Setting Up Google Cloud SDK and Cloud DNS with Docker
December 18th, 2024 12:57 PM Mr. Q Categories: DNS, Docker
Setting up a Google Cloud SDK (GCloud) environment within a Docker container is a streamlined way to manage cloud resources and DNS configurations. This guide will walk you through creating a Docker-based setup for GCloud SDK, configuring Cloud DNS, and verifying your setup.
Step 1: Set Up the Docker Environment
1. Create a Docker Compose File
Define your GCloud container using a docker-compose.yml file:
version: '3.8'
services:
gcloud:
image: google/cloud-sdk:latest
container_name: google-cloud-sdk
stdin_open: true
tty: true
volumes:
- /opt/gcloud-data:/gcloud-data
entrypoint: gcloud
command: ["init"]
network_mode: "host"
2. Create a Data Directory
Set up a directory to store your credentials and other GCloud data:
mkdir -p /opt/gcloud-data
3. Secure Your Credentials File
How to download credentials.json from google cloud
Copy your credentials.json file into ./data and set the appropriate permissions:
chmod 400 credentials.json
chown 1026:users credentials.json
Step 2: Start the GCloud Docker Container
Run the following command to start the container and initialize the SDK:
docker-compose up
Inside the container, authenticate with your credentials:
export GOOGLE_APPLICATION_CREDENTIALS="/gcloud-data/credentials.json"
gcloud auth activate-service-account --key-file=${GOOGLE_APPLICATION_CREDENTIALS}
gcloud projects list
Note: If there’s an issue with permissions or the credentials, gcloud will provide an error message.
You need to ensure that your service account has the correct roles/permissions to access the resources you’re trying to list or interact with.
Step 3: Verify Network and DNS Configuration
Ensure DNS resolution is working:
cat /etc/resolv.conf
If DNS entries are missing, add Google’s public DNS servers:
echo "nameserver 8.8.8.8" >> /etc/resolv.conf
echo "nameserver 8.8.4.4" >> /etc/resolv.conf
Steps 4 & 5 can be completed on Google Cloud GUI.
Step 4: Create a Cloud DNS Zone
- Log In to GCloud
Configure the GCloud project:gcloud auth login gcloud config set project [YOUR_PROJECT_ID] - Create a DNS Zone
Use the following command to create a DNS zone:gcloud dns managed-zones create [ZONE_NAME] \ --dns-name="[DOMAIN_NAME]" \ --description="My DNS Zone"
Step 5: Add DNS Records
- Standard DNS Records:
Add records like MX, TXT, A, and CNAME:gcloud dns record-sets transaction start --zone=[ZONE_NAME] gcloud dns record-sets transaction add --zone=[ZONE_NAME] \ --name=[DOMAIN_NAME]. \ --type=A \ --ttl=300 \ --rrdatas=192.168.1.1 gcloud dns record-sets transaction execute --zone=[ZONE_NAME] - CAA Records:
Add CAA records for domain validation:gcloud dns record-sets transaction add --zone=[ZONE_NAME] \ --name=[DOMAIN_NAME]. \ --type=CAA \ --ttl=300 \ --rrdatas="0 issue 'letsencrypt.org'" gcloud dns record-sets transaction execute --zone=[ZONE_NAME]
Step 6: Update Domain Nameservers
Change your domain’s nameservers with your registrar to the following:
ns-cloud-?1.googledomains.comns-cloud-?2.googledomains.comns-cloud-?3.googledomains.comns-cloud-?4.googledomains.com
Verify the changes using:
nslookup -type=ns [DOMAIN_NAME]
Step 7: Automate DNS Updates
Create a script to automate DNS record updates:
#!/bin/bash
# Created by Quesenbery, D
# ToolbaxAid.com
# Date 12/17/2024
#
# Set the path to the Google Cloud credentials /gcloud-data/credentials.json
export GOOGLE_APPLICATION_CREDENTIALS="/gcloud-data/credentials.json"
# File to store the last known IP address
IP_FILE="/tmp/last_external_ip.txt"
# Function to get the current external IP address
get_external_ip() {
curl -s https://ifconfig.me
}
# Set your project ID
PROJECT_ID="set project ID here"
# Function to log messages with timestamp
log_message() {
echo "$(date "+%Y-%m-%d %H:%M:%S") - $1"
}
# Set the project if not already set
CURRENT_PROJECT=$(gcloud config get-value project 2>/dev/null)
if [[ "$CURRENT_PROJECT" != "$PROJECT_ID" ]]; then
log_message "Setting the project to $PROJECT_ID..."
gcloud config set project "$PROJECT_ID"
fi
# Function to validate and update DNS records
update_dns_records() {
local current_ip="$1"
local zones
# Fetch the list of managed zones
zones=$(gcloud dns managed-zones list --format="value(name)")
for zone in $zones; do
log_message "Processing zone: $zone"
# Fetch the domain name for the current zone
domain=$(gcloud dns managed-zones describe "$zone" --format="value(dnsName)" | sed 's/\.$//')
# Get the current A record value
current_rrdata=$(gcloud dns record-sets list --zone="$zone" --name="$domain" --type=A --format="value(rrdatas[0])")
if [[ "$current_rrdata" == "$current_ip" ]]; then
log_message "No update needed for $domain (Zone: $zone). Current A record matches the external IP."
else
log_message "Updating A record for $domain (Zone: $zone) to $current_ip..."
gcloud dns record-sets update "$domain" \
--zone="$zone" \
--type=A \
--ttl=300 \
--rrdatas="$current_ip"
fi
done
}
# Main logic
current_ip=$(get_external_ip)
if [[ -z "$current_ip" ]]; then
log_message "Error: Unable to fetch external IP address."
exit 1
fi
log_message "Current external IP: $current_ip"
# Check if the last IP file exists
if [[ -f "$IP_FILE" ]]; then
last_ip=$(cat "$IP_FILE")
else
last_ip=""
fi
# Compare the current IP with the last known IP
if [[ "$current_ip" == "$last_ip" ]]; then
log_message "No IP change detected. Exiting."
else
log_message "IP address has changed. Updating DNS records..."
update_dns_records "$current_ip"
echo "$current_ip" > "$IP_FILE"
fi
Troubleshooting Tips
- Permission Errors: Ensure your service account has the required roles (e.g.,
DNS Administrator). - Billing Issues: Enable billing for your project to avoid API restrictions.
- DNS Propagation: Allow up to 48 hours for nameserver changes to propagate globally.
Conclusion
With this setup, you can effectively manage your GCloud environment using Docker and configure Cloud DNS with ease. For advanced configurations, explore integrations with tools like Traefik to streamline your workflows further.
Keep your credentials secure, and happy cloud computing!