Set up Google Cloud

Contributors netapp-bcammett ebarcott Download PDF of this page

A few steps are required to prepare your Google Cloud project before you can manage Google Kubernetes Engine clusters with Astra.

Quick start for setting up Google Cloud

Get started quickly by following these steps or scroll down to the remaining sections for full details.

Number 1 Set up a Google Cloud account and project

Number 2 Purchase Cloud Volumes Service for Google Cloud

Go to the NetApp Cloud Volumes Service page in the Google Cloud Marketplace and click Purchase. Learn more about this step.

Number 3 Enable APIs in your Google Cloud project

Enable the following Google Cloud APIs:

  • Google Kubernetes Engine

  • Cloud Storage

  • Cloud Storage JSON API

  • Service Usage

  • Cloud Resource Manager API

  • NetApp Cloud Volumes Service

  • Service Consumer Management API

  • Service Networking API

  • Service Management API

Number 4 Create a service account that has the required permissions

Create a Google Cloud service account that has the following permissions:

  • Kubernetes Engine Admin

  • NetApp Cloud Volumes Admin

  • Storage Admin

  • Service Usage Viewer

  • Compute Network Viewer

Number 5 Create a service account key

Create a key for the service account and save the key file in a secure location. Follow step-by-step instructions.

Number 6 Set up network peering for your VPC

Set up network peering from your VPC to Cloud Volumes Service for Google Cloud. Follow step-by-step instructions.

The following image depicts each of these steps that you’ll need to complete.

A conceptual diagram that shows a Google Cloud project

Purchase Cloud Volumes Service for Google Cloud

Astra uses Cloud Volumes Service for Google Cloud as the backend storage for your persistent volumes. You need to purchase Cloud Volumes Service for Google Cloud from the Google Cloud Marketplace to enable billing for persistent volumes.

Step
  1. Go to the NetApp Cloud Volumes Service page in the Google Cloud Marketplace, click Purchase, and follow the prompts.

Enable APIs in your project

Your project needs permissions to access specific Google Cloud APIs. APIs are used to interact with Google Cloud resources, such as Google Kubernetes Engine (GKE) clusters and NetApp Cloud Volumes Service storage.

Step
  1. Use the Google Cloud console or gcloud CLI to enable the following APIs:

    • Google Kubernetes Engine

    • Cloud Storage

    • Cloud Storage JSON API

    • Service Usage

    • Cloud Resource Manager API

    • NetApp Cloud Volumes Service

    • Service Consumer Management API

    • Service Networking API

    • Service Management API

The following video shows how to enable the APIs from the Google Cloud console.

Create a service account

Astra uses a Google Cloud service account to facilitate Kubernetes application data management on your behalf.

Steps
  1. Go to Google Cloud and create a service account by using the console, gcloud command, or another preferred method.

  2. Grant the service account the following roles:

    • Kubernetes Engine Admin - Used to list clusters and create admin access to manage apps.

    • NetApp Cloud Volumes Admin - Used to manage persistent storage for apps.

    • Storage Admin - Used to manage buckets and objects for backups of apps.

    • Service Usage Viewer - Used to check if the required Cloud Volumes Service for Google Cloud APIs are enabled.

    • Compute Network Viewer - Used to check if the Kubernetes VPC is allowed to reach Cloud Volumes Service for Google Cloud.

If you’d like to use gcloud, you can follow steps from within the Astra user interface. Click Account > Credentials > Add Credentials, and then click Instructions.

If you’d like to use the Google Cloud console, the following video shows how to create the service account from the console.

Create a service account key

Instead of providing a user name and password to Astra, you’ll provide a service account key when you add your first cluster. Astra uses the service account key to establish the identity of the service account that you just set up.

The service account key is plaintext stored in the JavaScript Object Notation (JSON) format. It contains information about the GCP resources that you have permission to access.

You can only view or download the JSON file when you create the key. However, you can create a new key at any time.

Steps
  1. Go to Google Cloud and create a service account key by using the console, gcloud command, or another preferred method.

  2. When prompted, save the service account key file in a secure location.

The following video shows how to create the service account key from the Google Cloud console.

Set up network peering for your VPC

The final step is to set up networking peering from your VPC to Cloud Volumes Service for Google Cloud.

The easiest way to set up network peering is by obtaining the gcloud commands directly from Cloud Volumes Service. The commands are shown when creating a new file system.

Steps
  1. Go to Cloud Volumes in Google Cloud Platform.

  2. On the Volumes page, click Create.

  3. Under Service Type, select CVS-Performance (CVS is not supported at this time).

    After this step, you’ll only need to enter your networking information to obtain the commands.

  4. Under Region, select your region and zone.

    Clusters must be running in a Google Cloud region that supports the CVS-Performance service type. Learn more about supported regions.

  5. Under Network Details, select your VPC.

    If you haven’t set up network peering, you’ll see the following notification:

    gcp peering

  6. Click the button to view the network peering set up commands.

  7. Copy the commands and run them in Cloud Shell.

    For more details about using these commands, refer to the Quickstart for Cloud Volumes Service for GCP.

  8. After you’re done, you can click cancel on the Create File System page.

    We started creating this volume only to get the commands for network peering.