# SQL

### My instance name

```
gcloud sql instances create mlops \
--database-version=POSTGRES_15 \
--region=us-west2 \
--tier=db-f1-micro \
--storage-type=HDD \
--storage-size=10GB \
--authorized-networks=0.0.0.0/0
```

### My username and password

```
gcloud sql users create hose \
--instance=mlops \
--password=pass
```

### My created database

```
gcloud sql databases create mlops_db --instance=mlops
```

# GCS

### creating google bucket

`gcloud storage buckets create gs://mlops_bucket_lab`

# Repository

### creating repo 

```
gcloud artifacts repositories create mlops-repo \
--location=us-west2 \
--repository-format=docker
```

# Service Account

### create service account

`gcloud iam service-accounts create mlops-service`

### to find our project id

`gcloud config get-value project`

which is: project-tutorial-434821

### granting roles 

`gcloud projects add-iam-policy-binding project-tutorial-434821 --member='serviceAccount:mlops-service@project-tutorial-434821.iam.gserviceaccount.com' --role='roles/cloudfunctions.admin'`

For `<role-name>`, we will need to run the above command 6 times:

- cloudsql.editor  
- storage.objectAdmin  
- secretmanager.secretAccessor  
- artifactregistry.admin  
- clouddeploy.serviceAgent  
- cloudfunctions.admin

# Secrets

### create set of keys for service account

`gcloud iam service-accounts keys create sa-private-key.json --iam-account=mlops-service@project-tutorial-434821.iam.gserviceaccount.com`

### create access keys

`gcloud secrets create access_keys --data-file=sa-private-key.json`

### find ip for instance
`gcloud sql instances describe mlops`

which is 35.236.86.4

### creat secret 

```
echo -n "postgresql://hose:pass@35.236.86.4/mlops_db" | \
    gcloud secrets versions add database_url --data-file=-
```

### storage bucket, same as before

```gcloud secrets create bucket_url```

```
echo -n "gs://mlops_bucket_lab/mlruns" | \
    gcloud secrets versions add bucket_url --data-file=-
```

# Docker Image

`gcloud auth configure-docker us-west2-docker.pkg.dev`

`docker build --platform linux/amd64 -t "us-west2-docker.pkg.dev/project-tutorial-434821/mlops-repo/mlflow:v1" .`

`docker push us-west2-docker.pkg.dev/project-tutorial-434821/mlops-repo/mlflow:v1`

# google clound run

```
gcloud run deploy mlops-service \
          --image "us-west2-docker.pkg.dev/project-tutorial-434821/mlops-repo/mlflow:v1" \
          --region "us-west2" \
          --service-account "mlops-service@project-tutorial-434821.iam.gserviceaccount.com" \
          --update-secrets=/secrets/credentials=access_keys:latest \
          --update-secrets=POSTGRESQL_URL=database_url:latest \
          --update-secrets=STORAGE_URL=bucket_url:latest \
          --memory 2Gi \
          --allow-unauthenticated \
          --port 8080
```