1#!/bin/bash
2# Copyright 2022 Google LLC
3#
4# Licensed under the Apache License, Version 2.0 (the "License");
5# you may not use this file except in compliance with the License.
6# You may obtain a copy of the License at
7#
8# http://www.apache.org/licenses/LICENSE-2.0
9#
10# Unless required by applicable law or agreed to in writing, software
11# distributed under the License is distributed on an "AS IS" BASIS,
12# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
13# See the License for the specific language governing permissions and
14# limitations under the License.
15
16# Script to set up GCP
17set -o errexit
18
19# Configure gcloud with your login credentials.
20gcloud auth login
21gcloud auth application-default login
22
23# Set PROJECT_ID to your current project
24export PROJECT_ID=$(gcloud config get-value project)
25
26# Enable the container registry service for storing images created by the make
27# docker-push command.
28gcloud services enable containerregistry.googleapis.com
29
30# Configure gcloud to allow docker to authorize and recognize the gcr.io
31# registry.
32gcloud auth configure-docker
33
34# Enable GKE for your project.
35gcloud services enable container.googleapis.com
36# When creating GKE clusters, you must either provide a zone or set the default
37# zone for gcloud. Set the default zone for gcloud to us-west1-a.
38gcloud config set compute/zone us-west1-a
39# Define the name of your GKE cluster as cnrm-dev.
40export CLUSTER_NAME="cnrm-dev"
41
42if [[ ! $(gcloud beta container clusters list | grep ${CLUSTER_NAME}) ]]; then
43 # Create a GKE cluster with Workload Identity enabled.
44 gcloud beta container clusters create ${CLUSTER_NAME} \
45 --workload-pool=${PROJECT_ID}.svc.id.goog
46fi
47
48echo "deb [signed-by=/usr/share/keyrings/cloud.google.gpg] https://packages.cloud.google.com/apt cloud-sdk main" \
49 | sudo tee -a /etc/apt/sources.list.d/google-cloud-sdk.list
50
51curl https://packages.cloud.google.com/apt/doc/apt-key.gpg | sudo apt-key \
52 --keyring /usr/share/keyrings/cloud.google.gpg add -
53
54sudo apt-get update && sudo apt-get install google-cloud-cli
55
56sudo apt-get install google-cloud-sdk-gke-gcloud-auth-plugin
57
58# Configure kubectl to communicate with the cluster.
59gcloud container clusters get-credentials ${CLUSTER_NAME}
60# Add an annotation to your default K8s namespace to bind it to your GCP project.
61kubectl annotate namespace default \
62 "cnrm.cloud.google.com/project-id=${PROJECT_ID}" \
63 --overwrite
64
65if [[ ! $(gcloud iam service-accounts list | grep "cnrm-system") ]]; then
66 # Create a GCP Service Account.
67 gcloud iam service-accounts create cnrm-system
68fi
69
70# Give the GCP Service Account elevated permissions on your project.
71gcloud projects add-iam-policy-binding ${PROJECT_ID} \
72 --member="serviceAccount:cnrm-system@${PROJECT_ID}.iam.gserviceaccount.com" \
73 --role="roles/owner"
74
75# Create a GCP IAM Policy Binding between the GCP Service Account and the
76# Kubernetes Service Account that will later be created and used by the CNRM
77# Controller Manager.
78gcloud iam service-accounts add-iam-policy-binding cnrm-system@${PROJECT_ID}.iam.gserviceaccount.com \
79 --member="serviceAccount:${PROJECT_ID}.svc.id.goog[cnrm-system/cnrm-controller-manager]" \
80 --role="roles/iam.workloadIdentityUser"
81
82cd ${GOPATH}/src/github.com/GoogleCloudPlatform/k8s-config-connector
83
84make docker-build
85make docker-push
86
87# To ensure the logs are ingested, enable the stackdriver service.
88gcloud services enable stackdriver.googleapis.com
89
90# Deploy the pods and CRDs to your cluster.
91make deploy
92
93GREEN='\033[0;32m'
94NC='\033[0m'
95echo -e "${GREEN}GCP SETUP SUCCESSFUL${NC}"
View as plain text