Skip to end of metadata
Go to start of metadata

You are viewing an old version of this page. View the current version.

Compare with Current View Page History

« Previous Version 10 Next »

Applies to: (tick) Kyvos Enterprise  (error) Kyvos Cloud (SaaS on AWS) (error) Kyvos AWS Marketplace

(error) Kyvos Azure Marketplace   (error) Kyvos GCP Marketplace (error) Kyvos Single Node Installation (Kyvos SNI)


Before you begin

In addition to the prerequisites, please ensure the following settings are enabled on your GCP project.

  1. Project Billing: For this, search Billing on your Google Cloud project.

    1. Click Link a Billing Account, and configure the billing information.
      Once your billing is enabled, you will see an estimate as shown in the following figure.

  2. Cloud Deployment Manager V2 API: Search Cloud Deployment Manager V2 API on your project and click the Enable button.
    Once the API is enabled, the API Enabled status is displayed, as shown in the following figure.

  3. Compute Engine APIs: Search for Compute Engine APIs on your project, and click the Enable button.
    Once the API is enabled, the corresponding status is displayed, as shown in the following figure.

  4. Cloud Resource Manager API: Search for Cloud Resource Manager API on your project, and click the Enable button.
    Once the API is enabled, the API Enabled status is displayed, as shown in the following figure.

  5. Enable the following APIs on your project. Refer to the GCP documentation for details.

    1. Cloud Functions

    2. Cloud Build

    3. Cloud Scheduler

  6. Create an App Engine project, and select the region where you want to deploy your resources.

  7. To the default Google APIs Service Agent service account, add the storage.buckets.get role. This is required to delete deployment through the Deployment Manager.

  8. Kubernetes Engine API: Search for Kubernetes Engine API on your project and click the Enable button. Once the API is enabled, the API Enabled status is displayed.

    image-20240613-124249.png

Creating resources using script

  1. Download the gcp.tar file from the GCP Installation Files folder on your workstation.

  2. On your workstation, install the gcloud command-line tool.

  3. Configure the gcloud command-line tool to use your project using the following command.
    gcloud config set project [MY_PROJECT]
    Here, replace [MY_PROJECT] with your project ID.

  4. Copy the script tar file and untar it.

  5. Update the following parameters in the kyvos-template.yaml (provided in the gcp.tar) as per your business requirement.

  6. Enter details as:

Note

  • Change the value of the parameter kmCount to 0 in the kyvos-template.yaml file to go with wizard-based deployment.

  • Once created, you can validate if the resources meet the requirements for installing Kyvos on the Google cloud platform.

  • Post-deployment, for a non-SSH based cluster, if you use an existing Dataproc cluster and a new bucket for automated deployment on GCP, you must execute the  dataproc.sh  script on the master node of Dataproc after modifying the values of  DEPLOYMENT_BUCKETWORK_DIRCOPY_LIB, and  DATAPROC_VERSION  to the name of the existing bucket. Then, sync the library and configuration files from the Kyvos Manager on the  Dataproc page. 

Deploying resources

To deploy your resources, use the gcloud command-line tool and execute the kyvos-deployment.sh file (provided in GCP installation files)

If the deployment is successful, you will receive a message like the following example

Create operation operation-1432319707382-516afeb5d00f1-b864f0e7-b7103978 completed successfully.NAME TYPE STATE ERRORSquickstart-deployment compute.v1.instance COMPLETED -

whereas,

NAME:<resource_name>
TYPE: compute.v1.disk
STATE: COMPLETED

Check your new deployment

To check the status of the deployment, run the following command

gcloud deployment-manager deployments describe <resource name>

A new bucket will be created for the Dataproc cluster.

Using existing Service Account

Once Kyvos resources are created using Kubernetes, execute the following commands using the gcloud CLI to link the Kubernetes Service account to the IAM Service account.

gcloud iam service-accounts add-iam-policy-binding IAM_SA_NAME@IAM_SA_PROJECT_ID.iam.gserviceaccount.com --role roles/iam.workloadIdentityUser --member "serviceAccount:PROJECT_ID.svc.id.goog[kyvos-monitoring/default]"

gcloud iam service-accounts add-iam-policy-binding IAM_SA_NAME@IAM_SA_PROJECT_ID.iam.gserviceaccount.com --role roles/iam.workloadIdentityUser --member "serviceAccount:PROJECT_ID.svc.id.goog[kyvos-compute/default]"

In the above-mentioned commands, replace the following:

  • IAM_SA_NAME: The name of your new IAM service account.

  • IAM_SA_PROJECT_ID: The project ID of your IAM service account.

  • PROJECT_ID: The project ID of your Google Cloud.

Note

After creating resources using scripts, the configuration of the Kyvos GCP cluster on Kyvos Manager is no longer needed. Once the resources are successfully created, deployment of the Kyvos cluster will commence automatically on logging into the Kyvos Manager portal.

Tip

In case of any failures in the Cloud-init service on any of the Kyvos Instances, you can view the Cloud-init logs directly from the GCP Cloud logging UI. Refer to the Troubleshooting GCP deployment section for details.

Warning

If you want to attach an autoscaling policy to your cluster, follow the steps given in Enabling Autoscaling on cluster.

  • No labels