Skip to content
This repository has been archived by the owner on Dec 20, 2024. It is now read-only.

docs(user): add user documentation to use the bastion daily #23

Open
wants to merge 1 commit into
base: main
Choose a base branch
from
Open

docs(user): add user documentation to use the bastion daily #23

Show file tree
Hide file tree
Changes from all commits
Commits
Show all changes
1 commit
Select commit
File filter

Filter by extension

Filter by extension
Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
3 changes: 3 additions & 0 deletions README.md
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -21,6 +21,9 @@ module "bastion" {
members = ["user:[email protected]", "group:[email protected]"]
}
```
### User documentation

[Documentation example about the usage of the bastion](./docs/user_documentation.md) which contains: connection to the bastion, connection to a psql database and connection to a memorystore (redis).

## Examples

Expand Down
54 changes: 54 additions & 0 deletions docs/user_documentation.md
View file
Open in desktop
Original file line number Diff line number Diff line change
@@ -0,0 +1,54 @@
# Bastion user documentation example

## Commands to use

### Connect to the bastion

The bastion is the entrypoint to the services deployed on GCP.
```bash
gcloud auth login
gcloud compute ssh <BASTION_NAME> --project=<PROJECT_NAME> --zone=<REGION>
```

### Connect to the CloudSQL instance

In a first terminal, run the following commands to create a SSH tunnel that forwards traffic from port `5432` of your local machine to port `5432` on the internal IP of your database (in our example `10.1.2.3`) within the VPC network, using Identity-Aware Proxy (IAP).
Note that the IP may be different for each database.
You will find it on the SQL Intances page in the GCP Console.

```bash
gcloud auth login
gcloud compute ssh non-production-bastion --zone=<REGION> --tunnel-through-iap --ssh-flag "-L 5432:10.1.2.3:5432 -N" --project=<PROJECT_NAME>
```

Once the tunnel is set up, open a second terminal.
Run the following command to get the password of the PostgreSQL database :

```bash
gcloud secrets versions access latest --secret=<SECRET_NAME> --project="<PROJECT-ID>"
```

You will get the password in clear in your terminal. The password ends before the last: `%`.
Then, run the following command to connect to the database.
When prompted to give a password, use the output of the previous command.

```bash
psql -h 127.0.0.1 -p 5432 -U user
```

### Connect to the MemoryStore instance

In a first terminal, run the following commands to create a SSH tunnel that forwards traffic from port `6378` of your local machine to port `6378` on the internal IP of your redis instance (in our example `10.4.5.6`) within the VPC network, using Identity-Aware Proxy (IAP).
Note that the IP will be different for each redis instance.
You will find it on the Memorystore Intances page in the GCP Console.

```bash
gcloud auth login
gcloud compute ssh non-production-bastion --zone=<REGION> --tunnel-through-iap --ssh-flag "-L 6378:10.4.5.6:6378 -N" --project=<PROJECT_NAME>
```

Open a second terminal and run the following command :

```bash
redis-cli -h 127.0.0.1 -p 6378 -U user
```