-
Notifications
You must be signed in to change notification settings - Fork 0
Installation
It is recommended that Ktisis be deployed within its own Project within a GCP account.
Ktisis is designed to use the default VPC of the Project that it is installed in.
Ktisis requires that the following API's be enabled within its Project:
- Cloud Run
- Cloud Tasks
- Compute Engine
Ktisis requires two service accounts for its two Cloud Run services. These can be named anything but the following are recommended:
ktisis-processorktisis-receiver
Both service accounts require the Compute Instance Admin (roles/compute.instanceAdmin) role within the Project.
The ktisis-processor service account requires the Service Account User (roles/iam.serviceAccountUser) role against the Project's Compute Engine default service account.
The Compute Engine default service account may have been created without any roles. The minimum recommended roles are:
-
Logs Writer(roles/logging.logWriter) -
Monitoring Metric Writer(roles/monitoring.metricWriter)
If the Compute Engine default service account was created with roles other than the above, these can safely be removed and replaced with the above.
A Cloud Tasks queue has to be created.
The following settings are recommended for the Cloud Tasks queue:
- Max dispatches: 1 per second
- Max concurrent dispatches: 100 concurrent tasks
- Max attempts: -1 per task
- Max retry duration: 86400 seconds
- Min backoff: 60 seconds
- Max backoff: 60 seconds
The ktisis-receiver service account should be granted the Cloud Tasks Enqueuer (roles/cloudtasks.enqueuer) and Cloud Tasks Task Deleter (roles/cloudtasks.taskDeleter) roles against this Cloud Tasks queue.
TODO