This repo is a companion repo to the Provision a GKE Cluster learn guide, containing Terraform configuration files to provision an GKE cluster on GCP.

This sample repo also creates a VPC and subnet for the GKE cluster. This is not required but highly recommended to keep your GKE cluster isolated.

First, install the Google Cloud CLI and initialize it.

$ gcloud init

Once you've initialized gcloud (signed in, selected project), add your account to the Application Default Credentials (ADC). This will allow Terraform to access these credentials to provision resources on GCloud.

$ gcloud auth application-default login

Replace terraform.tfvars values with your project_id and region. Your project_id must match the project you've initialized gcloud with. To change your gcloud settings, run gcloud init. The region has been defaulted to us-central1; you can find a full list of gcloud regions here.

After you've done this, initalize your Terraform workspace, which will download the provider and initialize it with the values provided in the terraform.tfvars file.

$ terraform init

Initializing the backend...

Initializing provider plugins...
- Checking for available provider plugins...
- Downloading plugin for provider "google" (hashicorp/google) 3.13.0...
Terraform has been successfully initialized!

Then, provision your GKE cluster by running terraform apply.

$ terraform apply

# Output truncated...

Plan: 4 to add, 0 to change, 0 to destroy.

Do you want to perform these actions?
  Terraform will perform the actions described above.
  Only 'yes' will be accepted to approve.

# Output truncated...

Apply complete! Resources: 4 added, 0 changed, 0 destroyed.

Outputs:

kubernetes_cluster_name = dos-terraform-edu-gke
region = us-central1

To configure kubetcl, by running the following command.

$ gcloud container clusters get-credentials dos-terraform-edu-gke --region us-central1

The Kubernetes Cluster Name and Region correspond to the resources spun up by Terraform.

To deploy the Kubernetes dashboard, run the following command. This will schedule the resources necessary for the dashboard.

kubectl apply -f https://raw.githubusercontent.com/kubernetes/dashboard/v2.0.0-beta8/aio/deploy/recommended.yaml
namespace/kubernetes-dashboard created
serviceaccount/kubernetes-dashboard created
service/kubernetes-dashboard created
secret/kubernetes-dashboard-certs created
secret/kubernetes-dashboard-csrf created
secret/kubernetes-dashboard-key-holder created
configmap/kubernetes-dashboard-settings created
role.rbac.authorization.k8s.io/kubernetes-dashboard created
clusterrole.rbac.authorization.k8s.io/kubernetes-dashboard created
rolebinding.rbac.authorization.k8s.io/kubernetes-dashboard created
clusterrolebinding.rbac.authorization.k8s.io/kubernetes-dashboard created
deployment.apps/kubernetes-dashboard created
service/dashboard-metrics-scraper created
deployment.apps/dashboard-metrics-scraper created

Finally, to access the Kubernetes dashboard, run the following command:

$ kubectl proxy
Starting to serve on 127.0.0.1:8001

You should be able to access the Kubernetes dashboard at http://127.0.0.1:8001/api/v1/namespaces/kubernetes-dashboard/services/https:kubernetes-dashboard:/proxy/.

To view the Kubernetes dashboard, you need to provide an authorization token. Authenticating using kubeconfig is not an option. You can read more about it in the Kubernetes documentation.

Generate the token in another terminal (do not close the kubectl proxy process).

kubectl -n kube-system describe secret $(kubectl -n kube-system get secret | grep service-controller-token | awk '{print $1}')

Name:         service-controller-token-m8m7j
Namespace:    kube-system
Labels:       <none>
Annotations:  kubernetes.io/service-account.name: service-controller
              kubernetes.io/service-account.uid: bc99ddad-6be7-11ea-a3c7-42010a800017
              
Type:  kubernetes.io/service-account-token

Data
====
namespace:  11 bytes
token:      eyJhbGciOiJSUzI1NiIsImtpZCI6IiJ9...
ca.crt:     1119 bytes

Select "Token" then copy and paste the entire token you receive into the dashboard authentication screen to sign in. You are now signed in to the dashboard for your Kubernetes cluster.