Administering Clusters on Google Kubernetes Engine (GKE)

Integrating Cisco Container Platform with Google Kubernetes Engine (GKE), allows you to deploy and run containerized applications on Google Cloud Platform (GCP).

This chapter contains the following topics:

Prerequisites for Configuring Clusters on GKE

The prerequisites for configuring clusters on GKE are as follows:

See also Adding Google Kubernetes Engine Provider Profile.

Creating New Project on GCP

You need to create a new project on Google Cloud Platform (GCP) to use the GKE services.

Procedure

Step 1

Go to the New Project page on GCP.

Step 2

In the Project name field, enter a name for your project, and then click CREATE.

For more information, see Creating Your Project.

Creating Service Account

A service account represents a Google Cloud service identity. You need to create a service account to interact with the google APIs.

Procedure

Step 1

Open the GCP console:

https://console.cloud.google
Step 2

In the left pane, click IAM & Admin > Service Accounts.

The Service Accounts page appears on the GCP console.
Step 3

Click SELECT PROJECT, choose your project, and then click OPEN.

Step 4

Click CREATE SERVICE ACCOUNT.

The Create service account page appears.
Step 5

In the Service account details area, enter a service account name, a description, and then click CREATE.

Step 6

In the Service account permissions page, add the following roles:

  • Compute Viewer

  • Kubernetes Engine Admin

  • Service Account User

  • Viewer
Step 7

Click CONTINUE.

Step 8

Grant users access to this service account and click DONE.

For more information, see Creating and managing service accounts.

Creating User Credentials on GCP

Procedure

Step 1

Open the GCP console:

https://console.cloud.google.com
Step 2

In the left pane, click IAM & Admin > Service Accounts.

The Service accounts page appears on the GCP console.
Step 3

In the left pane, click Service accounts.

Step 4

In the row of the service account for which you want to create a key, click Actions button, and then click Create key.

Step 5

Select a JSON key type and click CREATE.

The credentials are saved to your computer in the credentials.json file. You need to copy and paste the contents of this file when adding a GKE provider. For more information, see Adding Google Kubernetes Engine Provider Profile.

For more information on creating credentials in GCP, see Creating and managing service account keys.

Enabling GCP APIs

You need to enable the GCP APIs to allow querying and responding to the Google APIs.

Procedure

Step 1

Open the GCP console:

https://console.cloud.google
Step 2

In the left pane, click APIs & Services > Dashboard.

The APIs & Services page appears on the GCP console.
Step 3

Click ENABLE APIS AND SERVICES.

Step 4

In the search box, enter Kubernetes Engine API, and then click ENABLE.

Step 5

In the search box, enter Cloud Resource Manager API, and then click ENABLE.

Configuring Control Plane Proxy for GKE Access

If your Control Plane VMs need proxy configuration to access the internet, specifically GKE API endpoints, you must configure the proxy information on Cisco Container Platform.

Procedure

Step 1

SSH to the master node of the control plane.

Step 2

Run the following commands to specify the proxy information:

Note 
You need to replace <Proxy_URL_or_IPAddress:Port> with the URL/IP address of your proxy server and the no_proxy list with a list of your internal IP addresses. 

kubectl patch deploy kaas-api --patch='{"spec":{"template":{"spec":{"$setElementOrder/containers":[{"name":"api"}],"containers":[{"$setElementOrder/env":[{"name":"http_proxy"},{"name":"https_proxy"},{"name":"no_proxy"},{"name":"BIND_HOST"},{"name":"K8S_NAMESPACE"},{"name":"CCP_NETWORK_SERVICE_URL"},{"name":"LEGACY_DB_URL"},{"name":"DEFAULT_DB_URL"},{"name":"CCP_JWT_SIGNING_KEY"},{"name":"TLS_KEY_FILE"},{"name":"TLS_CERT_FILE"},{"name":"AES_KEY"},{"name":"SUPPORTED_EKS_REGIONS"}],"env":[{"name":"http_proxy","value":"<Proxy_URL_or_IPAddress:Port>"},{"name":"https_proxy","value":"<Proxy_URL_or_IPAddress:Port>"},{"name":"no_proxy","value":"kaas-*,mysql*,kube*,localhost,127.0.0.0/8,10.0.0.0/8,172.16.0.0/12,192.168.0.0/16"}],"name":"api"}]}}}}'

kubectl patch deploy kaas-ccp-gke-operator --patch '{"spec":{"template":{"spec":{"$setElementOrder/containers":[{"name":"ccp-gke-operator"}],"containers":[{"$setElementOrder/env":[{"name":"no_proxy"},{"name":"http_proxy"},{"name":"https_proxy"},{"name":"WATCH_NAMESPACE"},{"name":"OPERATOR_NAME"},{"name":"CCP_API"},{"name":"RESYNC_PERIOD"},{"name":"WEBHOOK_SECRET"},{"name":"WEBHOOK_ENABLED"}],"env":[{"name":"no_proxy","value":"localhost,127.0.0.0/8,10.0.0.0/8,172.16.0.0/12,192.168.0.0/16"},{"name":"http_proxy","value":"<Proxy_URL_or_IPAddress:Port>"},{"name":"https_proxy","value":"<Proxy_URL_or_IPAddress:Port>"}],"name":"ccp-gke-operator"}]}}}}'

Creating Clusters on GKE

Before you begin

Ensure that you have completed the prerequisites for configuring clusters on GKE. For more information, see Prerequisites for Configuring Clusters on GKE.

Procedure

Step 1

In the left pane, click Clusters, and then click the GKE tab.

Step 2

Click NEW CLUSTER.

Step 3

In the Basic Information screen, specify the following information:

  1. From the INFRASTRUCTURE PROVIDER drop-down list, choose the provider related to the appropriate GKE account.

  2. In the KUBERNETES CLUSTER NAME field, enter a name for your cluster.

  3. From the LOCATION drop-down list, choose a GKE region.

    Note 
    For more information on the supported regions, see Cloud Locations.

  4. The KUBERNETES VERSION drop-down list, choose the Kubernetes version for your cluster.

  5. Click NEXT.

Step 4

In the Node Configuration screen, specify the following information:

  1. In the WORKER NODES field, enter an appropriate number of worker nodes.

  2. Use the AUTOSCALING toggle button to enable autoscaling, and then set the minimum and maximum number of worker nodes.

  3. In the NODE POOL NAME field, enter an alphanumeric name for the primary node pool of your cluster.

  4. From the MACHINE TYPE drop-down list, choose an appropriate machine type for your VMs.

    For more information, see Machine types.

  5. From the IMAGE TYPE drop-down list, choose an appropriate image type for your VMs.

  6. Use the USE PREEMPTIBLE VMS toggle button to enable or disable preemptible VMs.

    For more information, see Running preemptible VMs.

  7. Click NEXT.

Step 5

In the Summary screen, review the cluster information, and then click FINISH.

Cluster creation can take up to 20 minutes. You can monitor cluster creation status on the Clusters screen.

Deleting Clusters on GKE

Before you begin

Ensure that the GKE cluster that you want to delete is not currently in use, as deleting a cluster removes the containers and data associated with it.

Procedure

Step 1

In the left pane, click Clusters, and then click the GKE tab.

Step 2

From the drop-down list displayed under the ACTIONS column, choose Delete for the cluster that you want to delete.

Step 3

Click DELETE in the confirmation dialog box.

Upon deleting a GKE cluster, it takes about 15 minutes for the cluster resources to be released.