All pages
Powered by GitBook
1 of 7

Google Cloud deployment

Summary of Steps

  1. Set up the network

  2. Set up Database

  3. Create storage buckets

  4. Create a GKE cluster.

  5. Configure GKE workloads.

  6. Post setup steps.

CARE infrastructure overview

Set up the network

Create a VPC

Go To: VPC networks > VPC networks > Create VPC network. (link)

  1. Enter the following values:

    1. Name: care-vpc

    2. Maximum Transmission unit (MTU): 1460

    3. VPC network ULA internal IPv6 range: Disabled

    4. Subnet creation mode: Custom

    5. Create a new subnet using following values:

      1. Name: cluster-snet

      2. Region: asia-south1

      3. P stack type: IPv4 (single-stack)

      4. IPv4 range: 10.0.0.0/16

      5. Private Google Access: On

      6. Flow logs: Off

    6. Firewall rules: Leave default

    7. Dynamic routing mode: Regional

Equivalent commands:

gcloud compute networks create care-vpc --project=$PROJECT --subnet-mode=custom --mtu=1460 --bgp-routing-mode=regional
gcloud compute networks subnets create cluster-snet --project=$PROJRCT --range=10.0.0.0/16 --stack-type=IPV4_ONLY --network=care-vpc --region=asia-south1 --enable-private-ip-google-access

Reserve a static IP address

Go To: VPC Networks > IP Addresses > RESERVE EXTERNAL STATIC IP ADDRESS (link)

  1. Enter the following values:

    1. Name: pip-care

    2. Network Service Tier: Premium

    3. IP version: IPv4

    4. Type: Regional

    5. Region: asia-south1 (Mumbai)

    6. Attached to: None

  2. Note down the IP address

Equivalent commands:

gcloud compute addresses create pip-care --project=$PROJECT --region=asia-south1

Set up Databases

Create 2 databases, care-db and metabase-db

  1. SQL > Create instance > PostgreSQL (link)

  2. Create instance for care:

    1. Instance ID: care-db

    2. Password: <use your own strong password>

    3. Database version: PostgreSQL 14

    4. Cloud SQL edition: Enterprise

    5. Region: asia-south1

    6. Zonal availability: Single zone

    7. Click show zones

    8. Primary zone: asia-south1-a

    9. Click show configurations

    10. Machine configuration: Dedicated core (2 vCPU, 8 GB)

    11. Storage type: SSD

    12. Storage capacity: 20 GB

    13. Enable automatic storage increases: Enabled

    14. Under connections, set

    15. Instance IP assignment: Private IP

      1. Associated networking: care-vpc

      2. If not presented with setup connection dialog, skip to p

      3. Select SET UP CONNECTION for setting up a private service connection and Click ENABLE API

      4. Select Use an automatically allocated IP range

      5. Click create connection

    16. Public IP: Disabled

    17. Under Data protection

    18. Automated backups: Enabled

    19. automated backup window: 2:30 AM - 6:30 AM

    20. Enable point-in-time recovery: Enabled

    21. Days of logs: 7

    22. Enable deletion protection: Enabled

    23. Maintenance window: Sunday

    24. Once the db instance is initialized, create a new database:

      1. Click on care-db > Databases > create database

      2. Enter the db name care

      3. Click create

Repeate the above steps for metabase-db with the following changes

  1. Instance name: metabase-db

  2. Machine configuration: Dedicated core (1 vCPU, 3.75 GB)

  3. db name: metabase

Create storage buckets

Create 2 storage buckets

GoTo: Cloud Storage > buckets > create (link)

  1. Create a publicly accessible bucket for facility images:

    1. Name: <prefix>-care-facility

    2. Location type: Region

    3. Location: asia-south1 (Mumbai)

    4. Default storage class: Standard

    5. Public access prevention: Off

    6. Access control: Uniform

    7. Protection tools: None

  2. Create a private bucket for patient data.

    1. Name: <prefix>-care-patient-data

    2. Location type: Region

    3. Location: asia-south1 (Mumbai)

    4. Default storage class: Standard

    5. Public access prevention: On

    6. Access control: Uniform

    7. Protection tools: Retention policy: 7 days

Setup access keys

Go to Cloud Storage > Settings > Interoperability (link)

