GCP Prerequisites

Prerequisites

Before beginning a DKP installation, verify that you have:

• An x86_64-based Linux or macOS machine with a supported version of the operating system.

• Download the dkp binary for Linux, or macOS. To check which version of DKP you installed for compatibility reasons, run the dkp version -h command (dkp version).

• A Container engine/runtime installed is required to install DKP:

  • Version Docker® container engine version 18.09.2 or higher installed for Linux or MacOS - On macOS, Docker runs in a virtual machine which needs configured with at least 8 GB of memory.

  • Version 4.0 of Podman or higher for Linux. Host requirements found here: Host Requirements.

• kubectl for interacting with the running cluster.

• Install the GCP gcloud CLI by following the https://cloud.google.com/sdk/docs/install

Control plane nodes

You must have at least three control plane nodes. Each control plane node should have at least:

• 4 cores

• 16 GiB memory

• Approximately 80 GiB of free space for the volume used for /var/lib/kubelet and /var/lib/containerd.

• Disk usage must be below 85% on the root volume.

DKP on GCP defaults to deploying an n2-standard-4 instance with an 80GiB root volume for control plane nodes, which meets the above requirements.

Worker nodes

You must have at least four worker nodes. The specific number of worker nodes required for your environment can vary depending on the cluster workload and size of the nodes. Each worker node should have at least:

• 8 cores

• 32 GiB memory

• Around 80 GiB of free space for the volume used for /var/lib/kubelet and /var/lib/containerd.

• Disk usage must be below 85% on the root volume.

DKP on GCP defaults to deploying a n2-standard-8 instance with an 80GiB root volume for worker nodes, which meets the above requirements.

GCP Prerequisite Roles

• If you are creating the cluster on a non-GCP instance or one that does not have the required Editor role:

  • (option 1) Create a GCP Service Account using the following gcloud commands:

    export GCP_PROJECT=<your GCP project ID>
    export GCP_SERVICE_ACCOUNT_USER=<some new service account user>
    export GOOGLE_APPLICATION_CREDENTIALS="$HOME/.gcloud/credentials.json"
    
    gcloud iam service-accounts create "$GCP_SERVICE_ACCOUNT_USER" --project=$GCP_PROJECT
    gcloud projects add-iam-policy-binding $GCP_PROJECT --member="serviceAccount:$GCP_SERVICE_ACCOUNT_USER@$GCP_PROJECT.iam.gserviceaccount.com" --role=roles/editor
    gcloud iam service-accounts keys create $GOOGLE_APPLICATION_CREDENTIALS --iam-account="$GCP_SERVICE_ACCOUNT_USER@$GCP_PROJECT.iam.gserviceaccount.com"

    CODE

  • (option 2) Retrieve the credentials for an existing service account using the following gcloud commands:

    export GCP_PROJECT=<your GCP project ID>
    export GCP_SERVICE_ACCOUNT_USER=<existing service account user>
    export GOOGLE_APPLICATION_CREDENTIALS="$HOME/.gcloud/credentials.json"
    
    gcloud iam service-accounts keys create $GOOGLE_APPLICATION_CREDENTIALS --iam-account="$GCP_SERVICE_ACCOUNT_USER@$GCP_PROJECT.iam.gserviceaccount.com"

    CODE

  • Export the static credentials that will be used to create the cluster:

    export GCP_B64ENCODED_CREDENTIALS=$(base64 < "${GOOGLE_APPLICATION_CREDENTIALS}" | tr -d '\n')

    BASH

• To create a GCP Service Account with the Editor role, the user creating the GCP Service Account needs the Editor, RoleAdministrator, and SecurityAdmin roles. However, those pre-defined roles grant more permissions than the minimum set needed to create a DKP cluster.