This project describes a way to automate the creation of different Google Cloud resources using google-api-python-client.

Following Google Cloud resources and actions are automatically created:

• Creation Google Cloud Project.
• Linking a project to a Billing account.
• Enabling Google services, a.k.a Google APIs (i.e. compute API, Kubernetes Engine API).
• Creation k8s cluster.
• Creation service account to manage the newly created k8s cluster.
• Granting new roles to the newly created service account.
• Creation service account private key (JSON format).

• Python 3.
• pip package manager.
• virtualenv.
• gcloud.

1. Create a new Python virtual environment.

$virtualenv python-env-gcp -p python3

2. Enable the newly created virtual environment.

$source python-env-gcp/bin/activate

3. Install required Python packages.

$pip install -r requirements.txt

1. Run the following command to authenticate by using a Google account. You will have to give consent to Google Auth Library app.

$gcloud auth application-default login

After you have given consent, you can find your credentials in "~/.config/gcloud/application_default_credentials.json.

This newly created file has the following content:

     {
        "client_id": "<client_id>",
        "client_secret": "<client_secret>",
        "refresh_token": "<refresh_token>",
        "type": "authorized_user"
     }

GoogleCredentials will take care of authentication via Oauth2. This will search for the JSON file named application_default_credentials.json in the directory described above.

1. Run the Python script create-project-k8s.py.

$python create-project-k8s.py

This script will create the resources described above. Yo can find the service account private key (sa_service-account-k8s-cluster_privatekey.json) in the root of this project once it is created.

We will need to make an extra configuration on our cluster. First, change the name of your GCP project and the k8s cluster in both files config_gcloud.sh and install_helm.sh. In order to expose the app to the internet, we will configure Ingress-Nginx. To do so, run the script config_gcloud.sh.

$ ./config_gcloud.sh

This script will copy the script install_helm.sh to our Google Cloud Shell which will configure gcloud to point to the correct project/zone, install Helm V3 and finally install Ingress_Nginx via Helm.

Running the script will create a pair of SSH keys for Google Cloud in your home directory at ~/.ssh.

If you wish to deploy an application using the service account just created, you can follow the pipeline described in the project full-stack-app, app written using React and Python-Flask.

1. Encrypt the service account JSON file using Travis CLI.
2. Paste the encrypted file to the root directory of that project and make a git push to master. That process will trigger a deployment in your k8s cluster.