GCP remote provisioning

Configuring your GCP account

Introduction

Altinity.Cloud Anywhere operates inside a user’s cloud account.

Altinity technical support can remotely provision GCP GKE clusters with an Altinity.Cloud Anywhere environment in your GCP account. Instructions on this page describe how to configure your GCP account to provide permission to Altinity to provision ClickHouse to your GCP Kubernetes environment.

Overview - Google GKE Installation

This section covers how to authorize Altinity.Cloud Anywhere to create Kubernetes and ClickHouse resources inside your cloud account.

Creating a project

Creating a separate project makes it easy to isolate resources and do cost management, not to mention security. You can create a project from the command line or in the GCP web UI.

You can use the gcloud projects create command to create a new project:

# Create project 'maddie'
gcloud projects create maddie

You also need to assign a billing account to the project. Currently the gcloud command looks like this:

# Assign a billing account to 'maddie'
gcloud beta billing projects link maddie \
  --billing-account 0X0X0X-0X0X0X-0X0X0X

You can also create a project from the GCP web UI:

The GCP New Project dialog
Figure 1 - The GCP New Project dialog

Granting permissions

For Altinity to be able to create Kubernetes and ClickHouse clusters in your cloud account, you need to grant the following permissions to anywhere-admin@altinity.com inside the project you just created:

  • roles/compute.admin
  • roles/container.admin
  • roles/dns.admin
  • roles/storage.admin
  • roles/storage.hmacKeyAdmin
  • roles/iam.serviceAccountAdmin
  • roles/iam.serviceAccountKeyAdmin
  • roles/iam.serviceAccountTokenCreator
  • roles/iam.serviceAccountUser
  • roles/iam.workloadIdentityPoolAdmin
  • roles/serviceusage.serviceUsageAdmin
  • roles/resourcemanager.projectIamAdmin
  • roles/iap.tunnelResourceAccessor

You can use the gcloud command for each role:

# Add a role for a member of a group associated with project 'maddie'
gcloud projects add-iam-policy-binding maddie \
  --member='group:anywhere-admin@altinity.com' \
  --role='roles/compute.admin'

Alternately, you can use the GCP web UI:

Permissions in the GCP web UI
Figure 2 - Permissions in the GCP web UI

Creating the Kubernetes environment

With the project created and the appropriate permissions granted to the Altinity.Cloud Anywhere admin account, Altinity can create Kubernetes clusters and ClickHouse clusters inside them. The following sections demonstrate how to create the Kubernetes environment.

Set up the environment

In Altinity Cloud Manager, go to the Environments tab. Click the button at the top of the screen.

In the Environment Setup dialog, click the down arrow to see the list of environment types:

Environment Setup - Environment Type
Figure 1 - Choosing an Environment Type

Select Altinity.Cloud Anywhere Bring Your Own Cloud (BYOC). With the environment type set, enter a name for the environment:

Naming your environment
Figure 4 - Naming your environment

Click OK to continue.

Choose the correct Kubernetes setup

To set up your connection, Altinity.Cloud needs to know which Kubernetes setup to use. “GKE Provisioned by Altinity” is the right choice here:

The Connection Setup tab
Figure 5 - The Connection Setup tab

Click PROCEED to continue.

Define your Kubernetes cluster’s resources

The Resources Configuration tab looks like this:

The Resources Configuration Tab
Figure 6 - The Resources Configuration tab for connecting altinity-maddie to Altinity.Cloud.

Field details

  • Cloud Provider - GCP should be selected automatically; select it if it isn’t.
  • Region - Click the arrow next to the field to see a list of available regions.
  • Number of AZs - The number of availability zones for your cluster. NOTE: It is highly recommended that you use at least two availability zones.
  • Project ID - Give your project a name.
  • CIDR Block - The address range allocated to your cluster. NOTE: Be sure you define enough addresses. We recommend x.x.x.x/21 at a minimum. If you run out of addresses, this setting is difficult to change.
  • Storage Classes - Enter the storage classes your cluster will use. You can delete the entries that appear; you can also click the ADD STORAGE CLASS button to add other storage classes.
  • Node Pools - Define the node pools that your cluster will use. At least one node pool must be defined for ClickHouse and Zookeeper and System. In this example, one node pool will host Zookeeper and the System utilities Altinity.Cloud uses; four other node pools will host ClickHouse itself. You can click the ADD NODE POOL button to add more node pools as needed. You can also add more node pools later.

Click PROCEED to continue.

Confirm your settings

The Confirmation screen in Figure 7 displays a JSON representation of the settings you just made. Review these settings; you can edit the JSON directly if needed. When the JSON is correct, select FINISH.

The Confirmation Tab
Figure 7 - The Confirmation tab showing the JSON version of the settings.

It will take a few minutes for all the resources to be provisioned.

Connection completed

Once the connection is fully set up, the ACM Environments dashboard will display your new environment:

Provisioned Environment Tab
Figure 8 - The details of your new Environment