You will need the following installed:
- packer
- terraform (v1.5 > version < 1.6)
- atlas
- golang
- gcloud cli
- docker
You will also need:
- a Cloudflare account
- a domain on Cloudflare
- GCP account + project
- PostgreSQL database--Supabase preferred Optional but recommended for monitoring and logging:
- Grafana Account & Stack (see Step 15 for detailed notes)
- Posthog Account
Lastly, Step 8 require you to be on Linux (explanation on step 8 for those interested). These are building Firecracker kernels and required versions--in the future, we will have these pre-built and available for ease-of-use.
Check if you can use config for terraform state management
- Create bucket in Google Cloud
- Create
.env.prodfrom.env.templateand fill in the values. All are required except #Tests - Run
make switch-env ENV=prod - Manually create a DB in Supabase and run
make migrate(This step will fail--that's okay. After you get the error message, you will need to create atlas_schema_revisions.atlas_schema_revisions, just copied from public.atlas_schema_revisions) This can be done with the following statement in the Supabase visual SQL Editor:
CREATE TABLE atlas_schema_revisions.atlas_schema_revisions (LIKE public.atlas_schema_revisions INCLUDING ALL);
- Run
make init(If this errors, run it a second time--it's due to a race condition on Terraform enabling API access for the various GCP services; this can take several seconds) A full list of services that will be enabled for API access: - Run
make build-cluster-disk-image - Run
make build-and-upload-docker-images - Run
make build-and-upload-fc-componentsNote: This needs to be done on a Linux machine due to case-sensitive requirements for the file system--you'll error out during the automated git section with a complaint about unsaved changes. Kernel and versions could alternatively be sourced elsewhere. - At the time of this writing, several versions are required. The script may not fully create and upload these. As of 9/27/24, your Storage buckets should look like this:
<prefix>-fc-env-pipeline/envd
/envd-v.0.0.1 (this is legacy)
/orchestrator
/template-manager
<prefix>-fc-kernels/vmlinux-5.10.186/vmlinux.bin
<prefix>-fc-versions/v1.7.0-dev_8bb88311/firecracker
/uffd
- Run
make apply-without-jobs - Secrets are created and stored in GCP Secrets Manager. Once created, that is the source of truth--you will need to update values there to make changes.
Some notes:
- You can optionally add Grafana and Posthog API keys for monitoring
- When changing env vars, currently you will need to purge the job in nomad (see below for nomad instructions), then re-run
make applyfor the new variables to be properly sourced
- Run
make apply. Note: provisioning of the TLS certificates can take some time; you can check the status in the Google Cloud Console - To access the nomad web UI, go to nomad.<your-domain.com>. Go to sign in, and when prompted for an API token, you can find this in GCP Secrets Manager. From here, you can see nomad jobs and tasks for both client and server, including logging.
- Look inside packages/nomad for config files for your logging and monitoring agents. Follow the steps described on Step 13 to apply changes to the agents.
- As of 9/27/24, GCP Secrets Manager does not auto-populate with Grafana, PostgreSQL connection string, or Posthog API credentials from the .env file. You will need to manually fill in these Secret values. For Grafana, these values can be found not inside the Stack, but from the
Detailsbutton on your Grafana account when choosing a Stack, then details for each plugin. IF you used Supabase, the PostgreSQL connection string can be found there. - If any problems arise, open a Github Issue on the repo and we'll look into it.