Deploying on GCP with Terraform
Replicated 3 Node Cluster
Prerequisites
VPC, Subnet, and NAT in GCP, to allow pods to pull images from the Granite repository.
An example can be found at Example GKE setup | Cloud NAT | Google Cloud. Steps 1, 3, 4 & 6 from this link need to be completed. There is no need to perform step 2 because Grainite script creates the kubernetes cluster. Make sure for Step 6 to create a NAT per region in case your cluster and VM are in different regions.
zip
grepcidr -
sudo apt install -y grepcidr
Helm
Tokens:
Helm deploy token (same as GitLab deploy token)
Helm username
Quay username
Quay password
The following permissions are required for the service account:
Compute Admin
Kubernetes Engine Admin
Service Account User
compute.subnetworks.delete
(Compute Network Admin)
Recommendation: All of the steps below should be performed from a linux VM running within the same virtual private cloud as the target cluster.
Download scripts
The scripts package contains scripts that make it easier to deploy and manage Grainite clusters with scripts for creating roles, VPCs, Grainite clusters, etc.
Run the following to download the Terraform GCP and CloudFormation AWS scripts package tar:
Replace <token>
with the deploy token provided to you.
Also, replace <version>
with the desired version of Grainite (e.g. 2316.1) that needs to be deployed or latest
for the latest available version of Grainite.
2. Run the following to extract the script package tar:
Initialize Terraform
Initialize Terraform by running the following command under grainite/scripts/package/k8s/tf/gcp
:
If successful, the following output will be shown:
Initialize gcloud CLI
Run the following command to Initialize gcloud by picking a project, region, and authenticating:
Create an unsecured 3 node GKE cluster
Create a 3-node cluster in an existing VPC by running the following script:
NOTE:
Grainite helm chart version
: The Grainite release version for the helm chart.Example: for release
2316.1
, specify-C 23.16.1
or for release2317
, specify-C 23.17.0
-m:
meta size default value is1Ti.
-d:
dat size default value is1Ti.
-p:
default value isfalse.
Example (Need to replace username and passwords):
Deploy a cluster with TLS and encryption enabled
Encryption can also be enabled on an existing cluster, see the following page for details:
pageEnabling Disk EncryptionOptionally, the following script can be used to create a cluster with encryption and TLS enabled directly:
Note: This will not create the client certificates necessary for TLS. To create these, follow Step 2 under Enabling TLS.
Where:
All flags are the same as those passed in Create a 3 node GKE Cluster except for
-e
which when passed enablesencryption at desk
.The
-x
,-y
and-z
options are needed for at-rest encryption using a key provided via Google Cloud KMS. More details here.
Access the Kubernetes cluster
The Kubernetes config is set up as part of cluster creation using prep_cluster.sh
. However, you can also switch it, to use another cluster.
Use the following script to list all available clusters:
Use the following script to connect to an existing cluster:
Use the following script to get the IP address of a cluster after connecting to it:
Use the following script to get the name of the cluster that is being used:
Destroy the cluster
Running the cluster-delete
will clean up the PVCs used in the cluster. To preserve the volumes after cluster deletion, delete the cluster from the GCP console instead.
Last updated