git clone --recurse-submodules https://github.com/starkandwayne/bootstrap-gke.git
cd bootstrap-gke

direnv allow
# or
export PATH=$PWD/bin:$PWD/vendor/helm-tiller-manager/bin:$PATH

Login to Google Cloud:

gcloud auth login

Target a Google Cloud region/zone:

gcloud config set compute/region australia-southeast1
gcloud config set compute/zone   australia-southeast1-a

To deploy a GKE cluster:

bootstrap-gke up

But there are many subsystems that can be conveniently deployed after your cluster is setup:

$ bootstrap-gke
Bootstrap GKE and subsystems:
  up [--helm|--tiller] -- deploys secure Helm
     [--cf|--eirini]   -- deploys Cloud Foundry/Eirini
     [--kpack]         -- deploys kpack to build images with buildpacks
     [--tekton]        -- deploys Tekton CD
     [--knative]       -- deploys Knative Build/Serving/Istio
     [--knative-addr-name name] -- map GCP address to ingress gateway
     [--knative-build] -- deploys nightly Knative Build
     [--kubeapp]               -- deploys Kubeapps
     [--service-catalog|--sc]  -- deploys Helm/Service Catalog
     [--cf-broker]     -- deploys Helm/Service Catalog/Cloud Foundry Service Broker
  down                          -- destroys GKE cluster

There are several environment variables that can be set to override defaults:

: ${PROJECT_NAME:=$(gcloud config get-value core/project)}
: ${CLUSTER_REGION:=$(gcloud config get-value compute/region)}
: ${CLUSTER_ZONE:=$(gcloud config get-value compute/zone)}
: ${CLUSTER_NAME:="$(whoami)-dev"}
: ${CLUSTER_VERSION:=latest}
: ${MACHINE_TYPE:=n1-standard-2}

Helm v2 requires a Kubernetes-running component Tiller. The bootstrap-gke up --helm command (and others that depend on Helm for installation) will create Tiller for you.

It will also secure it with generated TLS certificates (stored in state/ folder, and copied into ~/.helm).

To use helm commands yourself, please set the following env var to tell helm to use TLS:

export HELM_TLS_VERIFY=true

Put that in your .profile for all terminal sessions.

To bootstrap GKE, and then install Cloud Foundry (with Eirini/Quarks) use the --cf flag:

bootstrap-gke up --cf

You can override some defaults by setting the following environment variables before running the command above:

: ${CF_SYSTEM_DOMAIN:=scf.suse.dev}
: ${CF_NAMESPACE:=scf}

Currently this CF deployment does not setup a public ingress into the Cloud Foundry router. But fear not. You can run kwt net start to proxy any requests to CF or to applications running on CF from your local machine.

The kwt CLI can be installed to MacOS with Homebrew:

brew install k14s/tap/kwt

Run the helper script to configure and run kwt net start proxy services:

./resources/eirini/kwt.sh

Provide your sudo root password at the prompt.

The kwt net start command launches a new pod kwt-net in the scf namespace, which is used to proxy your traffic into the cluster.

The kwt proxy is ready when the output looks similar to:

...
07:17:27AM: info: KubeEntryPoint: Waiting for networking pod 'kwt-net' in namespace 'scf' to start...
...
07:17:47AM: info: ForwardingProxy: Ready!

In another terminal you can now cf login and cf push apps:

cf login -a https://api.scf.suse.dev --skip-ssl-validation -u admin \
   -p "$(kubectl get secret -n scf scf.var-cf-admin-password -o json | jq -r .data.password | base64 -D)"

You can now create organizations, spaces, and deploy applications:

cf create-space dev
cf target -s dev

Next, upgrade all the installed buildpacks:

curl https://raw.githubusercontent.com/starkandwayne/update-all-cf-buildpacks/master/update-only.sh | bash

Find sample applications at https://github.com/cloudfoundry-samples.

git clone https://github.com/cloudfoundry-samples/cf-sample-app-nodejs
cd cf-sample-app-nodejs
cf push

Load the application URL into your browser, accept the risks of "insecure" self-signed certificates, and your application will look like:

To destroy the GKE cluster:

bootstrap-gke down