Deckhouse Kubernetes Platform in Google Cloud

1
Selecting infrastructure
2
Installation information
3
Preparing environment
4
Installation
5
Getting access to the cluster
6
What can I do next?

Before starting the installation, ensure you have the cloud provider quotas required to deploy your cluster. Ensure you have Compute Engine API enabled.

You need to create a service account so that Deckhouse Kubernetes Platform can manage resources in the Google Cloud. The detailed instructions for creating a service account are available in the documentation. Below is a brief sequence of required actions (run them on the personal computer):

List of roles required:

  • roles/compute.admin
  • roles/iam.serviceAccountUser
  • roles/networkmanagement.admin

Export environment variables:

Copy content
export PROJECT_ID=sandbox
export SERVICE_ACCOUNT_NAME=deckhouse
export PROJECT_ID=sandbox export SERVICE_ACCOUNT_NAME=deckhouse

Select a project:

Copy content
gcloud config set project $PROJECT_ID
gcloud config set project $PROJECT_ID

Create a service account:

Copy content
gcloud iam service-accounts create $SERVICE_ACCOUNT_NAME
gcloud iam service-accounts create $SERVICE_ACCOUNT_NAME

Connect roles to the service account:

Copy content
for role in roles/compute.admin roles/iam.serviceAccountUser roles/networkmanagement.admin; do \
  gcloud projects add-iam-policy-binding ${PROJECT_ID} --member=serviceAccount:${SERVICE_ACCOUNT_NAME}@${PROJECT_ID}.iam.gserviceaccount.com --role=${role}; done
for role in roles/compute.admin roles/iam.serviceAccountUser roles/networkmanagement.admin; do \ gcloud projects add-iam-policy-binding ${PROJECT_ID} --member=serviceAccount:${SERVICE_ACCOUNT_NAME}@${PROJECT_ID}.iam.gserviceaccount.com --role=${role}; done

Verify service account roles:

Copy content
gcloud projects get-iam-policy ${PROJECT_ID} --flatten="bindings[].members" --format='table(bindings.role)' \
    --filter="bindings.members:${SERVICE_ACCOUNT_NAME}@${PROJECT_ID}.iam.gserviceaccount.com"
gcloud projects get-iam-policy ${PROJECT_ID} --flatten="bindings[].members" --format='table(bindings.role)' \ --filter="bindings.members:${SERVICE_ACCOUNT_NAME}@${PROJECT_ID}.iam.gserviceaccount.com"

Create a service account key:

Copy content
gcloud iam service-accounts keys create --iam-account ${SERVICE_ACCOUNT_NAME}@${PROJECT_ID}.iam.gserviceaccount.com \
    ~/service-account-key-${PROJECT_ID}-${SERVICE_ACCOUNT_NAME}.json
gcloud iam service-accounts keys create --iam-account ${SERVICE_ACCOUNT_NAME}@${PROJECT_ID}.iam.gserviceaccount.com \ ~/service-account-key-${PROJECT_ID}-${SERVICE_ACCOUNT_NAME}.json
Go back Next: Installation