Version 1.7

Setting up your project

This page explains how to prepare your Google Cloud project before you install Anthos Service Mesh.

Before you begin

Before you start setting up your project, make sure that you have set up your environment.

Setting up your project:

  1. Get the project ID for the project that the cluster was created in and the project number for the environ host project.

    gcloud

    Run the following command:

    gcloud projects list
    

    Console

    1. Go to the Dashboard page in the Cloud Console.

      Go to the Dashboard page

    2. Click the Select from drop-down list at the top of the page. In the Select from window that appears, select your project.

      The project ID is displayed on the project Dashboard Project info card.

  2. Create an environment variable for the project ID of the project that the cluster was created in:

    export PROJECT_ID=YOUR_PROJECT_ID

  3. Create an environment variable for the project number of the environ host project.

    export ENVIRON_PROJECT_NUMBER=YOUR_ENVIRON_PROJECT_NUMBER

  4. Set the required Identity and Access Management (IAM) roles. If you are a Project Owner, you have all the necessary permissions to complete the installation and register your cluster with your environ. If you aren't a Project Owner, you need someone who is to grant you the following specific IAM roles.

    roles/servicemanagement.admin
    roles/serviceusage.serviceUsageAdmin
    roles/meshconfig.admin
    roles/compute.admin
    roles/container.admin
    roles/resourcemanager.projectIamAdmin
    roles/iam.serviceAccountAdmin
    roles/iam.serviceAccountKeyAdmin
    roles/gkehub.admin
    

    To add a single role, you can use the following gcloud command:

    gcloud projects add-iam-policy-binding ${PROJECT_ID} \
        --member 'user:GCP_EMAIL_ADDRESS' \
         --role=roles/NEW_ROLE
    

    where GCP_EMAIL_ADDRESS is the account that you use to log in to Google Cloud.

    You can use the Cloud Console to change IAM roles, and you can change them programmatically. For more information, see Granting, changing, and revoking access to resources. For a description of these roles, see Permissions required to install Anthos Service Mesh.

  5. Enable the following APIs:

    gcloud services enable \
        --project=${PROJECT_ID} \
        container.googleapis.com \
        compute.googleapis.com \
        monitoring.googleapis.com \
        logging.googleapis.com \
        cloudtrace.googleapis.com \
        meshca.googleapis.com \
        meshtelemetry.googleapis.com \
        meshconfig.googleapis.com \
        iamcredentials.googleapis.com \
        gkeconnect.googleapis.com \
        gkehub.googleapis.com \
        cloudresourcemanager.googleapis.com \
        stackdriver.googleapis.com

    Enabling the APIs can take a minute or more to complete. When the APIs are enabled, you see output similar to the following:

    Operation "operations/acf.601db672-88e6-4f98-8ceb-aa3b5725533c" finished
    successfully.