This section explains the prerequisites for installing and deploying Kyvos in the GCP environment.
To deploy Kyvos in a GCP environment, you must ensure that the following prerequisites are met.
- Google Console users should have the privilege to launch Google resources like Instances, Dataproc cluster, Google Storage, and Disks in the Project.
- Kyvos needs a service account to launch Kyvos instance. Refer to the steps given in the Service Account section to create it.
- Kyvos will need access to VPN, Subnet, Network Interface/Security Group, and Service Account which will be used by Kyvos to launch compute engines, Dataproc, and Instance Group.
- The Network Security Group with the following ports opened in inbound rules for all internal communication between Kyvos instances and Dataproc cluster.
6602, 6903, 6703, 45450, 45460, 6603, 6803, 45440, 6605, 45421, 45564, 4000, 8080, and 8081
- Ports 22, 8080, and 8081 should be accessible from outside of the cluster from where you want to access the Web application.
- In case the Kyvos instances and Dataproc clusters are launched in a different VPN/Subnet, then Network Peering should be created between both the networks.
- There should be a private and public key for creating the Kyvos instances and the Dataproc cluster.
- Kyvos will need a storage bucket to store data (cubes).
- To access the storage bucket from the Kyvos instances, a NAT Gateway in VPN or Endpoint between storage and VPN should be available.
Creating service account from Google Cloud Console
- Click Roles > Create new role. Provide a name like Kyvos-storage for storage service, and assign the following permissions.
- Go to IAM & Admin > Service Account. Create a service account for Kyvos.
- Click Edit to add roles in the service account and add the following roles.
- Kyvos-Storage (created for storage)
- BigQuery data viewer
- BigQuery user