Docker image to work with GKE in GCP

Lately I work primarily with Google Public Cloud (GCP) and in particular with Kubernetes services (GKE). As result my daily routine command line tools are gcloud, kubectl, nomos and other. And when the GCP cloud shell is really amazing environment which doesn’t require any effort to fire up, sometimes it is not possible to use. When it comes to work from your own laptop you have different options. You can install the tools like Google Cloud SDK following several simple steps from the Google website or you can prepare a docker image and run it in a container. I personally prefer the second way. In such case I can periodically update entire environment without too much effort and easily can span a new environment on any laptop fairly quickly. Here I am sharing what I personally use for my day-to-day activity.

The installation is simple, you run the git to clone the repo, build the image, setup your credentials and you are good to go. Let’s go through the steps. You should of course have the git and the docker already installed.

Clone the repository:

gleb_otochkin@tools-box-01:~$ git clone https://github.com/gotochkin/gcpkubetool.git
Cloning into 'gcpkubetool'...
remote: Enumerating objects: 36, done.
remote: Counting objects: 100% (36/36), done.
remote: Compressing objects: 100% (27/27), done.
remote: Total 36 (delta 19), reused 22 (delta 8), pack-reused 0
Unpacking objects: 100% (36/36), done.
gleb_otochkin@tools-box-01:~$

Build the image:

gleb_otochkin@tools-box-01:~/gcpkubetool$ docker build --force-rm --tag gcloud:latest .
Sending build context to Docker daemon  161.8kB
Step 1/4 : FROM gcr.io/google.com/cloudsdktool/cloud-sdk:latest
latest: Pulling from google.com/cloudsdktool/cloud-sdk
c4cc477c22ba: Pull complete 
109862763030: Pull complete 
d0961afe0f2c: Pull complete 
6c00d9ccc731: Pull complete 
...
redacted
...
uccessfully built dab3fa2d9a8d
Successfully tagged gcloud:latest
gleb_otochkin@tools-box-01:~/gcpkubetool$

Get the Google Cloud credentials:

leb_otochkin@tools-box-01:~/gcpkubetool$ docker run -ti --name gcloud-config gcr.io/google.com/cloudsdktool/cloud-sdk:latest gcloud auth login
 
You are running on a Google Compute Engine virtual machine.
It is recommended that you use service accounts for authentication.
 
You can run:
 
  $ gcloud config set account `ACCOUNT`
 
to switch accounts if necessary.
 
Your credentials may be visible to others with access to this
virtual machine. Are you sure you want to authenticate with
your personal account?
 
Do you want to continue (Y/n)?  Y
...
redacted
...
Your current project is [sandbox].  You can change this setting by running:
  $ gcloud config set project PROJECT_ID
gleb_otochkin@tools-box-01:~/gcpkubetool$

It creates a container with a shared volume which keeps your credentials for Google Cloud. So, it will keep it separately even when you modify or update your container with the tools.

And now we can start our container and work with the cloud. The first step if you work with GKE is to get credentials for you Kubernetes cluster.

gleb_otochkin@tools-box-01:~/gcpkubetool$ docker run -ti --rm --volumes-from gcloud-config gcloud:latest /bin/bash
root@a2e04f8d930d:/# gcloud container clusters get-credentials us-sandbox-cluster --region us-central1 --project sandbox
Fetching cluster endpoint and auth data.
kubeconfig entry generated for us-sandbox-cluster.

Now you have all credentials saved and don’t need to retrieve it when you fire your container again. You probably have noticed I am using “–rm” option when I start the container. It is going to be destroyed when I disconnect.

gleb_otochkin@tools-box-01:~/gcpkubetool$ docker run -ti --rm --volumes-from gcloud-config gcloud:latest /bin/bash
root@f05f4d6c485f:/# k get ns
NAME                              STATUS   AGE
anthos-gcp                        Active   52d
cnrm-system                       Active   52d
config-management-monitoring      Active   52d
config-management-system          Active   52d
configconnector-operator-system   Active   52d
default                           Active   52d
gke-mcs                           Active   33d
kms-management                    Active   52d
kube-node-lease                   Active   52d
kube-public                       Active   52d
kube-system                       Active   52d
resource-group-system             Active   52d
root@f05f4d6c485f:/#

The image includes the GCP SDK with gcloud, gsutil and other tools to work with GCP resources. Apart from that it has some tools I use more or less frequently. Let me list those.

  • Vim and telnet client don’t need introduction and I use them all the time.
  • Google Cloud SDK installed following the instruction from the Google website
  • kubectl with “k” alias and command completion.
  • kubectx – if you are tired to type namespace overtime when you run kubectl.
  • Great tool k9s from https://k9scli.io/ which provides tons of options and help with troubleshooting and digging deep to to the problems.
  • mssql-cli from by https://www.dbcli.com/ to support “gcloud sql connect” and to test connections and work with SQL Server in Cloud SQL service.
  • The nomos tool is not installed by default since it requires to be authorized by Google. You can easily install it running “gsutil cp gs://config-management-release/released/latest/linux_amd64/nomos /usr/bin/nomos; chmod +x /usr/bin/nomos” in your container.

I hope it could be useful for some people and if you think you can improve the image and share some other useful tools please let me know.

Leave a Reply

Your email address will not be published. Required fields are marked *