Skip to main content
Skip table of contents

GCP Prerequisites

Prerequisites

Before beginning a DKP installation, verify that you have:

  • An x86_64-based Linux or macOS machine with a supported version of the operating system.

  • Download the dkp binary for Linux, or macOS. To check which version of DKP you installed for compatibility reasons, run the dkp version -h command (dkp version).

  • A Container engine/runtime installed is required to bootstrap:

    • Version Docker® container engine version 18.09.2 or higher installed for Linux or MacOS - On macOS, Docker runs in a virtual machine which needs configured with at least 8 GB of memory.

    • Version 4.0 of Podman or higher for Linux. Host requirements found here: Host Requirements

  • kubectl for interacting with the running cluster.

  • Install the GCP gcloud CLI by following the https://cloud.google.com/sdk/docs/install

Control plane nodes

You must have at least three control plane nodes. Each control plane node should have at least:

  • 4 cores

  • 16 GiB memory

  • Approximately 80 GiB of free space for the volume used for /var/lib/kubelet and /var/lib/containerd.

  • Disk usage must be below 85% on the root volume.

DKP on GCP defaults to deploying an n2-standard-4 instance with an 80GiB root volume for control plane nodes, which meets the above requirements.

Worker nodes

You must have at least four worker nodes. The specific number of worker nodes required for your environment can vary depending on the cluster workload and size of the nodes. Each worker node should have at least:

  • 8 cores

  • 32 GiB memory

  • Around 80 GiB of free space for the volume used for /var/lib/kubelet and /var/lib/containerd.

  • Disk usage must be below 85% on the root volume.

DKP on GCP defaults to deploying a n2-standard-8 instance with an 80GiB root volume for worker nodes, which meets the above requirements.

GCP Prerequisite Roles

If you are creating your image on either a non-GCP instance or one that does not have the required roles, you must either:

  • Create a GCP service account.

  • If you have already created a service account, retrieve the credentials for an existing service account.

  • Export the static credentials that will be used to create the cluster:

    CODE
    export GCP_B64ENCODED_CREDENTIALS=$(base64 < "${GOOGLE_APPLICATION_CREDENTIALS}" | tr -d '\n')

Make sure to rotate static credentials for increased security.

  • If you are creating the cluster on a non-GCP instance or one that does not have the required Editor role:

    • (option 1) Create a GCP Service Account using the following gcloud commands:

      CODE
      export GCP_PROJECT=<your GCP project ID>
      export GCP_SERVICE_ACCOUNT_USER=<some new service account user>
      export GOOGLE_APPLICATION_CREDENTIALS="$HOME/.gcloud/credentials.json"
      
      gcloud iam service-accounts create "$GCP_SERVICE_ACCOUNT_USER" --project=$GCP_PROJECT
      gcloud projects add-iam-policy-binding $GCP_PROJECT --member="serviceAccount:$GCP_SERVICE_ACCOUNT_USER@$GCP_PROJECT.iam.gserviceaccount.com" --role=roles/editor
      gcloud iam service-accounts keys create $GOOGLE_APPLICATION_CREDENTIALS --iam-account="$GCP_SERVICE_ACCOUNT_USER@$GCP_PROJECT.iam.gserviceaccount.com"
    • (option 2) Retrieve the credentials for an existing service account using the following gcloud commands:

      CODE
      export GCP_PROJECT=<your GCP project ID>
      export GCP_SERVICE_ACCOUNT_USER=<existing service account user>
      export GOOGLE_APPLICATION_CREDENTIALS="$HOME/.gcloud/credentials.json"
      
      gcloud iam service-accounts keys create $GOOGLE_APPLICATION_CREDENTIALS --iam-account="$GCP_SERVICE_ACCOUNT_USER@$GCP_PROJECT.iam.gserviceaccount.com"
    • Export the static credentials that will be used to create the cluster:

      BASH
      export GCP_B64ENCODED_CREDENTIALS=$(base64 < "${GOOGLE_APPLICATION_CREDENTIALS}" | tr -d '\n')

To create a GCP Service Account with the Editor role, the user creating the GCP Service Account needs the Editor, RoleAdministrator, and SecurityAdmin roles. However, those pre-defined roles grant more permissions than the minimum set needed to create a DKP cluster.

For DKP cluster creation, a minimal set of roles and permissions needed for the user creating the GCP Service Account is the Editor role plus the following additional permissions:

  • compute.disks.setIamPolicy

  • compute.instances.setIamPolicy

  • iam.roles.create

  • iam.roles.delete

  • iam.roles.update

  • iam.serviceAccounts.setIamPolicy

  • resourcemanager.projects.setIamPolicy

For more information on GCP service accounts, see GCP’s documentation:

JavaScript errors detected

Please note, these errors can depend on your browser setup.

If this problem persists, please contact our support.