Create a GCP Kubernetes Cluster

Suggest Edits

Create the cluster

  1. Access the Kubernetes Engine menu in the GCP console and select Clusters on the left-side menu.

  2. Click CREATE.

📘

For more information on creating a cluster, visit the Google Cloud documentation platform.

 

Retrieving the Cluster URL and the Cloud region

  1. The Cluster URL and Cloud region can be fetched from the DETAILS screen when creating he actual cluster. You will need these two credentials later, when establishing the connection.

    • The Cloud Region corresponds to the Region field in the DETAILS screen.
    • The Cluster URL corresponds to the Endpoint field in the DETAILS screen.

 

Retrieving the Certificate

  1. Now we need to retrieve the Certificate. Click the CONNECT button.

  1. Click RUN IN CLOUD SHELL.

  1. Approve any request.

  1. Press Enter. Then type the following command:
cat ~/.kube/config
  1. The Certificate corresponds to the clusters.[...].cluster.certificate-authority-data property. Copy it and save it for later use.

 

Retrieving the Cluster Project ID

  1. The Project ID can be fetched by clicking on the {Project Name} in the top bar.

 

Grant access

Bunnyshell will have access to the cluster through a Service Account.

 

Prerequisites

You need to install the Google Cloud CLI and authenticate before moving to the next step.

📘

Please see https://cloud.google.com/sdk/gcloud/reference/auth/login for more details.

Alternatively, you can perform these steps in Google Cloud Shell.

 

Creating the Service Account

Type the following command in the Google Cloud CLI to create the Service Account:

gcloud iam service-accounts create {USER}

Example

gcloud iam service-accounts create bunnyshell-access

 

Grant the Service Account access to your cluster

Then type the following command to grant the Service Account access to your cluster:

gcloud projects add-iam-policy-binding {PROJECT_ID} \
    --member=serviceAccount:{USER}@{PROJECT_ID}.iam.gserviceaccount.com \
    --role=roles/container.admin

Example 

gcloud projects add-iam-policy-binding bunnyshell-347109 \
    --member=serviceAccount:[email protected] \
    --role=roles/container.admin

 

Retrieve the Google Service Account Key

Finally, type this command to create a key for your Google Service Account

gcloud iam service-accounts keys create gsa-key.json \
    --iam-account={USER}@{PROJECT_ID}.iam.gserviceaccount.com

Example

gcloud iam service-accounts keys create gsa-key.json \
    --iam-account=bunnyshell-access@bunnyshell-347109.iam.gserviceaccount.com

Updated 5 months ago