Deploy Galileo on Google Kubernetes Engine (GKE) with this guide, covering configuration steps, cluster setup, and infrastructure scaling strategies.
kubectl
) installed.
roles/container.admin
(for managing clusters), roles/iam.serviceAccountUser
(to use service accounts with your clusters), and any other roles specific to your operational needs.
gcloud
command-line tool to create your cluster. Ensure that it is configured with the correct machine type, node count, and other specifications suitable for your Galileo application needs.
kubectl
to manage resources and deploy services necessary for your application.
**gcloud**
. Please follow these instructions to install and set up gcloud for your GCP account.Configuration | Recommended Value |
---|---|
Nodes in the cluster’s core nodegroup | 4 (min) 5 (max) 4 (desired) |
CPU per core node | 4 CPU |
RAM per core node | 16 GiB RAM |
Number of nodes in the cluster’s runners nodegroup | 1 (min) 5 (max) 1 (desired) |
CPU per runner node | 8 CPU |
RAM per runner node | 32 GiB RAM |
Minimum volume size per node | 200 GiB |
Required Kubernetes API version | 1.21 |
Storage class | standard |
Mandatory Field | Description |
---|---|
GCP Account ID | The Customer’s GCP Account ID that the customer will use for provisioning Galileo |
Customer GCP Project Name | The Name of the GCP project the customer is using to provision Galileo. |
Customer Service Account Address for Galileo | The Service account address the customer has created for the galileo deployment account to assume. |
GKE Cluster Name | The GKE cluster name that Galileo will deploy the platform to. |
Domain Name | The customer wishes to deploy the cluster under e.g. google.com |
GKE Cluster Region | The region of the cluster. |
Root subdomain | e.g. “galileo” as in galileo.google.com |
Trusted SSL Certificates (Optional) | By default, Galileo provisions Let’s Encrypt certificates. But if you wish to use your own trusted SSL certificates, you should submit a base64 encoded string of 1. the full certificate chain, and 2. another, separate base64 encoded string of the signing key. |
Service | URL |
---|---|
API | api.galileo.company.[com|ai|io…] |
Data | data.galileo.company.[com|ai|io…] |
UI | console.galileo.company.[com|ai|io…] |
Grafana | grafana.galileo.company.[com|ai|io…] |
kubectl -n galileo get hpa
and check unknown
values to confirm this. In order to fix this, please follow the steps below:
Firewall policies
page on GCP console, and click CREATE FIREWALL RULE
Target tags
to the network tags of the GCE VMs. You can find the tags like this on the GCE instance detail page.source IPv4 ranges
to the range that includes the cluster internal endpoint, which can be found on cluster basics ((link)).kubectl -n galileo get hpa
to confirm unknown
is gone.g2-standard-8
node group with name galileo-ml
, min_size 1, max_size 5, and label galileo-node-type=galileo-ml
n1-standard-8
with GPU T4. Note that it only saves costs when the usage is too low to saturate one GPU, otherwise it would even cost more. And don’t choose this option if you use Protect that requires low real-time latency.