  1. Under Access keys for service accounts, click on Create a key for a service account

  2. Click create a new service account:

    1. Name: care-bucket-access

    2. Click “Create and continue”

    3. Role: Storage Object Admin under Cloud Storage

    4. Click "Continue" then "Done"

  3. Select care-bucket-access and click on create key

  4. Note down the Access key and Secret for later

Configure CORS:

  1. Activate Cloud Shell

  2. Create a file bucket-config.json with the following contents

[
   {
     "origin": ["https://care.ohc.network", "https://care.coronasafe.in"],
     "method": ["GET", "PUT"],
     "responseHeader": ["*"],
     "maxAgeSeconds": 3600
   }
]

  1. Replace the origin with your deployed frontend URLs

  2. Apply config for buckets using gcloud cli

gcloud storage buckets update gs://<prefix>-care-facility --cors-file=bucket-config.json
gcloud storage buckets update gs://<prefix>-care-patient-data --cors-file=bucket-config.json

Create a GKE cluster

Go To: Kubernetes Engine > clusters > create > standard (link)

  1. Cluster basics:

    1. Name: care-gke

    2. Location type: Zonal

    3. Zone: asia-south1-a

  2. Node pools > default pool

    1. Number of nodes: 2

  3. Node pools > default pool > nodes

    1. Machine configuration: General purpose

    2. Series: E2

    3. Machine type: e2-standard-2 (2 vCPU, 8 GB memory)

  4. Node pools > default pool > networking: Network tags: care-gke

  5. Node pools > Cluster > Networking

    1. Network: care-vpc

    2. Node subnet: cluster-snet

    3. Network access: Public cluster

    4. Enable HTTP load balancing: Enabled

Configure GKE workloads

Once the cloud resources are created, we can deploy our applications as Kubernetes workloads. The necessary YAML files can be found as a template in the link below.

Template repo: https://github.com/coronasafe/infra_template

Editing the template repo

Using the template, replace all generic/example values to production values. Let’s go through each folder.

Certificate

  1. Replace the example hostnames for ‘dnsNames’ with actual hostnames

Configmaps

  1. In care-configmap.yaml, add database configurations and update the hostnames in CSRF_TRUSTED_ORIGINS and DJANGO_ALLOWED_HOSTS

  2. In nginx.yaml, update the server_name with hostnames.

Helm

  1. Install Helm[Ref]

  2. use the static IP created from "Reserve a static IP address" step to replace the IP value in helm/scripts.sh

Ingress

  1. Replace example hostnames with actual hostnames

Secrets

  1. Update care-secrets.yml

  2. Update metabase.yml with metabase db credentials.

Applying Configurations

  1. Set the default gke cluster

    1. Get the name using: kubectl config get-contexts

    2. Set the config: kubectl config use-context <name>

  2. Run the helm script: bash helm/scripts.sh

  3. Use kubectl to apply all the kubernetes yaml files in the following order

    1. Deploy configmaps: kubectl apply -f 'configmaps/*'

    2. Secrets: kubectl apply -f 'secrets/*'

    3. Deployments: kubectl apply -f 'deployments/*'

    4. Services: kubectl apply -f 'services/*'

    5. Clusterissuer: kubectl apply -f ClusterIssuer/cluster-issuer.yaml

    6. Certificate: kubectl apply -f certificate/certificate.yml

    7. Ingress: kubectl apply -f ingress/care.yaml

  4. Once ingress is created, kubectl get ingress care-ingress will show the IP of the TCP load balancer.

  5. Once the DNS records are added, the SSL will be automatically handled.

Add DNS records

create DNS A records for each domain pointing to the static IP created from "Reserve a static IP address" step

Post setup

Setup CI

LogoDeploying to Google Kubernetes Engine - GitHub DocsGitHub Docs

Setup meta-base

Once the instance is up and dns records are active, visit the metabase url, you would be presented with a new user form where you can create a new admin account