This documentation is for the most recent version of Anthos clusters on AWS, released on August 4. See the Release notes for more information. For documentation on the previous generation of Anthos clusters on AWS, see Previous generation.

Create a VPC and cluster with Terraform

Overview

Terraform is an open-source tool for configuring cloud environments such as Google Cloud and installing software such as Kubernetes on them. You can configure your Google Cloud environment and create your clusters in it either with Terraform or with the Anthos clusters on AWS installation instructions.

This page describes how to use Terraform to configure your Google Cloud environment and install a cluster using a sample configuration stored on GitHub. To use these scripts, you need a basic familiarity with Terraform. In particular, you must edit the Terraform configuration files to add your own user and project information and to make any changes you need to the default cluster configuration.

To configure your Google Cloud environment and create clusters without using Terraform, see Google Cloud prerequisites overview and the instructions to create a cluster.

What the scripts do

This script configures Terraform to create an Google Cloud VPC and deploy a cluster on it. The resulting VPC meets all Anthos clusters on AWS prerequisites and has the same network topology as the VPC created by Google's manual VPC creation instructions.

The cluster that the script set creates has the following characteristics:

  • three control plane nodes (one in each of the three configured availability zones). These nodes are of type t3.large.
  • One node pool with two nodes of type t3.large. This node pool is deployed in the Google Cloud us-east-1 region and can autoscale to five nodes.

How to change the default VPC and cluster

You can change the characteristics of the VPC and cluster created by the Terraform scripts by editing the appropriate Terraform files.

  • Adjust the region and availability zones by editing the variables.tf file.
  • Change the Google Cloud instance type.
  • Alter the characteristics of the VPC, including the subnets, availability zones and load balancer, by editing the files in the modules/vpc subfolder.

For a list of Google Cloud regions controlled from a particular GCP region and their associated Kubernetes versions, run the following command:

gcloud container aws get-server-config --location `GOOGLE_CLOUD_REGION`

Replace GOOGLE_CLOUD_REGION with the name of the Google Cloud region you want Anthos clusters on AWS to control your cluster from.

Prerequisites

  1. Install the Google Cloud CLI with the Google Cloud CLI installation instructions. If you've already installed it, use these instructions to make sure you're running version 394.0.0 or higher.

  2. Install the Google Cloud CLI with the Google Cloud CLI installation instructions.

  3. Create your Google Cloud access keys.

  4. Configure your local Google Cloud environment with the following command:

    aws configure
    

Prepare Terraform

  1. Configure Google Cloud CLI authentication by running the following commands:

    gcloud config set project GOOGLE_PROJECT_ID
    gcloud auth application-default login --no-launch-browser
    
  2. Enable the required services in your Google Cloud project.

    gcloud --project="GOOGLE_PROJECT_ID" services enable \
      gkemulticloud.googleapis.com \
      gkeconnect.googleapis.com \
      connectgateway.googleapis.com \
      cloudresourcemanager.googleapis.com \
      anthos.googleapis.com \
      logging.googleapis.com \
      monitoring.googleapis.com
    

    Replace GOOGLE_PROJECT_ID with your Google project ID.

  3. Make a local copy of the repository and change to the AWS folder:

    git clone https://github.com/GoogleCloudPlatform/anthos-samples.git
    cd anthos-samples/anthos-multi-cloud/AWS
    

Deploy Anthos clusters on AWS

  1. Edit the following lines in the terraform.tfvars file to replace the default values:

    gcp_project_id = GOOGLE_PROJECT_ID
    admin_users = ["GCP_ACCOUNT_EMAIL"]
    

    Replace the following:

    • GOOGLE_PROJECT_ID: your Google project id. You can find this on the left side of the dashboard page of the Google Cloud console.

    • ACCOUNT_EMAILS: a comma-separated list of email addresses that can login to the clusters after it's created— for example "admin@example.com","operator@example.com". At least one address must have a Google Cloud account. To add additional identity providers to your cluster, see Manage identity with Anthos Identity Service.

  2. Initialize and create the Terraform plan:

    terraform init
    

    Terraform installs any needed libraries, such as the Google Cloud provider.

  3. Apply the Terraform plan to create the Virtual Private Cloud and cluster:

    terraform apply
    

    Follow the instructions to start creating a cluster.

The installation takes about 12 minutes. When Terraform completes creating your Virtual Private Cloud and cluster, it prints out information on the cluster and creates a file named var.sh. You can use the values in this file if you create additional node pools.

To verify that the cluster has been created successfully, watch for it to appear in the Kubernetes Engine page of the Google Cloud console in your Google Cloud project.

Connect to your cluster

To verify connectivity to your cluster and fetch its details, run the following command:

   gcloud container fleet memberships get-credentials CLUSTER_NAME
   kubectl get nodes

Replace CLUSTER_NAME with the name of your cluster. You can find your cluster name in the var.sh Terraform output file.

The output includes a list of nodes in your cluster and their status.

Delete your cluster and Virtual Private Cloud

Before you delete your cluster and Virtual Private Cloud, you must remove all of the following:

  • Any active Google Cloud load balancers in the Virtual Private Cloud
  • Any additional node pools in your cluster not created with Terraform
  • Any additional clusters in the Virtual Private Cloud not created with Terraform

To remove the cluster and Virtual Private Cloud you created with Terraform, run the following command:

terraform destroy

Terraform drains workloads from your nodes, deletes your primary node pool and cluster, and deletes your Virtual Private Cloud.

Authorize Cloud Logging and Cloud Monitoring

If you want to enable Cloud Logging and Cloud Monitoring, you must add an allow policy to your Google Cloud project after you create a cluster.

Add an allow policy with the Google Cloud CLI:

gcloud projects add-iam-policy-binding PROJECT_ID \
--member="serviceAccount:PROJECT_ID.svc.id.goog[gke-system/gke-telemetry-agent]" \
--role=roles/gkemulticloud.telemetryWriter

Replace PROJECT_ID with your project ID.

Next steps

For more information about Terraform Anthos clusters on AWS scripts, see