Skip to content

hasebe/config-controller-templates

BranchesTags

Folders and files

NameName
Last commit message
Last commit date

Latest commit

 

History

8 Commits
template1
template1
 
 
template2
template2
 
 
CONTRIBUTING.md
CONTRIBUTING.md
 
 
LICENSE
LICENSE
 
 
README.md
README.md
 
 

Repository files navigation

config-controller-templates

This repository hosts templates for config controller. All assets are work in progress.

All templates are intended to be deployed on Config Controller.

Set up an environment

Follow the steps to deploy templates. The steps are tested on Cloud Shell.

Set up Config Controller (Ref.)

  1. Define environment variables

    Replace values to adopt your environment.

    export CONFIG_CONTROLLER_NAME=config-controller01
export PROJECT_ID=project_id
export [email protected]

  2. Enable required services

    gcloud services enable krmapihosting.googleapis.com \
  container.googleapis.com \
  cloudresourcemanager.googleapis.com

  3. Create Config Controller

    gcloud anthos config controller create $CONFIG_CONTROLLER_NAME \
  --location=us-central1

  4. Authenticate with the Config Controller cluster

    gcloud anthos config controller get-credentials $CONFIG_CONTROLLER_NAME \
  --location us-central1

  5. Give Config Controller permission to manage Google Cloud resources

    export SA_EMAIL="$(kubectl get ConfigConnectorContext -n config-control \
  -o jsonpath='{.items[0].spec.googleServiceAccount}' 2> /dev/null)"
gcloud projects add-iam-policy-binding "${PROJECT_ID}" \
  --member "serviceAccount:${SA_EMAIL}" \
  --role "roles/owner" \
  --project "${PROJECT_ID}"

Set up a namespace to manage the project (Ref.)

  1. Install the ResourceGroup CRD

    kpt live install-resource-group

  2. Fetch the Project Namespace blueprint

    kpt pkg get \
  https://github.com/GoogleCloudPlatform/blueprints.git/catalog/project/kcc-namespace@main \
  $PROJECT_ID

  3. Move into the directory

    cd $PROJECT_ID/

  4. Configure the package by modifying the setters.yaml

    cat > setters.yaml << EOF
apiVersion: v1
kind: ConfigMap
metadata:
  name: setters
data:
  project-id: $PROJECT_ID
  management-project-id: $PROJECT_ID
  management-namespace: config-control
  projects-namespace: config-control
  networking-namespace: config-control
EOF

  5. Render the setter values into the templated resources

    kpt fn render

  6. Configure tenant permissions

    cat > project-admin.yaml << EOF
apiVersion: rbac.authorization.k8s.io/v1
kind: RoleBinding
metadata:
  name: project-admin
  namespace: $PROJECT_ID
roleRef:
  kind: ClusterRole
  name: cnrm-admin
  apiGroup: rbac.authorization.k8s.io
subjects:
- kind: User
  name: $TENANT_EMAIL
  apiGroup: rbac.authorization.k8s.io
EOF

  7. Initialize the working directory with kpt, which creates a resource to track changes

    kpt live init --namespace config-control

  8. Apply the resources

    kpt live apply

Deploy a template

  1. Fetch a template

    Specify the template number. Following command uses template1 as a example.

    kpt pkg get https://github.com/hasebe/config-controller-templates/template1 template1

  2. Move into the directory

    cd template1/

  3. Update variables in setters.yaml on each directory to adjust your enviroment

  4. Initialize the working directory with kpt, which creates a resource to track changes

    kpt live init --namespace $PROJECT_ID

  5. Render the setter values into the templated resources

    kpt fn render

  6. Apply the resources

    kpt live apply --namespace $PROJECT_ID

About

No description, website, or topics provided.

Resources

Readme

License

Apache-2.0 license
Activity

Stars

2 stars

Watchers

2 watching

Forks

0 forks
Report repository

Releases

No releases published

Packages

No packages published