Creating a Temporary GCP Cluster

Objective

To create a temporary demo cluster on Google Cloud Platform using Roost enabled automation.

User Persona

  • Admin: Someone who has an account with GCP and starts/stops clusters for their customers (like Ben, Jonathan)

  • End-User: Someone who uses these clusters for a temporary duration (like Tufin Customer)

Artifacts

The Roost provided solution consists of:

  • Executable - gcpController

  • Config JSON template - gcp_config.json.template & gcp_config.json

  • Roost Website based access for Admin and Users - roost.io & roost.io/tufin

Features

These artifacts together, allow the admin to

  • Request 1 or more GCP Clusters to be provisioned

  • View clusters provisioned so far

  • Stop any cluster on-demand

The solution allows the end-user to

  • Connect to the cluster using Roost Website

  • Execute “kubectl” and “docker” commands

Steps for End-User

  • Open a browser and visit web-page roost.io/tufin

  • Enter the email and token provided by the admin

  • This will open a terminal on the web-page where Kubernetes and Docker commands can be run

  • Refresh the page if the terminal does not load for any reason

 


Steps for Admin

Getting GCP Service Account

  • Connect to your GCP account

  • Create a service account

  • Assign Owner role to the service account.

  • Download the service account key file and save it as “googleApi.key” under /var/tmp/Roost/

You can watch a small video (< 2 min) https://youtu.be/w41t1xJDHgk for detailed steps

Spawning a GCP cluster - the first time

  • Connect to a terminal (Mac)

  • export the following variables at the minimum

  • ROOST_AUTH_TOKEN=”<Value provided by Roost Team>"

  • SVC_ACCOUNT_JSON=”Location of the googleApi.key”

  • USER_EMAIL="<any email value>"

  • USER_NAME="<any unique name, only alphabets>"

  • Download and run the bash script at getController.sh

  • Sample usage is below:

export ROOST_AUTH_TOKEN="xxx" USER_EMAIL="abc@xyz.com" USER_NAME="demo" SVC_ACCOUNT_JSON="/var/tmp/Roost/googleApi.key" ; curl https://tempcluster.s3-us-west-1.amazonaws.com/getController.sh -o ~/getController.sh chmod +x ~/getController.sh # ### # To just download the binaries and config ~/getController.sh ### # OR # To launch the first cluster along with the binaries download ~/getController.sh start

Start & Stop GCP Cluster using binary

/var/tmp/Roost/bin/gcpController start /var/tmp/Roost/bin/gcp_config.json /var/tmp/Roost/bin/gcpController stop /var/tmp/Roost/bin/gcp_config.json

Dashboard to show your GCP Clusters (and stop them)

  • Connect to roost.io using Google Auth and corporate email

  • Click on Partner Dashboard

Advanced Configuration Option

  1. If the admin desires multiple clusters to be started/stopped at once, then the CustomerInfo JSON list can be defined accordingly

  2. The below environment variables allow you to control the type of cluster

NUM_WORKERS=<any integer to denote the number of worker nodes> CLUSTER_EXPIRATION=<any whole number to denote the cluster/nodes life in hours> PREEMPTIBLE=<false|true> # to use preemptimble instances or not K8S_VERSION="1.18.1" # any valid K8s version string INSTANCE_TYPE="e2-small" # any valid GCP instance type, prefer instances with min 2CPU and 2GB RAM DISK_SIZE="20GB" # any number greater than 20GB, denotes disk size in GB