- Cannot use climate-engine service account to deploy b/c tf tries to recreate it
- Create a minimal GKE cluster with at least one node and machine type "e2-medium" (do not use Autopilot)
- Connect to the cluster
so that
kubectl
commands work - Create a Service Account
in the project and assign the role
roles/owner
- Create (and download) a json key for the service account
- Create a Kubernetes secret containing the json key by running the following:
kubectl create secret generic google-cloud-key --from-file=key.json=PATH-TO-KEY-FILE.json
(Note that the key within the secret must be namedkey.json
) - Install using the GCP Marketplace listing: https://console.cloud.google.com/marketplace/product/climate-engine-public/climate-engine
tl;dr: see prep_cluster.sh
export PROJECT_ID=[project_id]
gcloud config set project $PROJECT_ID
- Create GKE cluster:
gcloud services enable container.googleapis.com gcloud beta container clusters create "climate-engine-1" --zone "us-central1-c" --machine-type "e2-medium" --num-nodes "1" --node-locations "us-central1-c"
- Connect to cluster:
gcloud container clusters get-credentials climate-engine-1 --zone "us-central1-c"
- Create Service account:
gcloud iam service-accounts create climate-engine --display-name="Climate Engine Service Account"
- Grant
roles/owner
on service account:gcloud projects add-iam-policy-binding $PROJECT_ID --member="serviceAccount:climate-engine@${PROJECT_ID}.iam.gserviceaccount.com" --role="roles/owner"
- Generate json key:
gcloud iam service-accounts keys create \ climate-engine-${PROJECT_ID}.json \ --iam-account=climate-engine@${PROJECT_ID}.iam.gserviceaccount.com
- Add JSON key to GKE:
(Note that the key within the secret must be named
kubectl create secret generic google-cloud-key --from-file=key.json=climate-engine-${PROJECT_ID}.json
key.json
as it is in the above command) - Install using the GCP Marketplace listing: https://console.cloud.google.com/marketplace/product/climate-engine-public/climate-engine
tl;dr: see dev_install.sh
- Install
mpdev
tool: https://github.com/GoogleCloudPlatform/marketplace-k8s-app-tools/blob/master/docs/tool-prerequisites.md export PROJECT_ID=[project_id]
gcloud config set project $PROJECT_ID
- Create GKE cluster (Autopilot does not work):
gcloud services enable container.googleapis.com gcloud beta container clusters create "climate-engine-1" --zone "us-central1-c" --machine-type "e2-medium" --num-nodes "1" --node-locations "us-central1-c"
- Connect to cluster:
gcloud container clusters get-credentials climate-engine-1 --zone "us-central1-c"
- Install the Application CRD:
kubectl apply -f "https://raw.githubusercontent.com/GoogleCloudPlatform/marketplace-k8s-app-tools/master/crd/app-crd.yaml"
- Create Service account:
gcloud iam service-accounts create climate-engine --display-name="Climate Engine Service Account"
- Grant
roles/owner
on service account:gcloud projects add-iam-policy-binding $PROJECT_ID --member="serviceAccount:climate-engine@${PROJECT_ID}.iam.gserviceaccount.com" --role="roles/owner"
- Generate json key:
gcloud iam service-accounts keys create \ climate-engine-${PROJECT_ID}.json \ --iam-account=climate-engine@${PROJECT_ID}.iam.gserviceaccount.com
- Add JSON key to GKE:
kubectl create secret generic google-cloud-key --from-file=key.json=climate-engine-${PROJECT_ID}.json
- Add fake billing key to k8s:
gsutil cp gs://cloud-marketplace-tools/reporting_secrets/fake_reporting_secret.yaml . echo "metadata: {name: fake-reporting-secret}" >> fake_reporting_secret.yaml kubectl apply -f fake_reporting_secret.yaml
- Pull latest version:
docker pull gcr.io/ce-deployment/deployer:latest
- Dev install:
docker pull gcr.io/ce-deployment/deployer:latest mpdev verify --deployer=gcr.io/ce-deployment/deployer:latest mpdev install --deployer=gcr.io/ce-deployment/deployer:latest --parameters='{"app_name": "test-deployment", "namespace": "default", "sql_password": "asdfasdfasdf", "sa_secret_name": "google-cloud-key" }'
Copyright (c) 2021 Climate Engine
All information, content, and source code contained herein is, and remains the property of Climate Engine, Inc. and its suppliers, if any. The intellectual and technical concepts contained herein are proprietary to Climate Engine, Inc. and its suppliers and may be covered by U.S. and foreign Patents, patents in process, and protected by trade secret or copyright law. Dissemination of this information, content, and source code, or reproduction of such material is strictly forbidden unless prior written permission is obtained from Climate Engine, Inc.