GCP Prerequisites
Prerequisites
Before beginning a DKP installation, verify that you have:
An x86_64-based Linux or macOS machine with a supported version of the operating system.
Download the
dkp
binary for Linux, or macOS. To check which version of DKP you installed for compatibility reasons, run thedkp version -h
command (dkp version).A Container engine/runtime installed is required to install DKP:
Version Docker® container engine version 18.09.2 or higher installed for Linux or MacOS - On macOS, Docker runs in a virtual machine which needs configured with at least 8 GB of memory.
Version 4.0 of Podman or higher for Linux. Host requirements found here: Host Requirements.
kubectl for interacting with the running cluster.
Install the GCP
gcloud
CLI by following the https://cloud.google.com/sdk/docs/install
Control plane nodes
You must have at least three control plane nodes. Each control plane node should have at least:
4 cores
16 GiB memory
Approximately 80 GiB of free space for the volume used for
/var/lib/kubelet
and/var/lib/containerd
.Disk usage must be below 85% on the root volume.
DKP on GCP defaults to deploying an n2-standard-4
instance with an 80GiB root volume for control plane nodes, which meets the above requirements.
Worker nodes
You must have at least four worker nodes. The specific number of worker nodes required for your environment can vary depending on the cluster workload and size of the nodes. Each worker node should have at least:
8 cores
32 GiB memory
Around 80 GiB of free space for the volume used for
/var/lib/kubelet
and/var/lib/containerd
.Disk usage must be below 85% on the root volume.
DKP on GCP defaults to deploying a n2-standard-8
instance with an 80GiB root volume for worker nodes, which meets the above requirements.
GCP Prerequisite Roles
If you are creating the cluster on a non-GCP instance or one that does not have the required
Editor
role:(option 1) Create a GCP Service Account using the following
gcloud
commands:export GCP_PROJECT=<your GCP project ID> export GCP_SERVICE_ACCOUNT_USER=<some new service account user> export GOOGLE_APPLICATION_CREDENTIALS="$HOME/.gcloud/credentials.json" gcloud iam service-accounts create "$GCP_SERVICE_ACCOUNT_USER" --project=$GCP_PROJECT gcloud projects add-iam-policy-binding $GCP_PROJECT --member="serviceAccount:$GCP_SERVICE_ACCOUNT_USER@$GCP_PROJECT.iam.gserviceaccount.com" --role=roles/editor gcloud iam service-accounts keys create $GOOGLE_APPLICATION_CREDENTIALS --iam-account="$GCP_SERVICE_ACCOUNT_USER@$GCP_PROJECT.iam.gserviceaccount.com"
CODE(option 2) Retrieve the credentials for an existing service account using the following
gcloud
commands:export GCP_PROJECT=<your GCP project ID> export GCP_SERVICE_ACCOUNT_USER=<existing service account user> export GOOGLE_APPLICATION_CREDENTIALS="$HOME/.gcloud/credentials.json" gcloud iam service-accounts keys create $GOOGLE_APPLICATION_CREDENTIALS --iam-account="$GCP_SERVICE_ACCOUNT_USER@$GCP_PROJECT.iam.gserviceaccount.com"
CODEExport the static credentials that will be used to create the cluster:
export GCP_B64ENCODED_CREDENTIALS=$(base64 < "${GOOGLE_APPLICATION_CREDENTIALS}" | tr -d '\n')
BASH
To create a GCP Service Account with the
Editor
role, the user creating the GCP Service Account needs theEditor
,RoleAdministrator
, andSecurityAdmin
roles. However, those pre-defined roles grant more permissions than the minimum set needed to create a DKP cluster.
NOTE: A minimal set of roles and permissions needed for the user creating the GCP Service Account is the Editor
role plus the following additional permissions:
compute.disks.setIamPolicy
compute.instances.setIamPolicy
iam.roles.create
iam.roles.delete
iam.roles.update
iam.serviceAccounts.setIamPolicy
resourcemanager.projects.setIamPolicy
For more information on GCP service accounts, see GCP’s documentation: https://cloud.google.com/iam/docs/creating-managing-service-accounts