GKE Bootstrap - Deployment Manager

Google Cloud Platform Deployment Manager bootstrap for GKE

---

Architecture

---

---

Setup

---

Deploy Script Usage

./deploy.sh <project_id> <resource> <action>

Resources must be deployed and removed in the following order

create	delete
IAM	Bastion
Network	GKE
Cloud Router (NAT)	Cloud Router (NAT)
GKE	Network
Bastion	IAM

IAM

Deployment manager needs IAM permissions for particular tasks. We can temporarily add these permissions using the following

# Create
./deploy.sh <project_id> iam create

# Delete
./deploy.sh <project_id> iam delete

Network

# Create
./deploy.sh <project_id> network create

# Delete
./deploy.sh <project_id> network delete

Cloud Router (NAT)

# Create
./deploy.sh <project_id> cloud-router create

# Delete
./deploy.sh <project_id> cloud-router delete

GKE

# Create
./deploy.sh <project_id> gke create

# Delete
./deploy.sh <project_id> gke delete

Bastion

# Create
./deploy.sh <project_id> bastion create

# Delete
./deploy.sh <project_id> bastion delete

---

Manage

---

Connect

Connect to the bastion host and manage the kubernetes cluster from there using the steps below

SSH Bastion

gcloud compute ssh <project_id>-bastion \
    --project <project_id> \
    --zone australia-southeast1-a

Then pull the repo down locally to the bastion server

git clone https://github.com/t04glovern/gke-dm-bootstrap.git

Kubernetes Connect

gcloud container clusters get-credentials <project_id>-gke \
    --project <project_id> \
    --region australia-southeast1

Role-based Access Control (RBAC) [Skip]

NOTE: This step is only required for Helm 2.0 or lower. By default you should have Helm 3.0+ installed on the bastion, so it is likely safe to skip this step

We'll deploy an RBAC configuration that is used by helm. Perform the following actions from the Bastion server

cd gke-dm-bootstrap/k8s

# Create tiller service account & cluster role binding
kubectl create -f rbac-config.yaml

# init helm with the service account
helm init --service-account tiller --history-max 200

Helm

Install Packages

Nginx External

Deploy the external version of nginx run running the following

# From within the k8s folder
cd gke-dm-bootstrap/k8s

# Install the helm templates as 'nginx'
helm install nginx ./nginx/

# Get the external IP
kubectl get services
# NAME            TYPE           CLUSTER-IP        EXTERNAL-IP     PORT(S)        AGE
# kubernetes      ClusterIP      192.168.192.1     <none>          443/TCP        115m
# nginx-service   LoadBalancer   192.168.192.132   35.244.100.27   80:30251/TCP   9m

curl http://35.244.100.27
# <h1>DevOpStar Nginx Kubernetes</h1>

# <p>Congratulations!</p>

Nginx Internal

Edit the k8s/nginx/templates/service.yaml file and uncomment the following lines

  annotations:
    cloud.google.com/load-balancer-type: Internal

...

  loadBalancerIP: {{ .Values.staticIp }}

You can update the staticIp value in the k8s/nginx/values.yaml file

# Upgrade the helm templates called 'nginx'
helm upgrade nginx ./nginx/

curl http://192.168.189.50
# <h1>DevOpStar Nginx Kubernetes</h1>

# <p>Congratulations!</p>

Delete Packages

helm delete nginx

Attribution

• RBAC Configuration Example - https://github.com/helm/helm/blob/master/docs/rbac.md
• Deployment Manager samples - https://github.com/GoogleCloudPlatform/deploymentmanager-samples
  • cloud_router
  • firewall
  • gke - with modifications from Praveen Chamarthi
  • iam_member
  • network