Disclaimer: This project sets up a Gardener landscape on a GKE cluster. This is by no means a productive setup!
- Kubernetes cluster (min 4x n1-standard-2 nodes)
- Domain/Zone in CloudDNS
- GCP serviceaccount
- terraform
- yaml2json
- jq
- cfssl
- openssl
- kubectl
- helm
There's a docker image with the dependencies available at afritzler/virtual-gardener-gke
First we need to clone and configure our setup
git clone https://github.com/afritzler/virtual-gardener-gke.git
cd virtual-gardener-gke
cp setup.yaml.example setup.yamlexport GKE_CLUSTER_NAME=gardener
export GCP_PROJECT=`gcloud config get-value project`
gcloud container clusters create $GKE_CLUSTER_NAME --num-nodes=4 --machine-type=n1-standard-4 --zone=europe-west1-b --enable-basic-auth --password f00barYou will need a kubeconfig with basic-auth user authentication:
export KUBECONFIG=/tmp/kubeconfig
gcloud container clusters get-credentials $GKE_CLUSTER_NAME --zone europe-west1-b --project $GCP_PROJECT
mv kubeconfig $KUBECONFIG
src/bin/convertkubeconfigThe basic authentication credentials for your cluster can be found under cluster details -> "Show credentials".
You need to enter admin/f00bar (from above) and it should be created at ./kubeconfig
gcloud iam service-accounts create gardener --display-name "Gardener"
gcloud projects add-iam-policy-binding $GCP_PROJECT --member="serviceAccount:gardener@$GCP_PROJECT.iam.gserviceaccount.com" --role="roles/editor"
gcloud iam service-accounts keys create ./google-serviceaccount.json --iam-account gardener@$GCP_PROJECT.iam.gserviceaccount.comThen, edit the setup.yaml accordingly (e.g. paste the contents of google-serviceaccount.json)
Either install dependencies locally or use the provided docker image:
docker run --rm -it -v $(pwd):/gardener -w /gardener afritzler/virtual-gardener-gkesrc/ingress-controller/deployDeploy the Etcd needed by the Gardener extension API server
src/etcd/deploysrc/identity/deploysrc/virtualapiserver/deployDeploy the Gardener extension API server and controller
src/gardener/deployDeploy and configure CloudProfile, Seed, etc ...
src/gardenconfig/deploysrc/dashboard/deployTo access the Gardener Dashboard, use
cat state/identity/dashboardurlto figure out the dashboard URL.
The kubeconfig can be found under state/virtualapiserver/kubeconfig.yaml. So in order to deploy something to the Gardener API server you need to run
kubectl --kubeconfig=state/virtualapiserver/kubeconfig.yaml apply -f examples/shoot.yamlDelete the created shoot cluster (a simple kubectl delete shoot NAME is not allowed in order to prevent users from accidentally deleting their clusters – instead, they need to confirm upfront that the deletion is fine by annotating the shoot resource. You can use this script to do that: https://github.com/gardener/gardener/blob/master/hack/delete (./hack/delete shoot gcp-test garden-core)).
To do it the manual way
kubectl --kubeconfig=state/virtualapiserver/kubeconfig.yaml -n garden-core annotate shoot gcp-test confirmation.garden.sapcloud.io/deletion=true --overwrite
kubectl --kubeconfig=state/virtualapiserver/kubeconfig.yaml -n garden-core delete shoot gcp-testkubectl --kubeconfig state/virtualapiserver/kubeconfig.yaml annotate project core confirmation.garden.sapcloud.io/deletion=true --overwrite
kubectl --kubeconfig state/virtualapiserver/kubeconfig.yaml delete -f gen/gardenconfig/config.yamlhelm delete --purge gardenerhelm delete --purge virtual-apiserverhelm delete --purge identityhelm delete --purge gardener-dashboardhelm delete --purge virtual-garden-etcdhelm delete --purge nginx-ingress-controller
# to delete the DNS record
./src/ingress-controller/destroykubectl delete ns garden