Before this module can be used on a project, you must ensure that the following pre-requisites are fulfilled:
- Terraform and kubectl are installed on the machine where Terraform is executed.
- The Service Account you execute the module with has the right permissions.
- The Compute Engine and Kubernetes Engine APIs are active on the project you will launch the cluster in.
- If you are using a Shared VPC, the APIs must also be activated on the Shared VPC host project and your service account needs the proper permissions there.
The project factory can be used to provision projects with the correct APIs active and the necessary Shared VPC connections.
Some submodules use the terraform-google-gcloud module. By default, this module assumes you already have gcloud installed in your $PATH. See the module documentation for more information.
In order to execute this module you must have a Service Account with the following project roles:
- roles/compute.viewer
- roles/compute.securityAdmin (only required if
add_cluster_firewall_rulesis set totrue) - roles/container.clusterAdmin
- roles/container.developer
- roles/iam.serviceAccountAdmin
- roles/iam.serviceAccountUser
- roles/resourcemanager.projectIamAdmin (only required if
service_accountis set tocreate)
Additionally, if service_account is set to create and grant_registry_access is requested, the service account requires the following role on the registry_project_ids projects:
- roles/resourcemanager.projectIamAdmin
In order to operate with the Service Account you must activate the following APIs on the project where the Service Account was created:
- Compute Engine API - compute.googleapis.com
- Kubernetes Engine API - container.googleapis.com
This example creates a Cloud Endpoints service and requires that the Service Manangement API is enabled.
- Enable the Service Management API:
gcloud services enable servicemanagement.googleapis.com cloudapis.googleapis.com compute.googleapis.com container.googleapis.com
gcloud auth list
gcloud container clusters list
gcloud config set project <project_name>project = "<change>" # project name
region = "europe-west1" #
location = "europe-west1-b"
gcp_auth_file = "./files/<change>.json" # Service accaunt key
network\_name = "tf-gce-helm" # Network name
app_name = "<change>" # Name for your app
registry\_username = "<change>" # User name Dockerhub
registry\_password = "<change>" # pass Dockerhub
registry\_email = "<change>@gmail.com" # Mail DockerHub
registry\_server = "docker.io" # -
Then perform the following commands on the root folder:
terraform initto get the pluginsterraform planto see the infrastructure planterraform applyto apply the infrastructure buildterraform destroyto destroy the built infrastructure
- Install
network-multitoolfor tests
kubectl create deployment multitool --image=praqma/network-multitool- Prerequisites
| Name | port |
|---|---|
| grafana | :3000 |
| prometheus-server | :9090 |
| Name | Status | Type |
|---|---|---|
| nginx | OK | Deployment |
Actions >
Expose Port mapping - Port1 80 / Target port1 80 (expose)
| Name | Status | Type | Endpoints |
|---|---|---|---|
| nginx | OK | External load balancer | http://<IP>:80 |
- Get the cluster credentials and configure kubectl:
gcloud container clusters list
gcloud container clusters get-credentials <cluster_name> --region europe-west1-bhelm list
helm upgrade --install -f app/values.yaml app ./app
helm uninstall <chart(nginx)>
-
Grafana Login to grafana and add dashboards
- login:
admin - password:
strongpassword(change)
- login:
Loki Logs with quicksearch 13359
./files/grafana/dashboards/
- Prometheus