Set up Tenant project's Git repo
Duration: 5 min | Persona: Org Admin
In this section, you will set up a dedicated GitHub repository containing all the Kubernetes manifests which will be deployed by Config Sync and Config Connector in order to provision the Google Cloud services in the Tenant project.
Define variables:
WORK_DIR=~/
source ${WORK_DIR}acm-workshop-variables.sh
echo "export TENANT_PROJECT_DIR_NAME=acm-workshop-tenant-project-repo" >> ${WORK_DIR}acm-workshop-variables.sh
source ${WORK_DIR}acm-workshop-variables.sh
Create GitHub repository
Create a dedicated GitHub repository to store any Kubernetes manifests associated to the Tenant project:
cd ${WORK_DIR}
gh repo create $TENANT_PROJECT_DIR_NAME --public --clone --template https://github.com/mathieu-benoit/config-sync-template-repo
cd ${WORK_DIR}$TENANT_PROJECT_DIR_NAME
git pull
git checkout main
GKE_PLATFORM_REPO_URL=$(gh repo view --json url --jq .url)
Define RepoSync
Define a RepoSync
linking this Git repository:
cat <<EOF > ${WORK_DIR}$HOST_PROJECT_DIR_NAME/projects/$TENANT_PROJECT_ID/gke-config-repo-sync.yaml
apiVersion: configsync.gke.io/v1beta1
kind: RepoSync
metadata:
name: repo-sync
namespace: ${TENANT_PROJECT_ID}
spec:
sourceFormat: unstructured
git:
repo: ${GKE_PLATFORM_REPO_URL}
revision: HEAD
branch: main
dir: "."
auth: none
EOF
cat <<EOF > ${WORK_DIR}$HOST_PROJECT_DIR_NAME/projects/$TENANT_PROJECT_ID/gke-config-repo-sync-role-binding.yaml
apiVersion: rbac.authorization.k8s.io/v1
kind: RoleBinding
metadata:
name: syncs-repo
namespace: ${TENANT_PROJECT_ID}
subjects:
- kind: ServiceAccount
name: ns-reconciler-${TENANT_PROJECT_ID}
namespace: config-management-system
roleRef:
kind: ClusterRole
name: edit
apiGroup: rbac.authorization.k8s.io
EOF
We are using the edit
role here, see more information about the user-facing roles here.
Deploy Kubernetes manifests
cd ${WORK_DIR}$HOST_PROJECT_DIR_NAME/
git add . && git commit -m "GitOps for Tenant project" && git push origin main
Check deployments
List the Kubernetes resources managed by Config Sync in Config Controller for the Host project configs repository:
Run this command and click on this link:
echo -e "https://console.cloud.google.com/kubernetes/config_management/packages?project=${HOST_PROJECT_ID}"
Wait until you see the Sync status
column as Synced
and the Reconcile status
column as Current
.
Run this command:
gcloud alpha anthos config sync repo describe \
--project $HOST_PROJECT_ID \
--managed-resources all \
--sync-name root-sync \
--sync-namespace config-management-system
Wait and re-run this command above until you see "status": "SYNCED"
. All the managed_resources
listed should have STATUS: Current
too.
List the GitHub runs for the Host project configs repository:
cd ${WORK_DIR}$HOST_PROJECT_DIR_NAME && gh run list