DevZero Logo
DevZero
InstallGCP

Control Plane

Self-hosting a DevZero Control Plane on GCP GKE.

By following this guide, you'll set up the Control Plane software in a region hosted on GCP Google Kubernetes Engine (GKE), enabling you to:

  1. Deploy an GKE cluster configured for seamless DevZero integration.
  2. Launch self-hosted DevZero Workspaces and Kubernetes Clusters to kickstart your development projects.
  3. Manage and scale your infrastructure directly on GCP with ease.

This step-by-step guide will walk you through creating a GCP GKE cluster, deploying DevZero Helm charts, and integrating your setup with the DevZero dashboard allowing your team to quickly start building in a production-like environment.

Let's get started!

Hosting the DevZero Control Plane on GCP GKE

For a detailed overview of the DevZero Control Plane, click here

Control Plane Architecture (GCP GKE)

Modules Overview

1. GCP

The control plane can be deployed on GCP infrastructure, leveraging services like:

  • Google Kubernetes Engine (GKE) for Kubernetes orchestration.

  • Cloud SQL for database management.

  • Cloud Storage for persistent storage.

  • IAM (Identity and Access Management) for fine-grained access control.

2. GKE (Google Kubernetes Engine)

  • Cluster Management: Deploy the control plane using Helm charts or Terraform modules on GKE.

  • Node Groups: Configure scaling policies and node templates to optimize performance and cost.

  • Monitoring: Integrate with Prometheus and Grafana for detailed insights.

3. VPC (Virtual Private Cloud)

  • Configure private and public subnets for secure traffic routing.

  • Set up Cloud NAT, Internet Gateways, and route tables for proper networking.

4. Autoscaler

  • Manage workloads efficiently using Horizontal Pod Autoscalers (HPA) and Cluster Autoscalers.

  • Enable resource scaling based on CPU/memory usage.

5. Filestore

  • Provide shared, persistent storage for stateful workloads within the control plane using Filestore.

  • Optimize cost and performance by utilizing storage tiers effectively.

6. DevZero CLI

  • Cluster Interaction: Manage control plane components with commands like devzero start or kubectl integration.

  • Configuration Management: Update or debug settings using CLI commands.

  • Add-ons: Install additional components via devzero addons list.

Prerequisites

Checkout out the Checklist Page to make sure you have the required permissions in GCP to set up the Control Plane.

Setting up Control Plane on the self-hosted Cluster

Configuring gcloud CLI to interact with your GCP account locally

First, run this GCP command to obtain new credentials:

gcloud auth application-default login

Your browser will open to connect to GCP, and then you will get this message:

You are now logged in as your-GCP-account-email.

You can change your current project by running:

gcloud config set project <PROJECT-ID>

Replace the PROJECT-ID placeholder with your current GCP project ID.

You may get this error message, and you should enter Y:

WARNING: Your active project does not match the quota project in your local Application Default Credentials file. This might result in unexpected quota issues.

To update your Application Default Credentials quota project, use the following command.

gcloud auth application-default set-quota-project <PROJECT-ID>

You might encounter the following on your first run:

WARNING: You do not appear to have access to project [<PROJECT-ID>], or it does not exist._
Are you sure you wish to set property [core/project] to <PROJECT-ID>?_
Do you want to continue (Y/n)?_

Type Y, and you will see:

Updated property [core/project].

Next, run this command to verify your GCP project:

gcloud config get-value project

Setting up the Infrastructure

Clone this repository which contains all the Terraform configuration to set up the infrastructure.

git clone https://github.com/devzero-inc/self-hosted-tf.git

Run cd self-hosted-tf/examples/gcp/control-and-data-plane to get into the directory.

Then, run this to install all the required Providers.

terraform init

Run this to create all the GCP resources such as VPC, GKE, Filestore, Autoscaler, etc.

terraform apply

Kubeconfig set up

Set up your local kubeconfig to connect to the GKE cluster:

gcloud container clusters get-credentials <cluster-name> --region <region> --project <project-id>

Download Credentials of your Service Account

Go to IAM & Admin > Service Accounts in the GCP Console. Click Vault-Service-Account which is created with the terraform. Go to the KEYS tab and click ADD KEY:

GCP Service Account Keys

Click Create new key and select JSON key type to download the key in the JSON format as credentials.json.

Create Secret in the GKE Cluster

Create a generic secret in the GKE Cluster which will be used to access the Vault-Service-Account

kubectl create secret generic kms-creds --from-file=sa-credentials.json=/path/to/credentials.json -n devzero

Deploying the Helm Charts

Helm Registry Credentials

Contact the DevZero team at support@devzero.io to get the helm registry credentials.

helm registry login registry.devzero.io --username <your-username> --password <your-password>
WARNING: Using --password via the CLI is insecure. Use --password-stdin.
Login Succeeded

Setting up CRDs

Install the CRDs which are prerequisites to set up a DevZero Control Plane on the GKE cluster.

helm install dz-control-plane-crds oci://registry.devzero.io/devzero-control-plane/beta/dz-control-plane-crds -n devzero --create-namespace
Pulled: registry.devzero.io/devzero-control-plane/beta/dz-control-plane-crds:0.0.1
Digest: sha256:e945122ddaeb1e9de6d6d0ba0c0bd83dabf90a3acb5e867c0a46098098a9d89f
NAME: dz-control-plane-crds
LAST DEPLOYED: Mon Dec  2 13:02:28 2024
NAMESPACE: devzero
STATUS: deployed
REVISION: 1
TEST SUITE: None

Set up your Route 53 Domain

Ignore this step if you already have a domain. But if you don't have one, register a domain on AWS Route 53.

Route 53 Domain

Install Helm Charts

Download values.yaml from here and install the helm charts to set up the DevZero control plane.

helm install dz-control-plane oci://registry.devzero.io/devzero-control-plane/beta/dz-control-plane -n devzero -f /path/to/values.yaml --set domain=<domain_name> --set issuer.email=support@devzero.io
Pulled: registry.devzero.io/devzero-control-plane/beta/dz-control-plane:0.1.6
Digest: sha256:c02ccd320fdfa5225c3db610021a6440ba95cc979804833705aa109dd695768c
W1202 13:13:44.011174   30707 warnings.go:70] spec.template.spec.containers[7].ports[0]: duplicate port definition with spec.template.spec.containers[0].ports[0]
NAME: dz-control-plane
LAST DEPLOYED: Mon Dec  2 13:10:39 2024
NAMESPACE: devzero
STATUS: deployed
REVISION: 1

Ingress Setup

Get the ingress service in the cluster:

kubectl get ingress -n devzero

Running ingress

Copy the address of your ingress services.

Create new Records in Route 53

Create an A record and add the address of your ingress service in the value. Set the record name as *: A Record

Create another A record keeping the Subdomain empty. Add the address of your ingress service in the value: A Record

Visit the DevZero Dashboard

Go to <your-dz-control-plane-web-host>/dashboard to check out the DevZero UI.

DevZero dashboard

Setting up Data Plane on a self-hosted GKE cluster

To set up the data plane in self-hosted environment, follow the guide for Setting up the Data Plane in GCP GKE.

Previous

Checklist

Next

Data Plane

On this page