get service frontend-external | awk '{print $4}'

了解 GKE 中工作负载的日志

在以下示例中,假设您是一位 DevOps 工程师, (即继承在 GKE 中运行的现有微服务集) 集群。为了解环境,您决定要检查日志 各种微服务的数据

在您的首选语言中 Gemini Code Assist 集成式 IDE, 即可与 Gemini 对话,以获取帮助。在 Gemini 窗格中, 您需要输入提示,也就是描述问题或 Gemini 会返回回答

了解 Gemini for Google Cloud 如何以及何时使用您的数据

您知道微服务已部署到 default 命名空间。 如需提示 Gemini 帮助您检查日志,请按以下步骤操作:

  1. 在 IDE 的活动栏中,点击 chat_spark Gemini Code Assist 打开 Gemini Code Assist 窗格。

  2. Gemini Code Assist 窗格中,输入以下提示:

    How can I write a Cloud Logging query to search for logs from Pods in
a namespace called "default" in a Google Kubernetes Engine cluster named "test"?

    Gemini 给出的回答可能类似于以下内容:

    To write a Cloud Logging query to search for logs from Pods in a
namespace called "default" in GKE cluster called "test", you
can use the following query:

resource.type="k8s_container"
resource.labels.namespace_name="default"
resource.labels.cluster_name="test"

This query will search for all logs from Pods in the "default"
namespace in the "test" GKE cluster. You can also use the
Cloud Logging console to search for logs from Pods in a specific
namespace and cluster. To do this, follow these steps:

1. Go to the Cloud Logging console.
2. In the Query builder pane, click
   Resource.
3. In the Resource type list, select Kubernetes
   Container.
4. In the Namespace name field, enter default.
5. In the Cluster name field, enter test.
6. Click Add.
7. In the Query results pane, you will see a list of logs
   from Pods in the "default" namespace in the "test" GKE
   cluster.

  3. 要检查这些日志,请点击查询返回的每个日志。在 单个日志,如果您点击 Explain this query,则响应类似 更改为以下代码:

    Sure. Here are the bullet points that explain the log entry:

• The log entry is about a GET request to the /_healthz path.
• The request was successful and returned a 200 status code.
• The request took 0 milliseconds to complete.
• The request was made by the x-liveness-probe session.
• The request was made from the frontend-755cdc7957-pv8x5 pod
  in the default namespace.

为容器映像创建私有构建环境

现在,您已经通过观察 您决定设置基础架构并为您的团队构建未来的容器, 以及一组私有工作器上的映像。在本部分中,您需要 Gemini 可帮助您了解如何运行 build 以便您可以将构建迁移到 Google Cloud 项目。

  1. 在 IDE 的活动栏中,点击 chat_spark Gemini Code Assist 打开 Gemini Code Assist 窗格。

  2. Gemini Code Assist 窗格中,输入以下提示:

    How can I build a private build environment that is not connected to
the internet in Google Cloud? I want to be able to use Docker to
build my container images in this environment.

    Gemini 给出的回答可能类似于以下内容:

    To build a private build environment that is not connected to the internet
in Google Cloud, you can use a Cloud Build private pool. A private pool
is a group of build workers that are not connected to the public internet.
You can create a private pool in a Virtual Private Cloud (VPC) network,
which provides an additional layer of security for your build environment.

To create a private pool, you will need to:

1. Create a VPC network.
2. Create a private pool in the VPC network.
3. Configure your build config file to use the private pool.

Once you have created a private pool, you can use it to build your
container images using Docker. To do this, you will need to:

1. Create a Dockerfile.
2. Create a build config file.
3. Run the `gcloud builds submit` command.

The `gcloud builds submit` command will build your container image
using the private pool.

Find more information for your question here:

• https://cloud.google.com/build/docs/private-pools/create-manage-private-pools

  3. Cloud Build 专用池听起来像是可行的前进之路, Gemini 可帮助您创建首个专用池。 输入以下提示:

    Can you give me a gcloud command to create my first Cloud Build
private worker pool?

    Gemini 会返回类似于以下内容的响应: 

    Here's how you can create your first private worker pool using the gcloud
command:

1. Define your pool configuration:

First, you need to define the configuration of your private pool. This
includes details like the pool name, region, machine type, disk size, and
network settings. You can do this by creating a JSON file named
workerpool.json with the following structure:

{
  "name": "my-first-privatepool",
  "location": "us-central1",
  "machineType": "e2-standard-2",
  "diskSizeGb": 800,
  "network": "projects/your-project-id/global/networks/default",
  "assignExternalIP": true
}

2. Create the pool using gcloud:

Once you have the configuration file ready, you can use the following gcloud
command to create the private worker pool:

gcloud builds worker-pools create \
  --project=gsm-project-382212 \
  --location=us-central1 \
  --worker-pool-id=my-first-privatepool \
  --file=workerpool.json

Explanation of the command:

- gcloud builds worker-pools create : This is the command to create a new worker pool.
- --project=gsm-project-382212 : This specifies the project ID where you want to create the pool.
- --location=us-central1 : This specifies the region where you want to create the pool.
- --worker-pool-id=my-first-privatepool : This specifies the ID for your private pool.
- --file=workerpool.json : This specifies the path to your configuration file.

