> ## Documentation Index > Fetch the complete documentation index at: https://docs.siderolabs.com/llms.txt > Use this file to discover all available pages before exploring further. # GCP > Creating a cluster via the CLI on Google Cloud Platform. export const version_v1_13 = 'v1.13'; export const release_v1_13 = 'v1.13.1'; export const VersionWarningBanner = () => { const latestVersion = "v1.13"; const [latestUrl, setLatestUrl] = useState(null); const [currentVersion, setCurrentVersion] = useState(null); const [isBeta, setIsBeta] = useState(false); const parseVersion = v => v.replace("v", "").split(".").map(Number); const isGreaterVersion = (a, b) => { const [aMajor, aMinor] = parseVersion(a); const [bMajor, bMinor] = parseVersion(b); if (aMajor > bMajor) return true; if (aMajor === bMajor && aMinor > bMinor) return true; return false; }; useEffect(() => { if (typeof window === "undefined") return; const {pathname, hash, search} = window.location; const match = pathname.match(/\/talos\/(v\d+\.\d+)\//); if (!match) return; const detectedVersion = match[1]; if (detectedVersion === latestVersion) return; setCurrentVersion(detectedVersion); if (isGreaterVersion(detectedVersion, latestVersion)) { setIsBeta(true); } const newPath = pathname.replace(`/talos/${detectedVersion}/`, `/talos/${latestVersion}/`); setLatestUrl(`${newPath}${search}${hash}`); }, []); if (!latestUrl || !currentVersion) return null; return

{isBeta ? <> ⚠️ You are viewing a beta version of Talos ({currentVersion}). This version may be unstable. View latest stable version {latestVersion} → : <> ⚠️ You are viewing an older version of Talos ({currentVersion}). View the latest version {latestVersion} → }

; }; ## Creating a cluster via the CLI In this guide, we will create an HA Kubernetes cluster in GCP with 1 worker node. We will assume an existing [Cloud Storage bucket](https://cloud.google.com/storage/docs/creating-buckets), and some familiarity with Google Cloud. If you need more information on Google Cloud specifics, please see the [official Google documentation](https://cloud.google.com/docs/). [jq](https://stedolan.github.io/jq/) and [talosctl](../../getting-started/quickstart#talosctl) also needs to be installed ## Manual setup ### Environment setup We'll make use of the following environment variables throughout the setup. Edit the variables below with your correct information. ```bash theme={null} # Storage account to use export STORAGE_BUCKET="StorageBucketName" # Region export REGION="us-central1" ``` ### Create the image First, download the Google Cloud image from [Image Factory](https://factory.talos.dev/). These images are called `gcp-$ARCH.tar.gz`. #### Upload the image Once you have downloaded the image, you can upload it to your storage bucket with: ```bash theme={null} gsutil cp /path/to/gcp-amd64.tar.gz gs://$STORAGE_BUCKET ``` #### Register the image Now that the image is present in our bucket, we'll register it. ```bash theme={null} gcloud compute images create talos \ --source-uri=gs://$STORAGE_BUCKET/gcp-amd64.tar.gz \ --guest-os-features=VIRTIO_SCSI_MULTIQUEUE ``` ### Network infrastructure #### Load balancers and firewalls Once the image is prepared, we'll want to work through setting up the network. Issue the following to create a firewall, load balancer, and their required components. `130.211.0.0/22` and `35.191.0.0/16` are the GCP [Load Balancer IP ranges](https://cloud.google.com/load-balancing/docs/health-checks#fw-rule) ```bash theme={null} # Create Instance Group gcloud compute instance-groups unmanaged create talos-ig \ --zone $REGION-b # Create port for IG gcloud compute instance-groups set-named-ports talos-ig \ --named-ports tcp6443:6443 \ --zone $REGION-b # Create health check gcloud compute health-checks create tcp talos-health-check --port 6443 # Create backend gcloud compute backend-services create talos-be \ --global \ --protocol TCP \ --health-checks talos-health-check \ --timeout 5m \ --port-name tcp6443 # Add instance group to backend gcloud compute backend-services add-backend talos-be \ --global \ --instance-group talos-ig \ --instance-group-zone $REGION-b # Create tcp proxy gcloud compute target-tcp-proxies create talos-tcp-proxy \ --backend-service talos-be \ --proxy-header NONE # Create LB IP gcloud compute addresses create talos-lb-ip --global # Forward 443 from LB IP to tcp proxy gcloud compute forwarding-rules create talos-fwd-rule \ --global \ --ports 443 \ --address talos-lb-ip \ --target-tcp-proxy talos-tcp-proxy # Create firewall rule for health checks gcloud compute firewall-rules create talos-controlplane-firewall \ --source-ranges 