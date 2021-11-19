



On this page, set up Google Kubernetes Engine (GKE) for your Tanzu Postgres deployment, create a Google Cloud Platform (GCP) service account, use your service account credentials to create a Kubernetes secret, and Google Container Registry (GCR). Learn how to pull a Tanzu Postgres image from. ).

Setting up Google Kubernetes Engine (GKE)

When creating a GKE cluster, go to the Google Cloud Platform console[Kubernetesクラスターの作成]Make sure you make the following selections on the screen:

[クラスターの基本]so:-[クラスターバージョン]Optionally select the latest version of Kubernetes.[デフォルト-プール]In:-Set the size to one or more nodes. ――――[自動アップグレードを有効にする]Disables. ――――[自動修復を有効にする]Disables.[ノード]so:-[ノードイメージタイプ]Optionally[Ubuntu]Choose. You cannot deploy Postgres for Kubernetes using a container-optimized OS (cos) image. ――――[マシンタイプ]Scale the option to at least 2 vCPUs / 8GB memory.

Kubernetes context settings

After you create your GKE cluster, log in to GCP using the gcloud command-line tools pre-installed on your local computer to set the context for your current project and cluster.

Log in to GCP.

$ gcloud auth login

Set the current project to the project where you want to deploy Tanzu Postgres.

$ gcloud project list $ gcloud config set project

Set up a Kubernetes cluster context so that all kubectl commands in this project are run against that cluster.

$ gcloud container cluster get-credentials

Obtaining cluster endpoints and authentication data.Kubeconfig entry generated for ..

For more information on Kubernetes context and kubectl permissions, see “Setting Up kubectl Cluster Access” in the GKE documentation.

Creating a Kubernetes service account

To pull a Tanzu Postgres container image from Google Cloud Registry (GCR), create a Google Cloud Platform (GCP) service account, assign the required role permissions, and create an authentication key to use as your Kubernetes secret.

The next step is to create a new service account, assign permissions for the Google Cloud storage.objectViewer role, and create a key.json file key.

Log in to your Google Cloud account to list your Google Cloud projects. Select the project you want to use for Tanzu Postgres and set the GCP_PROJECT environment variable for your computer to use with the gcloud command.

$ gcloud auth login $ gcloud projects list $ gcloud config set project

$ gcloud config set compute / zone

$ export GCP_PROJECT =

Create a new GCP service account postgres-image-pull for use with Tanzu Postgres.

$ gcloud iam service-accounts create postgres-image-pull

Assign the required role storage.objectViewer to the new account.

$ gcloud projects add-iam-policy-binding $ GCP_PROJECT –member serviceAccount: postgres-image-pull @ $ GCP_PROJECT.iam.gserviceaccount.com –roleroles / storage.objectViewer

Create a service account key to use as a Kubernetes secret and save it on your local computer. In this example, the key file is called key.json.

$ gcloud iam service-accounts keys create –iam-account “[email protected]$GCP_PROJECT.iam.gserviceaccount.com” ~ / key.json

For more information on using keys, see “Creating a Kubernetes Access Secret” in the “Installing VMware Tanzu Postgres” topic.

