robinbryce / iona

development cluster. gcp with managed k8s, multi-region
1 stars 0 forks source link

Development cluster

Named after Iona is a scottish island with a population of ~120

Note: Diagrams in this document render using Markdown Preview Enhanced - which requires some kind of java installed. apt-get install default-jre

Warts

Cluster Overview

Iona Resources

Iona Components

Plan

Rebuild GKE Project checklist

Enable API's

register a domain for the cluster

With cloud domains

Create service account key for terraform

Configure roles and permissions for terraform

IAM & Admin / IAM -> Compute Engine Default Service account -> Add another role -> (pen icon to right)

Cluster DNS Verification

Identity Platform & Identity Aware Proxy

Aspects of the identiy platform that must be manualy configured for a new GCP project before the tf can be applied.

Can users be managed via tf ?

Create Client ID & Secret for each tenant

Create Oauth client ID in credentials api

https://cloud.google.com/identity-platform/docs/multi-tenancy https://cloud.google.com/identity-platform/docs/multi-tenancy-quickstart https://registry.terraform.io/providers/hashicorp/google/latest/docs/resources/identity_platform_tenant https://registry.terraform.io/providers/hashicorp/google/latest/docs/resources/identity_platform_oauth_idp_config

Terraform Cloud Check List

Create a workspace and link it to this repository

Configure the workspace variables

Confirm the settings

Configure local client auth

before commiting and pushing the repo run terraform init & plan to verify the initial setup. this is a remote operation intiated by the local client. it needs an api token for terraform cloud. T

configure github access

Configure kubectl access