Before this module can be used on a project, you must ensure that the following pre-requisites are fulfilled:

1. Terraform and kubectl are installed on the machine where Terraform is executed.
2. The Service Account you execute the module with has the right permissions.
3. The Compute Engine and Kubernetes Engine APIs are active on the project you will launch the cluster in.
4. If you are using a Shared VPC, the APIs must also be activated on the Shared VPC host project and your service account needs the proper permissions there.

The project factory can be used to provision projects with the correct APIs active and the necessary Shared VPC connections.

• kubectl

• Terraform
• Terraform Provider for GCP

• httpie

• Helm

Some submodules use the terraform-google-gcloud module. By default, this module assumes you already have gcloud installed in your $PATH. See the module documentation for more information.

In order to execute this module you must have a Service Account with the following project roles:

• roles/compute.viewer
• roles/compute.securityAdmin (only required if add_cluster_firewall_rules is set to true)
• roles/container.clusterAdmin
• roles/container.developer
• roles/iam.serviceAccountAdmin
• roles/iam.serviceAccountUser
• roles/resourcemanager.projectIamAdmin (only required if service_account is set to create)

Additionally, if service_account is set to create and grant_registry_access is requested, the service account requires the following role on the registry_project_ids projects:

• roles/resourcemanager.projectIamAdmin

In order to operate with the Service Account you must activate the following APIs on the project where the Service Account was created:

• Compute Engine API - compute.googleapis.com
• Kubernetes Engine API - container.googleapis.com

This example creates a Cloud Endpoints service and requires that the Service Manangement API is enabled.

• Enable the Service Management API:

gcloud services enable servicemanagement.googleapis.com cloudapis.googleapis.com compute.googleapis.com container.googleapis.com

gcloud auth list 
gcloud container clusters list
gcloud config set project <project_name>

project              = "<change>" # project name  
region               = "europe-west1" #
location             = "europe-west1-b"
gcp_auth_file        = "./files/<change>.json" # Service accaunt key
network\_name        = "tf-gce-helm" # Network name
app_name             = "<change>" # Name for your app
registry\_username   = "<change>" # User name Dockerhub
registry\_password   = "<change>" # pass Dockerhub
registry\_email      = "<change>@gmail.com" # Mail DockerHub
registry\_server     = "docker.io" # -

Then perform the following commands on the root folder:

• terraform init to get the plugins
• terraform plan to see the infrastructure plan
• terraform apply to apply the infrastructure build
• terraform destroy to destroy the built infrastructure

• Install network-multitool for tests

kubectl create deployment multitool --image=praqma/network-multitool

• Prerequisites

Actions > Expose Port mapping - Port1 80 / Target port1 80 (expose)

• Get the cluster credentials and configure kubectl:

gcloud container clusters list
gcloud container clusters get-credentials <cluster_name> --region  europe-west1-b

helm list
helm upgrade --install -f app/values.yaml app ./app
helm uninstall <chart(nginx)>

• Grafana Login to grafana and add dashboards

  • login: admin
  • password: strongpassword(change)

Loki Logs with quicksearch 13359

./files/grafana/dashboards/

• Prometheus