Documentation
  • Getting Started
  • Creating a Product
    • Products Overview
    • Making a Helm Chart
      • Converting from docker-compose
      • Interpolated Values
      • Image Pull Secrets
      • Cluster Ingress
      • SSL Certificates
    • Setting up the Registry
      • Google Container Registry
  • Deploying a Product
    • Deployments Overview
    • Deploying on AWS
    • Deploying on GCP
    • Deploying on Azure (beta)
  • Debugging
    • GCP Permissions Errors
    • Volume Classes
Powered by GitBook
On this page
  • 1. Create a new GCP project
  • 2. Enable the appropriate APIs
  • 3. Create a new service account
  • 4. Accept the vendor invitation
  • 5. Set up DNS
  • 6. Accessing the new service
  1. Deploying a Product

Deploying on GCP

This page describes how to deploy onto GCP.

PreviousDeploying on AWSNextDeploying on Azure (beta)

Last updated 4 years ago

1. Create a new GCP project

Instructions for creating a new GCP project can be found .

2. Enable the appropriate APIs

The APIs required for all projects are:

The APIs can be enabled manually by searching for the API by name in the console, or for gcloud users, the API can be enabled by running:

gcloud services enable cloudresourcemanager.googleapis.com
gcloud services enable cloudbilling.googleapis.com
gcloud services enable iam.googleapis.com
gcloud services enable container.googleapis.com
gcloud services enable servicenetworking.googleapis.com
gcloud services enable compute.googleapis.com
gcloud services enable servicemanagement.googleapis.com

Postgres & MySQL support

gcloud services enable sqladmin.googleapis.com

Redis support

gcloud services enable redis.googleapis.com

Memcached support

gcloud services enable memcache.googleapis.com

3. Create a new service account

The new service account you create will be used by Metamanagement to create new infrastructure and to coordinate access across all the services.

  1. Hit the "+ Create Service Account" button

  2. Give the service account a memorable name -- we recommend "MM Installer". Hit "Create".

  3. On the next page, add the following permissions: "Editor" (under the "Project" header), "Service Networking Admin," and "Kubernetes Engine Admin". Hit "Continue".

  4. Hit "Done".

  5. Find the service account in the list and click the triple-dot icon under the "Actions" header. Hit "Create key" and select "JSON" when given the option.

You will be asked for this key when deploying on Metamanagement.

If you're using Terraform to provision IAM roles, make sure to use the non-authoritative google_project_iam_member resource.

Using one of the other authoritative resources could end up deleting resources that are critical to proper setup and operation of your deployment.

4. Accept the vendor invitation

You should have received an invitation in your email from your vendor indicating that they have invited you to install their service. Click the email and follow the instructions, filling out all of the required fields and following any secondary instructions the vendor may have given you.

After all of the information is submitted, it will take up to 30 minutes to spin up your new project. You will receive an email when this is done.

5. Set up DNS

If you manually specified a hostname, rather than using the auto-generated one, you will need to set up DNS.

The Metamanagement console will give you the IP address at which the cluster is being made available. You should add DNS A records mapping from the domain name you provided to that IP address. Instructions for a few common providers are linked below:

Note that after setting up DNS, it may take another ~5 minutes for the relevant SSL certs to be generated and for your app to become fully available.

6. Accessing the new service

If you created your service in a completely new project and it must be accessible by other services running in your infrastructure, you must somehow make the new VPC accessible from other VPCs.

If the vendor service requires use of Postgres or MySQL, then you must also enable the .

If the vendor service requires use of Redis, then you must also enable the .

If the vendor service requires use of Memcached, then you must also enable the .

Head to the section in the IAM services on GCP, and:

The first way to do this is with VPC peering. This is useful if you want unrestricted two-way access between the newly installed service and your main infrastructure. Instructions for this can be found .

The second way to do this is with private service access. Rather than joining the VPCs, this gives you a way to define service producers and have them be accessible via explicit network connections. More information on how to set this up can be found .

here
Cloud Resource Manager API
Cloud Billing API
Identity and Access Management (IAM) API
Kubernetes Engine API
Service Networking API
Compute Engine API
Service Management API
Cloud SQL Admin API
Google Cloud Memorystore for Redis API
Google Cloud Memorystore for Memcached API
service account
Google Domains
GoDaddy
Amazon Route 53
here
here