Container-Optimized OS: Qwik Start

Container-Optimized OS is an operating system image for your Compute Engine VMs that is optimized for running Docker containers, and is Google's recommended OS for running containers on Google Cloud. In this lab you will create a Container-Optimized instance using the Cloud Console and the CLI.

Since it comes with all container-related dependencies preinstalled, Container-Optimized OS allows your cluster to quickly scale up or down in response to traffic or workload changes, optimizing your spend and improving your reliability.

Container-Optimized OS powers many Google Cloud services such as Kubernetes Engine and Cloud SQL, making it Google's go-to solution for container workloads.



Container-Optimized OS benefits

Run Containers Out of the Box: Container-Optimized OS instances come pre-installed with the Docker runtime and cloud-init. With a Container-Optimized OS instance, you can bring up your Docker container at the same time you create your VM, with no on-host setup required.

Smaller attack surface: Container-Optimized OS has a smaller footprint, reducing your instance's potential attack surface.

Locked-down by default: Container-Optimized OS instances include a locked-down firewall and other security settings by default.

Automatic Updates: Container-Optimized OS instances are configured to automatically download weekly updates in the background; only a reboot is necessary to use the latest updates.

Use cases for Container-Optimized OS

Container-Optimized OS can be used to run most Docker containers. You should consider using Container-Optimized OS as the operating system for your Compute Engine instance if you have the following needs:

You need support for Docker containers or Kubernetes with minimal setup.

You need an operating system that has a small footprint and is security hardened for containers.

You need an operating system that is tested and verified for running Kubernetes on your Compute Engine instances.
Task 1. Create an instance using the console (this is without "nginx" image)
To run a Compute Engine instance with the Container-Optimized OS and a Docker container of your choice.

Container-Optimized OS features
Compute Engine provides several public VM images that you can use to create instances and run your container workloads. Some of these public VM images have a minimalistic container-optimized operating system that includes newer versions of Docker, rkt, or Kubernetes preinstalled. The following public image families are designed specifically to run containers:

Container-Optimized OS from Google
Includes: Docker, Kubernetes
Image project: cos-cloud
Image family: cos-stable
CoreOS
Includes: Docker, rkt, Kubernetes
Image project: coreos-cloud
Image family: coreos-stable
Ubuntu
Includes: LXD
Image project: ubuntu-os-cloud
Image family: ubuntu-1604-lts
Windows
Includes: Docker
Image project: windows-cloud
Image family: windows-1709-core-for-containers
In a production environment, if you need to run specific container tools and technologies on images that do not include them by default, install those technologies manually.







GCLOUD CLI:

gcloud compute instances create containerized-vm --project=qwiklabs-gcp-00-e5d2c85a4053 --zone=us-central1-a --machine-type=n1-standard-1 --network-interface=network-tier=PREMIUM,stack-type=IPV4_ONLY,subnet=default --metadata=enable-oslogin=true --maintenance-policy=MIGRATE --provisioning-model=STANDARD --service-account=1052499391487-compute@developer.gserviceaccount.com --scopes=https://www.googleapis.com/auth/devstorage.read_only,https://www.googleapis.com/auth/logging.write,https://www.googleapis.com/auth/monitoring.write,https://www.googleapis.com/auth/servicecontrol,https://www.googleapis.com/auth/service.management.readonly,https://www.googleapis.com/auth/trace.append --tags=http-server --create-disk=auto-delete=yes,boot=yes,device-name=containerized-vm,image=projects/cos-cloud/global/images/cos-101-17162-279-1,mode=rw,size=10,type=projects/qwiklabs-gcp-00-e5d2c85a4053/zones/us-central1-a/diskTypes/pd-balanced --no-shielded-secure-boot --shielded-vtpm --shielded-integrity-monitoring --labels=goog-ec-src=vm_add-gcloud --reservation-affinity=any




TERRAFORM CODE:

# This code is compatible with Terraform 4.25.0 and versions that are backwards compatible to 4.25.0.
# For information about validating this Terraform code, see https://developer.hashicorp.com/terraform/tutorials/gcp-get-started/google-cloud-platform-build#format-and-validate-the-configuration

resource "google_compute_instance" "containerized-vm" {
  boot_disk {
    auto_delete = true
    device_name = "containerized-vm"

    initialize_params {
      image = "projects/cos-cloud/global/images/cos-101-17162-279-1"
      size  = 10
      type  = "pd-balanced"
    }

    mode = "READ_WRITE"
  }

  can_ip_forward      = false
  deletion_protection = false
  enable_display      = false

  labels = {
    goog-ec-src = "vm_add-tf"
  }

  machine_type = "n1-standard-1"

  metadata = {
    enable-oslogin = "true"
  }

  name = "containerized-vm"

  network_interface {
    access_config {
      network_tier = "PREMIUM"
    }

    subnetwork = "projects/qwiklabs-gcp-00-e5d2c85a4053/regions/us-central1/subnetworks/default"
  }

  scheduling {
    automatic_restart   = true
    on_host_maintenance = "MIGRATE"
    preemptible         = false
    provisioning_model  = "STANDARD"
  }

  service_account {
    email  = "1052499391487-compute@developer.gserviceaccount.com"
    scopes = ["https://www.googleapis.com/auth/devstorage.read_only", "https://www.googleapis.com/auth/logging.write", "https://www.googleapis.com/auth/monitoring.write", "https://www.googleapis.com/auth/service.management.readonly", "https://www.googleapis.com/auth/servicecontrol", "https://www.googleapis.com/auth/trace.append"]
  }

  shielded_instance_config {
    enable_integrity_monitoring = true
    enable_secure_boot          = false
    enable_vtpm                 = true
  }

  tags = ["http-server"]
  zone = "us-central1-a"
}

labs-gcp-00-e5d2c85a4053)$ 
student_04_1583bf2c38bf@cloudshell:~ (qwiklabs-gcp-00-e5d2c85a4053)$ 
student_04_1583bf2c38bf@cloudshell:~ (qwiklabs-gcp-00-e5d2c85a4053)$ gcloud compute images list --project cos-cloud --no-standard-images

