Skip to content

Instantly share code, notes, and snippets.

@NimJay

NimJay/create-gke-cluster-with-asm.sh

Last active March 22, 2023 13:37
Show Gist options
  • Star 1 You must be signed in to star a gist
  • Fork 0 You must be signed in to fork a gist
  • Save NimJay/e44e6d9ce410689f88dea4fac2f8ed91 to your computer and use it in GitHub Desktop.
Save NimJay/e44e6d9ce410689f88dea4fac2f8ed91 to your computer and use it in GitHub Desktop.
Download ZIP
This is the most convenient, non-Terraform way I know to create a new Google Kubernetes Engine (GKE) cluster with managed Anthos Service Mesh (ASM) installed.
Raw
create-gke-cluster-with-asm.sh
# If you're not using Cloud Shell, make sure to replace $GOOGLE_CLOUD_PROJECT with your Project ID.
# Cloud Shell is a small virtual machine (in Google Cloud) that's tied to your Google Cloud account.
export PROJECT_ID=$GOOGLE_CLOUD_PROJECT
export CLUSTER_NAME=my-cluster-3
export KUBECONTEXT_NAME=my-cluster-3
export ZONE=us-central1-b
export PROJECT_NUMBER=$(gcloud projects describe ${PROJECT_ID} --format='get(projectNumber)')
echo "🏗️ Enabling necessary Google Cloud APIs..."
gcloud services enable \
anthos.googleapis.com \
container.googleapis.com \
gkehub.googleapis.com \
mesh.googleapis.com
echo "☁️ Creating a new Google Kubernetes Engine (GKE) cluster..."
# Note: Anthos Service Mesh requires Workload Identity to be enabled on the cluster.
gcloud container clusters create ${CLUSTER_NAME} \
--project=${PROJECT_ID} --zone=${ZONE} \
--machine-type=e2-standard-2 --num-nodes=3 \
--workload-pool ${PROJECT_ID}.svc.id.goog \
--labels mesh_id=proj-${PROJECT_NUMBER}
echo "✏️ Renaming kubeconfig context of the cluster to ${CLUSTER_NAME}..."
kubectl config rename-context \
gke_${PROJECT_ID}_${ZONE}_${CLUSTER_NAME} ${CLUSTER_NAME}
echo "🌐 Enabling Anthos Service Mesh on the project's Fleet..."
gcloud container fleet mesh enable --project $PROJECT_ID
echo "🌐 Register GKE Cluster to the project's Fleet..."
gcloud container fleet memberships register ${CLUSTER_NAME}-membership \
--gke-cluster=${ZONE}/$CLUSTER_NAME \
--enable-workload-identity \
--project $PROJECT_ID
echo "🕸️ Enabling managed Anthos Service Mesh on the cluster..."
gcloud container fleet mesh update \
--management automatic \
--memberships ${CLUSTER_NAME}-membership \
--project ${PROJECT_ID}
# ----- A D D I T I O N A L I N F O -----
# To configure Anthos Service Mesh to automatically inject Proxies to Pods in a namespace, use:
# kubectl label namespace MY_NAMESPACE istio-injection=enabled istio.io/rev- --overwrite
# To disable Anthos Service Mesh's managed data plane, annotate the namespace.
# The managed data plane is enabled by default.
# kubectl annotate --overwrite namespace YOUR_NAMESPACE mesh.cloud.google.com/proxy='{"managed":"true"}'
# To enable Workload Identity on an existing GKE cluster, use:
# Enable Workload Identity on the GKE cluster. This can take a few minutes.
# Also, note that existing pools of Nodes are unaffected.
# This only ensures that new Nodes will use Workload Identity.
# gcloud container clusters update ${CLUSTER_NAME} --zone=${ZONE} --workload-pool=${PROJECT_ID}.svc.id.goog
@NimJay
Copy link
Author

NimJay commented Jun 2, 2022
edited

To verify that Anthos Service Mesh (ASM) has been installed, use:

gcloud container fleet mesh describe --project $PROJECT_ID

You should see something similar to:

createTime: '2022-09-29T15:01:45.406425054Z'
membershipSpecs:
  projects/123456788143/locations/global/memberships/my-cluster-membership:
    mesh:
      management: MANAGEMENT_AUTOMATIC
membershipStates:
  projects/123456788143/locations/global/memberships/my-cluster-membership:
    servicemesh:
      controlPlaneManagement:
        details:
        - code: REVISION_READY
          details: 'Ready: asm-managed'
        state: ACTIVE
      dataPlaneManagement:
        details:
        - code: OK
          details: Service is running.
        state: ACTIVE
    state:
      code: OK
      description: 'Revision(s) ready for use: asm-managed.'
      updateTime: '2022-09-29T15:17:07.924175608Z'
name: projects/my-project-id/locations/global/features/servicemesh
resourceState:
  state: ACTIVE
spec: {}
state:
  state: {}
updateTime: '2022-09-29T15:17:15.627513170Z'

If you don't see it immediately, wait about 10 minutes.
Before I waited, my output was:

createTime: '2022-06-02T22:48:06.374637728Z'
membershipSpecs:
  projects/123456788143/locations/global/memberships/my-cluster-membership:
    mesh:
      controlPlane: AUTOMATIC
membershipStates:
  projects/123456788143/locations/global/memberships/my-cluster-membership:
    servicemesh:
      controlPlaneManagement:
        state: DISABLED
    state:
      code: OK
      description: Please see https://cloud.google.com/service-mesh/docs/install for
        instructions to onboard to Anthos Service Mesh.
      updateTime: '2022-06-02T22:49:37.138354820Z'
name: projects/my-project-id/locations/global/features/servicemesh
resourceState:
  state: ACTIVE
spec: {}
state:
  state: {}
updateTime: '2022-06-02T22:49:40.160845610Z'

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment