vRealize Automation – Deploying a GKE Cluster with Code Stream, add to Tanzu Mission Control & Tanzu Service Mesh

Dean Lewis
0 Comment

This post was originally published on this site

This walk-through will detail the technical configurations for using vRA Code Stream to deploy Google Kubernetes Clusters (GKE), register them as:

  • Kubernetes endpoints in vRA Cloud Assembly and Code Stream
  • An attached in Tanzu Mission Control
  • Onboard in Tanzu Service Mesh

This post mirrors my other blog posts following similar concepts:

Requirement

After covering EKS and AKS, I thought it was worthwhile to finish off the gang and deploy GKE clusters using Code Stream.

Building on my previous work, I also added in the extra steps to onboard this cluster into Tanzu Service Mesh as well.

High Level Steps
  • Create a Code Stream Pipeline
    • Create a Google GKE Cluster
    • Create GKE cluster as endpoint in both vRA Code Stream and Cloud Assembly
    • Register GKE cluster in Tanzu Mission Control
    • Onboard the cluster to Tanzu Service Mesh
Pre-Requisites
Creating a Code Stream Pipeline to deploy a Azure AKS Cluster and register the endpoints with vRA and Tanzu Mission Control
Create the variables to be used

First, we will create several variables in Code Stream, you could change the pipeline tasks to use inputs instead if you wanted

  • Create as regular variable
    • gke-tmc-url
      • This is your Tanzu Service Mesh URL
    • gke-tsm-url
      • This is your Tanzu Mission Control URL
    • gke-tmc-token
      • VMware Cloud Console token for access to use Tanzu Mission Control
  • Create as secret
    • tmc-csp-token
      • This is a CSP token to access Tanzu Service Mesh
    • tsm-csp-token
      • This is a CSP Token to access Tanzu Mission Control
    • vra-csp-token
      • This is a CSP Token to access vRA Cloud Assembly and Code Stream
    • google-cloud-auth
      • This is the Google Cloud Service Account JSON file contents converted to a Base64 String

vRA GKE - Create variables

Import the “Deploy GKE Cluster” pipeline

Create (import) the pipeline in Code Stream. (File here). Set line two to your project name then click import.

vRA GKE - Import Pipeline

Open the pipeline, so that we can now configure the necessary items for your infrastructure.

On the Input tab, change the defaults as necessary. I’ve aimed to make the descriptions as useful as possible.

vRA GKE - Pipeline - Inputs

On the Workspace tab, select your Docker Host to use.

vRA GKE - Pipeline - Workspace - Configure docker host endpoint

On the Model tab, select each task and click the validate button, ensure you get a green tick. If there are any errors displayed, resolve them. Usually, it’s the referenced variable names do not match.

  • (Optional) I wrote a blog post here on extracting files created by a CI Task and email notifications. You could use this example to extend the functionality of this pipeline if you wanted.

vRA GKE - Pipeline - Model - Validate Task

Let’s dive into how the Pipeline Stages and Tasks within are configured, or you can skip down to the next heading which will continue to use the pipeline.

  • Build Kubernetes Cluster
    • Google Cloud Auth (CI Task)
      • Gets the Google Cloud Auth variable, decrypts the base64 into a JSON file
      • Authenticate using the gcloud cli as the service account using the JSON file
      • Set the google cloud project for where the GKE Cluster will be created
    • Build GKE Cluster (CI Task)
      • Using the gcloud cli, create a GKE cluster, providing the cluster name, region, machine type and number of nodes as arguments. Verbose Debug output selected.
      • gcloud CLI will create a kubeconfig file and set it to the default context for kubectl. This will use Google auth to the cluster.

vRA GKE - Pipeline - Model - Stage - Build Kubernetes Cluster

vRA GKE - Pipeline - Model - Stage - Build Kubernetes Cluster - Task - Google Cloud AuthvRA GKE - Pipeline - Model - Stage - Build Kubernetes Cluster - Task - Build GKE Cluster

  • Add GKE Cluster to vRA
    • Create Cluster Service Account (CI Task)
      • Create a YAML definition to apply to the Kubernetes cluster to create a Service Account
    • Create Role Binding (CI Task)
      • Only triggered if User Input for Add to Code Stream or Cloud Assembly is set to yes
      • Create a YAML definition to apply to the Kubernetes cluster to create a Role Binding for the Service Account
    • Install jq (CI Task)
      • Installs jq package into container for use in the next task
    • Get GKE Cluster details (CI Task)
      • Only triggered if User Input for Add to Code Stream or Cloud Assembly is set to yes
      • Get and save variables that contain the Service Account Token, Kubernetes Cluster API address, CA Certificate and Certificate Fingerprint
    • Get vRA Cloud API Token (REST Task)
      • Only triggered if User Input for Add to Code Stream or Cloud Assembly is set to yes
      • REST API call to exchange API Token for accessToken
    • Create Code Stream Endpoint (REST Task)
      • Only triggered if User Input for Add to Code Stream is set to yes
      • Create a Kubernetes endpoint in Code Stream, building the payload from the “Get GKE Cluster details” task
      • Authorization Header is built from output of “Get vRA Cloud API Token” Task.
    • Create Cloud Assembly K8s Endpoint (REST Task)
      • Only triggered if User Input for Add to Cloud Assembly is set to yes
      • Create a Kubernetes endpoint in Cloud Assembly, building the payload from the “Get GKE Cluster details” task
      • Authorization Header is built from output of “Get vRA Cloud API Token” Task.

