Deploy a secure Redpanda cluster and Redpanda Console in Google Kubernetes Engine (GKE). Then, use rpk both as an internal client and an external client to interact with your Redpanda cluster from the command line. Your Redpanda cluster has the following security features:
-
SASL for authenticating users' connections.
-
TLS with self-signed certificates for secure communication between the cluster and clients.
Before you begin, you must have the following:
-
Complete the 'Before you begin' steps and the 'Launch Cloud Shell' steps of the GKE quickstart. Cloud Shell comes preinstalled with the Google Cloud CLI, the
kubectlcommand-line tool, and the Helm package manager. -
kubectl. Minimum required Kubernetes version: {supported-kubernetes-version}.kubectl version --short --client
-
Helm. Minimum required Helm version: {supported-helm-version}
helm version
Your GKE cluster must have one worker node available for each Redpanda broker that you plan to deploy in your Redpanda cluster. You also need to run the worker nodes on a machine type that supports the requirements and recommendations for production deployments.
In this step, you create a GKE cluster with three nodes on c2d-standard-8 machine types. Deploying three nodes allows your GKE cluster to support a Redpanda cluster with three brokers. The c2d-standard-8 instance type comes with:
-
2 cores per worker node, which is a requirement for production.
-
Local NVMe disks, which is recommended for best performance.
|
Note
|
The Helm chart configures default podAntiAffinity rules to make sure that only one Pod running a Redpanda broker is scheduled on each worker node. To learn why, see Number of workers.
|
Create a GKE cluster. Replace the <region> placeholder with your own region.
gcloud container clusters create <cluster-name> \
--machine-type c2d-standard-8 \
--num-nodes=3 \
--local-nvme-ssd-block count=2 \
--region=<region>|
Tip
|
To see all options that you can specify when creating a cluster, see the Cloud SDK reference. Or, for help creating a GKE cluster, see the GKE documentation. |
deploy:partial$kubernetes/guides/create-storageclass.adoc
Add inbound firewall rules to your instances so that external traffic can reach the following node ports on all Kubernetes worker nodes in the cluster:
-
31644
-
31092
-
30082
-
30081
For help creating firewall rules, see the Google VPC documentation.
deploy:partial$kubernetes/guides/deploy-redpanda.adoc
deploy:partial$kubernetes/guides/verify-deployment.adoc
deploy:partial$kubernetes/guides/create-user.adoc
deploy:partial$kubernetes/guides/start-streaming.adoc
deploy:partial$kubernetes/guides/explore-topics-localhost.adoc
deploy:partial$kubernetes/guides/external-access-intro.adoc
deploy:partial$kubernetes/guides/external-access-steps.adoc
deploy:partial$kubernetes/default-components.adoc
deploy:partial$kubernetes/guides/uninstall.adoc
To delete your Kubernetes cluster:
gcloud container clusters delete <cluster-name> \
--region=<region>deploy:partial$kubernetes/guides/troubleshoot.adoc
deploy:partial$kubernetes/guides/next-steps.adoc
shared:partial$suggested-reading.adoc
deploy:partial$kubernetes/guides/suggested-reading-content.adoc