essh @ kubernetes-master: ~ / node-cluster $ cat main.tf
provider "google" {
credentials = file ("./ kubernetes_key.json")
project = "node-cluster-243923"
region = "europe-west2"
}
module "kubernetes" {
source = "./Kubernetes"
}
data "google_client_config" "default" {}
module "Nginx" {
source = "./nodejs"
image = "gcr.io/node-cluster-243923/nodejs_cluster:latest"
endpoint = module.kubernetes.endpoint
access_token = data.google_client_config.default.access_token
cluster_ca_certificate = module.kubernetes.cluster_ca_certificate
}
essh @ kubernetes-master: ~ / node-cluster $ gcloud config list project
[core]
project = node-cluster-243923
Your active configuration is: [default]
essh @ kubernetes-master: ~ / node-cluster $ gcloud config set project node-cluster-243923
Updated property [core / project].
essh @ kubernetes-master: ~ / node-cluster $ gcloud compute instances list
NAME ZONE INTERNAL_IP EXTERNAL_IP STATUS
gke-node-ks-default-pool-2e5073d4-csmg europe-north1-a 10.166.0.2 35.228.96.97 RUNNING
gke-node-ks-node-ks-pool-ccbaf5c6-4xgc europe-north1-a 10.166.15.233 35.228.82.222 RUNNING
gke-node-ks-default-pool-72a6d4a3-ldzg europe-north1-b 10.166.15.231 35.228.143.7 RUNNING
gke-node-ks-node-ks-pool-9ee6a401-ngfn europe-north1-b 10.166.15.234 35.228.129.224 RUNNING
gke-node-ks-default-pool-d370036c-kbg6 europe-north1-c 10.166.15.232 35.228.117.98 RUNNING
gke-node-ks-node-ks-pool-d7b09e63-q8r2 europe-north1-c 10.166.15.235 35.228.85.157 RUNNING
Switch gcloud and look at an empty project:
essh @ kubernetes-master: ~ / node-cluster $ gcloud config set project node-cluster-prod-244519
Updated property [core / project].
essh @ kubernetes-master: ~ / node-cluster $ gcloud config list project
[core]
project = node-cluster-prod-244519
Your active configuration is: [default]
essh @ kubernetes-master: ~ / node-cluster $ gcloud compute instances list
Listed 0 items.
The previous time, for node-cluster-243923, we created a service account, on behalf of which we created a cluster. To work with multiple Terraform accounts, we will create a service account for the new project through IAM and Administration -> Service Accounts. We will need to make two separate folders to run Terraform separately in order to separate SSH connections that have different authorization keys. If we put both providers with different keys, we will get a successful connection for the first project, later when Terraform proceeds to create a cluster for the next project, it will be rejected due to the invalid key from the first project to the second. There is another possibility – to activate the account as a company account (you need a website and email, and check them by Google), then it will be possible to create projects from the code without using the admin panel. After dev environment:
essh @ kubernetes-master: ~ / node-cluster $ ./terraform destroy
essh @ kubernetes-master: ~ / node-cluster $ mkdir dev
essh @ kubernetes-master: ~ / node-cluster $ cd dev /
essh @ kubernetes-master: ~ / node-cluster / dev $ gcloud config set project node-cluster-243923
Updated property [core / project].
essh @ kubernetes-master: ~ / node-cluster / dev $ gcloud config list project
[core]
project = node-cluster-243923
Your active configuration is: [default]
essh @ kubernetes-master: ~ / node-cluster / dev $ ../kubernetes_key.json ../main.tf.
essh @ kubernetes-master: ~ / node-cluster / dev $ cat main.tf
provider "google" {
alias = "dev"
credentials = file ("./ kubernetes_key.json")
project = "node-cluster-243923"
region = "europe-west2"
}
module "kubernetes_dev" {