Contents x
    Adding a GCP Template
    • 13 Jan 2025
    • 7 Minutes to read
    • Contributors
    • Print
    • Dark
      Light
    Contents

    Adding a GCP Template

    • Updated on 13 Jan 2025
    • 7 Minutes to read
    • Contributors
    • Print
    • Dark
      Light
    Article summary

    Overview

    The CloudLabs Template is the base of the hands-on lab environment. You can do a variety of configurations under Templates, such as adding pre-requisites, enabling custom roles for users, and much more.

    Here we will gain a deeper understanding of how to utilize the CloudLabs Template.

    Add Template

    1. Navigate to the Templates section that is available in the left menu and click on the + ADD button given in the top right corner.

    2. This page is divided into three sections:

    A. The fields and their functionality are listed below:

    1. Name: Give a name to the Template to identify the lab easily.

    2. Cloud Platform: CloudLabs supports three cloud platforms: Microsoft Azure, Amazon Web Services, and Google Cloud Platform. Based on your lab requirements, you can pick Google Cloud Platform from the drop-down.

    3. Cloud Resource Usage: This feature helps the system calculate the cost of a Virtual Machine or the total cost of all the cloud resources. You can select any option from the drop-down menu, but we recommend selecting Cloud Resource Usage.

    4. Code: Use a code as an internal identifier; this code will also be concatenated in the name of the User's Resource Group. As an example, if you use the code demolab, you'll be able to tell that the template is about a demo lab. The user's Resource Group will be named ODL-demolab-xxxxxx, where demolab is a lab code, ODL is the default prefix, and xxxxx is the CloudLabs-assigned user unique ID.

    5. Description: Offer a concise overview detailing your lab's content, resources, technologies, educational takeaways, and advantages. This information will also be visible to end users.

    6. Lab Launch Page Description: The Lab Launch page is where you launch your lab environment. You can add a description to this page that you think is relevant for the users.

    B. Moving on to the next section, we will learn about the fields listed below:

    1. Custom Page Title: If you want to customize the title of the Hands-on Lab Registration page, you can provide a title in this field.

    2. Custom Logo URL: If you want to customize the logo of the Hands-on Lab Registration page, you can provide the URL of the logo in this field.

    Note: You can customize the default page title and logo using this field. This will be visible to end-users on the hands-on lab registration page, giving you control over the content they see.

    1. Owner Email: In this field, you have to provide the email address of the person who is responsible for building the Template.

    2. Reviewed By: This field serves the purpose of capturing reviewer information responsible for assessing the template configurations.

    3. Lab Guide URL: A lab guide is a document that gives users all of the directions they need to complete a hands-on lab. The lab guide URL can be entered here, and it will appear on the users' lab details page. The lab guide will be available to them once they have accessed the URL.

    4. Demo URL: A demo URL space provides you with an option to add links to demos, samples, and quickstarts.

    5. Help Document URL: If you want to provide users with a help manual that will assist them in completing the lab, you can place that document URL here.

    6. Prerequisites URL: If you wish to give people visibility into how the lab is set up or how the pre-requisites for the lab are defined, you may write a document and enter the URL here.

    Note: To allow the URLs to be entered here, all documents should be in GitHub or PDF format. The users will be able to access these documents by just clicking on the URLs.

    1. Usage Policy URL: The usage policy is used to monitor cores and clusters of GCP resources. In the policy, we have to define a maximum limit of cores/clusters that are allowed for a user.

    The usage policy revolves around these GCP resources - VM Instance Cores, Memory, CloudSQL, and Cloud Run.

    For example: You prepared a policy in which the allowed value for the EC2 instance is set to 4 vcpu cores. Now we have two users - User01 and User02, performing the same lab. User01 creates a VM that uses 2 cores, and User02 creates a VM that uses 8 cores.

    Here, for both users, we will have two different cases, as follows:

    • Case 1: User01 with 2 cores falls under the allowed value and will not violate the usage policy.

    • Case 2: User02 with 8 cores exceeds the allowed value, resulting in violating the usage policy.

    • Once the policy is violated, you will be alerted via email.

    • To receive the alert emails, a person or team can provide their email address while setting up the lab.

    To view a sample of the usage policy, go to this link: https://spektra-bucket.s3.us-west-2.amazonaws.com/GCP_Usage_Policy.json

    1. Approx. Deployment Duration: Your environment's pre-requisite resources will take some time to deploy. The expected deployment duration will be defined throughout this time period. The period you enter in this area will be displayed to users as a countdown to the start of the lab.

    2. Zones: Here you can choose one or more GCP availability zones where you want to have the GCP resource deployments. The selected zones will automatically be reflected in the lab setup.

    3. Excluding Output Parameters: In this option, we can specify any output parameters that need to be excluded from the ‘Environment Details’ tab.

    4. Control Panel Resources: Here we can mention the resources that will be visible in the Control Panel.

    C. In the last section, we will learn about the features that can be enabled:

    1. Disable Automatic Subscription Available: Enabling this option will prevent subscriptions from being automatically cleaned-up. Instead, instructors will need to trigger the clean-up manually and re-add accounts to the worker pool.

    2. Show Resources Tab: This option allows you to display VM operations in the attendee ‘Environment Resource’ page.

    3. Enable Lab Preview: Marking this checkbox will enable Lab Preview for users.

    4. Finally, click on the SUBMIT button to save all the configurations.

    5. Once you've submitted the template, you'll be directed to the main Template page, where the template you created will be listed as shown in the image below. Now you have to reopen the template to configure other available functionalities, so click on the Edit button.

    6. Here you will have access to the following functionalities in order to fully configure a CloudLabs Template:

    • Deployment Manager Template

    • IAM

    • Custom Handlers

    • Deployment Script Repository

    • Template Audit

    1. Now we'll have a look at each of the features to understand how they work.

    Deployment Manager Template

    As the name suggests, you will provide the Deployment Manager Template files here to provision your lab environment.

    • Deployment Manager template file: The Deployment Manager Template is a JavaScript Object Notation (JSON) file that outlines your project's infrastructure and settings. The resources required for deployment, as well as their properties, must be specified in the template.

      A Deployment Manager Template has three sections:

      •  Name - A user-defined string to identify this resource, such as my-vm, project-data-disk, or the-test-network.

      •  Type - The type of resource being deployed, such as compute.v1.instance, compute.v1.disk.

      Note: The base resource types are described and listed in the Supported Resource Types documentation.

      •  Properties - The parameters for this resource type. They must match the properties for the type, such as zone: asia-east1-a, boot: true.

    For your reference, here is a sample Deployment Manager Template:

    https://storage.googleapis.com/spektratemplates/deployment_manager_templates/Deployment_Manager_Template.json

    To learn more about the Deployment Manager Template, check Deployment Manager Fundamentals.

    Follow the steps below to get started:

    1. Click on the + ADD button.

    2. Fill up the below section:

    • GCP Template URL: Add the Deployment Manager Template file URL here.

    1. Click on the Submit button.

    IAM

    To provide access to various GCP services & IAM, you assign custom roles with custom permissions. IAM allows you to control access to GCP resources, along with what they can do with them and what areas they may access.

    Here are some examples of what you can do with template permissions:

    1. Allow a user to create and manage GCP resources like storage bucket, VM instances, GKE, etc. with limited or full access to these resources.

      Now we will learn how to assign permissions on the CloudLabs Template.

    2. Click on the + ADD button.

    3. Now fill up the following sections:

    • Role Type: Here we have two types of roles:

      • Basic Role: Basic roles are highly permissive roles that existed prior to the introduction of IAM. You can use basic roles to grant principals broad access to Google Cloud resources.

      • Custom Role: If we want to provide restricted access to GCP services to users, then we can select this option.

    1. All further configurations are based on the permission type you select. To make it easier for you to understand how each permission type works, we have divided them into two cases:

    Case 1: If you select the Basic Role, then you will have the following configurations available:

    • Profile Type: Here we have three types of profiles:

      • Attendee: Select this option if you want to assign permission to a user.

      • Group Member: Select this option if you want to assign permission to a team member who is a part of the Hackathon Team.

    • Role:

      • Owner: Provides users with all editor permissions, along with managing roles & permissions for a project and all resources within the project, and setting up billing for a project.

      • Editor: All viewer permissions, plus permissions for actions that modify state, such as changing existing resources. The permissions in the Editor role let you create and delete resources for most Google Cloud services. However, the Editor role doesn't contain permissions to perform all actions for all services.

      • Viewer: Permissions for read-only actions that don't affect state, such as viewing (but not modifying) existing resources or data.

    Case 2: If you select Custom Role, then you will have the following configurations available:

    • Profile Type: Here we have three types of profiles:

      • Attendee: Select this option if you want to assign permission to a user.

      • Group Member: Select this option if you want to assign permission to a team member who is a part of the Hackathon Team.

    • Custom Role ID: Provide the Role name in the format roles/role name. This can be found under IAM & Admin -> Roles -> Edit Role -> ID.

    Click here to learn more about Creating a Custom Role in GCP

    • At last, click on the SUBMIT button to save it.

    What's Next