This walk-through will detail the technical configurations for using vRA Code Stream to deploy Google Kubernetes Clusters (GKE), register them as:
- Kubernetes endpoints in vRA Cloud Assembly and Code Stream
- An attached in Tanzu Mission Control
- Onboard in Tanzu Service Mesh
This post mirrors my other blog posts following similar concepts:
Requirement
After covering EKS and AKS, I thought it was worthwhile to finish off the gang and deploy GKE clusters using Code Stream.
Building on my previous work, I also added in the extra steps to onboard this cluster into Tanzu Service Mesh as well.
High Level Steps
- Create a Code Stream Pipeline
- Create a Google GKE Cluster
- Create GKE cluster as endpoint in both vRA Code Stream and Cloud Assembly
- Register GKE cluster in Tanzu Mission Control
- Onboard the cluster to Tanzu Service Mesh
Pre-Requisites
- vRA Cloud access
- The pipeline can be changed easily for use with vRA on-premises
- Google Cloud account that can provision GKE clusters
- The Kubernetes Engine API needs to be enabled
- Basic knowledge of deploying GKE
- This is a good beginners guide if you need
- You will need to create a Service Account that the gcloud CLI tool can use for authentication
- A Docker host to be used by vRA Code Stream
- Ability to run the container image: gcr.io/google.com/cloudsdktool/google-cloud-cli
- Tanzu Mission Control account that can register new clusters
- VMware Cloud Console Tokens for vRA Cloud, Tanzu Mission Control and Tanzu Service Mesh API access
- The configuration files for the pipeline can be found in this GitHub repository
Creating a Code Stream Pipeline to deploy a Azure AKS Cluster and register the endpoints with vRA and Tanzu Mission Control
Create the variables to be used
First, we will create several variables in Code Stream, you could change the pipeline tasks to use inputs instead if you wanted
- Create as regular variable
- gke-tmc-url
- This is your Tanzu Service Mesh URL
- gke-tsm-url
- This is your Tanzu Mission Control URL
- gke-tmc-token
- VMware Cloud Console token for access to use Tanzu Mission Control
- gke-tmc-url
- Create as secret
- tmc-csp-token
- This is a CSP token to access Tanzu Service Mesh
- tsm-csp-token
- This is a CSP Token to access Tanzu Mission Control
- vra-csp-token
- This is a CSP Token to access vRA Cloud Assembly and Code Stream
- google-cloud-auth
- This is the Google Cloud Service Account JSON file contents converted to a Base64 String
- tmc-csp-token
Import the “Deploy GKE Cluster” pipeline
Create (import) the pipeline in Code Stream. (File here). Set line two to your project name then click import.
Open the pipeline, so that we can now configure the necessary items for your infrastructure.
On the Input tab, change the defaults as necessary. I’ve aimed to make the descriptions as useful as possible.
On the Workspace tab, select your Docker Host to use.
On the Model tab, select each task and click the validate button, ensure you get a green tick. If there are any errors displayed, resolve them. Usually, it’s the referenced variable names do not match.
- (Optional) I wrote a blog post here on extracting files created by a CI Task and email notifications. You could use this example to extend the functionality of this pipeline if you wanted.
Let’s dive into how the Pipeline Stages and Tasks within are configured, or you can skip down to the next heading which will continue to use the pipeline.
- Build Kubernetes Cluster
- Google Cloud Auth (CI Task)
- Gets the Google Cloud Auth variable, decrypts the base64 into a JSON file
- Authenticate using the gcloud cli as the service account using the JSON file
- Set the google cloud project for where the GKE Cluster will be created
- Build GKE Cluster (CI Task)
- Using the gcloud cli, create a GKE cluster, providing the cluster name, region, machine type and number of nodes as arguments. Verbose Debug output selected.
- gcloud CLI will create a kubeconfig file and set it to the default context for kubectl. This will use Google auth to the cluster.
