Creating a Temporary GCP Cluster
Objective
To create a temporary demo cluster on Google Cloud Platform using Roost enabled automation.
User Persona
Admin: Someone who has an account with GCP and starts/stops clusters for their customers (like Ben, Jonathan)
End-User: Someone who uses these clusters for a temporary duration (like Tufin Customer)
Artifacts
The Roost provided solution consists of:
Executable - gcpController
Config JSON template - gcp_config.json.template & gcp_config.json
Roost Website based access for Admin and Users - roost.io & roost.io/tufin
Features
These artifacts together, allow the admin to
Request 1 or more GCP Clusters to be provisioned
View clusters provisioned so far
Stop any cluster on-demand
The solution allows the end-user to
Connect to the cluster using Roost Website
Execute “kubectl” and “docker” commands
Steps for End-User
Open a browser and visit web-page roost.io/tufin
Enter the email and token provided by the admin
This will open a terminal on the web-page where Kubernetes and Docker commands can be run
Refresh the page if the terminal does not load for any reason
Steps for Admin
Getting GCP Service Account
Connect to your GCP account
Create a service account
Assign Owner role to the service account.
Download the service account key file and save it as “googleApi.key” under /var/tmp/Roost/
You can watch a small video (< 2 min) https://youtu.be/w41t1xJDHgk for detailed steps
Spawning a GCP cluster - the first time
Connect to a terminal (Mac)
export the following variables at the minimum
ROOST_AUTH_TOKEN=”<Value provided by Roost Team>"
SVC_ACCOUNT_JSON=”Location of the googleApi.key”
USER_EMAIL="<any email value>"
USER_NAME="<any unique name, only alphabets>"
Download and run the bash script at getController.sh
Sample usage is below:
export ROOST_AUTH_TOKEN="xxx" USER_EMAIL="abc@xyz.com" USER_NAME="demo" SVC_ACCOUNT_JSON="/var/tmp/Roost/googleApi.key" ;
curl https://tempcluster.s3-us-west-1.amazonaws.com/getController.sh -o ~/getController.sh
chmod +x ~/getController.sh
#
###
# To just download the binaries and config
~/getController.sh
###
# OR
# To launch the first cluster along with the binaries download
~/getController.sh start
Start & Stop GCP Cluster using binary
/var/tmp/Roost/bin/gcpController start /var/tmp/Roost/bin/gcp_config.json
/var/tmp/Roost/bin/gcpController stop /var/tmp/Roost/bin/gcp_config.json
Dashboard to show your GCP Clusters (and stop them)
Connect to roost.io using Google Auth and corporate email
Click on Partner Dashboard
Advanced Configuration Option
If the admin desires multiple clusters to be started/stopped at once, then the CustomerInfo JSON list can be defined accordingly
The below environment variables allow you to control the type of cluster
NUM_WORKERS=<any integer to denote the number of worker nodes>
CLUSTER_EXPIRATION=<any whole number to denote the cluster/nodes life in hours>
PREEMPTIBLE=<false|true> # to use preemptimble instances or not
K8S_VERSION="1.18.1" # any valid K8s version string
INSTANCE_TYPE="e2-small" # any valid GCP instance type, prefer instances with min 2CPU and 2GB RAM
DISK_SIZE="20GB" # any number greater than 20GB, denotes disk size in GB