Initial docs for installing on GKE #172
Conversation
|
@hacktobeer @jkppr @tomchop @aarontp -> would you guys mind giving this a try and letting know if this was easy to follow/no failed steps along the way? Should only take ~10-15mins but if it takes longer also would be good to know |
| export ZONE="us-central1-f" # The zone where you want to create the cluster | ||
| export CLUSTER="osdfir-cluster" # The name you choose for your K8s cluster | ||
| export NAMESPACE="default" # Your K8s namespace (can be left as 'default') | ||
| export KSA_NAME="turbinia" # Your Turbinia K8s service account (defaults to 'turbinia' if not set) |
There was a problem hiding this comment.
was unclear to me if this had to be created or not...
| plugin for kubectl: | ||
|
|
||
| ```bash | ||
| gcloud components install gke-gcloud-auth-plugin |
There was a problem hiding this comment.
ERROR: (gcloud.components.install)
You cannot perform this action because the Google Cloud CLI component manager
is disabled for this installation. You can run the following command
to achieve the same result for this installation:
sudo apt-get install google-cloud-cli-gke-gcloud-auth-plugin
| ```bash | ||
| git clone https://github.com/log2timeline/dftimewolf.git && cd dftimewolf | ||
| pip install poetry | ||
| poetry install && poetry shell |
There was a problem hiding this comment.
had an issue on my machine where $HOME/.local/bin was not added to my PATH so poetry was not found.
| First, create a disk to process using a name such as `test-disk`: | ||
|
|
||
| ```bash | ||
| gcloud compute disks create test-disk --zone $ZONE |
There was a problem hiding this comment.
This created an empty 500GB disk...maybe create a 10GB disk with the default debian12 image?
| Then on a third terminal, run the dfTimewolf recipe: | ||
|
|
||
| ```bash | ||
| dftimewolf gcp_turbinia_ts $PROJECT_ID --disk_names test-disk |
There was a problem hiding this comment.
You need to add $ZONE at the end iof the command.
dftimewolf gcp_turbinia_ts $PROJECT_ID --disk_names test-disk $ZONE
There was a problem hiding this comment.
Command (and all Turbinia tasks failed) with below error:
("Failed to retrieve http://metadata.google.internal/computeMetadata/v1/instance/service-accounts/[email protected]/token?scopes=https%3A%2F%2Fwww.googleapis.com%2Fauth%2Fcloud-platform%2Chttps%3A%2F%2Fwww.googleapis.com%2Fauth%2Fcompute%2Chttps%3A%2F%2Fwww.googleapis.com%2Fauth%2Fcompute.readonly%2Chttps%3A%2F%2Fwww.googleapis.com%2Fauth%2Fdevstorage.full_control%2Chttps%3A%2F%2Fwww.googleapis.com%2Fauth%2Fdevstorage.read_only%2Chttps%3A%2F%2Fwww.googleapis.com%2Fauth%2Fdevstorage.read_write from the Google Compute Engine metadata service. Status: 404 Response:\nb'Unable to generate access token; IAM returned 404 Not Found: Not found; Gaia id not found for email [email protected]\\n'", <google_auth_httplib2._Response object at 0x7e88f6045de0>). Something is wrong with your Application Default Credentials. Try running: $ gcloud auth application-default login]
```
There was a problem hiding this comment.
This looks like some service account/permission issue.....
I tried everything in a fresh/clean/reset gcp cloudshell (so a new vm)
|
|
||
| ## Step 3: Create the Turbinia GCP Service Account | ||
|
|
||
| To process virtual machine disks in Google Cloud Platform (GCP) with Turbinia, |
There was a problem hiding this comment.
You need to create the "turbinia" service account first as it does not exist!
Description of the change
Updates the documentation for deploying OSDFIR Infrastructure on GKE.
Applicable issues
Additional information
Checklist
Chart.yamlaccording to semver. This is not necessary when the changes only affect README.md files.