README.md

tf-ks-sample

An Infrastructure-as-Code to bootstrap KubeSphere on GKE with Terraform.

Requirements

• gcloud¹ CLI
• terraform² CLI

Usage

Cloud

Login to Terraform Cloud with terraform CLI:

terraform login

Execute commands on remote state stored in Terraform cloud:

terraform plan
terraform apply
terraform destroy

Configure project variables directly in Terraform cloud console (including GCP credentials).

Local

Login to Google Cloud Platform with gcloud CLI using Application Default Credentials (ADC). This is the recommended way to run Terraform on a local workstation. Then be careful to comment Terraform cloud backend configuration.

gcloud auth application-default login
sed -i 's/^\([^#]\)/# \1/g' provision/gcp-gke/backend.tf

Configure project variables in an interactive fashion by running Terraform CLI, or replace values in /provision/gcp-gke/terraform.tfvars.sample and rename file to terraform.tfvars.

cd provision/gcp-gke
# cp terraform.tfvars.sample terraform.tfvars # optional, replace values
terraform init
terraform plan # optional
terraform apply
terraform destroy

Remote machine

Login to Google Cloud Platform with gcloud CLI. It is required to create a GCP service account and its associated json key file. Google Cloud uses a service account key to authenticate and authorize requests to GCP API from an external machine.

export PROJECT_ID="MY_PROJECT"
gcloud auth login
gcloud config set project "${PROJECT_ID}"

Create a json key file from a service account configured with necessary permissions. This script creates a service account, binds policies to it and generates a json key file for using it. Please read /scripts/serviceaccount.sh and /scripts/serviceaccounts/*.sh to create other policy bindings or generate key for an existing service account.³

export PROJECT_ID="MY_PROJECT"
export SERVICE_ACCOUNT_NAME="ts-ks-sample"
bash scripts/serviceaccount.sh "${SERVICE_ACCOUNT_NAME}" "${PROJECT_ID}"

Configure project variables with /provision/gcp-gke/terraform.tfvars.sample, rename file to terraform.tfvars and run Terraform CLI.

export GOOGLE_APPLICATION_CREDENTIALS="$(pwd)/ts-ks-sample.json"
cd provision/gcp-gke
cp terraform.tfvars.sample terraform.tfvars
terraform init -backend-config="..."

---

Change KubeSphere Helm chart values in /provision/gcp-gke/config/ks-installer-values.yaml,

• enable service mesh based on Istio and Envoy:

cc:
  servicemesh:
    enable: true

• enable continous integration toolchain powered by Jenkins, SonarQube and Harbor:

cc:
  devops:
    enabled: true

• enable other integrated features...

Documentation

• Create and manage custom roles on GCP, see documentation.

---

• Terraform Google Cloud Plateform provider documentation.
• Terraform Google Cloud Platform (GCP) Network module documentation.
• Terraform Google Kubernetes Engine (GKE) module documentation.
• Terraform Helm provider documentation.
• Terraform Kubernetes provider documentation.

---

• Use Github Actions and Terraform Cloud for state handling, see Terraform documentation.
• Store Terraform state in a Google Cloud Storage (GCS) bucket, see GCP documentation and Terraform documentation.

Authors

@c3b5aw
@gmarcha

License

Footnotes

1. see Terraform documentation or Docker image. ↩

2. see GCP documentation or Docker image. ↩

3. see GCP documentation. ↩