The files in this folder are patches and additions to the base configuration stored in the bases folder. These patches and additions provide all the needed tweaks and configuration needed to run the app on GKE.
The istio.yaml file in this folder is generated with the following command:
istioctl manifest generate --set meshConfig.accessLogFile=/dev/stdout --set meshConfig.accessLogEncoding=JSON > platform/base/istio.yamlCurrently we are just creating the cluster with the following command.
gcloud beta container --project "track-compliance" clusters create "gc-tracker" \
--region "northamerica-northeast1" --no-enable-basic-auth \
--cluster-version "1.18.9-gke.801" --release-channel "rapid" \
--machine-type "e2-standard-4" --image-type "COS_CONTAINERD" \
--disk-type "pd-standard" --disk-size "100" \
--metadata disable-legacy-endpoints=true \
--service-account "gke-node-service-account@track-compliance.iam.gserviceaccount.com" \
--num-nodes "1" --enable-stackdriver-kubernetes --enable-ip-alias \
--network "projects/track-compliance/global/networks/default" \
--subnetwork "projects/track-compliance/regions/northamerica-northeast1/subnetworks/default" \
--default-max-pods-per-node "110" --no-enable-master-authorized-networks \
--addons HorizontalPodAutoscaling,HttpLoadBalancing,CloudRun --enable-autoupgrade \
--enable-autorepair --max-surge-upgrade 1 --max-unavailable-upgrade 0 \
--workload-pool "track-compliance.svc.id.goog" \
--enable-shielded-nodes --shielded-secure-boot --enable-dataplane-v2The number of options here testify to our increasingly opinionated take on cluster creation, as well as our attention to the hardening guidelines for GKE. This will soon be captured in real code in a proper Infrastructure as Code type of way.
With the cluster up and running, you will need to provide the env files as described in the minikube setup:
api.env
kiali.env
kiali.yaml
postgres.env
scanners.envWith those in place, the config can now be generated.
kustomize build platform/overlays/gke | kubectl apply -f -