A newer version of this documentation is available.

View Latest

Installing on GKE

    Install the Couchbase Autonomous Operator on Google Kubernetes Engine (GKE).

    Examples will be illustrated with the Google Cloud SDK, however all steps can be completed via the Google Cloud web console.


    When the gcloud command has been installed and added to your PATH, log in with the following command:

    gcloud auth login

    The gcloud command can support multiple logins. You can select the user to run as with:

    gcloud config set account john.doe@acme.com

    You can also remove the login authentication locally with:

    gcloud auth revoke john.doe@acme.com

    The project must also be set so that resources are provisioned into it:

    gcloud config set project my-project

    GKE Setup

    Like all cloud providers there are two main steps in configuring your cloud environment - the virtual network provisioning then the Kubernetes cluster provisioning.

    Network Setup

    For most users, it will suffice to use automatic subnet provisioning with the following command:

    gcloud compute networks create my-network

    For the purposes of this document we will manually configure our subnets so we are able to add in the necessary firewall rules to allow XDCR between Couchbase clusters in different GKE clusters. We create two non-overlapping subnets in the RFC-1918 private address space in different regions, then allow all ingress traffic from the prefix via a firewall rule. By default network traffic is dropped between different GKE clusters.

    gcloud compute networks create my-network \
      --subnet-mode custom
    gcloud compute networks subnets create my-subnet-us-east1 \
      --network my-network \
      --region us-east1 \
    gcloud compute networks subnets create my-subnet-us-west1 \
      --network my-network \
      --region us-west1 \
    gcloud compute firewall-rules create my-network-allow-all-private \
      --network my-network \
      --direction INGRESS \
      --source-ranges \
      --allow all

    Kubernetes Cluster Setup

    After checking with GKE for an updated Kubernetes cluster version, the next step is to create our Kubernetes clusters in each region. For example:

    gcloud container clusters create my-cluster-us-east1 \
      --cluster-version 1.13.11-gke.14 \
      --region us-east1 \
      --network my-network \
      --subnetwork my-subnet-us-east1
    gcloud container clusters create my-cluster-us-west1 \
      --cluster-version 1.13.11-gke.14 \
      --region us-west1 \
      --network my-network \
      --subnetwork my-subnet-us-west1

    When the clusters are running (the gcloud command will block and complete when the clusters are healthy) you can install credentials into your Kubernetes configuration with the following:

    gcloud container clusters get-credentials my-cluster-us-east1 \
      --region us-east1 \
      --project my-project
    gcloud container clusters get-credentials my-cluster-us-west1 \
      --region us-west1 \
      --project my-project

    You can select which cluster context to use by default with the following Kubernetes command:

    kubectl config use-context gke_my-project_us-east1_my-cluster-us-east1

    Other contexts you may have created can be seen with the kubectl config get-contexts command.

    Kubernetes Environment Setup

    By default users on a new GKE cluster have limited privileges and cannot perform necessary operation to deploy the Couchbase Operator. To enable these privileges run the following command on each cluster:

    kubectl create clusterrolebinding john-doe-admin-binding \
      --clusterrole cluster-admin \
      --user john.doe@acme.com