This guide outlines the process of deploying Permify, on Google Compute Engine. The steps include setting up Google Cloud SDK and kubectl, managing containers using Google Kubernetes Engine (GKE), deploying Permify, and implementing Permify in a distributed configuration with Serf. By following these steps, you can efficiently deploy Permify on Google’s scalable and secure infrastructure.

Google Cloud SDK Install

  1. At the command line, run the following command:

    curl https://sdk.cloud.google.com | bash
    
  2. When prompted, choose a location on your file system (usually your Home directory) to create the google-cloud-sdk subdirectory under.

  3. If you want to send anonymous usage statistics to help improve gcloud CLI, answer Y when prompted.

  4. To add gcloud CLI command-line tools to your PATH and enable command completion, answer Y when prompted

  5. Restart your shell:

    exec -l $SHELL
    
  6. To initialize the Google Cloud CLI environment, run gcloud init

Install kubectl

  1. Install the kubectl component:

    gcloud components install kubectl
    
  2. Verify that kubectl is installed:

    kubectl version
    
  3. Install Authn Plug-in

    gcloud components install gke-gcloud-auth-plugin
    

    Check the gke-gcloud-auth-plugin binary version:

    gke-gcloud-auth-plugin --version
    

Create Containers with GKE

  1. Login & Initialize Google Cloud CLI

    gcloud init
    
  2. Follow configuration instructions

  3. Create Container Cluster

    gcloud container clusters create [CLUSTER_NAME]
    
  4. Authenticate the cluster

    gcloud container clusters get-credentials [CLUSTER_NAME]
    

Deploy Permify

  1. Apply deployment config

    kubectl apply -f deployment.yaml
    
    • Deployment.yaml

      apiVersion: apps/v1
      kind: Deployment
      metadata:
          labels:
              app: permify
          name: permify
      spec:
        replicas: 3
        selector:
          matchLabels:
            app: permify
        strategy:
            type: Recreate
        template:
            metadata:
              labels:
                app: permify
            spec:
              containers:
                - image: ghcr.io/permify/permify
                  name: permify
                  args:
                  - "serve"
                  - "--database-engine=postgres"
                  - "--database-uri=postgres://user:password@host:5432/db_name"
                  - "--database-max-open-connections=20"
                  ports:
                      - containerPort: 3476
                        protocol: TCP
                  resources: {}
              restartPolicy: Always
      status: {}
      
  2. Apply service manfiest

    kubectl apply -f service.yaml
    
    • Service Manifest

      apiVersion: v1
      kind: Service
      metadata:
        name: permify
      spec:
        ports:
            - name: 3476-tcp
              port: 3476
              protocol: TCP
              targetPort: 3476
        selector:
              app: permify
        type: LoadBalancer
      status:
        loadBalancer: {}
      

Deploying Permify in a Distributed Configuration

If you aim to deploy Permify in a distributed configuration, you will need to create a Serf deployment. The Serf deployment can be dockerized to our Container Registry under the name permify/serf:v1.0, which is provided by Hashicorp.

Please note: It is crucial to ensure that both Serf and Permify deployments reside within the same namespace for proper operation.

  1. Serf Service Create:

    • Serf Deployment&Service yaml

      apiVersion: apps/v1
      kind: Deployment
      metadata:
        name: serf-deployment
      spec:
        replicas: 1
        selector:
          matchLabels:
            app: serf
        template:
          metadata:
            labels:
              app: serf
          spec:
            containers:
            - name: serf
              image: permify/serf:v1.0
              args: 
               - "-node=main-serf"
              ports:
              - containerPort: 7946
              resources:
                requests:
                  cpu: 100m
                  memory: 128Mi
                limits:
                  cpu: 200m
                  memory: 256Mi
      ---
      apiVersion: v1
      kind: Service
      metadata:
        name: serf
      spec:
        selector:
          app: serf
        ports:
        - protocol: TCP
          port: 7946
          targetPort: 7946
          name: serf
        type: ClusterIP
      
  2. Apply Deployment Manifest

    • Deployment.yaml

      apiVersion: apps/v1
      kind: Deployment
      metadata:
        name: permify-deployment
      spec:
        replicas: 3
        selector:
          matchLabels:
            app: permify
        template:
          metadata:
            labels:
              app: permify
          spec:
            containers:
              - image: permify/permify:tagname
                name: permify
                args:
                  - "serve"
                  - "--database-engine=postgres"
                  - "--database-uri=postgres://user:password@host:5432/db_name"
                  - "--database-max-open-connections=20"
                  - "--distributed-enabled=true"
                  - "--distributed-node=serf:7946"
                  - "--distributed-node-name=main-serf"
                  - "--distributed-protocol=serf"
                resources:
                   requests:
                     memory: "128Mi"
                     cpu: "200m"
                   limits:
                    memory: "128Mi"
                    cpu: "400m"
                ports:
                - containerPort: 3476
                  name: permify-port
                - containerPort: 7946
                  name: permify-dist
                - containerPort: 6060
                  name: permify-pprof
      
  3. Apply Service Manifest

    • Service.yaml

      apiVersion: v1
      kind: Service
      metadata:
        name: permify
      spec:
        ports:
            - name: permify-port
              port: 3476
              targetPort: 3476
            - name: permify-dist
              port: 7946
              targetPort: 7946
        selector:
              app: permify
        type: LoadBalancer
      

Need any help ?

Our team is happy to help you to deploy Permify, schedule a call with an Permify engineer.