GKE Getting Started

GKE Getting Started

Introduction

  • Purpose of the Guide: This guide is designed to assist users in comprehending the necessary prerequisites and the steps involved to successfully execute the project.
  • Definitions:
    • Environment: The project utilized terraform workspace for switch between environments.
  • Project's folder structure:
    • docs: Project's documentation
    • env: Folder contains environment specific backend and modules configuration
    • modules: Project's modules
    • plans: Folder for storing generated plans
    • scripts: terraform init, terraform plan and terraform apply, with workspace (environment) configuration applied, implemented in both bash and powershell scripts.
  • Backend: gcs backend is configured by <ENV>.backend.tfvars file.
  • Customization:
    • Modules can be customized by editing their respective <ENV>.tfvars files, where ENV is selected workspace.
    • Additional resources and configurations can be added as per project requirements.

Getting Started

Please note that this project is designed to provision new resources, including the setup of a new Google Kubernetes Engine (GKE) cluster, among other components. It has not been tested with existing GKE clusters (terraform import) or pre-configured GCP resources. Users planning to deploy this project should be aware that it assumes a fresh environment for optimal compatibility and performance. Existing GCP resource configurations may require adjustments or could lead to unpredictable outcomes if used in conjunction with this project.

  • Prerequisites:

    • Google account with Kubernates Engine API permission.
    • Terraform installed on your local machine.
    • gcloud cli installed on your local machine
    • gke-gcloud-auth-plugin component on your local machine
    • gcs for storing Terraform backend.
    • You will need a domain under your control with the ability to manage its DNS settings for Kiali and Grafana dashboards. After deployment, Kiali and Grafana dashboards will be up and running.
    • Some knowledge of Terraform, Kubernetes, Helm and Istio.

    Check if requires compute resources are available for your region gcloud compute machine-types list --filter="name=<machine type>"

  • Initial Setup:

    • Rename default.backend.tfvars to dev.backend.tfvars and define a proper backend configuration.

    • Run terraform init to initialize the backend:

      .\scripts\init.ps1 -ENV "dev"

    • Create a new workspace dev:

      terraform workspace new dev

      Empty dev workspace will be created and selected

    • Rename default.tfvars to dev.tfvars and configure project's modules.

    • Adjust parameters as per your infrastructure needs

    • Make sure that optional modules are disabled on this stage:

      project_modules         = {
    kiali           = false
    prometheus      = false
    grafana         = false
    letsencrypt     = false
}

Deployment with Terraform

The deployment can be divided in 3 phases:

  • Deploy resources
  • Create an A records for your domains
  • Deploy services

There is couple of reasons for such dividing:

  1. kubernetes_manifest terraform statements will try to connect cluster first to check if resource is already created on a plan stage, and will fail because cluster is not created yet.
  2. Let's encrypt will perform ACME challenge for your domains as a part of certification issuing process, which requires your domain to point to Load Balancer address. DNS record update is async and might take 5-60 minutes depending on provider.

  • Phase I - Deploy resources (~10 minutes): Considering everything is set in Initial setup, you can start building the infrastructure

    • Plan terraform changes:

      .\scripts\plan.ps1

    • Review the output

    • Apply the changes:

      .\scripts\apply.ps1

  • Phase II - Create CNAME records for domains (~ 5-60 minutes):

    • Obtain the load balaner DNS address via Console/gcloud CLI or by running:

      kubectl get svc/istio-ingress -n istio-system

      EXTERNAL-IP will be the load blancer address

    • Create CNAME record for kiali

    • Create CNAME record for grafana

    • Wait up to 60 minutes (depending on your doamin registrar) and check that domain is resolved to cluster's load balancer

  • Phase III - Build the services (~5-10 minutes): Assuming that above is implemented

    • Turn optional modules on:

      project_modules         = {
    kiali           = true
    prometheus      = true
    grafana         = true
    letsencrypt     = true
}

    • Plan terraform changes:

      .\scripts\plan.ps1

    • Review the output

    • Apply the changes:

      .\scripts\apply.ps1

    Enjoy!

Usage

  • Connecting to the cluster: Update kubeconfig with new context:

    gcloud container clusters get-credentials <cluster name> --region <your region> --project <your project>