{"id":16216001,"url":"https://github.com/jakebogie/builder-gcp","last_synced_at":"2025-04-07T22:42:46.160Z","repository":{"id":241209759,"uuid":"162366258","full_name":"JakeBogie/builder-gcp","owner":"JakeBogie","description":"Pivotal on GCP - An install guide to promote PA mindfulness","archived":false,"fork":false,"pushed_at":"2020-06-24T20:39:17.000Z","size":23,"stargazers_count":2,"open_issues_count":0,"forks_count":0,"subscribers_count":0,"default_branch":"master","last_synced_at":"2025-02-14T00:15:39.333Z","etag":null,"topics":["bosh","control-plane","gcp","iaas","ops-manager","pas","pcf","pks"],"latest_commit_sha":null,"homepage":"","language":"HCL","has_issues":true,"has_wiki":null,"has_pages":null,"mirror_url":null,"source_name":null,"license":null,"status":null,"scm":"git","pull_requests_enabled":true,"icon_url":"https://github.com/JakeBogie.png","metadata":{"files":{"readme":"README.md","changelog":null,"contributing":null,"funding":null,"license":null,"code_of_conduct":null,"threat_model":null,"audit":null,"citation":null,"codeowners":null,"security":null,"support":null,"governance":null,"roadmap":null,"authors":null,"dei":null,"publiccode":null,"codemeta":null}},"created_at":"2018-12-19T01:33:07.000Z","updated_at":"2020-06-24T20:39:20.000Z","dependencies_parsed_at":"2024-05-23T02:45:38.157Z","dependency_job_id":"f39a1c2e-2670-413d-b7bb-1bb32ab87392","html_url":"https://github.com/JakeBogie/builder-gcp","commit_stats":null,"previous_names":["jakebogie/builder-gcp"],"tags_count":0,"template":false,"template_full_name":null,"repository_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/JakeBogie%2Fbuilder-gcp","tags_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/JakeBogie%2Fbuilder-gcp/tags","releases_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/JakeBogie%2Fbuilder-gcp/releases","manifests_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/JakeBogie%2Fbuilder-gcp/manifests","owner_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/owners/JakeBogie","download_url":"https://codeload.github.com/JakeBogie/builder-gcp/tar.gz/refs/heads/master","host":{"name":"GitHub","url":"https://github.com","kind":"github","repositories_count":247744283,"owners_count":20988781,"icon_url":"https://github.com/github.png","version":null,"created_at":"2022-05-30T11:31:42.601Z","updated_at":"2022-07-04T15:15:14.044Z","host_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub","repositories_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories","repository_names_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repository_names","owners_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/owners"}},"keywords":["bosh","control-plane","gcp","iaas","ops-manager","pas","pcf","pks"],"created_at":"2024-10-10T11:17:40.877Z","updated_at":"2025-04-07T22:42:46.141Z","avatar_url":"https://github.com/JakeBogie.png","language":"HCL","readme":"# Pivotal PCF on GCP for Platform Architects\n**An install guide to promote PA mindfulness**\n\n## Prerequisites\nThe [terraforming-gcp](https://github.com/pivotal-cf/terraforming-gcp/) project from [pivotal-cf](https://github.com/pivotal-cf).\n\nThe extremely helpful IaaS cleanup tool [leftovers](https://github.com/genevieve/leftovers) from [genevieve](https://github.com/genevieve).\n\nYou might find [direnv](https://direnv.net/) useful for this project and also in day to day tasks.\n\nLast but not least you need the [Google Cloud SDK](https://cloud.google.com/sdk/docs/).\n\nReady to get started?\n\n## STAGE 1 - GCP preparations\nThese preparation steps should be completed no matter what you are installing: Control-Plane, PAS, or PKS.\n\n### Pick an environment name\nYou will be replacing variables shortly that will require this name. Choose a name that you will be comfortable with. Example: `pcfv1`. This will be used later on as the following two variables: `env_name` and `ENV_NAME`\n\n### Clone the terraforming-gcp repository\nClone the [terraforming-gcp](https://github.com/pivotal-cf/terraforming-gcp/) repository for use.