Google Kubernetes Engine (GKE) running on Google Cloud Platform (GCP)
This section describes the requirements for using Greenplum for Kubernetes with Google Kubernetes Engine (GKE) deployments.
When creating the GKE cluster, ensure that you make the following selections on the Create a Kubernetes cluster screen of the Google Cloud Platform console:
- For the Cluster Version option, select the most recent version of Kubernetes.
- Scale the Machine Type option to at least 2 vCPUs / 7.5 GB memory.
- For the Node Image option, you must select Ubuntu. You cannot deploy Greenplum with the Container-Optimized OS (cos) image.
- Set the Size to 4 or more nodes.
- Set Automatic node repair to Disabled.
In addition to the above, the Greenplum for Kubernetes deployment process requires the ability to map the host system’s
/sys/fs/cgroup directory onto each container’s
/sys/fs/cgroup. Ensure that no kernel security module (for example, AppArmor) uses a profile that disallows mounting
After creating your GKE cluster, use the
gcloud utility to login to GCP, and to set your current project and cluster context:
Log into GCP:
$ gcloud auth login
Set the current project to the project where you will deploy Greenplum:
$ gcloud config set project <project-name>
Set the context to the Kubernetes cluster that you created for Greenplum:
- Access GCP Console.
- Select Kubernetes Engine > Clusters.
- Click Connect next to the cluster that you configured for Greenplum, and copy the connection command.
On your local client machine, paste the command to set the context to your cluster. For example:
$ gcloud container clusters get-credentials <cluster-name> --zone us-central1-a --project <my-project>
Fetching cluster endpoint and auth data. kubeconfig entry generated for <cluster-name>.
Obtain a Kubernetes service account key (a
key.json file) for an account that has read access (
storage.objectViewer role) to the Google Cloud Registry. You will need to identify this file in your configuration to pull Pivotal Greenplum for Kubernetes docker images from the remote registry. For example:
If necessary, create a new service account to use for Pivotal Greenplum for Kubernetes. These example commands create a new account named
greenplum-image-pullin your current GCP project:
$ export GCP_PROJECT=$(gcloud config get-value core/project) $ gcloud iam service-accounts create greenplum-image-pull
Assign the required
storage.objectViewerrole to the new account:
$ gcloud projects add-iam-policy-binding $GCP_PROJECT \ --member serviceAccount:greenplum-image-pull@$GCP_PROJECT.iam.gserviceaccount.com \ --role roles/storage.objectViewer
Create the key for the account:
$ gcloud iam service-accounts keys create \ --iam-account "greenplum-image-pull@$GCP_PROJECT.iam.gserviceaccount.com" \ ~/key.json