- Increase Google Cloud Quotas
- Setup an Google Cloud service principal
- Enable the Secret Manager API
- (Optional) Setup a Github SSH key-pair
- Setup a Personal Access Token in Github
- Configure Github Secrets
There are a few Google Cloud default quotas that may need to be adjusted.
- VM instances
- Networks
Choose the region and set the limit to >= 30 in your request.
Note: The above quotas will be enough to deploy the infrastructure needed for installing TAP. Individual mileage may vary depending on existing resources.
First, authenticate to Google Cloud.
Do this only if you are planning on running Terraform scripts locally with an IAM user
gcloud auth login
Or set the necessary environment variables.
export GOOGLE_APPLICATION_CREDENTIALS=<path_to_your_principal_account_key>
Then visit the following Terraform module found here and follow the instructions in the README
This will create the service account (with appropriate roles) that will be used by all other Terraform modules.
Follow these instructions.
You will need to create a new public/private SSH key-pair in order to work with (i.e., pull from/push to) private git repositories (e.g., Github, Gitlab, Azure Devops).
Here's how to set up such a key-pair for named repo providers:
Also see Git Authentication.
A PAT is required so that workflows can add secrets to the repository in order to be used in downstream jobs. Documentation can be found here.
We are using this personal access token to create secrets for the
Setup some Github secrets with the SP credentials. Documentation can be found here. You might also consider using gh secret set command to set these individually. Or, after exporting all environment variables below, execute gh-secrets-setup.sh at the command-line passing google as an execution argument.
# The Google Cloud project that will host all resources created
export GOOGLE_PROJECT_ID=
# The base64-encoded contents of the Google Cloud project's service account key that has the authority to create cloud resources
export GOOGLE_SERVICE_ACCOUNT_KEY=You'll also want to create another secret whose value is the fine-grained personal token you created in the prior step.
export PA_TOKEN=