Cloud Services

Requirements

A subnet for GKE:
- Range: /24 or larger
- Secondary ranges:
  - Pods: /16 or larger
  - Services: /16 or larger
    The services range cannot be increased after the cluster creation
A subnet CIDR for GKE control plane (will be created by GKE):
- Range: /28
The following DNS records for accessing the Superwise Platform (the IP would be provided after the installation is completed):
- app.<**DOMAIN_NAME**>
- api.<**DOMAIN_NAME**>
- *.app.<**DOMAIN_NAME**> - a wildcard DNS for accessing applications.
A TLS certificate that matches the hostnames above, stored as a Kubernetes secret.

Version: 1.24 or newer (up to 1.27)

A minimum of 3 nodes (e2-standard-4) is required to run Superwise.
Node autoscaling is recommended with a 1 node per zone configuration, across 3 zones.
A maximum of 6 nodes (2 per zone) can be set without affecting performance.

Type: PostgreSQL

Version: 14.x

Tier: db-custom-2-7680

A Cloud Storage bucket is required for Superwise to store data.

A multi-region bucket with versioning is recommended.

Public access prevention should be enforced.

A GCP service account with the following permissions is required:

Project level:
- roles/bigquery.admin
Bucket level:
- roles/storage.objectAdmin
- roles/storage.legacyBucketReader

🚧
Pay attention!
A service account key is also required, stored as a Kubernetes secret.

Enabling GKE workload identity for this service account is recommended.
When using this option for authentication, the Kubernetes service accounts that requires access to Google Cloud APIs must be allowed to impersonate the Google service account.
This can be done by adding the roles/iam.workloadIdentityUser role to the service account.

To use GKE workload identity for Superwise, the following service accounts must be allowed:

For using GKE workload identity when adding GCS sources to Superwise, the following Kubernetes service accounts must be allowed: