Installing K10 on Google Cloud¶
Prerequisites¶
Before installing K10 on Google Cloud's Google Kubernetes Engine (GKE), please ensure that the install prerequisites are met.
Installing K10¶
Installing K10 on Google requires two kinds of Service Accounts. The
first, documented below, is a Google Cloud Platform (GCP) Service
Account (SA) and
grants access to underlying Google infrastructure resources such as
storage. The second, as mentioned above in the Prerequisites section,
is a Kubernetes Service Account grants access to Kubernetes resources
and will be auto-created during the helm
install process or via
Google Marketplace options.
GCP Service Account Configuration¶
Using a Separate GCP Service Account¶
The preferred option for a K10 install is to create a separate service account with the appropriate permissions to operate on the underlying Google infrastructure and then use that. Please see the following links for more details on how to create and use a separate service account.
Service Accounts for a Marketplace Install¶
If you are installing on Google via the Google Marketplace, first follow the below instructions on correctly configuring the cluster's default SA and then follow these instructions to install.
Using the Default GCP Service Account¶
A GCP Service Account automatically gets created with every GKE cluster. This SA can be accessed within the GKE cluster to perform actions on GCP resources and, if set up correctly at cluster creation time, can be the simplest way to run the Kasten platform.
This SA configuration needs to be done at cluster creation time. When using the Google Cloud Console to create a new Kubernetes cluster, please select More Options for every node pool you have added. Search for Security in the expanded list of options and, under Access Scopes, select Set access for each API. In the list of scopes that show up, please ensure that Compute Engine is set to Read Write.
Once the Service Accounts are created and the node pools are running, K10 can then be installed by running the following install command:
$ helm install k10 kasten/k10 --namespace=kasten-io
Validating the Install¶
To validate that K10 has been installed properly, the following
command can be run in K10's namespace (the install default is
kasten-io
) to watch for the status of all K10 pods:
$ kubectl get pods --namespace kasten-io --watch
It may take a couple of minutes for all pods to come up but all pods
should ultimately display the status of Running
.
$ kubectl get pods --namespace kasten-io
NAMESPACE NAME READY STATUS RESTARTS AGE
kasten-io aggregatedapis-svc-b45d98bb5-w54pr 1/1 Running 0 1m26s
kasten-io auth-svc-8549fc9c59-9c9fb 1/1 Running 0 1m26s
kasten-io catalog-svc-f64666fdf-5t5tv 2/2 Running 0 1m26s
...
In the unlikely scenario that pods that are stuck in any other state, please follow the support documentation to debug further.
Validate Dashboard Access¶
By default, the K10 dashboard will not be exposed externally.
To establish a connection to it, use the following kubectl
command
to forward a local port to the K10 ingress port:
$ kubectl --namespace kasten-io port-forward service/gateway 8080:8000
The K10 dashboard will be available at http://127.0.0.1:8080/k10/#/.
For a complete list of options for accessing the Kasten K10 dashboard through a LoadBalancer, Ingress or OpenShift Route you can use the instructions here.