Control Plane
Self-hosting a DevZero Control Plane on GCP GKE.
By following this guide, you'll set up the Control Plane software in a region hosted on GCP Google Kubernetes Engine (GKE), enabling you to:
- Deploy an GKE cluster configured for seamless DevZero integration.
- Launch self-hosted DevZero Workspaces and Kubernetes Clusters to kickstart your development projects.
- Manage and scale your infrastructure directly on GCP with ease.
This step-by-step guide will walk you through creating a GCP GKE cluster, deploying DevZero Helm charts, and integrating your setup with the DevZero dashboard allowing your team to quickly start building in a production-like environment.
Let's get started!
Hosting the DevZero Control Plane on GCP GKE
For a detailed overview of the DevZero Control Plane, click here
Modules Overview
1. GCP
The control plane can be deployed on GCP infrastructure, leveraging services like:
-
Google Kubernetes Engine (GKE) for Kubernetes orchestration.
-
Cloud SQL for database management.
-
Cloud Storage for persistent storage.
-
IAM (Identity and Access Management) for fine-grained access control.
2. GKE (Google Kubernetes Engine)
-
Cluster Management: Deploy the control plane using Helm charts or Terraform modules on GKE.
-
Node Groups: Configure scaling policies and node templates to optimize performance and cost.
-
Monitoring: Integrate with Prometheus and Grafana for detailed insights.
3. VPC (Virtual Private Cloud)
-
Configure private and public subnets for secure traffic routing.
-
Set up Cloud NAT, Internet Gateways, and route tables for proper networking.
4. Autoscaler
-
Manage workloads efficiently using Horizontal Pod Autoscalers (HPA) and Cluster Autoscalers.
-
Enable resource scaling based on CPU/memory usage.
5. Filestore
-
Provide shared, persistent storage for stateful workloads within the control plane using Filestore.
-
Optimize cost and performance by utilizing storage tiers effectively.
6. DevZero CLI
-
Cluster Interaction: Manage control plane components with commands like devzero start or kubectl integration.
-
Configuration Management: Update or debug settings using CLI commands.
-
Add-ons: Install additional components via devzero addons list.
Prerequisites
Checkout out the Checklist Page to make sure you have the required permissions in GCP to set up the Control Plane.
Setting up Control Plane on the self-hosted Cluster
Configuring gcloud CLI to interact with your GCP account locally
First, run this GCP command to obtain new credentials:
gcloud auth application-default login
Your browser will open to connect to GCP, and then you will get this message:
You are now logged in as your-GCP-account-email.
You can change your current project by running:
gcloud config set project <PROJECT-ID>
Replace the PROJECT-ID
placeholder with your current GCP project ID.
You may get this error message, and you should enter Y
:
WARNING: Your active project does not match the quota project in your local Application Default Credentials file. This might result in unexpected quota issues.
To update your Application Default Credentials quota project, use the following command.
gcloud auth application-default set-quota-project <PROJECT-ID>
You might encounter the following on your first run:
WARNING: You do not appear to have access to project [<PROJECT-ID>], or it does not exist._
Are you sure you wish to set property [core/project] to <PROJECT-ID>?_
Do you want to continue (Y/n)?_
Type Y
, and you will see:
Updated property [core/project].
Next, run this command to verify your GCP project:
gcloud config get-value project
Setting up the Infrastructure
Clone this repository which contains all the Terraform configuration to set up the infrastructure.
git clone https://github.com/devzero-inc/self-hosted-tf.git
Run cd self-hosted-tf/examples/gcp/control-and-data-plane
to get into the directory.
Then, run this to install all the required Providers.
terraform init
Run this to create all the GCP resources such as VPC, GKE, Filestore, Autoscaler, etc.
terraform apply
Kubeconfig set up
Set up your local kubeconfig to connect to the GKE cluster:
gcloud container clusters get-credentials <cluster-name> --region <region> --project <project-id>
Download Credentials of your Service Account
Go to IAM & Admin > Service Accounts in the GCP Console. Click Vault-Service-Account
which is created with the terraform. Go to the KEYS tab and click ADD KEY:
Click Create new key and select JSON key type to download the key in the JSON format as credentials.json.
Create Secret in the GKE Cluster
Create a generic secret in the GKE Cluster which will be used to access the Vault-Service-Account
kubectl create secret generic kms-creds --from-file=sa-credentials.json=/path/to/credentials.json -n devzero
Deploying the Helm Charts
Helm Registry Credentials
Contact the DevZero team at support@devzero.io to get the helm registry credentials.
helm registry login registry.devzero.io --username <your-username> --password <your-password>
WARNING: Using --password via the CLI is insecure. Use --password-stdin.
Login Succeeded
Setting up CRDs
Install the CRDs which are prerequisites to set up a DevZero Control Plane on the GKE cluster.
helm install dz-control-plane-crds oci://registry.devzero.io/devzero-control-plane/beta/dz-control-plane-crds -n devzero --create-namespace
Pulled: registry.devzero.io/devzero-control-plane/beta/dz-control-plane-crds:0.0.1
Digest: sha256:e945122ddaeb1e9de6d6d0ba0c0bd83dabf90a3acb5e867c0a46098098a9d89f
NAME: dz-control-plane-crds
LAST DEPLOYED: Mon Dec 2 13:02:28 2024
NAMESPACE: devzero
STATUS: deployed
REVISION: 1
TEST SUITE: None
Set up your Route 53 Domain
Ignore this step if you already have a domain. But if you don't have one, register a domain on AWS Route 53.
Install Helm Charts
Download values.yaml from here and install the helm charts to set up the DevZero control plane.
helm install dz-control-plane oci://registry.devzero.io/devzero-control-plane/beta/dz-control-plane -n devzero -f /path/to/values.yaml --set domain=<domain_name> --set issuer.email=support@devzero.io
Pulled: registry.devzero.io/devzero-control-plane/beta/dz-control-plane:0.1.6
Digest: sha256:c02ccd320fdfa5225c3db610021a6440ba95cc979804833705aa109dd695768c
W1202 13:13:44.011174 30707 warnings.go:70] spec.template.spec.containers[7].ports[0]: duplicate port definition with spec.template.spec.containers[0].ports[0]
NAME: dz-control-plane
LAST DEPLOYED: Mon Dec 2 13:10:39 2024
NAMESPACE: devzero
STATUS: deployed
REVISION: 1
Ingress Setup
Get the ingress service in the cluster:
kubectl get ingress -n devzero
Copy the address of your ingress services.
Create new Records in Route 53
Create an A record and add the address of your ingress service in the value. Set the record name as *
:
Create another A record keeping the Subdomain empty. Add the address of your ingress service in the value:
Visit the DevZero Dashboard
Go to <your-dz-control-plane-web-host>/dashboard
to check out the DevZero UI.
Setting up Data Plane on a self-hosted GKE cluster
To set up the data plane in self-hosted environment, follow the guide for Setting up the Data Plane in GCP GKE.