DocumentationAPI Reference
Documentation

On-Prem Deployment Instructions (GCP)

This guide will help you and your team install Prequel on GCP infrastructure you control. Prequel deployments rely on a few tools:

  • Terraform v1.0.x for provisioning services required by Prequel
  • Helm 3.9.4 for installing and upgrading Prequel
  • Kubernetes CLI for managing and inspecting the Kubernetes cluster.

Before we get started

  1. Validate that you have access to the Terraform directory and Helm chart we sent over. If not, please email or Slack support@prequel.co to request access.
  2. Create the dedicated cloud project where you’d like Prequel to run. We typically recommend creating a new cloud project for this, which allows all resources to be fully sandboxed from any other existing infrastructure.

Setting up the infrastructure.

  1. Take a look through variables.tf and fill in the required values.
  2. Perform a Terraform dry-run and double check that everything looks good.
terraform plan
  1. Terraform the main.tf file. This will create all the necessary infrastructure for Prequel to run. Save the output variables, you'll need them later.
terraform apply
  1. Update your DNS records to point to the prequel-ingress-ip returned by the Terraform script. You'll need to create three DNS records.
prequel.your-domain.com			# the domain you'll use when hitting the API.
prequel-admin.your-domain.com		# the UI that admins on your team will use to manage Prequel.
data-connect.your-domain.com				# the domain your customers will use to connect their data warehouse.

Deploying Prequel

  1. Authenticate to the Kubernetes cluster created in step 5.
  2. Get a hold of the GitHub App Private Key for your deployment. Ask your Prequel contact to send it over.
  3. Download and rename the file to privatekey. It is important that the file name is correct here. Otherwise, the cluster won't come up properly.
mv {download_path} ~/Downloads/privatekey
  1. Create a Kubernetes secret from it.
kubectl create secret generic github-app-private-key --from-file=~/Downloads/privatekey
  1. Create the following Kubernetes secrets required by the Prequel deployment.
# Generate and store secure random values in environment variables
export POSTGRES_PASSWORD={your_db_password}
export WORKOS_API_KEY={workos_api_key}
export SSH_SALT={your_generated_ssh_salt}
export ADMIN_API_KEY={your_generated_admin_api_key}
export AUTH_TOKEN_KEY={your_generated_auth_token_key}

# Create secret for Postgres DB credentials
kubectl create secret generic postgres-db \
  --from-literal=password="${POSTGRES_PASSWORD}"

# Create secret for SSH salt (used for hashing public keys)
kubectl create secret generic ssh-salt \
  --from-literal=salt="${SSH_SALT}"

# Create secret for Shepherd service
kubectl create secret generic shepherd \
  --from-literal=apiKey="${ADMIN_API_KEY}" \
  --from-literal=authToken="${AUTH_TOKEN_KEY}" \
  --from-literal=workOSApiKey="${WORKOS_API_KEY}"

Make sure to store these generated values securely for future maintenance and troubleshooting. Each value is:

  • postgres-db.password: The password for your Postgres database.
  • shepherd.workOSApiKey: The WorkOS API key provided to you by Prequel.
  • ssh-salt.salt: A random 32-char string used for hashing SSH public keys.
  • shepherd.apiKey: A random 32-char string used for admin API authentication.
  • shepherd.authToken: A random 32-char string used to encrypt/decrypt authentication tokens.
  1. Install the cert-manager Helm chart.
helm repo add jetstack https://charts.jetstack.io
helm repo update
helm install cert-manager jetstack/cert-manager \
  --namespace cert-manager \
  --create-namespace \
  --version v1.8.0 \
  --set installCRDs=true \
  --set ingressShim.defaultIssuerName=letsencrypt-prod \
  --set ingressShim.defaultIssuerKind=ClusterIssuer \
  --set ingressShim.defaultIssuerGroup=cert-manager.io
  1. Fill in the required missing values for the Prequel Helm chart (in the values.yaml file).

The following values should be set from the secrets created in step 11:

  • postgresDb.secretName: postgres-db or the name of the secret created for Postgres DB.
  • postgresDb.passwordSecretKey: password or the key in the secret created for Postgres DB that contains the password.
  • sshSaltSecretName: ssh-salt or the name of the secret created for SSH salt.
  • sshSaltSecretKey: salt or the key in the secret created for SSH salt that contains the salt.
  • shepherd.secretName: shepherd or the name of the secret created for Shepherd service.
  • shepherd.workOS.apiKeySecretKey: workOSApiKey or the key in the secret created for Shepherd service that contains the WorkOS API key provided to you by Prequel.
  • shepherd.apiKeySecretKey: apiKey or the key in the secret created for Shepherd service that contains the admin API key.
  • shepherd.authTokenSecretKey: authToken or the key in the secret created for Shepherd service that contains the authentication token key.
  1. Install the Prequel Helm chart.
helm install prequel datafeed-1.1.24.tgz -f prequel/values.yaml

You're all set!

Notify your Prequel counterpart that the deployment is ready to roll. They'll guide you through next steps: configuring your first source.

Updating Prequel

We'll notify you when a new release is available, and provide you with the release tag. You can then run the following command to update your deployment to the new release.

helm upgrade prequel datafeed-1.1.24.tgz --reuse-values --set image.tag={provided_release_tag}