本教程将介绍如何使用 Google Cloud 专用 Gemini,由 AI 赋能 Google Cloud 中的协作工具,可以浏览日志和设置构建环境 Google Kubernetes Engine 中的一组微服务。
本教程适用于任何经验水平的 DevOps 工程师。
目标
- 提示 Gemini 进行日志记录查询,以便您可以观察 日志
- 了解如何通过提示来建立私有构建环境 使用 Gemini 来回答基于上下文的问题。
- 使用 Gemini 了解如何存储容器映像 从而保护用户隐私
使用的 Google Cloud 产品
本教程使用以下可计费的 Google Cloud 产品。使用 价格计算器 根据您的预计使用情况来估算费用。
Google Kubernetes Engine (GKE)。GKE 是代管式 Kubernetes 可让您大规模部署和管理容器化应用的服务。
Cloud Logging。Logging 是一种实时日志管理 具有存储、搜索、分析和监控支持的系统。
Cloud Build。Cloud Build 是一种服务 构建于 Google Cloud 基础架构之上。Cloud Build 可以 从各种代码库或 Cloud Storage 中导入源代码 按照您的规范执行构建,并生成 Docker 容器或 Java 归档
Artifact Registry。借助 Artifact Registry,您可以在一个位置 管理容器映像和语言包它让您可以 将工件和构建依赖项作为 拥有 Google Cloud 经验。
Gemini。Gemini 是一款始终在线的产品 是 Google Cloud 的协作工具,提供由生成式 AI 赋能的 为广大用户提供帮助,包括开发者和数据 科学家。为了提供综合性辅助体验, Gemini 嵌入在许多 Google Cloud 产品中。
准备工作
- 确保已为 您的 Google Cloud 用户账号和项目。此外,请确保您已 在首选 IDE 中安装了 Cloud Code 插件。 如果您想使用 Cloud Shell Editor 或 将 Cloud Workstations 用作 IDE Gemini Code Assist 已默认处于启用状态。
-
Enable the Google Kubernetes Engine API.
-
In the Google Cloud console, activate Cloud Shell.
At the bottom of the Google Cloud console, a Cloud Shell session starts and displays a command-line prompt. Cloud Shell is a shell environment with the Google Cloud CLI already installed and with values already set for your current project. It can take a few seconds for the session to initialize.
使用
gcloud container clusters create
命令:gcloud container clusters create test --region us-central1
该命令需要几分钟才能运行完毕。输出类似于以下内容:
Creating cluster test in us-central1... Cluster is being health-checked (master is healthy)...done. Created https://container.googleapis.com/v1/projects/agmsb-gke-lab/zones/us-central1/clusters/test. To inspect the contents of your cluster, go to: https://console.cloud.google.com/kubernetes/workload_/gcloud/us-central1/test?project=agmsb-gke-lab kubeconfig entry generated for test. NAME: test LOCATION: us-central1 MASTER_VERSION: 1.27.3-gke.100 MASTER_IP: 34.72.99.149 MACHINE_TYPE: e2-medium NODE_VERSION: 1.27.3-gke.100 NUM_NODES: 9 STATUS: RUNNING
克隆代码库并使用
kubectl
部署一组微服务 构成电子商务 Web 应用的组件添加到 GKE 集群:git clone https://github.com/GoogleCloudPlatform/microservices-demo && cd microservices-demo kubectl apply -f ./release/kubernetes-manifests.yaml
几分钟后,请获取外部 IP 地址以访问您的 Web 应用 在浏览器中打开:
kubectl get service frontend-external | awk '{print $4}'
了解 GKE 中工作负载的日志
在以下示例中,假设您是一位 DevOps 工程师, (即继承在 GKE 中运行的现有微服务集) 集群。为了解环境,您决定要检查日志 各种微服务的数据
在您的首选语言中 Gemini Code Assist 集成式 IDE, 即可与 Gemini 对话,以获取帮助。在 Gemini 窗格中, 您需要输入提示,也就是描述问题或 Gemini 会返回回答。
了解 Gemini for Google Cloud 如何以及何时使用您的数据。
您知道微服务已部署到 default
命名空间。
如需提示 Gemini 帮助您检查日志,请按以下步骤操作:
在 IDE 的活动栏中,点击 chat_spark Gemini Code Assist 打开 Gemini Code Assist 窗格。
在 Gemini Code Assist 窗格中,输入以下提示:
How can I write a Cloud Logging query to search for logs from Pods in a namespace called "default" in a Google Kubernetes Engine cluster named "test"?