130.211.0.0/22,35.191.0.0/16 \ --target-tags talos-controlplane \ --allow tcp:6443 # Create firewall rule to allow talosctl access gcloud compute firewall-rules create talos-controlplane-talosctl \ --source-ranges 0.0.0.0/0 \ --target-tags talos-controlplane \ --allow tcp:50000 ``` ### Cluster configuration With our networking bits setup, we'll fetch the IP for our load balancer and create our configuration files. ```bash theme={null} LB_PUBLIC_IP=$(gcloud compute forwarding-rules describe talos-fwd-rule \ --global \ --format json \ | jq -r .IPAddress) talosctl gen config talos-k8s-gcp-tutorial https://${LB_PUBLIC_IP}:443 ``` Additionally, you can specify [machine configuration patches](../../configure-your-talos-cluster/system-configuration/patching#configuration-patching-with-talosctl-cli) which will be applied during the config generation. ### Compute creation We are now ready to create our GCP nodes. ```bash theme={null} # Create the control plane nodes. for i in $( seq 0 2 ); do gcloud compute instances create talos-controlplane-$i \ --image talos \ --zone $REGION-b \ --tags talos-controlplane,talos-controlplane-$i \ --boot-disk-size 20GB \ --metadata-from-file=user-data=./controlplane.yaml done # Add control plane nodes to instance group for i in $( seq 0 2 ); do gcloud compute instance-groups unmanaged add-instances talos-ig \ --zone $REGION-b \ --instances talos-controlplane-$i done # Create worker gcloud compute instances create talos-worker-0 \ --image talos \ --zone $REGION-b \ --boot-disk-size 20GB \ --metadata-from-file=user-data=./worker.yaml \ --tags talos-worker-$i ``` ### Bootstrap etcd You should now be able to interact with your cluster with `talosctl`. We will need to discover the public IP for our first control plane node first. ```bash theme={null} CONTROL_PLANE_0_IP=$(gcloud compute instances describe talos-controlplane-0 \ --zone $REGION-b \ --format json \ | jq -r '.networkInterfaces[0].accessConfigs[0].natIP') ``` Set the `endpoints` and `nodes`: ```bash theme={null} talosctl --talosconfig talosconfig config endpoint $CONTROL_PLANE_0_IP talosctl --talosconfig talosconfig config node $CONTROL_PLANE_0_IP ``` Bootstrap `etcd`: ```bash theme={null} talosctl --talosconfig talosconfig bootstrap ``` ### Retrieve the `kubeconfig` At this point we can retrieve the admin `kubeconfig` by running: ```bash theme={null} talosctl --talosconfig talosconfig kubeconfig . ``` ### Cleanup ```bash theme={null} # cleanup VM's gcloud compute instances delete \ talos-worker-0 \ talos-controlplane-0 \ talos-controlplane-1 \ talos-controlplane-2 # cleanup firewall rules gcloud compute firewall-rules delete \ talos-controlplane-talosctl \ talos-controlplane-firewall # cleanup forwarding rules gcloud compute forwarding-rules delete \ talos-fwd-rule # cleanup addresses gcloud compute addresses delete \ talos-lb-ip # cleanup proxies gcloud compute target-tcp-proxies delete \ talos-tcp-proxy # cleanup backend services gcloud compute backend-services delete \ talos-be # cleanup health checks gcloud compute health-checks delete \ talos-health-check # cleanup unmanaged instance groups gcloud compute instance-groups unmanaged delete \ talos-ig # cleanup Talos image gcloud compute images delete \ talos ``` ## Using GCP deployment manager Using GCP deployment manager automatically creates a Google Storage bucket and uploads the Talos image to it. Once the deployment is complete the generated `talosconfig` and `kubeconfig` files are uploaded to the bucket. By default this setup creates a three node control plane and a single worker in `us-west1-b` First we need to create a folder to store our deployment manifests and perform all subsequent operations from that folder. ```bash theme={null} mkdir -p talos-gcp-deployment cd talos-gcp-deployment ``` ### Getting the deployment manifests We need to download two deployment manifests for the deployment from the Talos github repository. {` curl -fsSLO "https://raw.githubusercontent.com/siderolabs/talos/master/website/content/${version_v1_13}/talos-guides/install/cloud-platforms/gcp/config.yaml" curl -fsSLO "https://raw.githubusercontent.com/siderolabs/talos/master/website/content/${version_v1_13}/talos-guides/install/cloud-platforms/gcp/talos-ha.jinja" # if using ccm curl -fsSLO "https://raw.githubusercontent.com/siderolabs/talos/master/website/content/${version_v1_13}/talos-guides/install/cloud-platforms/gcp/gcp-ccm.yaml" `} ### Updating the config Now we need to update the local `config.yaml` file with any required changes such as changing the default zone, Talos version, machine sizes, nodes count etc. An example `config.yaml` file is shown below: {` imports: - path: talos-ha.jinja resources: - name: talos-ha type: talos-ha.jinja properties: zone: us-west1-b talosVersion: ${release_v1_13} externalCloudProvider: false controlPlaneNodeCount: 5 controlPlaneNodeType: n1-standard-1 workerNodeCount: 3 workerNodeType: n1-standard-1 outputs: - name: bucketName value: $(ref.talos-ha.bucketName) `} #### Enabling external cloud provider Note: The `externalCloudProvider` property is set to `false` by default. The manifest used for deploying the ccm (cloud controller manager) is currently using the GCP ccm provided by openshift since there are no public images for the [ccm](https://github.com/kubernetes/cloud-provider-gcp) yet. > Since the routes controller is disabled while deploying the CCM, the CNI pods needs to be restarted after the CCM deployment is complete to remove the `node.kubernetes.io/network-unavailable` taint. > See [Nodes network-unavailable taint not removed after installing ccm](https://github.com/kubernetes/cloud-provider-gcp/issues/291) for more information Use a custom built image for the ccm deployment if required. ### Creating the deployment Now we are ready to create the deployment. Confirm with `y` for any prompts. Run the following command to create the deployment: ```bash theme={null} # use a unique name for the deployment, resources are prefixed with the deployment name export DEPLOYMENT_NAME="" gcloud deployment-manager deployments create "${DEPLOYMENT_NAME}" --config config.yaml ``` ### Retrieving the outputs First we need to get the deployment outputs. ```bash theme={null} # first get the outputs OUTPUTS=$(gcloud deployment-manager deployments describe "${DEPLOYMENT_NAME}" --format json | jq '.outputs[]') BUCKET_NAME=$(jq -r '. | select(.name == "bucketName").finalValue' <<< "${OUTPUTS}") # used when cloud controller is enabled SERVICE_ACCOUNT=$(jq -r '. | select(.name == "serviceAccount").finalValue' <<< "${OUTPUTS}") PROJECT=$(jq -r '. | select(.name == "project").finalValue' <<< "${OUTPUTS}") ``` Note: If cloud controller manager is enabled, the below command needs to be run to allow the controller custom role to access cloud resources ```bash theme={null} gcloud projects add-iam-policy-binding \ "${PROJECT}" \ --member "serviceAccount:${SERVICE_ACCOUNT}" \ --role roles/iam.serviceAccountUser gcloud projects add-iam-policy-binding \ "${PROJECT}" \ --member serviceAccount:"${SERVICE_ACCOUNT}" \ --role roles/compute.admin gcloud projects add-iam-policy-binding \ "${PROJECT}" \ --member serviceAccount:"${SERVICE_ACCOUNT}" \ --role roles/compute.loadBalancerAdmin ``` ### Downloading talos and kubeconfig In addition to the `talosconfig` and `kubeconfig` files, the storage bucket contains the `controlplane.yaml` and `worker.yaml` files used to join additional nodes to the cluster. ```bash theme={null} gsutil cp "gs://${BUCKET_NAME}/generated/talosconfig" . gsutil cp "gs://${BUCKET_NAME}/generated/kubeconfig" . ``` ### Deploying the cloud controller manager ```bash theme={null} kubectl \ --kubeconfig kubeconfig \ --namespace kube-system \ apply \ --filename gcp-ccm.yaml # wait for the ccm to be up kubectl \ --kubeconfig kubeconfig \ --namespace kube-system \ rollout status \ daemonset cloud-controller-manager ``` If the cloud controller manager is enabled, we need to restart the CNI pods to remove the `node.kubernetes.io/network-unavailable` taint. ```bash theme={null} # restart the CNI pods, in this case flannel kubectl \ --kubeconfig kubeconfig \ --namespace kube-system \ rollout restart \ daemonset kube-flannel # wait for the pods to be restarted kubectl \ --kubeconfig kubeconfig \ --namespace kube-system \ rollout status \ daemonset kube-flannel ``` ### Check cluster status ```bash theme={null} kubectl \ --kubeconfig kubeconfig \ get nodes ``` ### Cleanup deployment Warning: This will delete the deployment and all resources associated with it. Run below if cloud controller manager is enabled ```bash theme={null} gcloud projects remove-iam-policy-binding \ "${PROJECT}" \ --member "serviceAccount:${SERVICE_ACCOUNT}" \ --role roles/iam.serviceAccountUser gcloud projects remove-iam-policy-binding \ "${PROJECT}" \ --member serviceAccount:"${SERVICE_ACCOUNT}" \ --role roles/compute.admin gcloud projects remove-iam-policy-binding \ "${PROJECT}" \ --member serviceAccount:"${SERVICE_ACCOUNT}" \ --role roles/compute.loadBalancerAdmin ``` Now we can finally remove the deployment ```bash theme={null} # delete the objects in the bucket first gsutil -m rm -r "gs://${BUCKET_NAME}" gcloud deployment-manager deployments delete "${DEPLOYMENT_NAME}" --quiet ```