[setup] Add port forwarding instructions on GCE VM

abshkbh · abshkbh · commit 9d211b411b77 · 2025-04-15T05:25:18.000Z
diff --git a/setup/gcp-instructions.md b/setup/gcp-instructions.md
@@ -8,8 +8,22 @@
     VM_NAME=<your-vm-name>
     PROJECT_ID=<your-project-id>
     SERVICE_ACCOUNT=<your-service-account>
-
-    gcloud compute instances create ${VM_NAME} --project=${PROJECT_ID} --zone=us-west1-a --machine-type=n1-standard-1 --network-interface=network-tier=STANDARD,stack-type=IPV4_ONLY,subnet=default --maintenance-policy=MIGRATE --provisioning-model=STANDARD --service-account=${SERVICE_ACCOUNT} --scopes=https://www.googleapis.com/auth/devstorage.read_only,https://www.googleapis.com/auth/logging.write,https://www.googleapis.com/auth/monitoring.write,https://www.googleapis.com/auth/service.management.readonly,https://www.googleapis.com/auth/servicecontrol,https://www.googleapis.com/auth/trace.append --create-disk=auto-delete=yes,boot=yes,device-name=maverick-gcp-dev-vm3,image=projects/ubuntu-os-cloud/global/images/ubuntu-2204-jammy-v20250128,mode=rw,size=20,type=pd-standard --no-shielded-secure-boot --shielded-vtpm --shielded-integrity-monitoring --labels=goog-ec-src=vm_add-gcloud --reservation-affinity=any --enable-nested-virtualization
+    ZONE=<your-zone>
+
+    gcloud compute instances create ${VM_NAME} --project=${PROJECT_ID} --zone=${ZONE} --machine-type=n1-standard-1 --network-interface=network-tier=STANDARD,stack-type=IPV4_ONLY,subnet=default --maintenance-policy=MIGRATE --provisioning-model=STANDARD --service-account=${SERVICE_ACCOUNT} --scopes=https://www.googleapis.com/auth/devstorage.read_only,https://www.googleapis.com/auth/logging.write,https://www.googleapis.com/auth/monitoring.write,https://www.googleapis.com/auth/service.management.readonly,https://www.googleapis.com/auth/servicecontrol,https://www.googleapis.com/auth/trace.append --create-disk=auto-delete=yes,boot=yes,device-name=maverick-gcp-dev-vm3,image=projects/ubuntu-os-cloud/global/images/ubuntu-2204-jammy-v20250128,mode=rw,size=20,type=pd-standard --no-shielded-secure-boot --shielded-vtpm --shielded-integrity-monitoring --labels=goog-ec-src=vm_add-gcloud --reservation-affinity=any --enable-nested-virtualization
+
+    NETWORK_TAG=allow-ingress-ports
+    FIREWALL_RULE=allow-ingress-ports-rule
+    gcloud compute instances add-tags ${VM_NAME} --tags=${NETWORK_TAG} --zone=${ZONE}
+    gcloud compute firewall-rules create ${FIREWALL_RULE} \
+    --direction=INGRESS \
+    --priority=1000 \
+    --network=default \
+    --action=ALLOW \
+    --rules=tcp:3000-5000,tcp:7000 \
+    --source-ranges=0.0.0.0/0 \
+    --target-tags=${NETWORK_TAG} \
+    --description="Allow TCP ingress on ports 3000-5000 and 7000 for VMs with the ${NETWORK_TAG} tag"
     ```
 
 ## Instructions to run on the GCE VM
