Deploy Server into Google Cloud Platform using Kubernetes
- 18 Oct 2020
- 2 Minutes to read
-
Print
-
DarkLight
-
PDF
Deploy Server into Google Cloud Platform using Kubernetes
- Updated on 18 Oct 2020
- 2 Minutes to read
-
Print
-
DarkLight
-
PDF
This article describes the steps needed to deploy the SecureCircle Server into Google Cloud Platform (GCP) using Kubernetes.
Step 1 - Create site-specific config and static data
- Change working directory to the volumeimage directory (your volumeimage will be supplied to you via the SecureCircle Support Portal).
- Complete the prerequsites in for pushing images to the GCP Docker registry: https://cloud.google.com/container-registry/docs/pushing-and-pulling
- Execute the following, where #projectname# is the name of the GCP project:
docker build -t us.gcr.io/#projectname#/securecircleconfigdata:1 .
docker push us.gcr.io/#projectname#/securecircleconfigdata:1
Step 2 - Push SecureCircle Server images to GCP Repo
- Download the Docker image archives for the latest version of SecureCircle from the Server Downloads page.
- Push each image to the GCP repo.
docker load --input securecircle-#service#:#version#.tar.gz
docker tag securecircle-#service#:#version# us.gcr.io/#projectname#/securecircle-#service#:#version#
docker push us.gcr.io/#projectname#/securecircle-#service#:#version#
Step 3 - Customize the Kubernetes configuration files
- Execute the following command, which replaces the string !REPOBASE! with your repo's base in the file securecircle-deployment.yaml (Kubernetes configuration files will be supplied to you via the SecureCircle Support Portal). For example, for a project name of securecircle-k8s, and the repo base of us.gcr.io/securecircle-k8s, the command would be: sed -i 's@!REPOBASE!@us.gcr.io/securecircle-k8s@g' securecircle-deployment.yaml
sed -i 's@!REPOBASE!@us.gcr.io/#projectname#@g' securecircle-deployment.yaml
- Edit securecircle-configmap.yaml and populate CONFIGDATA_IMAGE with "us.gcr.io/#projectname#/securecircleconfigdata:1", replacing #projectname# with the name of the GCP project.
Step 4 - Deploy a MySQL-based CloudSQL instance (>=5.6)
Allow CloudSQL Proxy access to SQL database.
- Create an IAM service account with Cloud SQL Client and Cloud SQL Viewer role access to the SQL instance. Create a key for the account and download (json file).
- Ensure the Cloud SQL Admin API is enabled for this project (see https://console.developers.google.com/apis/api/sqladmin.googleapis.com/overview)
- Execute the following to store the downloaded IAM service role json credentials file as a secret, replacing #path_to_iam_service_role_credentials_json# with the path to the file on your local machine:
kubectl create secret generic securecircle-cloudsql-instance-credentials --from-file=credentials.json=#path_to_iam_service_role_credentials_json#
Configure MySQL Users and Databases
- Use the SQL->
->Users dialog in GCP Web UI to create a user. Allow any host (%) - Use the SQL->
->Databases dialog in GCP Web UI to create six databases named as follows: Tracker, Spare, Runtime, System, Share, Logging. - Use the SQL->
-> ->Add Database Flags dialog in GCP Web UI to set sql_mode with the following values: ONLY_FULL_GROUP_BY, STRICT_TRANS_TABLES, NO_ZERO_IN_DATE, NO_ZERO_DATE, ERROR_FOR_DIVISION_BY_ZERO, NO_ENGINE_SUBSTITUTION, ANSI_QUOTES. - Execute the following to store the MySQL username and password as a secret, replacing #MySQLUsername# and #MySQLPassword# with the username and password previously created:
kubectl create secret generic securecircle-mysql-cred --from-literal=SQL_PASSWORD=#MySQLPassword# --from-literal=SQL_USERNAME=#MySQLUsername#
Step 5 - Edit securecircle-configmap.yaml with appropriate environment settings.
- Edit securecircle-configmap.yaml, setting CLOUDSQL_INSTANCE to CloudSQL Instance Connection Name (e.g., securecircle-k8s:us-west2:securecircle-k8s-sql-1) the and SERVER_FQDN to the DNS name (FQDN) which clients will use to access the SecureCircle Server.
Step 6 - Create TLS Secret for Load Balancer
- Run the following command, setting the appropriate paths to certificate chain and key files.
kubectl create secret tls securecircle-tls-secret --cert=#path_to_chain_file --key=#path_to_key_file
Step 7 - Apply the Kubernetes config in the base directory.
- Run the kubectl apply command in the base directory.
kubectl apply -f .
Was this article helpful?