gcp integrator #14

Supports: xenial bionic
Add to new model


This charm can grant select permissions to instances of applications related to it which enable integration with GCP specific features, such as firewalls, load balancing, block storage, object storage, etc.


This charm acts as a proxy to GCP and provides an interface to apply a certain set of changes via roles, profiles, and tags to the instances of the applications that are related to this charm.


When on GCP, this charm can be deployed, granted trust via Juju to access GCP, and then related to an application that supports the interface.

For example, CDK has support for this, and can be deployed with the following bundle overlay:

    charm: cs:~containers/gcp-integrator
    num_units: 1
  - ['gcp-integrator', 'kubernetes-master']
  - ['gcp-integrator', 'kubernetes-worker']

Then deploy CDK using this overlay:

juju deploy cs:canonical-kubernetes --overlay ./k8s-gcp-overlay.yaml

The charm then needs to be granted access to credentials that it can use to setup integrations. Using Juju 2.4 or later, you can easily grant access to the credentials used deploy the integrator itself:

juju trust gcp-integrator

To deploy with earlier versions of Juju, or if you wish to provide it different credentials, you will need to provide the cloud credentials via the credentials, charm config options.

Note: The credentials used must be enabled to use the API to inspect the instances connecting to it, enable a service account for those instances, assign roles to those instances, and create custom roles.

Resource Usage Note

By relating to this charm, other charms can directly allocate resources, such as PersistentDisk volumes and Load Balancers, which could lead to cloud charges and count against quotas. Because these resources are not managed by Juju, they will not be automatically deleted when the models or applications are destroyed, nor will they show up in Juju's status or GUI. It is therefore up to the operator to manually delete these resources when they are no longer needed, using the Google Cloud console or API.


Following are some examples using GCP integration with CDK.

Creating a pod with a PersistentDisk-backed volume

This script creates a busybox pod with a persistent volume claim backed by GCE's PersistentDisk.


# create a storage class using the `kubernetes.io/gce-pd` provisioner
kubectl create -f - <<EOY
apiVersion: storage.k8s.io/v1
kind: StorageClass
  name: gce-standard
provisioner: kubernetes.io/gce-pd
  type: pd-standard

# create a persistent volume claim using that storage class
kubectl create -f - <<EOY
kind: PersistentVolumeClaim
apiVersion: v1
  name: testclaim
    - ReadWriteOnce
      storage: 100Mi
  storageClassName: gce-standard

# create the busybox pod with a volume using that PVC:
kubectl create -f - <<EOY
apiVersion: v1
kind: Pod
  name: busybox
  namespace: default
    - image: busybox
        - sleep
        - "3600"
      imagePullPolicy: IfNotPresent
      name: busybox
        - mountPath: "/pv"
          name: testvolume
  restartPolicy: Always
    - name: testvolume
        claimName: testclaim

Creating a service with a GCE load-balancer

The following script starts the hello-world pod behind a GCE-backed load-balancer.


kubectl run hello-world --replicas=5 --labels="run=load-balancer-example" --image=gcr.io/google-samples/node-hello:1.0  --port=8080
kubectl expose deployment hello-world --type=LoadBalancer --name=hello
watch kubectl get svc -o wide --selector=run=load-balancer-example


(string) The base64-encoded contents of an GCP credentials JSON file. This can be used from bundles with 'include-base64://' (see https://jujucharms.com/docs/stable/charms-bundles#setting-charm-configurations-options-in-a-bundle), or from the command-line with 'juju config gcp credentials="$(base64 /path/to/file)"'. It is strongly recommended that you use 'juju trust' instead, if available.
(string) DEPRECATED. Use snap-http-proxy and snap-https-proxy model configuration settings. HTTP/HTTPS web proxy for Snappy to use when accessing the snap store.
(string) DEPRECATED. Use snap-store-proxy model configuration setting. The address of a Snap Store Proxy to use for snaps e.g. http://snap-proxy.example.com
(string) How often snapd handles updates for installed snaps. The default (an empty string) is 4x per day. Set to "max" to check once per month based on the charm deployment date. You may also set a custom string as described in the 'refresh.timer' section here: https://forum.snapcraft.io/t/system-options/87