feat: deploy vCluster on GKE

Signed-off-by: Piotr Zaniewski <[email protected]>

vcluster/deploy/environment/gke.mdx

@@ -0,0 +1,159 @@
+---
+title: Deploy on GKE
+sidebar_label: GKE
+sidebar_position: 8
+id: gke
+description: Learn how to deploy vCluster on Google Kubernetes Engine (GKE), including storage provisioning and Workload Identity configuration.
+---
+
+import BasePrerequisites from '../../../platform/_partials/install/base-prerequisites.mdx';
+import Mark from "@site/src/components/Mark";
+import ProAdmonition from '../../_partials/admonitions/pro-admonition.mdx';
+import InstallCli from '../../_partials/deploy/install-cli.mdx';
+import KubeconfigUpdate from '../../../docs/_partials/kubeconfig_update.mdx';
+import ManagedK8sInstallVcluster from '../../../docs/_partials/managed_k8s_install_vcluster.mdx';
+import ProAdmonition from '../../_partials/admonitions/pro-admonition.mdx';
+
+# Deploy vCluster on GKE
+
+This guide provides step-by-step instructions for deploying `vCluster` on [Google Kubernetes Engine (GKE)](https://cloud.google.com/kubernetes-engine).
+
+## Prerequisites
+
+Before starting, ensure you have the following tools installed:
+
+- `kubectl`: Kubernetes command-line tool for interacting with the cluster. See [Install and Set Up kubectl](https://kubernetes.io/docs/tasks/tools/#kubectl) for installation instructions.
+- vCluster CLI <InstallCli />
+- [Google Cloud SDK (`gcloud` CLI)](https://cloud.google.com/sdk/docs/install)
+  :::note
+  Ensure you have the necessary IAM permissions to create clusters and manage cloud services.
+  :::
+
+## Create GKE cluster
+
+Start by creating a zonal GKE cluster using the `gcloud` CLI. First, set up your environment variables:
+
+:::tip
+Project ID can be found in the Google Cloud Console under the project name.
+Alternatively use `gcloud project list` to list all projects and their IDs.
+To check which project is active, use `gcloud config get-value project`.
+:::
+
+```bash title="Set environment variables"
+export PROJECT_ID=development
+export CLUSTER_NAME=vcluster-demo
+export ZONE=europe-west1-b
+export MACHINE_TYPE=e2-standard-4
+```
+
+
+Configure `gcloud` and enable the required APIs and set default project:
+
+```bash title="Configure gcloud"
+gcloud config set project $PROJECT_ID
+gcloud services enable container.googleapis.com
+```
+
+Create the cluster:
+
+```bash title="Create GKE cluster"
+gcloud container clusters create $CLUSTER_NAME \
+    --zone $ZONE \
+    --machine-type $MACHINE_TYPE \
+    --num-nodes 2 \
+    --workload-pool=$PROJECT_ID.svc.id.goog
+```
+
+:::info
+This process typically takes about 10-15 minutes.
+:::
+
+This command creates a GKE cluster named vcluster-demo in the europe-west1-b
+zone with two nodes of type e2-standard-4. The `--workload-pool` flag enables
+Workload Identity, which allows Kubernetes service accounts to access GCP resources. Refer to the optional [Workload
+Identity](#configure-workload-identity) section for more details.
+
+<KubeconfigUpdate />
+
+### Verify the cluster creation
+
+Verify the cluster by listing the nodes:
+
+```bash title="List cluster nodes"
+kubectl get nodes
+```
+
+You should see output similar to:
+```
+NAME           LOCATION        MASTER_VERSION      MASTER_IP      MACHINE_TYPE   NODE_VERSION        NUM_NODES  STATUS
+vcluster-demo  europe-west1-b  1.30.5-gke.1443001  35.187.66.218  e2-standard-4  1.30.5-gke.1443001  2          RUNNING
+```
+
+<ManagedK8sInstallVcluster />
+
+### [Optional] configure workload identity
+
+Workload Identity allows Kubernetes service accounts to access Google Cloud services. To use Workload Identity with vCluster:
+
+First, create a Google service account:
+
+```bash title="Create Google service account"
+GSA_NAME=vcluster-workload-gsa
+gcloud iam service-accounts create $GSA_NAME --display-name "vCluster Workload Identity"
+```
+
+Grant necessary roles to the Google service account:
+
+```bash title="Grant roles to Google service account"
+gcloud projects add-iam-policy-binding $PROJECT_ID \
+  --member="serviceAccount:$GSA_NAME@$PROJECT_ID.iam.gserviceaccount.com" \
+  --role="roles/xxxx.yyy"
+```
+
+:::info
+- [Service account roles and permissions](https://cloud.google.com/iam/docs/service-account-permissions)
+- [Service accounts overview](https://cloud.google.com/iam/docs/service-account-overview)
+- [Creating a Google Cloud Service Account and Granting Access](https://docs.lacework.net/compliance/gcp-create-a-service-account-and-grant-access)
+:::
+
+Create a Kubernetes service account and annotate it to link with the Google service account:
+
+```bash title="Create Kubernetes service account"
+cat <<EOF | kubectl apply -f -
+apiVersion: v1
+kind: ServiceAccount
+metadata:
+  name: vcluster-workload-sa
+  namespace: default
+  annotations:
+    iam.gke.io/gcp-service-account: $GSA_NAME@$PROJECT_ID.iam.gserviceaccount.com
+EOF
+```
+
+#### Create a virtual cluster
+
+Sync `serviceAccount` resources between the virtual and host clusters.
+
+```bash title="Create virtual cluster with workload identity"
+vcluster create my-vcluster-managed --namespace team-y \
+         --set sync.toHost.serviceAccounts.enabled=true
+```
+
+<KubeconfigUpdate />
+
+## Next steps
+
+Now that you have vCluster running on GKE, consider setting up the [platform UI](/platform/install/quick-start-guide) to mange your virtual clusters.
+
+<ProAdmonition />
+
+When using the platform you can easily enable [Workload Identity](/vcluster/integrations/pod-identity/eks-pod-identity).
+
+## Cleanup
+
+If you deployed the GKE cluster with this tutorial, and want to clean up the resources, run the
+following command:
+
+```bash title="Clean up resources"
+gcloud container clusters delete $CLUSTER_NAME --zone $ZONE --quiet
+```