Gemini 给出的回答可能类似于以下内容:
To write a Cloud Logging query to search for logs from Pods in a namespace called "default" in GKE cluster called "test", you can use the following query: resource.type="k8s_container" resource.labels.namespace_name="default" resource.labels.cluster_name="test" This query will search for all logs from Pods in the "default" namespace in the "test" GKE cluster. You can also use the Cloud Logging console to search for logs from Pods in a specific namespace and cluster. To do this, follow these steps: 1. Go to the Cloud Logging console. 2. In the Query builder pane, click Resource. 3. In the Resource type list, select Kubernetes Container. 4. In the Namespace name field, enter default. 5. In the Cluster name field, enter test. 6. Click Add. 7. In the Query results pane, you will see a list of logs from Pods in the "default" namespace in the "test" GKE cluster.
要检查这些日志,请点击查询返回的每个日志。在 单个日志,如果您点击 Explain this query,则响应类似 更改为以下代码:
Sure. Here are the bullet points that explain the log entry: • The log entry is about a GET request to the /_healthz path. • The request was successful and returned a 200 status code. • The request took 0 milliseconds to complete. • The request was made by the x-liveness-probe session. • The request was made from the frontend-755cdc7957-pv8x5 pod in the default namespace.
为容器映像创建私有构建环境
现在,您已经通过观察 您决定设置基础架构并为您的团队构建未来的容器, 以及一组私有工作器上的映像。在本部分中,您需要 Gemini 可帮助您了解如何运行 build 以便您可以将构建迁移到 Google Cloud 项目。
在 IDE 的活动栏中,点击 chat_spark Gemini Code Assist 打开 Gemini Code Assist 窗格。
在 Gemini Code Assist 窗格中,输入以下提示:
How can I build a private build environment that is not connected to the internet in Google Cloud? I want to be able to use Docker to build my container images in this environment.
Gemini 给出的回答可能类似于以下内容:
To build a private build environment that is not connected to the internet in Google Cloud, you can use a Cloud Build private pool. A private pool is a group of build workers that are not connected to the public internet. You can create a private pool in a Virtual Private Cloud (VPC) network, which provides an additional layer of security for your build environment. To create a private pool, you will need to: 1. Create a VPC network. 2. Create a private pool in the VPC network. 3. Configure your build config file to use the private pool. Once you have created a private pool, you can use it to build your container images using Docker. To do this, you will need to: 1. Create a Dockerfile. 2. Create a build config file. 3. Run the `gcloud builds submit` command. The `gcloud builds submit` command will build your container image using the private pool. Find more information for your question here: • https://cloud.google.com/build/docs/private-pools/create-manage-private-pools
Cloud Build 专用池听起来像是可行的前进之路, Gemini 可帮助您创建首个专用池。 输入以下提示:
Can you give me a gcloud command to create my first Cloud Build private worker pool?
Gemini 会返回类似于以下内容的响应:
Here's how you can create your first private worker pool using the gcloud command: 1. Define your pool configuration: First, you need to define the configuration of your private pool. This includes details like the pool name, region, machine type, disk size, and network settings. You can do this by creating a JSON file named workerpool.json with the following structure: { "name": "my-first-privatepool", "location": "us-central1", "machineType": "e2-standard-2", "diskSizeGb": 800, "network": "projects/your-project-id/global/networks/default", "assignExternalIP": true } 2. Create the pool using gcloud: Once you have the configuration file ready, you can use the following gcloud command to create the private worker pool: gcloud builds worker-pools create \ --project=gsm-project-382212 \ --location=us-central1 \ --worker-pool-id=my-first-privatepool \ --file=workerpool.json Explanation of the command: - gcloud builds worker-pools create : This is the command to create a new worker pool. - --project=gsm-project-382212 : This specifies the project ID where you want to create the pool. - --location=us-central1 : This specifies the region where you want to create the pool. - --worker-pool-id=my-first-privatepool : This specifies the ID for your private pool. - --file=workerpool.json : This specifies the path to your configuration file. 3. Verify the pool creation: After running the command, you can verify that the pool has been created by running the following command: gcloud builds worker-pools list Additional notes: - You can customize the configuration file to meet your specific needs. For example, you can change the machine type, disk size, or network settings. - You can also create private worker pools using the Cloud Build API or th Cloud Console. I hope this helps! Let me know if you have any other questions.
在前面的响应中,您似乎需要将 来替换该变量 PRIVATEPOOL_CONFIG_FILE,你需要向 Gemini 下达以下指令: 可帮助您创建配置文件。输入以下提示:
Can you show me an example of a Cloud Build private pool config file?
