1# Deploying onto Kubernetes in Google Cloud
2
3This document guides you through the process of spinning up an example CT
4personality on Google Cloud using Kubernetes and Cloud Spanner.
5
6
7## Prerequisites
8
91. You have **already** created and deployed a Trillian instance, see
10 [https://github.com/google/trillian/tree/master/examples/deployment/kubernetes]
11 for instructions.
121. You should have this repo checked out :)
131. A recent [Debian](https://debian.org) based distribution (other platforms
14 may work, but YMMV)
151. You must have the [`jq` binary](https://packages.debian.org/stretch/jq)
16 installed (for command-line manipulation of JSON)
171. You have `gcloud`/`kubectl`/`go`/`Docker` etc. installed (See
18 [Cloud quickstart](https://cloud.google.com/kubernetes-engine/docs/quickstart)
19 docs)
201. You have a Google account with billing configured
21
22
23## Process
24
251. Ensure that you've followed the instructions to [create a Trillian instance on
26 GCP](https://github.com/google/trillian/tree/master/examples/deployment/kubernetes),
27 and have provisioned a suitable log tree into it (and have the
28 corresponding tree ID).
291. Create an "all-roots.pem" file which contains all of the trusted roots you
30 want your CT instance to allow.
31 (e.g. `cat /etc/ssl/certs/* > /tmp/all-roots.pem`)
321. Create a `ct_server.cfg` file, using the `ct_server.cfg.example` file as a template.
33 Don't forget to **change**:
34 1. The `log_id:` field to contain the `tree_id` from the tree you provisioned into
35 Trillian.
36 1. The `prefix:` to the URL path prefix where you want your log API to be served.
37 1. The `public_key:` and `private_key:` entries to your
38 [own keys](../../../docs/ManualDeployment.md#key-generation). (The
39 [`to_proto`](https://github.com/google/trillian-examples/gossip/testdata/to_proto)
40 utility can help with the conversion to protobuf format.)
411. Run the [deploy.sh](deploy.sh) script, using the same `config.sh` file you
42 used for your Trillian deployment:
43 `./deploy.sh ../../../../../trillian/examples/deployment/kubernetes/config.sh`
441. The script may ask you to create a `configmap`. If so, follow the
45 instructions it provides to do so, not forgetting to **run the `deploy.sh`
46 script again**.
47
48The `deploy.sh` script prints out the externally available "ingress" IP when it
49completes. You can use this IP and the `prefix` from your `ct_server.cfg` to
50access the new CT server:
51
52`curl http://${IP}/${PREFIX}/ct/v1/get-sth`
53
54You may need to wait a couple of minutes for the pods to start and settle. If
55you're still not getting an STH from the above request after then, check the
56status of the deployment on the
57[console](https://console.cloud.google.com/kubernetes/discovery).
58
59
60## Updating
61
62Update the jobs by re-running the `deploy.sh` script.
63
64If you want to change the `configmap` you'll need to:
651. Delete the old `configmap` like so: `kubectl delete configmap ctfe-configmap`.
661. Create the updated `configmap` as before.
671. Re-run `deploy.sh` to force kubernetes to update the pods.
View as plain text