Skip to content

Create GCP Infrastructure

We provision infrastructure using terraform. The terraform code can be found in our infrastructure as code repository.

Initialise GCP Resources

Before the EuroDaT cluster can be provisioned, you need to create a project and a service account and obtain the credentials for the service account. Additionally, you'll need to

  • a static external IPs and register a domain name/create a DNS record for them
  • create a customer managed encryption key (CMEK).

You need a unique external static IP address and DNS record for every cluster you want to deploy. You can reserve a static external IP as follows:

  1. Go to Google console > VPC network > IP addresses > Reserve a static address.
  2. Fill out the form and choose the same region as for your cluster (or set the type of the IP address to global).
  3. Register a domain name for the IP address you've obtained. This is necessary to be issued TLS certificates via ACME.

Create a CMEK and, if necessary, a keyring at Google console > Security > Key Management.

The GCP deployments output two kubeconfig files per cluster. Two files kube_config_int and kube_config_ext contain short-lived access tokens are intended to be used by pipeline jobs. They are useless after the token has expired. The files with the _gke_auth suffix are intended to be used by developers for debugging purposes and require Google's gke-gcloud-auth-plugin for kubectl to function, but don't contain any secrets.

Provision EuroDaT Infrastructure

You can manually run terraform to provision the infrastructure as defined in our terraform code, but we strongly recommend that you use our framework to provision EuroDaT's infrastructure and deploy cluster resources. For that, continue at Deploy using GitOps.