\n\n### Enable GCP API access for the following APIs:\nLogin to your GCP console and search for APIs \u0026 Services. Enable each of the APIs listed below:\n\n  - Identity and Access Management\n  - Cloud Resource Manager\n  - Cloud DNS\n  - Cloud SQL API\n  - Compute Engine API\n\nAlternately you can perform the following steps via the Google Cloud SDK\n```\ngcloud services enable iam.googleapis.com --async\ngcloud services enable cloudresourcemanager.googleapis.com --async\ngcloud services enable dns.googleapis.com --async\ngcloud services enable sqladmin.googleapis.com --async\ngcloud services enable compute.googleapis.com --async\n```\n\n### GCP service account setup:\nCreate a secure method of storing credentials and secrets someplace. You will be storing access keys, SSH keys, and certificates in this location. Choose wisely and don't commit credentials out to public repositories.\n\nPerform the following steps in the `secrets` directory and replace the variable `GCP-PROJECT` in the following commands with your GCP project ID.\n\nThis will create a `pcf-tform.key.json` file that you will use later in the setup of your Control-Plane, PAS, or PKS environments.\n```\ngcloud iam service-accounts create pcf-tform --display-name \"PCF Terraform Service Account\"\n\ngcloud iam service-accounts keys create \"pcf-tform.key.json\" --iam-account \"pcf-tform@GCP-PROJECT.iam.gserviceaccount.com\"\n\ngcloud projects add-iam-policy-binding GCP-PROJECT --member 'serviceAccount:pcf-tform@GCP-PROJECT.iam.gserviceaccount.com' --role 'roles/owner'\n```\n\n### Modify the base directory .envrc file\nChange the `BBL_GCP_SERVICE_ACCOUNT_KEY` variable path to the absolute path of your pcf-tform.key.json file that you created in the step above.\n```\nexport BBL_IAAS=gcp\nexport BBL_GCP_SERVICE_ACCOUNT_KEY=/home/abefroman/terraform/gcp/keys/pcf-tform.key.json\n```\n\n### Create a SSL config file\nIn your `secrets` directory copy the contents below into an `ssl.conf` file. Replace all of the following variables with the names you will be using:\n\n  - DOMAIN.IO: This variable is for the domain name that you will be using.\n  - ENV_NAME: This variable is the one you created above.\n\n__*(This example uses RSA-2048 encryption. Currently, only RSA-2048 and ECDSA P-256 encryption are supported by GCP Load Balancers.)*__\n```\n[ req ]\ndefault_bits       = 2048\ndistinguished_name = req_distinguished_name\nreq_extensions     = req_ext\n\n[ req_distinguished_name ]\ncountryName                 = Country Name (2 letter code)\ncountryName_default         = US\nstateOrProvinceName         = State or Province Name (full name)\nstateOrProvinceName_default = Illinois\nlocalityName                = Locality Name (eg, city)\nlocalityName_default        = Chicago\norganizationName            = Organization Name (eg, company)\norganizationName_default    = Froman\\'s Fine Meats\ncommonName                  = Common Name (e.g. server FQDN or YOUR name)\ncommonName_max              = 64\ncommonName_default          = *.ENV_NAME.DOMAIN.IO\n\n[ req_ext ]\nsubjectAltName = @alt_names\n\n[alt_names]\nDNS.1 = *.ENV_NAME.DOMAIN.IO\nDNS.2 = *.sys.ENV_NAME.DOMAIN.IO\nDNS.3 = *.apps.ENV_NAME.DOMAIN.IO\nDNS.5 = *.login.system.ENV_NAME.DOMAIN.IO\nDNS.6 = *.uaa.system.ENV_NAME.DOMAIN.IO\n```\n\n### Create a wildcard SSL certificate for all of your PCF components (browser SSL errors are annoying)\nPerform the following steps in your `secrets` directory.\n\n```\nopenssl genrsa -out wildcard.ENV_NAME.DOMAIN.IO.key 2048\n\nopenssl req -new -sha256 -key wildcard.ENV_NAME.DOMAIN.IO.key -out wildcard.ENV_NAME.DOMAIN.IO.csr -config wildcard.ENV_NAME.DOMAIN.IO.conf\n```\n\nUse this command to sign the cert with it's own key. __See below if you have a CA cert you can sign with.__\n\n```\nopenssl x509 -req -in wildcard.ENV_NAME.DOMAIN.IO.csr -out wildcard.ENV_NAME.DOMAIN.IO.io.crt -days 1095 -sha256 -extensions req_ext -extfile wildcard.ENV_NAME.DOMAIN.IO.conf -signkey wildcard.ENV_NAME.DOMAIN.IO.key\n```\n\nUse this command __if you have a CA cert__ that you can sign the cert with that you trust. :)\n\n```\nopenssl x509 -req -in wildcard.ENV_NAME.DOMAIN.IO.csr -CA ../ca/DOMAIN.IO.pem -CAkey ../ca/DOMAIN.IO.key -CAcreateserial -out wildcard.ENV_NAME.DOMAIN.IO.crt -days 3650 -sha256 -extensions req_ext -extfile wildcard.ENV_NAME.DOMAIN.IO.conf\n```\n\n__You are now ready to move on to building either a Control-Plane, PAS, or PKS instance.__\n\u003c!--- SAMPLE COMMENT ---\u003e\n","funding_links":[],"categories":[],"sub_categories":[],"project_url":"https://awesome.ecosyste.ms/api/v1/projects/github.com%2Fjakebogie%2Fbuilder-gcp","html_url":"https://awesome.ecosyste.ms/projects/github.com%2Fjakebogie%2Fbuilder-gcp","lists_url":"https://awesome.ecosyste.ms/api/v1/projects/github.com%2Fjakebogie%2Fbuilder-gcp/lists"}