GKE (GCP)
GKE Setup¶
To remain inherently safe, Karrots does not acquire or store account secrets. On GKE Karrots relies on the Google management tool gcloud
to perform all of the Terraform operations that require secrets and authorization. To make this work you will need to first do a little gcloud
setup.
Prerequisites¶
Before you run Karrots you need a Google Compute organization, project, and billing account. Your user account needs to then have admin privileges in that organzation. You can find organization setup information here: https://cloud.google.com/resource-manager/docs/creating-managing-organization. The Terraform scripts that Karrots runs, uses your local gcloud
setup to handle validation and authorization. You can find gcloud
installation instructions here: https://cloud.google.com/sdk/docs/downloads-interactive#interactive_installation.
When Karrots creates a new cluster, it does that inside a project and creates a new service account that owns the cluster. (Your admin account will not own the cluster for security reasons.)
Manual setup steps¶
Once you have a valid organization and project, you need to perform a few steps to setup gcloud
on the local machine so that Karrots can use it provide authorization for certain Terraform operations. (Karrots never stores secrets.)
The first thing you need to do is install the gcloud beta
components so that Karrots can use the gcloud beta billing accounts list
command to validate your account is setup correctly.
gcloud components install beta
If you don't already have a stored gcloud
config for the project where you want to run Karrots, then you will need to create one.
gcloud config configurations create karrots
gcloud config set account <account-id> (your GCP login account: first.last@sample.com)
gcloud config set project <project-name>
gcloud config set compute/region <region>
gcloud config set compute/zone <zone>
gcloud
config you want Karrots to use and then login to the account associated with that config. The reason for the second login usingapplication-default
is that gcloud
will setup local config so that the kubectl
command works from your local machine against the new cluster once it's up. gcloud config configurations activate karrots
gcloud auth login
gcloud auth application-default login
Post Cluster Creation Steps¶
At this point you should be able to execute:
kubectl get pods
and get a list of running pods.