in hack/deployer/runner/gke.go [97:174]
func (d *GKEDriver) Execute() error {
if err := authToGCP(
d.vaultClient, GKEVaultPath, GKEServiceAccountVaultFieldName,
d.plan.ServiceAccount, false, d.ctx[GoogleCloudProjectCtxKey],
); err != nil {
return err
}
exists, err := d.clusterExists()
if err != nil {
return err
}
switch d.plan.Operation {
case DeleteAction:
if exists {
err = d.delete()
} else {
log.Printf("not deleting as cluster doesn't exist")
}
case CreateAction:
if exists {
log.Printf("not creating as cluster exists")
} else {
if err := d.create(); err != nil {
return err
}
if err := d.bindRoles(); err != nil {
return err
}
}
if d.plan.Gke.Private {
log.Printf("a private cluster has been created, please retrieve credentials manually and create storage class and provider if needed")
log.Printf("to authorize a VM to access this cluster run the following command:\n"+
"$ gcloud container clusters update %s"+
" --region %s "+
"--enable-master-authorized-networks"+
" --master-authorized-networks <VM IP>/32",
d.plan.ClusterName, d.plan.Gke.Region)
log.Printf("you can then retrieve the credentials with the following command:\n"+
"$ gcloud container clusters get-credentials %s"+
" --region %s "+
" --project %s",
d.plan.ClusterName, d.plan.Gke.Region, d.plan.Gke.GCloudProject)
return nil
}
if err := d.GetCredentials(); err != nil {
return err
}
if err := d.copyBuiltInStorageClasses(); err != nil {
return err
}
if err := setupDisks(d.plan); err != nil {
return err
}
if err := createStorageClass(); err != nil {
return err
}
if d.plan.EnforceSecurityPolicies {
if err := kyverno.Install(); err != nil {
return err
}
// apply extra policies to prevent use of unlabeled storage classes which might escape garbage collection in CI
if err := apply(kyverno.GKEPolicies); err != nil {
return err
}
}
default:
err = fmt.Errorf("unknown operation %s", d.plan.Operation)
}
return err
}