Prepare your Terraform Kubernetes app for Google Cloud Marketplace

Before onboarding your Terraform Kubernetes app through Producer Portal, we recommend that you prepare your Google Cloud environment and your Terraform Kubernetes app for Google Cloud Marketplace.

Before you begin

To get access to Producer Portal, ensure that you've completed the Cloud Marketplace Project Info Form.

Create your workspace

We recommend that you create a new project in the Google Cloud console, with a project ID ending in -public, primarily for your Cloud Marketplace products. For detailed instructions, see Creating and managing projects.

If you already have a project set up to sell on Cloud Marketplace, verify that the Identity and Access Management (IAM) roles are granted correctly for Kubernetes, and skip directly to Set up Artifact Registry, in this document.

Grant Identity and Access Management roles and specify a security contact for your project

To grant Identity and Access Management (IAM) roles and specify a security contact for your project, complete the following steps:

  1. Grant the following IAM roles at the project level:

    • Project Editor, to cloud-commerce-marketplace-onboarding@twosync-src.google.com
    • Service Management Administrator (roles/servicemanagement.serviceAdmin), to cloud-commerce-marketplace-onboarding@twosync-src.google.com and managed-services@cloud-marketplace.iam.gserviceaccount.com
    • Config Editor (roles/servicemanagement.configEditor), to cloud-commerce-producer@system.gserviceaccount.com

    For detailed instructions, see Granting, changing and revoking access to resources.

  2. Grant the following roles, at the service level, to cloud-commerce-procurement@system.gserviceaccount.com:

    • Service Consumer (roles/servicemanagement.serviceConsumer)
    • Service Controller (roles/servicemanagement.serviceController)

    For steps to grant access at the service level, see Granting and revoking access to the API.

  3. Specify a security contact. For more information, see Managing contacts for notifications.

Set up Artifact Registry

To set up Artifact Registry, complete the following steps:

  1. Install the gcloud CLI. To update an existing installation, run the command gcloud components update. Note: On Ubuntu, use the Debian package to install gcloud CLI. The gcloud CLI snap package doesn't include kubectl or extensions for authenticating with Artifact Registry using the gcloud CLI.
  2. Install Docker if it isn't already installed.
  3. Turn on the Artifact Registry API, which lets you push to Artifact Registry.
    Enable the API
  4. Create a staging Artifact Registry repository. For detailed steps, see Store Docker container images in Artifact Registry.
  5. Turn on Artifact Analysis, which allows for security scanning, for your Artifact Registry repository.
  6. Tag and push the images that you want to distribute in your app to your staging Artifact Registry repository.

Tag and push your images

To tag and push your images to Artifact Registry, complete the following steps:

  1. Choose your Artifact Registry staging repository path. We recommend that your repository uses the following structure: us-docker.pkg.dev/YOUR_PARTNER_ID/YOUR_SOLUTION_ID. Your staging repository must be within us-docker.pkg.dev. Cloud Marketplace doesn't support other regions or gcr.io domains, such as europe-docker.pkg.dev, gcr.io, or eu.gcr.io, for Terraform Kubernetes apps.
  2. Save or copy your staging repository path for when you create your product in Producer Portal.
  3. Build the image that you want to push to your Artifact Registry staging repository.

  4. Use Docker to tag the image with its version number, such as 1.0:

    docker tag IMAGE_NAME STAGING_REPO_PATH:VERSION_NUMBER

    For example, this command could be: docker tag test-image us-docker.pkg.dev/testpartner/testsolution:1.0.

  5. Use gcloud to push your image:

    gcloud docker push STAGING_REPO_PATH:tag

  6. For each additional tag or image that you'd like to add to your staging repository, repeat the previous steps. You can add multiple tags to a single image.

Pushing an image to your staging repository doesn't automatically make it visible to users. Your images become visible to users after you publish them.

Create a development cluster in Kubernetes Engine

You use Google Kubernetes Engine to manage and scale Kubernetes clusters. To create a test cluster and deploy a basic app to it, follow the Google Kubernetes Engine quickstart.

Organize your releases

In general, every version of your app must adopt Semantic Versioning 2.0, which follows the MAJOR.MINOR.PATCH numbering convention. Each version must have a unique version number, such as 1.0.1, 1.0.2, or 1.3.1. Optionally, to add a pre-release modifier, use a dash after the version number, such as 1.3.1-alpha201910. You can use pre-release modifiers to store and highlight any additional information that you find useful, such as build dates denoting when versions were created.

We recommend that you release your software in tracks. Each track is a series of versions with backwards-compatible updates. Your release tracks should be based on minor versions, such as 4.1.x. Avoid using generic version names, such as newest.

For example, if you're releasing version 2.0 of your app on Cloud Marketplace, and you expect that versions 2.0.1, 2.0.5, and later will be backwards-compatible with 2.0, organize these releases under the 2.0 release track.

When you release a backward-incompatible version of your app, or a version that requires users to go through manual migration steps, release it on a new track, so that users can plan their updates.

Create and upload your Terraform module wrapper to Cloud Storage

You must provide a Terraform module that Cloud Marketplace users can use to deploy your Terraform Kubernetes app. This module uses Helm Provider to deploy the Helm charts that you provided. For steps to create a Terraform module that's compatible with your Terraform Kubernetes app, see the Terraform Kubernetes partner guide on GitHub.

Choose your product identifiers

You must select the following identifiers for your company, product, and container images, which are used to create your Cloud Marketplace URLs, and the URIs for your container images:

  • Your company's name. For example, if the name of your company is Examplesoft Inc., you can use the identifier examplesoft.
  • Your product's name. For example, if the product's name is Example Pro, use the identifier example-pro.
  • The release track of your product, such as 4.0. For details, see Organize your releases, previously on this page.

Sample product identifiers

For example, the company Examplesoft Inc. chooses the following identifiers for their product, Example Pro:

Name Identifier
Company Examplesoft Inc examplesoft
Product Example Pro example-pro
Helm chart Helm chart chart
Image [1] Example Database example-db
Image [2] Example Queue example-queue
Release track [1] Version 4.x.x 4.0
Release track [2] Version 5.x.x 5.0

From these identifiers, the following information is automatically generated:

  • The product URL in Cloud Marketplace: https://console.cloud.google.com/marketplace/details/examplesoft/example-pro
  • The Artifact Registry URIs in your project:
    • us-docker.pkg.dev/examplesoft/example-pro/chart:4.0
    • us-docker.pkg.dev/examplesoft/example-pro/example-db:4.0
    • us-docker.pkg.dev/examplesoft/example-pro/example-query:4.0
    • us-docker.pkg.dev/examplesoft/example-pro/chart:5.0
    • us-docker.pkg.dev/examplesoft/example-pro/example-db:5.0
    • us-docker.pkg.dev/examplesoft/example-pro/example-query:5.0

What's next

After setting up your Google Cloud environment for Terraform Kubernetes apps, continue preparing your apps for publication by completing the following steps:

Previous
Overview
Next
Add your Terraform Kubernetes app to Producer Portal