Skip to content

Latest commit

 

History

History
64 lines (53 loc) · 2.9 KB

CloudSpanner.md

File metadata and controls

64 lines (53 loc) · 2.9 KB
Raw

Trillian on Cloud Kubernetes with Cloud Spanner

This document outlines the steps necessary to get an instance of Trillian up and running on Google Cloud.

  1. Create a Google Cloud project (we'll call it's project ID ${PROJECT_ID} below)

  2. Enable APIs

    1. Kubernetes
    2. Cloud Spanner
    3. ...

  3. Create the public API key (see https://cloud.google.com/kubernetes-engine/docs/tutorials/authenticating-to-cloud-platform)

  4. From the APIs & Services > Credentials page, click Create credentials > API key. A key will automatically be created.

  5. Restrict API key to only have access to:

    • Google Cloud APIs
    • Cloud Spanner API

  6. Download service account key (we'll call that file service-key.json)

  7. run: kubectl create secret generic spanner-key --from-file=key.json=service-key.json

  8. Create Spanner instance & database

  9. Click on menu > Cloud Spanner

  10. Click on "Create Instance" (we'll call its instance ID ${SPANNER_INSTANCE})

  11. Choose region (we'll call that ${REGION})

  12. Choose number of nodes

  13. Click create Database 1. Fill in a name (we'll call the DB instance ${DATABASE_INSTANCE}) 2. Click continue 4. In Define your database schema, click the Edit as text slider 3. paste contents of spanner.sd into the text box (you may need to remove the SQL comments prefixed with -- at the top) 4. Click on create

  14. Create kubernetes cluster

  15. menu > Kubernetes

  16. click on Create Cluster

  17. Set cluster name to something (we'll call this ${CLUSTER_NAME})

  18. Set zone to something inside ${REGION}

  19. Click create

  20. Start initial jobs

  21. Edit scripts/deploy_gce.sh and configure the environment variables for your deployment.

  22. run: ./scripts/deploy_gce.sh

Setting up continuous integration

Now that you have a working Trillian-on-cloud instance, you can integrate it with CI/CD so that pushes to master update your Trillian instance.

  1. Create service account credentials
  2. In your Cloud Platform Console project, open the Credentials page.
  3. Click Create credentials > Service account key.
  4. Under Service account select New service account.
  5. Enter a Service account name, e.g. trillian-pusher-ci
  6. Under Role, select Project > Editor.
  7. Under Key type, select JSON.
  8. Click Create. The Cloud Platform Console downloads a new JSON file to your computer. The name of this file starts with your project ID.
  9. Provide the service key to the deploy script that CI runs. You might need the output of the following command: base64 service-key.json | tr -d '\040\011\012\015'
    • Ensure that the key is hidden from build logs (example: Cloud Build).