Setting up your project

This page explains how to prepare your Google Cloud project before you install Anthos Service Mesh.

Before you begin

Before you start setting up your project, make sure that you have set up your environment.

Setting up your project:

  1. Get the project ID for the project that the cluster was created in and the project number for the fleet host project.

    gcloud

    Run the following command:

    gcloud projects list

    Console

    1. Go to the Dashboard page in the Google Cloud console.

      Go to the Dashboard page

    2. Click the Select from drop-down list at the top of the page. In the Select from window that appears, select your project.

      The project ID is displayed on the project Dashboard Project info card.

  2. Create an environment variable for the project ID of the project that the cluster was created in: 

    export PROJECT_ID=YOUR_PROJECT_ID

  3. Create an environment variable for the project number of the fleet host project.

    export FLEET_PROJECT_NUMBER=YOUR_FLEET_PROJECT_NUMBER

  4. Set the required Identity and Access Management (IAM) roles. If you are a Project Owner, you have all the necessary permissions to complete the installation and register your cluster with your fleet. If you aren't a Project Owner, you need someone who is to grant you the following specific IAM roles. In the following command GCP_EMAIL_ADDRESS is the account that you use to log in to Google Cloud.

    ROLES=(
'roles/servicemanagement.admin' \
'roles/serviceusage.serviceUsageAdmin' \
'roles/meshconfig.admin' \
'roles/compute.admin' \
'roles/container.admin' \
'roles/resourcemanager.projectIamAdmin' \
'roles/iam.serviceAccountAdmin' \
'roles/iam.serviceAccountKeyAdmin' \
'roles/gkehub.admin')
for role in "${ROLES[@]}"
do
  gcloud projects add-iam-policy-binding ${PROJECT_ID} \
    --member "user:GCP_EMAIL_ADDRESS" \
    --role="$role"
done

  5. Enable the following APIs:

    gcloud services enable \
    --project=${PROJECT_ID} \
    container.googleapis.com \
    compute.googleapis.com \
    monitoring.googleapis.com \
    logging.googleapis.com \
    cloudtrace.googleapis.com \
    meshca.googleapis.com \
    meshtelemetry.googleapis.com \
    meshconfig.googleapis.com \
    iamcredentials.googleapis.com \
    gkeconnect.googleapis.com \
    gkehub.googleapis.com \
    cloudresourcemanager.googleapis.com \
    stackdriver.googleapis.com

    Enabling the APIs can take a minute or more to complete. When the APIs are enabled, you see output similar to the following:

    Operation "operations/acf.601db672-88e6-4f98-8ceb-aa3b5725533c" finished
successfully.