Gemini 给出的回答可能类似于以下内容:
Sure. Here is an example of a Cloud Build private pool config file: privatePoolV1Config: networkConfig: egressOption: NO_PUBLIC_EGRESS<br> peeredNetwork: 'projects/my-project/global/networks/my-network' peeredNetworkIpRange: '10.1.2.0/24' workerConfig: diskSizeGb: '100' machineType: 'e2-standard-4' This config file creates a private pool with the following properties: • The pool is not connected to the public internet. • The pool is connected to the `my-network` VPC network. • The pool's workers have a `100GB` boot disk and a `e2-standard-4` machine type. For more information, see the Cloud Build documentation.
您开始编写自己的配置文件,构建工作器 用户无法访问公共互联网。前往 Google Cloud 控制台 和 启动 Cloud Shell Editor。
在 Cloud Shell 中,运行以下命令,设置 将
egressOption
转换为NO_PUBLIC_EGRESS
:cat << EOF >> cloudbuild-privatepool-config.yaml privatePoolV1Config: networkConfig: egressOption: NO_PUBLIC_EGRESS EOF
您不确定配置中的其他选项 这时你可以提示 Gemini 帮忙:
Is there a default value for any of these options?
Gemini 给出的回答可能类似于以下内容:
Yes, there are default values for some of the options in the private pool config file. For example, the default value for egressOption is ALLOW_PUBLIC_EGRESS, which means that the private pool will have access to the public internet. The default value for diskSizeGb is 100, and the default value for machineType is e2-medium. For a full list of the default values, see the Cloud Build documentation.
您可以看到,Gemini 提供了一些默认值, 配置文件已设置,阅读相关文档后, 您的配置文件是否完好无损。在 Cloud Shell 中,将 Gemini 之前提供的
gcloud
命令, 您新创建的配置文件:gcloud builds worker-pools create max-pool-test \ --config-from-file cloudbuild-privatepool-config.yaml \ --region us-central1
创建工作器后,您就会意识到 将无权访问公共软件包管理器,例如
pip
。您希望 请确认您已了解如何托管专用软件包。输入以下内容 提示:If I create a private pool with NO_PUBLIC_EGRESS enabled, can I use Artifact Registry to host my packages privately and access them from a private pool?
Gemini 给出的回答可能类似于以下内容:
Yes, you can use Artifact Registry to host your packages privately and access them from a private pool. To do this, you will need to create a private pool with NO_PUBLIC_EGRESS enabled and then configure your Artifact Registry repository to use the private pool. For more information, see the Cloud Build documentation.
您决定继续创建 Artifact Registry 存储库在 Gemini 窗格中,输入以下提示:
How can I use gcloud to create a private Docker repository for container images in Artifact Registry?
Gemini 会返回类似于以下内容的响应:
To create a private Docker repository for container images in Artifact Registry, you can use the following command: gcloud artifacts repositories create REPOSITORY_NAME \\\ --repository-format=docker \\\ --location=LOCATION \\\ --description="DESCRIPTION" \\\ --kms-key=KMS_KEY Where: • REPOSITORY_NAME is the name of your repository. • LOCATION is the location of your repository. • DESCRIPTION is a description of your repository. • KMS_KEY is the name of your Cloud Key Management Service key that you want to use to encrypt your repository data. For more information, see the gcloud artifacts repositories create documentation.
看到 KMS_KEY 变量,您意识到自己并未创建 Cloud KMS 密钥。输入以下提示:
Do I need a KMS_KEY?
Gemini 给出的回答可能类似于以下内容:
No, you don't need a KMS_KEY to create a private Docker repository for container images in Artifact Registry. However, if you want to encrypt your container images, you can use a Cloud Key Management Service key. For more information, see the Artifact Registry CMEK documentation.
待您回答了问题后,在 Cloud Shell 中运行
gcloud
命令:gcloud artifacts repositories create max-docker-repo-test \ --repository-format=docker \ --location=us-central1 \ --description="test container repository"
在 Gemini 的协助下,您已成功创建私享 一组工作器和私有代码库,用于构建和托管您的工件。
清理
为避免系统因资源向您的 Google Cloud 账号收取费用 您可以删除之前使用的 Google Cloud 项目, 为本教程创建的映像或者,您也可以删除各个资源。
- In the Google Cloud console, go to the Manage resources page.
- In the project list, select the project that you want to delete, and then click Delete.
- In the dialog, type the project ID, and then click Shut down to delete the project.
后续步骤
- 已读 Google Cloud 专用 Gemini 概览。
- 了解 Gemini 配额和限制。
- 了解 Gemini 的发布位置。