Cài Anthos trên VMware

Bước 1: Installing Cloud SDK

Link tham khảo: https://cloud.google.com/anthos/clusters/docs/on-prem/1.8/how-to/cloud-sdk 

Bước 2: Creating Cloud project

Link tham khảo: https://cloud.google.com/anthos/clusters/docs/on-prem/1.8/how-to/multiple-gcp-projects 

Bước 3: Creating Service accounts and keys

Link tham khảo: https://cloud.google.com/anthos/clusters/docs/on-prem/1.8/how-to/service-accounts 

To create a component access service account

gcloud iam service-accounts create ssi-anthos \

    --display-name "them vao de lam poc" \

    --project gms-lab

To create a JSON key for your component access service account

gcloud iam service-accounts keys create ssi-anthos.json \

   --iam-account ssi-anthos@gms-lab.iam.gserviceaccount.com

Granting roles to your component access service account

gcloud projects add-iam-policy-binding gms-lab \

    --member "serviceAccount:ssi-anthos@gms-lab.iam.gserviceaccount.com" \

    --role "roles/serviceusage.serviceUsageViewer"

gcloud projects add-iam-policy-binding gms-lab \

    --member "serviceAccount:ssi-anthos@gms-lab.iam.gserviceaccount.com" \

    --role "roles/iam.roleViewer"

gcloud projects add-iam-policy-binding gms-lab \

    --member "serviceAccount:ssi-anthos@gms-lab.iam.gserviceaccount.com" \

    --role "roles/iam.serviceAccountCreator"

Connect-register service account

gcloud iam service-accounts create ssi-anthos \

    --project gms-lab

gcloud projects add-iam-policy-binding gms-lab \

    --member "serviceAccount:ssi-anthos@gms-lab.iam.gserviceaccount.com" \

    --role "roles/gkehub.admin"

Logging-monitoring service account

gcloud iam service-accounts create logging-monitoring-sa \

    --project=gms-lab

gcloud iam service-accounts keys create logging-monitoring-key.json \

    --iam-account ssi-anthos@gms-lab.iam.gserviceaccount.com

gcloud projects add-iam-policy-binding gms-lab \

    --member "serviceAccount:ssi-anthos@gms-lab.iam.gserviceaccount.com" \

    --role "roles/stackdriver.resourceMetadata.writer"

gcloud projects add-iam-policy-binding gms-lab \

    --member "serviceAccount:ssi-anthos@gms-lab.iam.gserviceaccount.com" \

    --role "roles/logging.logWriter"

gcloud projects add-iam-policy-binding gms-lab \

    --member "serviceAccount:ssi-anthos@gms-lab.iam.gserviceaccount.com" \

    --role "roles/monitoring.metricWriter"

gcloud projects add-iam-policy-binding gms-lab \

    --member "serviceAccount:ssi-anthos@gms-lab.iam.gserviceaccount.com" \

    --role "roles/monitoring.dashboardEditor"

Bước 4: Creating an admin workstation

Link tham khảo: https://cloud.google.com/anthos/clusters/docs/on-prem/1.8/how-to/create-admin-workstation 

a. Download gkeadm to your current directory.

gsutil cp gs://gke-on-prem-release/admin-appliance/1.8.1-gke.7/gke-on-prem-admin-appliance-vsphere-1.8.1-gke.7.ova ./

b. Generate templates 

./gkeadm create config 

Yêu cầu không dùng phím space để căn lề thay vào đó phím tab

c. Sửa file credential.yaml  (Dùng lệnh nano/vi/vim để chỉnh sửa)

apiVersion: v1

kind: CredentialFile

# list of credentials

items:

# reference name for this credential entry

- name: vCenter

  username: "administrator@exsi.gimasys.com"

  password: "Gms@2021"

d. Sửa file admin-ws-config.yaml (Dùng lệnh nano/vi/vim để chỉnh sửa)

 gcp:

  # Path of the component access service account's JSON key file

  componentAccessServiceAccountKeyPath: "/home/gms/ssi-anthos.json"

# Specify which vCenter resources to use

vCenter:

  # The credentials and address GKE On-Prem should use to connect to vCenter

  credentials:

    address: "192.168.10.210"

    # reference to vCenter credentials file

    fileRef:

      # read credentials from this file

      path: credential.yaml

      # entry in the credential file

      entry: vCenter

  datacenter: "Datacenter1"

  datastore: "datastore2"

  cluster: "Anthos-Cluster"

  network: "VM Network"

  # vSphere vm folder to deploy vms into. defaults to datacenter top level folder

  folder: ""

  resourcePool: "Anthos-Cluster/Resources"

  # Provide the path to vCenter CA certificate pub key for SSL verification

  caCertPath: "/home/gms/vcent-ca-cert.pem"

# The URL of the proxy for the jump host

proxyUrl: ""

adminWorkstation:

  name: gke-admin-ws-210729-045916

  cpus: 4

  memoryMB: 8192

  # The boot disk size of the admin workstation in GB. It is recommended to use a

  # disk with at least 50 GB to host images decompressed from the bundle.

  diskGB: 50

  # Name for the persistent disk to be mounted to the home directory (ending in .vmdk).

  # Any directory in the supplied path must be created before deployment.

  dataDiskName: gke-on-prem-admin-workstation-data-disk/gke-admin-ws-210729-045916-data-disk.vmdk

  # The size of the data disk in MB.

  dataDiskMB: 512

  network:

    # The IP allocation mode: 'dhcp' or 'static'

    ipAllocationMode: "static"

    # # The host config in static IP mode. Do not include if using DHCP

    hostConfig:

    #   # The IPv4 static IP address for the admin workstation

        ip: "192.168.10.81"

    #   # The IP address of the default gateway of the subnet in which the admin workstation

    #   # is to be created

        gateway: "192.168.10.1"

    #   # The subnet mask of the network where you want to create your admin workstation

        netmask: "255.255.255.0"

    #   # The list of DNS nameservers to be used by the admin workstation

        dns:

        - "8.8.8.8"

  # The URL of the proxy for the admin workstation

  proxyUrl: ""

  ntpServer: 0.asia.pool.ntp.org

e. Chạy file cấu hình

./gkeadm create admin-workstation

Chú ý khi muốn cài lại làm các bước xóa resource sau: 

a. Xóa VM ->Delete from disk

b. Xóa dữ liệu trong Disk