GCP

This page describes the infrastructure and other prerequisites for deploying Seqera Platform Enterprise on Google Cloud Platform (GCP).

Prerequisites

You can run the Seqera container with Docker on an GCP VM instance or with Kubernetes on a Google GKE cluster. Ensure that you satisfy the requirements for your installation target. Refer to this list of shared and target-specific prerequisites:

• SMTP server: If you don't have an email server, Google Cloud provides several ways to send emails:

  • Google Workspace:

    • WorkSpace SMTP Relay

  • Third-party services from the Google Cloud marketplace, including:

    • SendGrid
    • Mailgun
    • Mailjet

  Work with your IT team to select the best solution for your organization.

• MySQL database: An external database (i.e., external to your Docker Compose or Kubernetes deployment) is highly recommended for production deployments. If you don't have your own database service, you can use Google CloudSQL.

  If you decide to use an external database, you must create a MySQL user and database manually. See Configuration for more details.

• (Optional) SSL certificate: An SSL certificate is required for your Seqera instance to handle HTTPS traffic.

  From version 22.1.1, HTTP-only implementations must set the TOWER_ENABLE_UNSAFE_MODE=true environment variable in the Seqera hosting infrastructure to enable user login. HTTP must not be used in production environments.

• (Optional) Public IP address: A public IP address can be reserved for the Seqera ingress to keep the IP address constant across restarts. If you don't reserve an IP address, the ingress will create one for you automatically, but it will be different every time you deploy the ingress. Reserve a public IP address with the following steps:

  1. Got to VPC network > External IP addresses and select Reserve Static Address.

  2. Assign a name (e.g., seqera-ip). This name will be used later to configure the ingress.

  3. Select the region where your GKE cluster is deployed.

  4. Select Reserve.

Prerequisites for Docker

A Google Compute Engine (GCE) instance is required to deploy Seqera Enterprise via Docker Compose. See the detailed instructions to provision a VM instance for this purpose.

Prerequisites for GKE

A Google Kubernetes Engine (GKE) cluster is required to deploy Seqera Enterprise via Kubernetes. See the GKE documentation to provision your own cluster.

Seqera doesn't currently support GKE Autopilot due to a privilege issue with the Redis deployment. However, you can achieve most of the same behavior with a Standard cluster by enabling autoscaling and node auto-provisioning.

Seqera container images

Seqera Platform Enterprise is distributed as a collection of Docker containers available through the Seqera container registry cr.seqera.io. Contact support to get your container access credentials. Once you've received your credentials, retrieve the Seqera container images:

1. Retrieve the username and password you received from Seqera support.

2. Run the following Docker command to authenticate to the registry (using the username and password values copied in step 1):

   docker login -u '<USERNAME>' -p '<PASSWORD>' cr.seqera.io
   

3. Pull the Seqera container images with the following commands:

   docker pull cr.seqera.io/private/nf-tower-enterprise/backend:v23.2.0
   
   docker pull cr.seqera.io/private/nf-tower-enterprise/frontend:v23.2.0
   

   cr.seqera.io is the default Seqera container image registry from version 22.4. Use of the AWS, Azure, and Google Cloud image registries in existing installations is still supported but is deprecated for new installations from June 2023. See here for steps to use the Seqera private GCP Artifact Registry.

GCP setup

This section provides step-by-step instructions for some commonly used GCP services for Seqera deployment. See the GCP documentation for up-to-date instructions and contact GCP support if you have any issues with provisioning GCP resources.

Google CloudSQL

1. Browse to Cloud SQL and select Create Instance.

2. Select MySQL (you may need to enable the API).

3. Change to Single zone availability, unless you require high availability.

4. Update the Region and Zone to match the location of your Seqera deployment.

5. Expand Show configuration options and update the Machine type and Storage settings. The recommended machine type and disk size depends on the number of parallel pipelines you expect to run. In this guide, we use the Standard machine type with 1 vCPU, and 20 GB SSD storage.

6. Expand Connections, disable Public IP, and enable Private IP.

7. Select the Network (usually default). You may need to set up a Private services access connection for this VPC if you have not done so already. Enable the API and select Use an automatically allocated IP range. Select Continue, then Create Connection.

8. Select Create Instance.

9. Once the database has been created, select the instance, then Databases. Create a new database named tower.

10. Note the Private IP address of the instance as it must be supplied to the TOWER_DB_URL environment variable.

Google Compute Engine

1. From the Navigation menu of the Google Cloud console, select Compute Engine to create a new VM instance. Select the machine name, region/zone, and machine type. In this example we have used an e2-standard-2 instance (2 vCPUs, 8 GB memory). We recommend using the container-optimized OS for the VM.

2. Enable HTTP traffic. By default, the frontend is exposed to port 8000, so you will need to add a firewall rule to the underlying VPC network to allow port 8000 (after VM creation).

3. Connect to the machine using SSH. If you run into issues with SSH, or would like to set up IAP SSH, refer to the documentation for TCP forward to IAP.

4. Install Docker if it is not already installed.

5. Test Docker by running the Docker Compose image:

   If Docker doesn't have sufficient permissions, use these steps to run it without root, or use sudo.

   # test docker compose
   docker run docker/compose:1.24.0 version
   
   # check that docker/compose image was pulled
   docker images
   

6. Create an alias for docker-compose:

   echo alias docker-compose="'"'docker run --rm \
       -v /var/run/docker.sock:/var/run/docker.sock \
       -v "$PWD:$PWD" \
       -w="$PWD" \
       docker/compose:1.24.0'"'" >> ~/.bashrc
   
   source .bashrc
   

7. Configure gcloud and retrieve the Seqera container images.