Post physical environment setup, to create a deployment workstation on the PowerFlex management controller vCSA, complete the following steps on any Linux workstation:
gcloud components install kubectl gcloud components install anthos-auth |
gcloud auth login gcloud config set project [PROJECT_ID] |
where [PROJECT_ID] is your project ID.
gcloud services enable \ anthos.googleapis.com \ anthosgke.googleapis.com \ anthosaudit.googleapis.com \ cloudresourcemanager.googleapis.com \ container.googleapis.com \ gkeconnect.googleapis.com \ gkehub.googleapis.com \ serviceusage.googleapis.com \ stackdriver.googleapis.com \ monitoring.googleapis.com \ logging.googleapis.com |
gcloud projects add-iam-policy-binding PROJECT_ID \ --member="user:ACCOUNT" \ --role="roles/resourcemanager.projectIamAdmin"
gcloud projects add-iam-policy-binding PROJECT_ID \ --member="user:ACCOUNT" \ --role="roles/serviceusage.serviceUsageAdmin" |
where ACCOUNT is your Google Cloud account and [PROJECT_ID] is the associated project ID.
gcloud iam service-accounts create component-access-sa \ --display-name "Component Access Service Account" \ --project PROJECT_ID |
gcloud iam service-accounts keys create component-access-key.json \ --iam-account component-access-sa@[PROJECT_ID].iam.gserviceaccount.com |
gcloud projects add-iam-policy-binding PROJECT_ID \ --member "serviceAccount:component-access-sa@[PROJECT_ID].iam.gserviceaccount.com" \ --role "roles/serviceusage.serviceUsageViewer"
gcloud projects add-iam-policy-binding PROJECT_ID \ --member "serviceAccount:component-access-sa@[PROJECT_ID].iam.gserviceaccount.com" \ --role "roles/iam.serviceAccountCreator"
gcloud projects add-iam-policy-binding PROJECT_ID \ --member "serviceAccount:component-access-sa@[PROJECT_ID].iam.gserviceaccount.com" \ --role "roles/iam.roleViewer"
|
gsutil cp gs://gke-on-prem-release/gkeadm/1.6.0-gke.7/linux/gkeadm ./ chmod +x gkeadm |
./gkeadm create config |
The preceding command creates the below files in your current directory:
./gkeadm create admin-workstation --auto-create-service-accounts |
ssh -i /usr/local/google/home/me/.ssh/gke-admin-workstation ubuntu@<admin_workstation_ip> |
If you list the files on the admin workstation, you can see two cluster configuration files, your CA certificate file, and the JSON key files for your service accounts:
Example output from “ls -l” command:
admin-cluster.yaml connect-agent-sa-2007081316.json connect-register-sa-2007081316.json log-mon-sa-2007081316.json user-cluster.yaml vcenter-ca-cert.pem component-access-key.json |