gcp-config-sync: A Shell repository from dazdaz

# Setup Config Sync using Google Cloud Source Repo service

### For monitoring
gcloud iam service-accounts create monitoring \
    --description="service account for monitoring" \
    --display-name="monitoring"

gcloud iam service-accounts add-iam-policy-binding \
    monitoring@<project_name>.iam.gserviceaccount.com \
    --member="serviceAccount:monitoring@<project_name>.iam.gserviceaccount.com" \
    --role="roles/iam.serviceAccountUser"

gcloud iam service-accounts add-iam-policy-binding \
    --role roles/iam.workloadIdentityUser \
    --member "serviceAccount:<project_name>.svc.id.goog[config-management-monitoring/default]" \
    monitoring@<project_name>.iam.gserviceaccount.com

kubectl create ns config-management-system
# Add private key
kubectl create secret generic git-creds --namespace=config-management-system --from-file=ssh=/Users/<myuser>/.ssh/configsync-repokey

export PROJECT_ID=<projectname>
export PROJECT_NUMBER=$(gcloud projects describe $PROJECT_ID --format=json | jq -r .projectNumber)

gcloud projects add-iam-policy-binding $PROJECT_ID \
  --member serviceAccount:$PROJECT_NUMBER-compute@developer.gserviceaccount.com \
  --role roles/source.reader

gcloud projects add-iam-policy-binding <project> --member serviceAccount:888888888888-compute@developer.gserviceaccount.com --role roles/source.reader

# ~/.ssh/config
Host source.developers.google.com
    HostName source.developers.google.com
    User <user>@<name>.<domain>.com
    IdentityFile ~/.ssh/configsync-repokey

ssh-keygen -t rsa -b 4096 -C "source repo build" -f ~/.ssh/configsync-repokey -P ''
cat ~/.ssh/configsync-repokey.pub
Upload key to https://source.cloud.google.com/user/ssh_keys

# Test authentication
ssh -i ~/.ssh/configsync-repokey source.developers.google.com -p 2022
PTY allocation request failed on channel 0
shell request failed on channel 0

gcloud source repos create clusterspec-repo
gcloud source repos list
git clone ssh://<user>@<user>.<host>.com@source.developers.google.com:2022/p/<project>/r/<repo>

gcloud beta container fleet config-management apply --membership=<clustername1> --config=apply-spec.yaml --project=<project>
gcloud beta container fleet config-management status

kubectl logs -l "component=config-management-operator" -n config-management-system
kubectl logs -l "app=reconciler-manager" -n config-management-system
# Useful for debugging Git issues or checking for successful execution
kubectl logs -l "app=reconciler" -n config-management-system --since=60m --all-containers


# https://cloud.google.com/anthos-config-management/docs/how-to/installing-config-sync
# https://github.com/GoogleCloudPlatform/anthos-config-management-samples/tree/main
dazdaz/gcp-config-sync
