Closed borkodjurkovic-ssc closed 12 months ago
Validated GKE cluster with public endpoint
see
export CLUSTER=kcc-oi2
export REGION=northamerica-northeast1
export PROJECT_ID=kcc-oi2-cluster
export LZ_FOLDER_NAME=kcc-lz-20230928b
export NETWORK=kcc-oi2-vpc
export SUBNET=kcc-oi2-sn
michael@cloudshell:~/kcc-oi/github/gcp-tools/scripts/bootstrap (kcc-oi)$ ./setup-kcc.sh -afp kcc.env
1644 - estimate 1700 kcc-oi2 cluster up
##INFO - Create Config controller
Create request issued for: [kcc-oi2]
Waiting for operation [projects/kcc-oi2-cluster/locations/northamerica-northeast1/operations/operation-1695933801715-606715bd057e8-f452780e-92d1cb2e] to complete...working..
fix
michael@cloudshell:~/kcc-oi/github/gcp-tools/scripts/bootstrap (kcc-oi)$ ./setup-kcc.sh -afp kcc.env
aiting for operation [projects/kcc-oi2-cluster/locations/northamerica-northeast1/operations/operation-1695933801715-606715bd057e8-f452780e-92d1cb2e] to complete...done.
Created instance [kcc-oi2].
Fetching cluster endpoint and auth data.
kubeconfig entry generated for krmapihost-kcc-oi2.
##INFO - Config controller get credentials
Fetching cluster endpoint and auth data.
kubeconfig entry generated for krmapihost-kcc-oi2.
##WARNING - configure-kcc-access.sh script should be run once connectivity to the cluster is established using bastion host / proxy.
ichael@cloudshell:~/kcc-oi/github/gcp-tools/scripts/bootstrap (kcc-oi2-cluster)$ kubectl get nodes
NAME STATUS ROLES AGE VERSION
gk3-krmapihost-kcc-oi2-default-pool-6fc83c0e-ss20 Ready <none> 9m12s v1.27.3-gke.100
gk3-krmapihost-kcc-oi2-pool-1-28f0e374-tzw8 Ready <none> 3m43s v1.27.3-gke.100
gk3-krmapihost-kcc-oi2-pool-1-ae2f0850-4kmt Ready <none> 7m32s v1.27.3-gke.100
gk3-krmapihost-kcc-oi2-pool-1-c9c2a582-9sdc Ready <none> 2m47s v1.27.3-gke.100
cluster up with no admissions endpoint (has both public and private endpoints)
editupdate: found them in the new 2nd script
Issue is that the access script assumes rootsync usage - it leaves out the kpt optionI recommend we put the yakima service account role additions back to the generic setup script.
.
Changes:
setup-kcc.sh
:git-creds
androot-sync
. Since the config controller cluster is private, this cannot be done at this point. A bastion host / proxy needs to be first provisioned to enable connectivity to the cluster's private endpoint.