GCE Kubernetes Guide
This document is aimed at helping the user to deploy OpenIAM in GCE.
Set up the environment
- Authenticate into Google:
gcloud auth logingcloud auth application-default login
Set the project, replace
YOUR_PROJECTwith your project ID:PROJECT=YOUR_PROJECTYOUR_PROJECT is the project ID, not the project name. See Google Cloud Documentation for more on locating the Project ID in the Google Cloud Control Panel
gcloud config set project ${PROJECT}Configure the environment for Terraform:
export GOOGLE_PROJECT=$(gcloud config get-value project)Re-run
setup.shin the root of the projectEnable the Service Management API:
gcloud services enable cloudbuild.googleapis.comgcloud services enable compute.googleapis.comgcloud services enable servicemanagement.googleapis.comgcloud services enable sql-component.googleapis.comgcloud services enable sqladmin.googleapis.comgcloud services enable redis.googleapis.com
Set the region variable in terraform.tfvars to region that supports GCS
Some of our services, when running in GCE, require authentication into google cloud. For this, we a Service Account File. There are two ways to do this. Specifically, BigTable requires this.
- You can simply use your
gcloudcredential file, and run this:
mkdir -p .googlemkdir -p openiam-configmap/.googlecp ~/.config/gcloud/application_default_credentials.json .google/gcloud.creds.jsoncp ~/.config/gcloud/application_default_credentials.json openiam-configmap/.google/gcloud.creds.json
- Follow these steps.
You will have to make sure that the result json file is in
.google/gcloud.creds.json
- Set the GKE-specific variables in terraform.tfvars
| Variable Name | Required | Default Value | Description |
|---|---|---|---|
| region | Y | The region to be deployed. For example, us-west2 | |
| replica_count | Y | The total number of nodes to be created in the kubernetes cluster | |
| database.root.user | Y | The root username to the database | |
| database.root.password | Y | The root username to the database | |
| redis.google.memory | Y | Memory of the Redis instance (in GB) | |
| database.google.instance_class | N | Google Instance class for the database instance. | |
| For Mysql, see https://cloud.google.com/sql/pricing#2nd-gen-pricing | |||
| For Postgres, see https://cloud.google.com/sql/pricing#pg-pricing | |||
| Note - for Postgres, using any of the provided tiers will NOT be enough, due to limitations to the number of concurrent connections | |||
| see - https://cloud.google.com/sql/docs/postgres/quotas | |||
| If you're using Postgres, you will have to create a custom tier, and then use that as the value of this string. See https://cloud.google.com/compute/docs/instances/creating-instance-with-custom-machine-type#create | |||
| kubernetes.gke.machine_type | Y | Machine Type of GKE Cluster. See https://cloud.google.com/compute/docs/machine-types. Minimum is n1-standard-4 | |
| elasticsearch.helm.esJavaOpts | Y | -Xmx1536m -Xms1536m | ES Java Arguments |
| elasticsearch.helm.replicas | Y | 1 | Number of replicas |
Destroying
Due to a bug with terraform's helm provider in GCE, destroying the objects in GKE must be performed in several automated and manual steps.
First, run these commands:
terraform state rm module.deployment.module.helmterraform state rm module.deployment.module.openiam-appterraform state rm module.deployment.module.kubernetesterraform state rm module.deployment.module.elasticsearchterraform state rm module.deployment.module.monitoringterraform state rm module.deployment.module.kibana
Next, run the destroy command:
terraform destroy # enter 'yes' when asked to do so
Finally, you will have to delete terraform's state files:
rm -rf terraform.tfstate*