To provision and configure an environment to perform testing and validation experiments on Google Cloud, we provide the necessary infrastructure-as-code descriptors:
terraform: This directory contains all the necessary Terraform descriptors to provision the runtime environment in an existing Google Cloud project.terraform-init: This directory contains all the necessary Terraform descriptors to provision a Google Cloud project and a Google Cloud Storage bucket to use as a remote Terraform backend.
To provision a test and validation runtime environment on Google Cloud, you need:
- A POSIX-compliant shell
- An OCI-compatible container runtime. Tested with Docker for Linux 20.10.21
To provision the resources for the testing and validation runtime environment, do the following:
- Change your working directory to the root directory of this repository.
- Provision the environment on Google Cloud by following either the Provision the environment on Google Cloud in a new project section or the Provision the environment on Google Cloud in an existing project section.
To provision all the Google Cloud resources for the testing and validation runtime environment, including a Google Cloud project to create those resources into, and a Cloud Storage bucket to store Terraform backend data, do the following:
-
Run the cloud resources provisioning script:
scripts/provision-cloud-infrastructure.sh
The script guides you in providing the necessary configuration data.
To provision the environment in a new project, you need to authenticate against Google Cloud using an account that has the necessary permissions in your Google Cloud Organization. For more information about the necessary roles and permissions, refer to:
- Creating a project
- Enable billing for a project
- Creating a Cloud Storage bucket
- The permissions listed in the next section
If you provisioned the environment by following the guidance in Provision the environment on Google Cloud in a new project, skip this section.
If you want to provision a test and validation runtime environment in an existing Google Cloud project, do the following:
-
Create a Google Cloud project.
-
Create a Cloud Storage bucket to store Terraform backend data.
-
Run the cloud resources provisioning script:
scripts/provision-cloud-infrastructure.sh --no-provision-google-cloud-project
The script guides you in providing the necessary configuration data.
To provision the environment in an existing project, you need to authenticate against Google Cloud using an account that has the necessary permissions in your Google Cloud Organization:
roles/artifactregistry.adminto create and manage repositories.roles/compute.instanceAdmin.v1to create and manage Compute Engine instances.roles/compute.networkAdminto create and manage network resources, such as Cloud Routers and Cloud Firewall rules.roles/container.adminto create and manage GKE clusters.roles/pubsub.adminto create Cloud Pub/Sub subscriptions and topics, and to configure IAM.
For more information about the necessary roles and permissions, refer to:
- Artifact Registry roles and permissions
- Compute Engine roles and permissions
- GKE access control
- GKE IAM roles
- Cloud Pub/Sub IAM roles
To deploy workloads in the GKE cluster, do the following:
-
Run the workload build script:
scripts/build.sh
-
Run the workload deployment script:
scripts/deploy-workloads.sh
To deploy workloads in the GKE cluster, you need the following, you need to authenticate against Google Cloud using an account that has the necessary permissions in your Google Cloud Organization:
roles/container.developerto access Kubernetes APIs.
For more information about the necessary roles and permissions, refer to:
To delete all the resources and workloads in the environment, run the following command:
scripts/provision-cloud-infrastructure.sh --terraform-subcommand "destroy"