[ad_1]
Google Cloud Subsequent – Digital Occasion Occurs Oct. 12 – 14th, 2021
Workload Safety
Stage-up your abilities and uncover what’s subsequent for cloud by registering for the digital Google Cloud Subsequent convention beginning Oct. 12, 2021.
By: Chuck Losh
September 23, 2021
Learn time: ( phrases)
The subsequent factor I did was allow the APIs with Google Cloud Deployment Supervisor in my private GCP mission, so I might work together with the Google Cloud Deployment Supervisor programmatically.
After doing this and authenticating to my GCP account, I ought to have the ability to work together with Google Cloud Deployment Supervisor, as proven under.
Okay, cool! So, let’s go forward and spin up a digital machine (VM) that we are going to use as our supply picture for IaC. We’ll go forward and run our Development Micro deployment script to bake the safety agent inside this check GCP supply picture. That is one solution to set up the Workload Safety agent. You possibly can additionally name the deployment script at VM launch time with the start-up script attribute. I’ll present each strategies for example.
So, after my supply machine has been provisioned, I’m going to go forward and ssh onto the occasion. Subsequent, I downloaded my handy-dandy deployment script from my Development Micro Cloud One™ console proven under. Look out under! Screenshots galore!
Within the ssh process, I went forward and copied the deployment script and made it executable to run on my supply picture machine. You possibly can see the agent being put in.
Let’s go forward and examine in on the Development Micro Cloud One console and see if this supply machine has checked in correctly.
Appears to be like prefer it has and is exhibiting as managed and on-line.
Let’s cease proper right here and detour a bit. Should you discover, we have now the GCP account/mission integration on the left-hand facet. It’s superior you can tie-in your GCP account and related tasks to see in case your workloads are protected. Integration at its most interesting! You can too add different related GCP accounts or different public cloud accounts for a single pane of glass for all of your cloud workloads. As Invoice and Ted say: wonderful!
Listed here are the docs from Development Micro to simply add your GCP accounts and subsequent tasks with a GCP connector utilizing a GCP service account.
Alrighty then! Subsequent, I created a repeatable picture of that VM utilizing the picture creation possibility with compute engine in my mission.
Now, I’ve a supply picture that I can use for repeatable deployments sooner or later that has my Development Micro Cloud One agent already pre-installed.
With these repeatable deployments, we’re going to use IaC using the pattern deployment templates from Google’s official GitHub.
Right here is my Visible Studio Code IDE exhibiting the part the place I add my newly referenced supply picture saved inside my GCP account to the deployment template. You can too make the most of the start-up script technique and pull within the deployment script from an obtainable Google Storage Bucket. We’re going to make the most of the pre-baked customized picture we made earlier.
Right here we’re operating our deployment script using the Google Cloud SDK on my system.
You can too monitor the deployment course of within the GCP console with the Google Cloud Deployment Supervisor.
Alrighty, that appears superior! Let’s examine our Development Micro Cloud One console and see if our GCP workload reveals up.
Yep, there it’s! Appears to be like prefer it automagically utilized a safety coverage. How did it do this? I do not bear in mind specifying that within the deployment script that I ran on the preliminary seize picture. Ohhh, okay, sure, I forgot to point out you event-based duties in Workload Safety.
So, within the Administrative part of the Workload Safety console, you’ll be able to simply create an event-based job to your GCP workloads. This manner, I make it possible for I’ve a coverage assigned for each machine I spin up in my GCP account with a “Linux Greatest Practices coverage”.
You possibly can all the time use Good Folders to simply get to the workloads that you just wish to examine primarily based off GCP tags, and so on. Right here is an instance the place I’m filtering by OS and GCP label.
Trying out my good folders as an alternative of going into and drilling down into the GCP tasks degree saves me a number of time.
Tags
sXpIBdPeKzI9PC2p0SWMpUSM2NSxWzPyXTMLlbXmYa0R20xk
[ad_2]