From 99d79671eb6dbdfc18fa3daaf7472b9dacbab8be Mon Sep 17 00:00:00 2001 From: Siddharth Rawat Date: Mon, 6 Nov 2023 12:49:52 -0500 Subject: [PATCH] docs: update GKE configuration and connection to bastion host Fixes issue #24 --- README.md | 42 +++++++++++++++++++++++++++++++++++++++++ modules/bastion/main.tf | 12 ++++++------ modules/k8s/main.tf | 3 +-- 3 files changed, 49 insertions(+), 8 deletions(-) diff --git a/README.md b/README.md index 1135022..effb4c8 100644 --- a/README.md +++ b/README.md @@ -325,3 +325,45 @@ terraform { } } ``` + +## Google Kubernetes Engine + +To run the kubernetes cluster on Google Kubernetes Engine, we use the [`google_container_cluster`](https://registry.terraform.io/providers/hashicorp/google/latest/docs/resources/container_cluster) resource to define the cluster configurations. + +> To provision a GKE cluster on Google Cloud, refer [here](https://learn.hashicorp.com/tutorials/terraform/gke?in=terraform/kubernetes&utm_source=WEBSITE&utm_medium=WEB_IO&utm_offer=ARTICLE_PAGE&utm_content=DOCS). +> See the [Using GKE with Terraform](https://registry.terraform.io/providers/hashicorp/google/latest/docs/guides/using_gke_with_terraform) guide for more information about using GKE with Terraform. + +Once the setup is configured, we need to connect to the bastion host in order to interact with the private GKE cluster. Follow the steps mentioned below in order to connect to the `bastion host` via your local terminal: + +- Install the google `gke-cloud-auth-plugin` locally: + +```bash +gcloud components install gke-gcloud-auth-plugin +``` + +- Get the cluster configuration to be written into `~/.kube/config`: + +```bash +gcloud container clusters get-credentials primary \ + --region= \ + --project= +``` + +- Connect to the tunnel via SSH: + +```bash +ssh -i ~/.ssh/ @ -L 8888:127.0.0.1:8888 -N -q -f +``` + +- Configure `HTTPS_PROXY` to point to `localhost:8888`: + +```bash +export HTTPS_PROXY=localhost:8888 +``` + +- Confirm connection to the GKE cluster: + +```bash +kubectl get all +kubectl get ns +``` diff --git a/modules/bastion/main.tf b/modules/bastion/main.tf index 1ca4f38..23b5681 100644 --- a/modules/bastion/main.tf +++ b/modules/bastion/main.tf @@ -22,7 +22,7 @@ resource "google_compute_instance" "bastion" { metadata_startup_script = file("../modules/bastion/startup.sh") - // Allow the instance to be stopped by Terraform when updating configuration. + # Allow the instance to be stopped by Terraform when updating configuration. allow_stopping_for_update = true network_interface { subnetwork = var.subnet_name @@ -39,9 +39,9 @@ resource "google_compute_instance" "bastion" { enable-oslogin : "TRUE" } - /* local-exec providers may run before the host has fully initialized. - However, they are run sequentially in the order they were defined. - This provider is used to block the subsequent providers until the instance is available. */ + # local-exec providers may run before the host has fully initialized. + # However, they are run sequentially in the order they were defined. + # This provider is used to block the subsequent providers until the instance is available. # provisioner "local-exec" { # command = <