vRA GKE - Pipeline - Model - Stage - Add GKE Cluster to vRA

vRA GKE - Pipeline - Model - Stage - Add GKE Cluster to vRA - Task - Create Cluster Service AccountvRA GKE - Pipeline - Model - Stage - Add GKE Cluster to vRA - Task - Install jq

vRA GKE - Pipeline - Model - Stage - Add GKE Cluster to vRA - Task - Get GKE Cluster DetailsvRA GKE - Pipeline - Model - Stage - Add GKE Cluster to vRA - Task - Create Code Stream Endpoint

vRA GKE - Pipeline - Model - Stage - Add GKE Cluster to vRA - Task - Create Cloud Assembly K8s Endpoint

  • Add GKE to TMC
    • Get TMC API Token (REST Task)
      • Only triggered if User Input for Add to TMC is set to yes
      • REST API call to exchange API Token for accessToken
    • Create TMC cluster attach task (REST Task)
      • Only triggered if User Input for Add to TMC is set to yes
      • API Call to create a new attached cluster in TMC, payload built from user inputs
    • Install TMC to Cluster (CI Task)
      • Only triggered if User Input for Add to TMC is set to yes
      • Apply the provided installation file (URL) from TMC (Output from the previous task).
      • Check the TMC API for status update in while loop

vRA GKE - Pipeline - Model - Stage - Add GKE to TMC

vRA GKE - Pipeline - Model - Stage - Add GKE to TMC - Task - Get TMC API TokenvRA GKE - Pipeline - Model - Stage - Add GKE to TMC - Task - Create TMC cluster attach task

vRA GKE - Pipeline - Model - Stage - Add GKE to TMC - Task - Install TMC to Cluster

  • Add GKE to TSM
    • Get TSM API Token (REST Task)
      • Only triggered if User Input for Add to TSM is set to yes
      • REST API call to exchange API Token for accessToken
    • Get TSM Onboarding URL (REST Task)
      • Only triggered if User Input for Add to TSM is set to yes
      • API Call to get the onboarding URL
    • Create Cluster in TSM (REST Task)
      • Only triggered if User Input for Add to TSM is set to yes
      • Create the new cluster object in TSM
      • Payload built from user inputs
    • Install TSM to Cluster (CI Task)
      • Only triggered if User Input for Add to TSM is set to yes
      • Apply the TSM configuration files to the Kubernetes cluster
    • Wait for TSM To be installed
      • Only triggered if User Input for Add to TSM is set to yes
      • While loop to check TSM API for status of cluster onboarding

vRA GKE - Pipeline - Model - Stage - Add GKE to TSM - Task - Get TSM API TokenvRA GKE - Pipeline - Model - Stage - Add GKE to TSM - Task - Get TSM Onboarding URL

vRA GKE - Pipeline - Model - Stage - Add GKE to TSM - Task - Create Cluster in TSMvRA GKE - Pipeline - Model - Stage - Add GKE to TSM - Task - Install TSM to Cluster

vRA GKE - Pipeline - Model - Stage - Add GKE to TSM - Task - Wait for TSM To be installed

When you are happy, click save on the bottom left and enable the pipeline.

vRA GKE - Pipeline - Save and Enable

Running the pipeline

Now the pipeline is enabled, you will be able to run the pipeline.

vRA GKE - Pipeline - Run

Provide the details for the inputs.

vRA GKE - Pipeline - Run - Provide Inputs

Click to view the running execution of the pipeline either on the Executions page, or from the little green dialog box that appears if you ran the pipeline from within the pipeline editing view.

Below you can see the output of the first stage and task running. You can click each stage and task to see the progress and outputs from running the commands. Once the pipeline has completed, you’ll see an output all green and the completed message.

vRA GKE - Pipeline - Execution

vRA GKE - Pipeline - Execution - Task Detail

And finally, you’ll have the following items created and configured.

  • Google GKE Cluster
  • Cloud Assembly – External Kubernetes Endpoint
  • Code Stream – Kubernetes Endpoint
  • Tanzu Mission Control – Kubernetes cluster attached
  • Tanzu Service Mesh – Kubernetes cluster onboarded
Wrap up

This blog post is very similar to my previous posts for deploying AWS EKS resources using vRA and Deploying AKS Clusters using vRA. There are a few changes under the hood to make this method work for GKE, as well as extending this further to include onboarding the cluster into Tanzu Service Mesh.

Hopefully this was helpful.

Regards

https://platform.twitter.com/widgets.js

Dean Lewis

 

The post vRealize Automation – Deploying a GKE Cluster with Code Stream, add to Tanzu Mission Control & Tanzu Service Mesh appeared first on vEducate.co.uk.

Dean Lewis
Dean Lewis