Deploying on GCP

1. Create a new GCP project

Instructions for creating a new GCP project can be found here.

2. Enable the appropriate APIs

The APIs required for all projects are:

• Cloud Resource Manager API

• Cloud Billing API

• Identity and Access Management (IAM) API

• Kubernetes Engine API

• Service Networking API

• Compute Engine API

• Service Management API

The APIs can be enabled manually by searching for the API by name in the console, or for gcloud users, the API can be enabled by running:

gcloud services enable cloudresourcemanager.googleapis.com
gcloud services enable cloudbilling.googleapis.com
gcloud services enable iam.googleapis.com
gcloud services enable container.googleapis.com
gcloud services enable servicenetworking.googleapis.com
gcloud services enable compute.googleapis.com
gcloud services enable servicemanagement.googleapis.com

Postgres & MySQL support

If the vendor service requires use of Postgres or MySQL, then you must also enable the Cloud SQL Admin API.

Redis support

If the vendor service requires use of Redis, then you must also enable the Google Cloud Memorystore for Redis API.

Memcached support

If the vendor service requires use of Memcached, then you must also enable the Google Cloud Memorystore for Memcached API.

3. Create a new service account

The new service account you create will be used by Metamanagement to create new infrastructure and to coordinate access across all the services.

Head to the service account section in the IAM services on GCP, and:

1. Hit the "+ Create Service Account" button

2. Give the service account a memorable name -- we recommend "MM Installer". Hit "Create".

3. On the next page, add the following permissions: "Editor" (under the "Project" header), "Service Networking Admin," and "Kubernetes Engine Admin". Hit "Continue".

4. Hit "Done".

5. Find the service account in the list and click the triple-dot icon under the "Actions" header. Hit "Create key" and select "JSON" when given the option.

You will be asked for this key when deploying on Metamanagement.

4. Accept the vendor invitation

You should have received an invitation in your email from your vendor indicating that they have invited you to install their service. Click the email and follow the instructions, filling out all of the required fields and following any secondary instructions the vendor may have given you.

After all of the information is submitted, it will take up to 30 minutes to spin up your new project. You will receive an email when this is done.

5. Set up DNS

If you manually specified a hostname, rather than using the auto-generated one, you will need to set up DNS.

The Metamanagement console will give you the IP address at which the cluster is being made available. You should add DNS A records mapping from the domain name you provided to that IP address. Instructions for a few common providers are linked below:

• Google Domains

• GoDaddy

• Amazon Route 53

Note that after setting up DNS, it may take another ~5 minutes for the relevant SSL certs to be generated and for your app to become fully available.

6. Accessing the new service

If you created your service in a completely new project and it must be accessible by other services running in your infrastructure, you must somehow make the new VPC accessible from other VPCs.

The first way to do this is with VPC peering. This is useful if you want unrestricted two-way access between the newly installed service and your main infrastructure. Instructions for this can be found here.

The second way to do this is with private service access. Rather than joining the VPCs, this gives you a way to define service producers and have them be accessible via explicit network connections. More information on how to set this up can be found here.