- Google Cloud Auth (CI Task)
- Add GKE Cluster to vRA
- Create Cluster Service Account (CI Task)
- Create a YAML definition to apply to the Kubernetes cluster to create a Service Account
- Create Role Binding (CI Task)
- Only triggered if User Input for Add to Code Stream or Cloud Assembly is set to yes
- Create a YAML definition to apply to the Kubernetes cluster to create a Role Binding for the Service Account
- Install jq (CI Task)
- Installs jq package into container for use in the next task
- Get GKE Cluster details (CI Task)
- Only triggered if User Input for Add to Code Stream or Cloud Assembly is set to yes
- Get and save variables that contain the Service Account Token, Kubernetes Cluster API address, CA Certificate and Certificate Fingerprint
- Get vRA Cloud API Token (REST Task)
- Only triggered if User Input for Add to Code Stream or Cloud Assembly is set to yes
- REST API call to exchange API Token for accessToken
- Create Code Stream Endpoint (REST Task)
- Only triggered if User Input for Add to Code Stream is set to yes
- Create a Kubernetes endpoint in Code Stream, building the payload from the “Get GKE Cluster details” task
- Authorization Header is built from output of “Get vRA Cloud API Token” Task.
- Create Cloud Assembly K8s Endpoint (REST Task)
- Only triggered if User Input for Add to Cloud Assembly is set to yes
- Create a Kubernetes endpoint in Cloud Assembly, building the payload from the “Get GKE Cluster details” task
- Authorization Header is built from output of “Get vRA Cloud API Token” Task.
- Create Cluster Service Account (CI Task)
- Add GKE to TMC
- Get TMC API Token (REST Task)
- Only triggered if User Input for Add to TMC is set to yes
- REST API call to exchange API Token for accessToken
- Create TMC cluster attach task (REST Task)
- Only triggered if User Input for Add to TMC is set to yes
- API Call to create a new attached cluster in TMC, payload built from user inputs
- Install TMC to Cluster (CI Task)
- Only triggered if User Input for Add to TMC is set to yes
- Apply the provided installation file (URL) from TMC (Output from the previous task).
- Check the TMC API for status update in while loop
- Get TMC API Token (REST Task)
- Add GKE to TSM
- Get TSM API Token (REST Task)
- Only triggered if User Input for Add to TSM is set to yes
- REST API call to exchange API Token for accessToken
- Get TSM Onboarding URL (REST Task)
- Only triggered if User Input for Add to TSM is set to yes
- API Call to get the onboarding URL
- Create Cluster in TSM (REST Task)
- Only triggered if User Input for Add to TSM is set to yes
- Create the new cluster object in TSM
- Payload built from user inputs
- Install TSM to Cluster (CI Task)
- Only triggered if User Input for Add to TSM is set to yes
- Apply the TSM configuration files to the Kubernetes cluster
- Wait for TSM To be installed
- Only triggered if User Input for Add to TSM is set to yes
- While loop to check TSM API for status of cluster onboarding
- Get TSM API Token (REST Task)
When you are happy, click save on the bottom left and enable the pipeline.
Running the pipeline
Now the pipeline is enabled, you will be able to run the pipeline.
Provide the details for the inputs.
Click to view the running execution of the pipeline either on the Executions page, or from the little green dialog box that appears if you ran the pipeline from within the pipeline editing view.
Below you can see the output of the first stage and task running. You can click each stage and task to see the progress and outputs from running the commands. Once the pipeline has completed, you’ll see an output all green and the completed message.
And finally, you’ll have the following items created and configured.
- Google GKE Cluster
- Cloud Assembly – External Kubernetes Endpoint
- Code Stream – Kubernetes Endpoint
- Tanzu Mission Control – Kubernetes cluster attached
- Tanzu Service Mesh – Kubernetes cluster onboarded
Wrap up
This blog post is very similar to my previous posts for deploying AWS EKS resources using vRA and Deploying AKS Clusters using vRA. There are a few changes under the hood to make this method work for GKE, as well as extending this further to include onboarding the cluster into Tanzu Service Mesh.
Hopefully this was helpful.
Regards