NAME: cos-101-17162-279-1
PROJECT: cos-cloud
FAMILY: cos-101-lts
DEPRECATED: 
STATUS: READY

NAME: cos-105-17412-156-5
PROJECT: cos-cloud
FAMILY: cos-105-lts
DEPRECATED: 
STATUS: READY

NAME: cos-93-16623-402-50
PROJECT: cos-cloud
FAMILY: cos-93-lts
DEPRECATED: 
STATUS: READY

NAME: cos-97-16919-353-4
PROJECT: cos-cloud
FAMILY: cos-97-lts
DEPRECATED: 
STATUS: READY

NAME: cos-arm64-101-17162-279-1
PROJECT: cos-cloud
FAMILY: cos-arm64-101-lts
DEPRECATED: 
STATUS: READY

NAME: cos-arm64-105-17412-156-5
PROJECT: cos-cloud
FAMILY: cos-arm64-105-lts
DEPRECATED: 
STATUS: READY

NAME: cos-arm64-beta-105-17412-156-5
PROJECT: cos-cloud
FAMILY: cos-arm64-beta
DEPRECATED: 
STATUS: READY

NAME: cos-arm64-dev-109-17788-0-0
PROJECT: cos-cloud
FAMILY: cos-arm64-dev
DEPRECATED: 
STATUS: READY

NAME: cos-arm64-stable-105-17412-156-5
PROJECT: cos-cloud
FAMILY: cos-arm64-stable
DEPRECATED: 
STATUS: READY

NAME: cos-beta-105-17412-156-5
PROJECT: cos-cloud
FAMILY: cos-beta
DEPRECATED: 
STATUS: READY

NAME: cos-dev-109-17788-0-0
PROJECT: cos-cloud
FAMILY: cos-dev
DEPRECATED: 
STATUS: READY

NAME: cos-stable-105-17412-156-5
PROJECT: cos-cloud
FAMILY: cos-stable
DEPRECATED: 
STATUS: READY
student_04_1583bf2c38bf@cloudshell:~ (qwiklabs-gcp-00-e5d2c85a4053)$ 
student_04_1583bf2c38bf@cloudshell:~ (qwiklabs-gcp-00-e5d2c85a4053)$ gcloud compute images list --project cos-cloud --no-standard-images | grep cos-stable
NAME: cos-stable-105-17412-156-5
FAMILY: cos-stable
student_04_1583bf2c38bf@cloudshell:~ (qwiklabs-gcp-00-e5d2c85a4053)$ 
student_04_1583bf2c38bf@cloudshell:~ (qwiklabs-gcp-00-e5d2c85a4053)$  gcloud beta compute instances create-with-container containerized-vm2 \
     --image cos-stable-72-11316-136-0 \
     --image-project cos-cloud \
     --container-image nginx \
     --container-restart-policy always \
     --zone us-central1-a \
     --machine-type n1-standard-1
Created [https://www.googleapis.com/compute/beta/projects/qwiklabs-gcp-00-e5d2c85a4053/zones/us-central1-a/instances/containerized-vm2].
WARNING: Some requests generated warnings:
 - The resource 'projects/cos-cloud/global/images/cos-stable-72-11316-136-0' is deprecated. A suggested replacement is 'projects/cos-cloud/global/images/cos-stable-72-11316-171-0'.

NAME: containerized-vm2
ZONE: us-central1-a
student_04_1583bf2c38bf@cloudshell:~ (qwiklabs-gcp-00-e5d2c85a4053)$ 
student_04_1583bf2c38bf@cloudshell:~ (qwiklabs-gcp-00-e5d2c85a4053)$


student_04_1583bf2c38bf@cloudshell:~ (qwiklabs-gcp-00-e5d2c85a4053)$ history
    1  gcloud compute images list --project cos-cloud --no-standard-images
    2  gcloud compute images list --project cos-cloud --no-standard-images | grep cos-stable
    3  gcloud compute firewall-rules create allow-containerized-internal  --allow tcp:80   --source-ranges 0.0.0.0/0   --network default
    4  history
student_04_1583bf2c38bf@cloudshell:~ (qwiklabs-gcp-00-e5d2c85a4053)$ 

Labels: ,

No comments:

Post a Comment

Subscribe to: Post Comments (Atom)

AppEngine - Python

tudent_04_347b5286260a@cloudshell:~/python-docs-samples/appengine/standard_python3/hello_world (qwiklabs-gcp-00-88834e0beca1)$ sudo apt upda...

  • CC
  • Configuring IAM Permissions with gcloud
    What is IAM? Google Cloud offers Cloud Identity and Access Management (IAM), which lets you manage access control by defining who (identity)...
  • Kafka on Kubernetes
      Deploying Kafka on Kubernetes(GKE) using Strimzi Operator: Kafka: Apache Kafka is an event streaming platform.  Kafka combines three key c...