Skip to main content
Version: 1.28.6

GKE Installer

Fury GKE Installer deploys a production-grade Kubernetes Fury cluster based on Google Kubernetes Engine (GKE).

Modules

The following packages are included in the Fury GKE installer:

ModuleDescription
VPCDeploy the necessary networking infrastructure
VPNDeploy a VPN Server to connect to private clusters
GKEDeploy the GKE cluster

Click on each module to see its full documentation.

Architecture

The GKE installers deploys and configures a production-ready GKE cluster without having to learn all internals of the service.

Architecture

The GKE module deploys a private control plane cluster, where the control plane endpoint is not publicly accessible.

The VPC module setups all the necessary networking infrastructure. The VPN module setups one or more bastion hosts with an OpenVPN server.

The bastion host includes a OpenVPN instance easily manageable by using furyagent to provide access to the cluster.

🕵🏻‍♂️ Furyagent is a tool developed by SIGHUP to manage OpenVPN and SSH user access to the bastion host.

Usage

This installer is a set of terraform modules that will provision all the required components to use a GKE cluster, in which you can then install KFD using furyctl and the KFDDistribution provider.

Requirements

  • GCP Access Credentials of a GCP Account with Project Owner role with the following APIs enabled:
    • Identity and Access Management (IAM) API
    • Compute Engine API
    • Cloud Resource Manager API
    • Kubernetes Engine API
  • terraform >=1.3.0
  • ssh or OpenVPN Client - Tunnelblick (on macOS) or OpenVPN Connect (for other OS) are recommended.

Create GKE Cluster

To create the cluster via the installer you can start from the provided example:

  1. Clone the repository and go to the example folder:

    git clone github.com/sighupio/fury-gke-installer
    cd fury-gke-installer

  2. Login into Google Cloud using the gcloud CLI:

    gcloud auth application-default login
    export GOOGLE_APPLICATION_CREDENTIALS=~/.config/gcloud/application_default_credentials.json

  3. Create a copy of the main.auto.tfvars.dist file inside the vpc folder and populate it with your own values:

    cd examples/vpc
    cp main.auto.tfvars.dist main.auto.tfvars
    vi main.auto.tfvars

  4. Use terraform to create the VPC:

    terraform init
    terraform plan
    terraform apply

  5. Create a copy of the main.auto.tfvars.dist file inside the vpn folder and populate it with your own values:

    cd ../vpn
    cp main.auto.tfvars.dist main.auto.tfvars
    vi main.auto.tfvars

  6. Use terraform to create the VPN bastion host:

    terraform init
    terraform plan
    terraform apply

  7. Create a OpenVPN client certificate using furyagent

    furyagent configure openvpn-client --config=./secrets/furyagent.yml --client-name test > /tmp/fury-example-test.ovpn

  8. Use the /tmp/fury-example-test.ovpn client file to connect to the VPN using the VPN client of your choice

  9. Create a copy of the main.auto.tfvars.dist file inside the gke folder and populate it with your own values:

    cd ../gke
    cp main.auto.tfvars.dist main.auto.tfvars
    vi main.auto.tfvars
    tip

    See the GKE release notes page to know the release names and their maintenance windows. The name you see there is also the one you will need to put inside the cluster_version variable.

    See also the KFD Compatibility Matrix to know the Kubernetes versions that KFD supports.

  10. Use terraform to create the GKE cluster:

    terraform init
    terraform plan
    terraform apply

  11. Get your kubeconfig file from the outputs:

    terraform output -raw kubeconfig > .kubeconfig

  12. Verify that the cluster is up&running:

    KUBECONFIG=.kubeconfig kubectl get nodes

You're all set! Now you can install KFD inside your cluster.