Skip to content

Latest commit

 

History

History
134 lines (94 loc) · 4.42 KB

gke.md

File metadata and controls

134 lines (94 loc) · 4.42 KB
Raw

Provisioning GKE with Ansible

Requirements

Python libraries

As we will interact with Azure, we need a couple of Python libraries to be present in the system.

pip install --user -r requirements_aks.txt

Ansible Collections

We will also need the Ansible collection for Google Cloud.

ansible-galaxy collection install -r collections/requirements.yml

GCP credentials

To authenticate provide the following environment variables GCP_PROJECT, GCP_AUTH_KIND, and GCP_SERVICE_ACCOUNT_FILE.

  • GCP_PROJECT: GCP Project ID.
  • GCP_AUTH_KIND: The type of credential used (application, machineaccount, or serviceaccount).
  • GCP_SERVICE_ACCOUNT_FILE: The path of a Service Account JSON file if serviceaccount is selected as type.

You need to grant resource access to your service account. For example you can assign these roles: Compute Admin, Kubernetes Engine Admin, and Service Account User (iam.serviceAccountUser).

Service Account JSON file

You need to provide your Service Account JSON file, which you point out to with the environmental variable GCP_SERVICE_ACCOUNT_FILE.

Enable Kubernetes Engine API

Via the console.

Creating a new GKE Cluster

Follow these steps to provision an AKS cluster.

  1. Clone this repository: git clone https://github.com/nleiva/ansible-kubernetes.git

  2. Make your GCP Credentials (GCP_PROJECT, GCP_AUTH_KIND``, and GCP_SERVICE_ACCOUNT_FILE) available as environment variables (export`).

export GCP_PROJECT='...'
export GCP_AUTH_KIND='...'
export GCP_SERVICE_ACCOUNT_FILE='...'
  1. Run the Playbook and wait a couple of minutes while GKE is being provisioned.
 ⇨  ansible-playbook main.yml -v --extra-vars "cloud_provider=gcp"

<snip>

TASK [gcp_create_gke : Create GKE cluster] *****************************************************************************************************************************************************
changed: [localhost] => {
    "addonsConfig": {
        "gcePersistentDiskCsiDriverConfig": {
            "enabled": true
        },
        "kubernetesDashboard": {
            "disabled": true
        },
        "networkPolicyConfig": {}
    },
    "changed": true,
    "clusterIpv4Cidr": "10.108.0.0/14",
    "createTime": "2021-08-10T16:59:06+00:00",
    "currentMasterVersion": "1.20.8-gke.900",
    "currentNodeCount": 2,
    "currentNodeVersion": "1.20.8-gke.900",
    "databaseEncryption": {
        "state": "DECRYPTED"
    },
    "defaultMaxPodsConstraint": {
        "maxPodsPerNode": "110"
    },

<snip>

    "status": "RUNNING",
    "subnetwork": "kubernetes-vpc",
    "zone": "us-east4-a"
}

TASK [gcp_create_gke : Create k8s node pool] ***************************************************************************************************************************************************
changed: [localhost] => {
    "changed": true,

<snip>

    "upgradeSettings": {
        "maxSurge": 1
    },
    "version": "1.20.8-gke.900"
}

PLAY RECAP *************************************************************************************************************************************************************************************
localhost                  : ok=11   changed=2    unreachable=0    failed=0    skipped=4    rescued=0    ignored=0

GCP Console view

GCP CLI

Authorizing with a service account.

gcloud auth activate-service-account [ACCOUNT] --key-file=[KEY_FILE]
  • ACCOUNT: E-mail address of the service account.
  • KEY_FILE: Path to the Service Account JSON file.

Kubeconfig

gcloud container clusters get-credentials: Fetch credentials for a running cluster.