CNE GCP Ready: Prerequisites

Before running the bootstrap scripts for Cloud Native Experience (CNE) on Google Cloud Platform (GCP), prepare your local machine, cloud accounts, and Git repositories.

The bootstrap process provisions a GitOps-based platform using Terraform, Argo CD, and Google Kubernetes Engine (GKE).

Local Command-Line Tools

The bootstrap and deployment scripts require the following DevOps tools. Ensure they are installed and available in your system’s PATH.

Tool	Required Version	Purpose
Git CLI	>= 2.40.1	Manage GitOps repositories and boilerplate templates.
gcloud CLI	>= 511.0.0	Authenticate with GCP and manage cloud resources.
GKE gcloud auth plugin *	latest	Authenticate kubectl with GKE clusters.
Terraform	>= 1.5.0	Provision infrastructure resources such as GKE and Cloud SQL.
kubectl CLI	>= 1.28	Communicate with the Kubernetes cluster and access Argo CD.
Helm CLI	>= 3.0	Deploy and manage Kubernetes applications and charts.
Argo CLI	>= 3.5	Submit and monitor backup, restore, and CI workflows.
jq	—	Parse JSON in bootstrap scripts.

* Install the GKE gcloud auth plugin after installing the gcloud CLI by running gcloud components install gke-gcloud-auth-plugin in the terminal.

Note

The CNE toolkit uses Terraform for infrastructure provisioning.

Info

The CNE toolkit supports standard Git providers such as GitHub, GitLab, and Bitbucket. This guide uses GitHub for examples. If using another provider, ensure your repository structure matches the Liferay GitOps boilerplate.

Required Assets

The CNE toolkit provisions infrastructure through GitOps workflows. Prepare the following assets before running the bootstrap process.

GitOps Repository and PAT

Create a repository using the LiferayCloud/cloud-native-gitops-boilerplate template.
Generate a Personal Access Token (PAT) with read and write access to the GitOps repository contents.

GCP Configuration

Ensure your GCP account has permissions to create resources such as VPCs, GKE clusters, Cloud SQL instances, and Secret Manager secrets.

Configure gcloud CLI authentication:

gcloud auth login
gcloud auth application-default login

Create a secret in Google Secret Manager to store the Personal Access Token (PAT) used by the bootstrap process.

The secret payload is a JSON document with two fields:
```
{
   "git_machine_user_id": "your-github-username",
   "git_access_token": "ghp_abc...WxYZ"
}
```
Field Description

git_machine_user_id GitHub username (or organization machine-account login) that owns the PAT.

git_access_token The Personal Access Token created in GitOps Repository and PAT.

Note the secret name — you reference it in config.json during bootstrap.

Field	Description
`git_machine_user_id`	GitHub username (or organization machine-account login) that owns the PAT.
`git_access_token`	The Personal Access Token created in GitOps Repository and PAT.

Important

Before running the bootstrap process, enable the required GCP APIs, configure IAM permissions, and ensure network CIDR ranges are available for GKE and supporting services. For details, see GCP Infrastructure Setup Guide.

Verify Your Setup

Before continuing, confirm that each prerequisite is in place.

gcloud auth list
gcloud config get-value project
gcloud projects describe $(gcloud config get-value project)
gcloud secrets describe <secret-name>
gcloud components list --filter="ID:gke-gcloud-auth-plugin"
terraform -version
kubectl version --client
helm version

Each command should complete successfully. If a command fails, verify your GCP configuration and authentication settings before continuing.