In the previous posts you have seen how to deploy CKAN on a Kubernetes cluster on platforms like AWS and Azure, as well as locally. Today you will see how to do that using GCP. When it comes to creating infrastructure on any cloud provider, first thing that everyone are thinking is Terraform, so you will need to have that also installed. While we are at that subject, let’s describe the commodities that a tool like Terraform provides.
Short intro to IaC
Infrastructure as Code is the process of more practical management and provisioning of cloud and IT resources via machine readable definition files. IaC enables creation, management, and destruction of compute resources by statically defining and declaring these in code.
Terraform
Terraform is an open source tool for building, changing, and versioning infrastructure safely and efficiently. It generates an execution plan describing what it will do to reach the desired state, and then executes it to build the described infrastructure. As the configuration changes, Terraform is able to determine what changed and create incremental execution plans which can then be applied to update infrastructure resources.
Prerequisites
Back to our theme for today. To successfully set things up you will need a few tools to be set up. Make sure that you have the following things set up and updated to suitable versions:
-
gcloud cli and make sure that you are logged in
Steps
Create a new project where you will deploy the instance(you can do it through GUI or terminal)
For example, if you do it through terminal, it would look something like this:
# The first command is for enabling autocompletion
gcloud alpha interactive
gcloud projects create
Then set the project as a default one using:
gcloud config set project
Create a new service account for Terraform to use when deploying
Create a new Service account to use for the deployment using:
gcloud iam service-accounts create terraform-deployment --display-name "Terraform test deployment" --project
Find the e-mail for the Service account that you have created using:
gcloud iam service-accounts list
Get a credentials file for using the created Service account using:
gcloud iam service-accounts keys create sa-creds.json --iam-account
Set the proper authorizations for the Service account using:
gcloud projects add-iam-policy-binding --member=serviceAccount: --role=roles/editor
Create your directory structure for the Terraform files
mkdir -p environments//ckan_instance
For example my deployment will be in europe-west-1 so that is the value I have used in the place of DEPLOYMENT_LOCATION. Files can be structured multiple ways, but we will follow Terraform’s best practices for creating infrastructure files. Files that you will be needing inside the ckan_instance directory to have are:
-
variables.tf
variable "project" { # Here set the project id for the project that you have created default = "" } variable "region" { default = "europe-west1" } variable "zone" { default = "europe-west1-b" } variable "cluster" { default = "ckan-cluster" } variable "credentials" { default = "./sa-creds.json" }Most used variables that our project would be needing. If needed, you can add more here.
-
main.tf
resource "google_project_service" "container" { service = "container.googleapis.com" } resource "google_container_cluster" "primary" { name = var.cluster location = var.zone initial_node_count = 3 master_auth { username = "" password = "" client_certificate_config { issue_client_certificate = false } } node_config { oauth_scopes = [ "https://www.googleapis.com/auth/logging.write", "https://www.googleapis.com/auth/monitoring", ] metadata = { disable-legacy-endpoints = "true" } } timeouts { create = "30m" update = "40m" } }Purpose of the first resource is enabling the Kubernetes Engine API, while the purpose of the second one is creating the Kubernetes cluster.
-
output.tf
output "cluster" { value = google_container_cluster.primary.name } output "host" { value = google_container_cluster.primary.endpoint sensitive = true } output "cluster_ca_certificate" { value = base64decode(google_container_cluster.primary.master_auth.0.cluster_ca_certificate) sensitive = true } output "username" { value = google_container_cluster.primary.master_auth.0.username sensitive = true } output "password" { value = google_container_cluster.primary.master_auth.0.password sensitive = true }Output are the variables from the Cluster resource creation that in a more complex environment would more often than not be needed.
-
providers.tf
provider "google" { credentials = file(var.credentials) project = var.project region = var.region }Basic definition of the Cloud provider for Terraform to know where and under which credentials it would be deploying.
Cluster creation
After the creation of the files the way that you did, cluster is ready to be deployed. You can do that using three commands from the directory where the .tf files are placed, in the example from the ckan_instance directory:
# Prepares the working directory for Terraform configuration
terraform init
# Dry runs the terraform apply command just in case for some existent errors
terraform plan
# Applies the configuration that is places in the current working directory
terraform apply
Cluster connection
After the successful creation of the cluster, you need to connect it to your kubectl configuration:
gcloud container clusters get-credentials ckan-cluster --zone europe-west1-b --project
To verify that you are successfully connected to the cluster and it is the one that you are currently attached to, you can use:
kubectl config get-contexts
or:
kubectl config current-context
you should get something like this as an output for the second command:
gke__europe-west1-b_ckan-cluster
CKAN deployment
As a guide for deployment you can use a previous article on that subject which can be found here, precisely the Deployment section of it.
Note: Since the cluster is not local anymore, accessing the IP address from the outside(ex. your browser) will not work. For that to work also you will need to reserve a static address under the External IP addresses in the Platform console and then add it to the service.
Cleanup
Deleting everything that you did is as easy as it was creating the infrastructure. For that you can just use with ckan_instance as a current directory:
terraform destroy
Finishing note
We in Keitaro often use some additional configurations, like moving the PostgreSQL database out of the Kubernetes cluster to a Cloud SQL instance that the Google Cloud Platform provides for better and cleaner maintenance after the deployment, but I will leave that aside for now since it requires some more configurations.
