Skip to content

Latest commit

 

History

History

kubernetes

Folders and files

NameName
Last commit message
Last commit date

parent directory

..
mysql
mysql
 
 
README.md
README.md
 
 
create.sh
create.sh
 
 
db-deployment.yaml
db-deployment.yaml
 
 
db-service.yaml
db-service.yaml
 
 
delete.sh
delete.sh
 
 
deploy.sh
deploy.sh
 
 
etcd-cluster.yaml
etcd-cluster.yaml
 
 
etcd-deployment.yaml
etcd-deployment.yaml
 
 
etcd-role-binding.yaml
etcd-role-binding.yaml
 
 
etcd-role.yaml
etcd-role.yaml
 
 
example-config.sh
example-config.sh
 
 
provision_tree.sh
provision_tree.sh
 
 
trillian-ci-mysql.yaml
trillian-ci-mysql.yaml
 
 
trillian-ci-spanner-config.sh
trillian-ci-spanner-config.sh
 
 
trillian-ci-spanner.yaml
trillian-ci-spanner.yaml
 
 
trillian-cloudspanner.yaml
trillian-cloudspanner.yaml
 
 
trillian-ct-log-config.sh
trillian-ct-log-config.sh
 
 
trillian-log-deployment.yaml
trillian-log-deployment.yaml
 
 
trillian-log-service.yaml
trillian-log-service.yaml
 
 
trillian-log-signer-deployment.yaml
trillian-log-signer-deployment.yaml
 
 
trillian-log-signer-service.yaml
trillian-log-signer-service.yaml
 
 
trillian-mysql.yaml
trillian-mysql.yaml
 
 
undeploy.sh
undeploy.sh
 
 

README.md

Deploying onto Kubernetes in Google Cloud

This document guides you through the process of spinning up an example Trillian deployment on Google Cloud using Kubernetes and Cloud Spanner.

Prerequisites

  1. You should have this repo checked out :)
  2. A recent Debian based distribution (other platforms may work, but YMMV)
  3. You must have the jq binary installed (for command-line manipulation of JSON)
  4. You have gcloud/kubectl/go/Docker etc. installed (See Cloud quickstart docs)
  5. You have a Google account with billing configured
  6. You may need to request additional Quota for Compute Engine "in-use IP addresses" (need >= 11) link

Process

  1. Go to Google Cloud Console
  2. Create a new project
  3. Edit the example-config.sh file, set PROJECT_ID to the ID of your project
  4. Run: ./create.sh example-config.sh. This script will create the Kubernetes cluster, node pools, and Spanner database, service account and etcd cluster. It should take about 5 to 10 minutes to finish and must complete without error.
  5. Now you can deploy the Trillian services. Run: ./deploy.sh example-config.sh This will build the Trillian Docker images, tag them, and create/update the Kubernetes deployment.
  6. To update a running deployment, simply re-run ./deploy.sh example-config.sh at any time.

You should now have a working Trillian Log deployment in Kubernetes.

NOTE: none of the Trillian APIs are exposed to the internet with this config, this is intentional since the only access to Trillian should be via a personality layer.

Next steps

To do something useful with the deployment, you'll need provision one or more trees into the Trillian log, and run a "personality" layer.

To provision a tree into Trillian, use the provision_tree.sh script (which uses kubectl to forward requests to the Trillian Log's admin API):

./provision_tree.sh example-config.sh

Make a note of the tree ID for the new tree.

Next, you may wish to deploy the Certificate Transparency personality. The CT repo includes Kubernetes instructions and deployment configurations.

Known Issues

  • This deployment is quite tightly coupled to Google Cloud Kubernetes
  • Only CloudSpanner is supported currently
  • There is no Trillian Map support currently (because there is no map support in the current CloudSpanner storage implementation).