GCP remote provisioning

Configuring your GCP account

Introduction

Altinity.Cloud Anywhere operates inside a user’s Kubernetes environment.

Altinity technical support can remotely provision GCP GKE clusters with an Altinity.Cloud Anywhere environment on your GCP account. Instructions on this page describe how to configure your GCP GKE clusters to provide permission to Altinity to provision ClickHouse to your GCP Kubernetes environment.

Overview - Google GKE Installation

This section covers how to authorize Altinity.Cloud Anywhere to create Kubernetes and ClickHouse resources inside your cloud account. There are two simple steps:

  • Create a project.
  • Grant the appropriate permissions to anywhere-admin@altinity.com.

Create a project

Use the gcloud projects create command to create a new project.

# Create project 'aca-1'
gcloud projects create aca-1

You also need to assign a billing account to your new project. Currently the gcloud command looks like this:

# Assign a billing account to 'aca-1'
gcloud beta billing projects link aca-1 \
  --billing-account 0X0X0X-0X0X0X-0X0X0X

Granting permissions

For Altinity to be able to create Kubernetes and ClickHouse clusters in your cloud account, you need to grant the following permissions to anywhere-admin@altinity.com inside the project you just created:

  • roles/compute.admin
  • roles/container.admin
  • roles/dns.admin
  • roles/storage.admin
  • roles/storage.hmacKeyAdmin
  • roles/iam.serviceAccountAdmin
  • roles/iam.serviceAccountKeyAdmin
  • roles/iam.serviceAccountTokenCreator
  • roles/iam.serviceAccountUser
  • roles/iam.workloadIdentityPoolAdmin
  • roles/serviceusage.serviceUsageAdmin
  • roles/resourcemanager.projectIamAdmin
  • roles/iap.tunnelResourceAccessor

You can do this through the Google Cloud console or you can use gcloud from the command line.

# Add a role for a member of a group associated with a project
gcloud projects add-iam-policy-binding aca-1 \
  --member='group:anywhere-admin@altinity.com' \
  --role='roles/compute.admin'

With the virtual network created and the appropriate permissions granted to the Altinity.Cloud Anywhere admin account, Altinity can create Kubernetes clusters and ClickHouse clusters inside them.

Last modified 2023.09.11: Clarified the GCP remote provisioning instructions