Skip to content

GCP

This page describes the infrastructure and other prerequisites for deploying Tower on Google Cloud Platform (GCP).

Tower container images#

Seqera Labs publishes the Tower Enterprise containers to a private Artifact Registry (AR) on GCP.

  1. Provide Seqera Labs with your GCP Service Account

    Supply your GCP Project's Service Account email address to the Seqera representative managing your onboarding and wait for confirmation that it has been added as an approved Artifact Registry Reader.

  2. Retrieve a local copy of the container

    Clients using the docker-compose deployment method must retrieve container copies for local use.

    1. Install gcloud CLI and Docker on the target machine.

    2. Authenticate the Service Account with the gcloud CLI.

    3. Configure Docker to interact with the GCP Region where the Seqera AR resides.

      1
      gcloud auth configure-docker europe-west2-docker.pkg.dev
      

    4. Confirm you have access to the repository.

      1
      gcloud artifacts docker images list europe-west2-docker.pkg.dev/nf-tower-enterprise/containers/ --include-tags
      

    5. Pull the containers to your machine:

      1
      2
      3
      4
      5
      export REPOSITORY_URL="europe-west2-docker.pkg.dev/nf-tower-enterprise/containers"
      export TAG="v22.2.4"
      
      docker pull ${REPOSITORY_URL}/backend:${TAG}
      docker pull ${REPOSITORY_URL}/frontend:${TAG}
      

Mandatory prerequisites#

SMTP server#

If you do not have an email server, Google Cloud provides several ways send emails:

Work with your IT team to see what best works for your organization.

MySQL database#

An external database (i.e. external to your Docker Compose or Kubernetes deployment) is highly recommended for production deployments. If you don't have your own database service, you can use Google CloudSQL.

If you decide to use an external database, you must create a MySQL user and database manually. Refer to the Configuration section for more details.

VM instance (Docker Compose)#

An Google Compute Engine (GCE) instance is required to deploy Tower via Docker Compose. Refer to the Detailed Instructions section for instructions on how to provision a VM instance for this purpose.

GKE cluster (Kubernetes)#

A Google Kubernetes Engine (GKE) cluster is required to deploy Tower via Kubernetes. Refer to the GKE documentation for instructions on how to provision your own cluster.

Note

GKE Autopilot is not currently supported by Tower due to a privilege issue with the Redis deployment. However, you can achieve most of the same behavior with a Standard cluster by enabling autoscaling and node auto-provisioning.

Optional prerequisites#

SSL certificate#

Required to allow your Tower instance to handle HTTPS traffic.

Warning

Starting in Tower 22.1.1, HTTP-only implementations must set the following environment variable in their Tower hosting infrastructure in order for users to be able to successfully log in: TOWER_ENABLE_UNSAFE_MODE=true.

Public IP address#

A public IP address can be reserved for the Tower ingress, in order to keep the IP address constant across restarts. If you do not reserve an IP address, the ingress will create one for you automatically, but it will be different every time you deploy the ingress. Refer to the Detailed Instructions section for instructions on how to reserve a public IP address.

  1. Browse to VPC networkExternal IP addresses and select Reserve Static Address

  2. Assign a name e.g. tower-ip, this name will be used later to configure the ingress

  3. Select a region where your GKE cluster is deployed

  4. Select Reserve

Detailed Instructions#

This section provides step-by-step instructions for some commonly used GCP services for Tower deployment. Please consult the GCP documentation for the most up-to-date instructions, and please contact GCP support if you have any issues with provisioning GCP resources.

Google CloudSQL#

  1. Browse to Cloud SQL and select Create Instance.

  2. Select MySQL (you may need to enable the API).

  3. Change to Single zone availability unless there is a need for high availability.

  4. Update the Region and Zone to match the location of your Tower deployment.

  5. Expand Show configuration options, update Machine type and Storage settings. The recommended machine type and disk size depends on the number of parallel pipelines you expect to run. In this tutorial we use the Standard machine type with 1 vCPU, and 20 GB SSD storage.

  6. Expand Connections, disable Public IP, and enable Private IP.

  7. Select the Network (usually default). You may need to set up a Private services access connection if you have not done it before for this VPC. Enable the API and select Use an automatically allocated IP range. Select Continue, then Create Connnection.

  8. Select Create Instance.

  9. Once the database has been created, select the instance, then Databases, and create a new database tower.

  10. Note the Private IP address of the instance as it will be supplied to the TOWER_DB_URL environment variable.

Google Compute Engine#

  1. From the Navigation menu of the Google Cloud console, select Compute Engine to create a new VM instance. Select the machine name, region/zone, and machine type. In this example we have used an e2-standard-2 instance (2 vCPUs, 8 GB memory).

    Tip

    You can use the container-optimized OS for the VM.

  2. Enable HTTP traffic. By default, the frontend is exposed to port 8000, so you will need to add a firewall rule to the underlying VPC network to allow port 8000 (after VM creation).

  3. SSH into the machine. If you run into issues with SSH or would like to set up IAP SSH refer to the documentation for TCP forward to IAP.

  4. Install Docker if it is not already installed.

  5. Test Docker by running the Docker Compose image. If Docker does not have sufficient permissions, consider following these steps to run it without root, or use sudo.

    1
    2
    3
    4
    5
    # test docker compose
    docker run docker/compose:1.24.0 version
    
    # check that docker/compose image was pulled
    docker images
    
  6. Create an alias for docker-compose:

    1
    2
    3
    4
    5
    6
    7
    echo alias docker-compose="'"'docker run --rm \
        -v /var/run/docker.sock:/var/run/docker.sock \
        -v "$PWD:$PWD" \
        -w="$PWD" \
        docker/compose:1.24.0'"'" >> ~/.bashrc
    
    source .bashrc
    
  7. Configure gcloud and Docker as described in the Tower container images section.

Back to top