github.com/caos/orbos@v1.5.14-0.20221103111702-e6cd0cea7ad4/docs/orbiter/gce.md

github.com/caos/orbos@v1.5.14-0.20221103111702-e6cd0cea7ad4/docs/orbiter/gce.md (about)

     1  # Using the GCEProvider
     2  
     3  In the following example we will create a `kubernetes` cluster on a `GCEProvider`. All the `GCEProvider` needs besides a writable Git Repository is a billable Google Cloud Project and a Google Service Account with sufficient permissions.
     4  
     5  ## Initialize A Git Repository
     6  
     7  Generate a new Deploy Key
     8  ```bash
     9  mkdir -p ~/.ssh && ssh-keygen -t rsa -b 4096 -C "ORBOS repo key" -P "" -f /tmp/myorb_repo -q
    10  ```
    11  
    12  Create a new Git Repository
    13  
    14  Add the public part of your new SSH key pair to the git repositories trusted deploy keys with write access.
    15  
    16  ```
    17  cat /tmp/myorb_repo.pub
    18  ```
    19  
    20  Copy the files [orbiter.yml](../../examples/orbiter/gce/orbiter.yml) and [boom.yml](../../examples/boom/boom.yml) to the root of your Repository.
    21  
    22  ## Configure your local environment
    23  
    24  Download the latest orbctl
    25  
    26  ```bash
    27  curl -s https://api.github.com/repos/caos/orbos/releases/latest | grep "browser_download_url.*orbctl-$(uname)-$(uname -m)" | cut -d '"' -f 4 | sudo wget -i - -O /usr/local/bin/orbctl
    28  sudo chmod +x /usr/local/bin/orbctl
    29  sudo chown $(id -u):$(id -g) /usr/local/bin/orbctl
    30  ```
    31  
    32  Create an orb file
    33  
    34  ```bash
    35  mkdir -p ~/.orb
    36  cat > ~/.orb/config << EOF
    37  url: git@github.com:me/my-orb.git
    38  masterkey: $(openssl rand -base64 21)
    39  repokey: |
    40  $(sed s/^/\ \ /g /tmp/myorb_repo)
    41  EOF
    42  ```
    43  
    44  ## Enable IAP in a billable GCP project of you choice and create a service account
    45  
    46  Please follow [this](https://cloud.google.com/iap/docs/enabling-compute-howto#iap-enable) instructions and enable IAP for the project in which the compute-instances should run.
    47  Under this [link](https://console.cloud.google.com/apis/library/iap.googleapis.com) in the console it should be possible to activate.
    48  
    49  Assign the service account the roles `Compute Admin`, `IAP-secured Tunnel User` and `Service Usage Admin`
    50  
    51  Create a JSON key for the service account
    52  
    53  Encrypt and write the created JSON key to the orbiter.yml
    54  
    55  ```bash
    56  orbctl writesecret orbiter.gce.jsonkey --file ~/Downloads/<YOUR_JSON_KEY_FILE>
    57  ```
    58  
    59  ## Bootstrap your Kubernetes cluster on GCE
    60  
    61  ```bash
    62  orbctl takeoff
    63  ```
    64  
    65  As soon as the Orbiter has deployed itself to the cluster, you can decrypt the generated admin kubeconfig
    66  
    67  ```bash
    68  mkdir -p ~/.kube
    69  orbctl readsecret k8s.kubeconfig > ~/.kube/config
    70  ```
    71  
    72  Wait for grafana to become running
    73  
    74  ```bash
    75  kubectl --namespace caos-system get po -w
    76  ```
    77  
    78  Open your browser at localhost:8080 to show your new clusters dashboards
    79  
    80  ```bash
    81  kubectl --namespace caos-system port-forward svc/grafana 8080:80
    82  ```
    83  
    84  Delete everything created by Orbiter
    85  
    86  ```bash
    87  orbctl destroy
    88  ```