github.com/caos/orbos@v1.5.14-0.20221103111702-e6cd0cea7ad4/docs/orbiter/gce.md (about) 1 # Using the GCEProvider 2 3 In the following example we will create a `kubernetes` cluster on a `GCEProvider`. All the `GCEProvider` needs besides a writable Git Repository is a billable Google Cloud Project and a Google Service Account with sufficient permissions. 4 5 ## Initialize A Git Repository 6 7 Generate a new Deploy Key 8 ```bash 9 mkdir -p ~/.ssh && ssh-keygen -t rsa -b 4096 -C "ORBOS repo key" -P "" -f /tmp/myorb_repo -q 10 ``` 11 12 Create a new Git Repository 13 14 Add the public part of your new SSH key pair to the git repositories trusted deploy keys with write access. 15 16 ``` 17 cat /tmp/myorb_repo.pub 18 ``` 19 20 Copy the files [orbiter.yml](../../examples/orbiter/gce/orbiter.yml) and [boom.yml](../../examples/boom/boom.yml) to the root of your Repository. 21 22 ## Configure your local environment 23 24 Download the latest orbctl 25 26 ```bash 27 curl -s https://api.github.com/repos/caos/orbos/releases/latest | grep "browser_download_url.*orbctl-$(uname)-$(uname -m)" | cut -d '"' -f 4 | sudo wget -i - -O /usr/local/bin/orbctl 28 sudo chmod +x /usr/local/bin/orbctl 29 sudo chown $(id -u):$(id -g) /usr/local/bin/orbctl 30 ``` 31 32 Create an orb file 33 34 ```bash 35 mkdir -p ~/.orb 36 cat > ~/.orb/config << EOF 37 url: git@github.com:me/my-orb.git 38 masterkey: $(openssl rand -base64 21) 39 repokey: | 40 $(sed s/^/\ \ /g /tmp/myorb_repo) 41 EOF 42 ``` 43 44 ## Enable IAP in a billable GCP project of you choice and create a service account 45 46 Please follow [this](https://cloud.google.com/iap/docs/enabling-compute-howto#iap-enable) instructions and enable IAP for the project in which the compute-instances should run. 47 Under this [link](https://console.cloud.google.com/apis/library/iap.googleapis.com) in the console it should be possible to activate. 48 49 Assign the service account the roles `Compute Admin`, `IAP-secured Tunnel User` and `Service Usage Admin` 50 51 Create a JSON key for the service account 52 53 Encrypt and write the created JSON key to the orbiter.yml 54 55 ```bash 56 orbctl writesecret orbiter.gce.jsonkey --file ~/Downloads/<YOUR_JSON_KEY_FILE> 57 ``` 58 59 ## Bootstrap your Kubernetes cluster on GCE 60 61 ```bash 62 orbctl takeoff 63 ``` 64 65 As soon as the Orbiter has deployed itself to the cluster, you can decrypt the generated admin kubeconfig 66 67 ```bash 68 mkdir -p ~/.kube 69 orbctl readsecret k8s.kubeconfig > ~/.kube/config 70 ``` 71 72 Wait for grafana to become running 73 74 ```bash 75 kubectl --namespace caos-system get po -w 76 ``` 77 78 Open your browser at localhost:8080 to show your new clusters dashboards 79 80 ```bash 81 kubectl --namespace caos-system port-forward svc/grafana 8080:80 82 ``` 83 84 Delete everything created by Orbiter 85 86 ```bash 87 orbctl destroy 88 ```