3. Verify the pool creation:

After running the command, you can verify that the pool has been created by
running the following command:

gcloud builds worker-pools list

Additional notes:

- You can customize the configuration file to meet your specific needs. For
example, you can change the machine type, disk size, or network settings.
- You can also create private worker pools using the Cloud Build API or th
 Cloud Console.

I hope this helps! Let me know if you have any other questions.

  4. 在前面的响应中,您似乎需要将 来替换该变量 PRIVATEPOOL_CONFIG_FILE,你需要向 Gemini 下达以下指令: 可帮助您创建配置文件。输入以下提示:

    Can you show me an example of a Cloud Build private pool config file?

    Gemini 给出的回答可能类似于以下内容:

    Sure. Here is an example of a Cloud Build private pool config file:

privatePoolV1Config:
   networkConfig:
     egressOption: NO_PUBLIC_EGRESS<br>
     peeredNetwork: 'projects/my-project/global/networks/my-network'
     peeredNetworkIpRange: '10.1.2.0/24'
   workerConfig:
     diskSizeGb: '100'
     machineType: 'e2-standard-4'

This config file creates a private pool with the following
properties:

• The pool is not connected to the public internet.
• The pool is connected to the `my-network` VPC network.
• The pool's workers have a `100GB` boot disk and a
  `e2-standard-4` machine type.

For more information, see the Cloud Build documentation.

  5. 您开始编写自己的配置文件,构建工作器 用户无法访问公共互联网。前往 Google Cloud 控制台 和 启动 Cloud Shell Editor

  6. 在 Cloud Shell 中,运行以下命令,设置 将 egressOption 转换为 NO_PUBLIC_EGRESS

    cat << EOF >> cloudbuild-privatepool-config.yaml

privatePoolV1Config:
  networkConfig:
    egressOption: NO_PUBLIC_EGRESS

EOF

  7. 您不确定配置中的其他选项 这时你可以提示 Gemini 帮忙:

    Is there a default value for any of these options?

    Gemini 给出的回答可能类似于以下内容:

    Yes, there are default values for some of the options in the private
pool config file. For example, the default value for egressOption is
ALLOW_PUBLIC_EGRESS, which means that the private pool will have
access to the public internet. The default value for diskSizeGb is
100, and the default value for machineType is e2-medium.

For a full list of the default values, see the Cloud Build documentation.

  8. 您可以看到,Gemini 提供了一些默认值, 配置文件已设置,阅读相关文档后, 您的配置文件是否完好无损。在 Cloud Shell 中,将 Gemini 之前提供的 gcloud 命令, 您新创建的配置文件:

    gcloud builds worker-pools create max-pool-test \
    --config-from-file cloudbuild-privatepool-config.yaml \
    --region us-central1

  9. 创建工作器后,您就会意识到 将无权访问公共软件包管理器,例如 pip。您希望 请确认您已了解如何托管专用软件包。输入以下内容 提示:

    If I create a private pool with NO_PUBLIC_EGRESS enabled, can I use
Artifact Registry to host my packages privately and access them from
a private pool?

    Gemini 给出的回答可能类似于以下内容:

    Yes, you can use Artifact Registry to host your packages privately
and access them from a private pool. To do this, you will need to
create a private pool with NO_PUBLIC_EGRESS enabled and then
configure your Artifact Registry repository to use the private pool.
For more information, see the Cloud Build documentation.

  10. 您决定继续创建 Artifact Registry 存储库在 Gemini 窗格中,输入以下提示:

    How can I use gcloud to create a private Docker repository for
container images in Artifact Registry?

    Gemini 会返回类似于以下内容的响应: 

    To create a private Docker repository for container images in
Artifact Registry, you can use the following command:

gcloud artifacts repositories create REPOSITORY_NAME \\\
    --repository-format=docker \\\
    --location=LOCATION \\\
    --description="DESCRIPTION" \\\
    --kms-key=KMS_KEY

Where:

• REPOSITORY_NAME is the name of your repository.
• LOCATION is the location of your repository.
• DESCRIPTION is a description of your repository.
• KMS_KEY is the name of your Cloud Key Management Service key that
  you want to use to encrypt your repository data.

For more information, see the gcloud artifacts repositories create
documentation.

  11. 看到 KMS_KEY 变量,您意识到自己并未创建 Cloud KMS 密钥。输入以下提示:

    Do I need a KMS_KEY?

    Gemini 给出的回答可能类似于以下内容:

    No, you don't need a KMS_KEY to create a private Docker repository
for container images in Artifact Registry. However, if you want to
encrypt your container images, you can use a Cloud Key Management Service key. For more
information, see the Artifact Registry CMEK documentation.

  12. 待您回答了问题后,在 Cloud Shell 中运行 gcloud 命令:

    gcloud artifacts repositories create max-docker-repo-test \
    --repository-format=docker \
    --location=us-central1 \
    --description="test container repository"

在 Gemini 的协助下,您已成功创建私享 一组工作器和私有代码库,用于构建和托管您的工件。

清理

为避免系统因资源向您的 Google Cloud 账号收取费用 您可以删除之前使用的 Google Cloud 项目, 为本教程创建的映像或者,您也可以删除各个资源。

  1. 在 Google Cloud 控制台中,进入管理资源页面。

    转到“管理资源”

  2. 在项目列表中,选择要删除的项目,然后点击删除
  3. 在对话框中输入项目 ID,然后点击关闭以删除项目。

后续步骤