mirror of
https://github.com/edgelesssys/constellation.git
synced 2025-01-15 09:27:19 -05:00
35 lines
1.7 KiB
Markdown
35 lines
1.7 KiB
Markdown
|
# IAM configuration for GCP
|
||
|
|
||
|
This terraform script creates the necessary GCP IAM configuration to be attached to Constellation nodes.
|
||
|
|
||
|
You can create the configuration with the following commands:
|
||
|
|
||
|
```sh
|
||
|
mkdir constellation_gcp_iam
|
||
|
cd constellation_gcp_iam
|
||
|
curl --remote-name-all https://raw.githubusercontent.com/edgelesssys/constellation/main/hack/terraform/gcp/iam/{main.tf,output.tf,variables.tf,.terraform.lock.hcl}
|
||
|
terraform init
|
||
|
terraform apply
|
||
|
```
|
||
|
|
||
|
The following terraform output values are available (with their corresponding keys in the Constellation configuration file):
|
||
|
- `sa_key` - **Sensitive Value**
|
||
|
- `region` (region)
|
||
|
- `zone` (zone)
|
||
|
- `project_id` (project)
|
||
|
|
||
|
You can either get the values from the Terraform output and manually add them to your Constellation configuration file according to our [Documentation](https://docs.edgeless.systems/constellation/getting-started/first-steps). (If you add the values manually, you need to base64-decode the `sa_key` value and place it in a JSON file, then specify the path to this file in the Constellation configuration file for the `serviceAccountKeyPath` key.)
|
||
|
|
||
|
Or you can setup the constellation configuration file automaticcaly with the following commands:
|
||
|
```sh
|
||
|
terraform output sa_key | sed "s/\"//g" | base64 --decode | tee gcpServiceAccountKey.json
|
||
|
yq -i "
|
||
|
.provider.gcp.serviceAccountKeyPath = \"$(realpath gcpServiceAccountKey.json)\" |
|
||
|
.provider.gcp.project = $(terraform output project_id) |
|
||
|
.provider.gcp.region = $(terraform output region) |
|
||
|
.provider.gcp.zone = $(terraform output zone)
|
||
|
" path/to/constellation-conf.yaml
|
||
|
```
|
||
|
|
||
|
Where `path/to/constellation-conf.yaml` is the path to your Constellation configuration file.
|