Skip to content

Latest commit

 

History

History
55 lines (41 loc) · 2.88 KB

gcpconfig.md

File metadata and controls

55 lines (41 loc) · 2.88 KB

GCP Configuration

The Operator requires specific GCP configuration to be present on your cluster.

Note: Unless you're running this against your very own personal GCP org account, someone likely already has this stuff prepared for you in your company/team. Ask around.

ConfigMap and Secret

Configmap

The Operator needs to be aware of your Google GCP Billing account in order to manage your GCP Project programmatically. If you don't have one, please create one and note its ID down. For parent folder you can use any folder you like. If you don't have one, feel free to create one.

You can create one example ConfigMap using the following command.

cat <<EOF | kubectl apply -f -
apiVersion: v1
kind: ConfigMap
metadata:
  name: gcp-project-operator
  namespace: gcp-project-operator
data:
  config.yaml: |
    billingAccount: "123456-ABCDEF-123456" # Google billing ID from https://console.cloud.google.com/billing
    parentFolderID: "123456789123"         # Google Cloud organization Parent Folder ID
    ccsConsoleAccess:
    - example-group@xxx.com # A list of groups that will get access to CCS projects
    disabledRegions:
    - europe-north1
    - asia-northeast2
    - asia-south1
EOF

The list of disabledRegions can be used to block the creation of projects in certain regions. Example use of this list is a region in which you do not have enough quota to provision a OCP cluster. If a ProjectClaim is created that is configured to create a project in one of those regions, the state will be set to Error before any action is taken.

Consult the OCP documentation for a list of minimum quota necessary to provision an OpenShift cluster.

Secret

The Operator needs a Google ServiceAccount to authenticate its client against Google GCP. Find your Google GCP SA by going here or create one. This downloads a JSON file with your key.

Add this information to your Kubernetes cluster by creating a secret:

$ kubectl create -n gcp-project-operator secret generic gcp-project-operator-credentials --from-file=key.json=your-file.json

Now your Kubernetes cluster has everything it needs to build a client and communicate with Google GCP using your billing account and a ServiceAccount that has the permissions to create projects and other resources (such as virtual-machines).