GCP Marketplace deployment

Deploy Vectice with on Google Kubernetes Engine (GKE) using GCP Marketplace

This guide walks you through deploying Vectice's global objects as a Kubernetes application on your Google Kubernetes Engine (GKE) cluster using a pre-packaged Helm chart available in GCP Marketplace.

Preparing the deployment from Marketplace

Please refer to the documentation Kubernetes on GCP until the cert-manager step. You can then follow the procedure as described below.

Step 1: Install the Cert Manager

Next, install the cert-manager and cert-manager-csi-driver applications on the cluster.

Cert-manager is used to implement SSL for internal communication between Vectice pods, Cert-manager-csi-driver will attach a CSI volume containing the certificates to the Vectice pods

helm --kube-context $CONTEXT repo add jetstack https://charts.jetstack.io 
helm --kube-context $CONTEXT repo update 
helm --kube-context $CONTEXT install cert-manager jetstack/cert-manager -n cert-manager --create-namespace --set installCRDs=true 
helm --kube-context $CONTEXT install cert-manager-csi-driver jetstack/cert-manager-csi-driver --create-namespace -n cert-manager

Next, generate a custom Certificate Authority and create its associated secret:

openssl req -x509 -nodes -newkey rsa:4096 -days 3650 -keyout /tmp/ca.key -out /tmp/ca.crt -subj '/CN=vectice-internal-ca' -addext "keyUsage = keyCertSign"

Step 2: Create secrets for Ingress and Docker image retriever

First, create a self-signed certificate using the following command, replacing the item highlighted with your own Common Name (CN). Below, sample values are provided between brackets

CNVALUE=<vectice.my-company.com>
openssl req -x509 -nodes -newkey rsa:2048 -days 3650 -keyout /tmp/vectice-cert.key -out /tmp/vectice-cert.crt -subj "/CN=$CNVALUE"

Once this is done, navigate to the location of the vectice-image-puller.json file. This is found in the package your Vectice account team provided you. Contact [email protected] if you require assistance. Use this file to create the secret that will be used to pull the docker images from the Vectice GCR registry

kubectl --context $CONTEXT create secret docker-registry vectice-gcr-secrets -n vectice \
--docker-server=gcr.io \
--docker-username=_json_key \
--docker-password="$(cat vectice-image-puller.json)" \
--docker-email=$(cat vectice-image-puller.json | grep "client_email" | grep -Po '"client_email": "\K[^"]*')

Step 3: Install the Vectice stack

Please view the Vectice GKE deployment page for more information.

If you already agreed to the terms and conditions, CONFIGURE will appear instead of GET STARTED and you will be redirected to the deployment form

Click on GET STARTED
Agree to the terms and conditions
Fill in the fields in the deployment form
Press Deploy

You should see the progress on the submenu Applications of your Kubernetes Cluster.

Once this is done, retrieve the Vectice Ingress IP. Note: this might take up to 5 minutes to appear:

kubectl --context $CONTEXT get ingress vectice -n vectice

The expected output should look like this, below are example values:

NAME      CLASS    HOSTS                    ADDRESS         PORTS     AGE
vectice   <none>   vectice.my-company.com   2.3.4.5         80, 443   211d

Finally, add the A record as a new entry in your DNS resolver.

Learn more about A DNS records.

In this example, the A record would look like below.

DOMAIN             RECORD TYPE     NAME        CONTENT
my-company.com     A               vectice     2.3.4.5

PreviousAppendices NextOn premise

hashtagPreparing the deployment from Marketplace

hashtagStep 1: Install the Cert Manager

hashtagStep 2: Create secrets for Ingress and Docker image retriever

hashtagStep 3: Install the Vectice stack

Preparing the deployment from Marketplace

Step 1: Install the Cert Manager

Step 2: Create secrets for Ingress and Docker image retriever

Step 3: Install the Vectice stack