GCE Kubernetes guide
This document is aimed at helping the user to deploy OpenIAM in GCE.
Setting up the environment
- Authenticate into Google.
gcloud auth logingcloud auth application-default login
- Set the project, replace - YOUR_PROJECTwith your project ID.PROJECT=YOUR_PROJECT
YOUR_PROJECT is the project ID, not the project name.  See Google Cloud Documentation for more on locating the Project ID in the Google Cloud Control Panel.
```gcloud config set project ${PROJECT}```
- Configure the environment for Terraform. export GOOGLE_PROJECT=$(gcloud config get-value project)
- Re-run - setup.shin the root of the project.
- Enable the Service Management API. gcloud services enable cloudbuild.googleapis.comgcloud services enable compute.googleapis.comgcloud services enable servicemanagement.googleapis.comgcloud services enable sql-component.googleapis.comgcloud services enable sqladmin.googleapis.comgcloud services enable redis.googleapis.com
- Set the region variable in terraform.tfvars to region that supports GCS. 
- Some of our services, when running in GCE, require authentication into google cloud. For this, we a Service Account File. There are two ways to do this. Specifically, BigTable requires this. 
- Also, you can simply use your gcloudcredential file, and run the following.
mkdir -p .googlemkdir -p openiam-configmap/.googlecp ~/.config/gcloud/application_default_credentials.json .google/gcloud.creds.jsoncp ~/.config/gcloud/application_default_credentials.json openiam-configmap/.google/gcloud.creds.json
- Follow these steps.
You will have to make sure that the result .jsonfile is in.google/gcloud.creds.json.
- Set the GKE-specific variables in terraform.tfvars.
| Variable Name | Required | Default value | Description | 
|---|---|---|---|
| region | Y | The region to be deployed. For example, us-west2. | |
| replica_count | Y | The total number of nodes to be created in the Kubernetes cluster. | |
| database.root.user | Y | The root username to the database. | |
| database.root.password | Y | The root username to the database. | |
| redis.google.memory | Y | Memory of the Redis instance (in GB). | |
| database.google.instance_class | N | Google Instance class for the database instance. For Mysql, see https://cloud.google.com/sql/pricing#2nd-gen-pricing. For Postgres, see https://cloud.google.com/sql/pricing#pg-pricing Note: For Postgres, using any of the provided tiers will NOT be enough, due to limitations to the number of concurrent connections. See https://cloud.google.com/sql/docs/postgres/quotas. If you're using Postgres, you will also have to create a custom tier, and then use that as the value of this string. See https://cloud.google.com/compute/docs/instances/creating-instance-with-custom-machine-type#create | |
| kubernetes.gke.machine_type | Y | Machine Type of GKE Cluster. See https://cloud.google.com/compute/docs/machine-types. Minimum is n1; standard - 4 | |
| elasticsearch.helm.esJavaOpts | Y | -Xmx1536m -Xms1536m | ES Java Arguments. | 
| elasticsearch.helm.replicas | Y | 1 | Number of replicas. | 
Destroying
Due to a bug with Terraform's helm provider in GCE, destroying the objects in GKE must be performed in several automated and manual steps.
First, run the following commands.
terraform state rm module.deployment.module.helmterraform state rm module.deployment.module.openiam-appterraform state rm module.deployment.module.kubernetesterraform state rm module.deployment.module.elasticsearchterraform state rm module.deployment.module.monitoringterraform state rm module.deployment.module.kibana
Next, run the destroy command.
terraform destroy # enter 'yes' when asked to do so
Finally, you will have to delete the following terraform's state files.
rm -rf terraform.tfstate*