Deploy Reducto on Google Kubernetes Engine using Terraform
Use one of the methods:
gcloud auth application-default login
For Terraform to use your gcloud credentials, run:
gcloud auth login
export GOOGLE_OAUTH_ACCESS_TOKEN=$(gcloud auth print-access-token)
By default var.project_id is also billing project. This can be overriden by var.billing_project_id. Billing project is required for creating Cloud Vision API key.
See Quota Management Configuration in Terraform provider configuration.
In your region, ensure there's sufficient quota for Compute Optimized instances (CPUs per region, CPU family per region), and Cloud Vision API https://console.cloud.google.com/iam-admin/quotas
A GKE cluster is provisioned with private nodes without public IP. Postgres instance is provisioned in private network without public IP.
GKE control plane is provisioned with both public and private IP - but access is limited to VPC and CIDR provided in var.control_plane_allowed_cidrs
To use a bucket for Terraform state, create a bucket and update backend.tf.
OR you can skip this to quickly run Terraform plan and apply with locally managed terraform.tfstate state file for testing purposes.
At a minimum create a terraform.tfvars with following configuration:
project_id = "your-gcp-project"
reducto_host = "reducto.yourdomain.com"
reducto_helm_chart_version = "..."
reducto_helm_repo_username = "your-username"
reducto_helm_repo_password = "your-password"And then:
terraform init
terraform plan
terraform applyEnsure that domain name in var.reducto_host resolves to IP of internal load balancer of Reducto Ingress.
To delete, set deletion_protection = false and run terraform destroy. You may get following error, to resolve it manually delete from VPC under "VPC network peering" tab, and rerun terraform destroy.
Service Networking Connection
│ Error: Unable to remove Service Networking Connection, err: Error waiting for Delete Service Networking Connection: Error code 9, message: Failed to delete connection; Producer services (e.g. CloudSQL, Cloud Memstore, etc.) are still using this connection.