Deploying Galileo on Google GKE
Deploy Galileo on Google Kubernetes Engine (GKE) with this guide, covering configuration steps, cluster setup, and infrastructure scaling strategies.
Setting Up Your Kubernetes Cluster for Galileo Applications on Google Kubernetes Engine (GKE)
Welcome to your guide on configuring and deploying a Google Kubernetes Engine (GKE) environment optimized for Galileo applications. Galileo, tailored for dynamic and scalable deployments, requires a robust and adaptable infrastructure—qualities inherent to Kubernetes. This guide will navigate you through the preparatory steps involving Identity and Access Management (IAM) and the DNS setup crucial for integrating Galileo’s services.
Prerequisites
Before diving into the setup, ensure you have the following:
-
A Google Cloud account.
-
The Google Cloud SDK installed and initialized.
-
Kubernetes command-line tool (
kubectl
) installed. -
Basic familiarity with GKE, IAM roles, and Kubernetes concepts.
Setting Up IAM
Identity and Access Management (IAM) plays a critical role in securing and granting the appropriate permissions for your Kubernetes cluster. Here’s how to configure IAM for your GKE environment:
-
Create a Project: Sign in to your Google Cloud Console and create a new project for your Galileo application if you haven’t done so already.
-
Set Up IAM Roles: Navigate to the IAM & Admin section in the Google Cloud Console. Here, assign the necessary roles to your Google Cloud account, ensuring you have rights for GKE administration. Essential roles include
roles/container.admin
(for managing clusters),roles/iam.serviceAccountUser
(to use service accounts with your clusters), and any other roles specific to your operational needs. -
Configure Service Accounts: Create a service account dedicated to your GKE cluster to segregate duties and enhance security. Assign the service account the minimal roles necessary to operate your Galileo applications efficiently.
Configuring DNS for Galileo
Your Galileo application requires four DNS endpoints for optimal functionality. These endpoints handle different aspects of the application’s operations and need to be properly set up:
-
Acquire a Domain: If not already owned, purchase a domain name that will serve as the base URL for Galileo.
-
Set Up DNS Records: Utilize your domain registrar’s DNS management tools to create four DNS A records pointing to the Galileo application’s operational endpoints. These records will route traffic correctly within your GKE environment.
More details in the Step 3: Customer DNS Configuration section.
Deploying Your Cluster on GKE
With IAM configured and DNS set up, you’re now ready to deploy your Kubernetes cluster on GKE.
-
Create the Cluster: Use the
gcloud
command-line tool to create your cluster. Ensure that it is configured with the correct machine type, node count, and other specifications suitable for your Galileo application needs. -
Deploy Galileo: With your cluster running, deploy your Galileo application. Employ
kubectl
to manage resources and deploy services necessary for your application. -
Verify Deployment: After deployment, verify that your Galileo application is running smoothly by checking the service status and ensuring that external endpoints are reachable.
**
Total time for deployment:** 30-45 minutes
**gcloud**
. Please follow these instructions to install and set up gcloud for your GCP account.Recommended Cluster Configuration
Galileo recommends the following Kubernetes deployment configuration. These details are captured in the bootstrap script Galileo provides.
Configuration | Recommended Value |
---|---|
Nodes in the cluster’s core nodegroup | 4 (min) 5 (max) 4 (desired) |
CPU per core node | 4 CPU |
RAM per core node | 16 GiB RAM |
Number of nodes in the cluster’s runners nodegroup | 1 (min) 5 (max) 1 (desired) |
CPU per runner node | 8 CPU |
RAM per runner node | 32 GiB RAM |
Minimum volume size per node | 200 GiB |
Required Kubernetes API version | 1.21 |
Storage class | standard |
Step 0: Deploying the GKE Cluster
Run this script as instructed. If you have specialized tasks that require GPU processing make sure CREATE_ML_NODE_POOL=true is set before running the script. If you have any questions, please reach out to a Galilean in the slack channel Galileo shares with you and your team.
Step 1: Required Configuration Values
Customer specific cluster values (e.g. domain name, slack channel for notifications etc) will be placed in a base64 encoded string, stored as a secret in GitHub that Galileo’s deployment automation will read in and use when templating a cluster’s resource files.\
Mandatory fields the Galileo team requires:
Mandatory Field | Description |
---|---|
GCP Account ID | The Customer’s GCP Account ID that the customer will use for provisioning Galileo |
Customer GCP Project Name | The Name of the GCP project the customer is using to provision Galileo. |
Customer Service Account Address for Galileo | The Service account address the customer has created for the galileo deployment account to assume. |
GKE Cluster Name | The GKE cluster name that Galileo will deploy the platform to. |
Domain Name | The customer wishes to deploy the cluster under e.g. google.com |
GKE Cluster Region | The region of the cluster. |
Root subdomain | e.g. “galileo” as in galileo.google.com |
Trusted SSL Certificates (Optional) | By default, Galileo provisions Let’s Encrypt certificates. But if you wish to use your own trusted SSL certificates, you should submit a base64 encoded string of 1. the full certificate chain, and 2. another, separate base64 encoded string of the signing key. |
Step 2: Access to Deployment Logs
As a customer, you have full access to the deployment logs in Google Cloud Storage. You (customer) are able to view all configuration there. A customer email address must be provided to have access to this log.
Step 3: Customer DNS Configuration
Galileo has 4 main URLs (shown below). In order to make the URLs accessible across the company, you have to set the following DNS addresses in your DNS provider after the platform is deployed.
**
Time taken :** 5-10 minutes (post the ingress endpoint / load balancer provisioning)Service | URL |
---|---|
API | api.galileo.company.[com|ai|io…] |
Data | data.galileo.company.[com|ai|io…] |
UI | console.galileo.company.[com|ai|io…] |
Grafana | grafana.galileo.company.[com|ai|io…] |
Step 4: Post-deployment health-checks
Set up Firewall Rule for Horizontal Pod Autoscaler
On GKE, only a few ports allow inbound traffic by default. Unfortunately, this breaks our HPA setup. You can run kubectl -n galileo get hpa
and check unknown
values to confirm this. In order to fix this, please follow the steps below:
- Go to
Firewall policies
page on GCP console, and clickCREATE FIREWALL RULE
- Set
Target tags
to the network tags of the GCE VMs. You can find the tags like this on the GCE instance detail page. - Set
source IPv4 ranges
to the range that includes the cluster internal endpoint, which can be found on cluster basics ((link)). - Allow TCP port 6443.
- After creating the firewall rule, wait for a few minutes, and rerun
kubectl -n galileo get hpa
to confirmunknown
is gone.
Creating a GPU-enabled Node Group
For specialized tasks that require GPU processing, such as machine learning workloads, Galileo supports the configuration of GPU-enabled node pools.
-
Node Group Creation: Create a
g2-standard-8
node group with namegalileo-ml
, min_size 1, max_size 5, and labelgalileo-node-type=galileo-ml
-
If the cluster has low usage and you want to save costs, you may also choose to use cheaper GPU like
n1-standard-8
with GPU T4. Note that it only saves costs when the usage is too low to saturate one GPU, otherwise it would even cost more. And don’t choose this option if you use Protect that requires low real-time latency. -
When this is done, please reach out to Galileo team so that we can update the deployment config for you.
-
In order to make Horizontal Pod Autoscaler work on GPU node group, it’s required to update the cluster Node auto-provisioning config to add limit for specified GPU type.
Was this page helpful?