Updates for CAP Deployment in public clouds

Our vision for the SUSE Cloud Application Platform Deployment tool is to provide the simplest experience possible and do so across a variety of supported cloud service providers. Since my last post we’ve made some significant strides, so it’s time to catch up on our status.

CAP Deployment on Google Compute Platform

I’m excited to announce that we have an image available for deploying CAP on Google Kubernetes Engine (GKE). As always, you can find the image using pint:

pint google images --active --filter 'name~cap-deploy'

Before you can deploy, though, you need to satisfy some prerequisites:

• Create a GCP service account with the following permissions, on the preferred target project:
  • Compute Admin (compute.admin)
  • Kubernetes Engine Admin (container.admin)
  • Service Account User (iam.serviceAccountUser)
• Create a 2nd GCP service account for DNS administration (or grant the 1st account additionally):
  • DNS Administrator (dns.admin)

  ⚠ Be sure to securely store the credentials file(s), as these can be used to authenticate as your service account. See https://cloud.google.com/iam/docs/granting-changing-revoking-access for more details on setting up GCP IAM accounts.

• Configure a Cloud DNS Zone in the target project, using a publicly resolvable subdomain.
  The DNS zone will host the cluster’s DNS records in a specific domain name. See https://cloud.google.com/dns/docs/zones/ for details on setting up a Cloud DNS Zone.

When you create an instance of the CAP Deploy VM, be sure to allow http access (TCP port 80). You’ll need to access the web interface via http://$IP_OF_INSTANCE and supply a username and password for http auth. The username is the Instance ID, and the password is the instance name. You can find the values via the Google Cloud web console, or by ssh’ing into the instance and using the metadata client ( gcemetadata --query instance --id --name ).

CAP Deployment on Amazon Web Services

We’ve completed development of CAP Deploy on Elastic Kubernetes Service (EKS); this will be publicly available soon in Amazon Marketplace. Here are the prerequisites:

• Create an AWS access key on an account with adequate credentials. See https://docs.aws.amazon.com/general/latest/gr/aws-sec-cred-types.html#access-keys-and-secret-access-keys for details, and https://documentation.suse.com/suse-cap/1.5.2/html/cap-guides/cha-cap-depl-eks.html#sec-cap-eks-iam for IAM requirements.
• Configure a Route 53 Hosted zone The DNS zone will host the cluster’s DNS records in a specific domain name. Make note of the name which must be supplied in terraform variables. See https://docs.aws.amazon.com/Route53/latest/DeveloperGuide/AboutHZWorkingWith.html for details on setting up a Hosted zone.
• Generate an EC2 Key Pair The key pair will be used for accessing cluster nodes via SSH. See https://docs.aws.amazon.com/AWSEC2/latest/UserGuide/ec2-key-pairs.html for details on creating a Key Pair.

When you create an instance of the CAP Deploy VM, be sure to allow http access (TCP port 80). You’ll need to access the web interface via http://$IP_OF_INSTANCE and supply a username and password for http auth. The username is the Instance ID, and the password is the Account ID (or Owner in the web console). You can find the values via the AWS console, or by ssh’ing into the instance and using the metadata client ( ec2metadata --api latest --document ).

CAP Deployment on Microsoft Azure

The Azure offer has been upgraded to include deployment of stratos-metrics and some small bug fixes to the blue-horizon web UI. For more information on using the Azure version, please see my previous post.