Deploy Bufstream to Google Cloud
This page walks you through installing Bufstream into your Google Cloud Platform (GCP) deployment by setting your Helm values and installing the provided Helm chart. See the GCP configuration page for defaults and recommendations about resources, replicas, storage, and scaling.
Data from your Bufstream cluster will never leave your network or report back to Buf.
Prerequisites
To deploy Bufstream on GCP, you need the following capabilities before you start:
- A Kubernetes cluster (v1.27 or newer)
- A Google Cloud Storage bucket
- Helm (v3.12.0 or newer)
Deploy Bufstream
1. Authenticate helm
To get started, authenticate helm with the Bufstream OCI registry using the keyfile that was sent alongside this
documentation. The keyfile should contain a base64 encoded string.
$ cat keyfile | helm registry login -u _json_key_base64 --password-stdin \
https://us-docker.pkg.dev/buf-images-1/bufstream
2. Create a namespace
Create a Kubernetes namespace in the k8s cluster for the bufstream Helm chart to use:
3. Configure Bufstream's Helm values
Bufstream is configured using Helm values that are passed to the bufstream Helm chart. To configure the values:
-
Create a Helm values file named
bufstream-values.yaml, which is required by thehelm installcommand in step 5. This file can be in any location, but we recommend creating it in the same directory where you run thehelmcommands. -
Put the values from the steps below in the
bufstream-values.yamlfile. Skip to Install the Helm chart for a full example chart.
Configure object storage
Bufstream requires GCS object storage.
Bufstream attempts to acquire credentials from the environment using GKE Workload Identity Federation. To configure storage, set the following Helm values, filling in your GCS variables and service account annotations for the service account binding:
storage:
use: gcs
gcs:
bucket: "my-bucket-name"
bufstream:
serviceAccount:
annotations:
iam.gke.io/gcp-service-account: my-gcp-service-account@my-gcp-project.iam.gserviceaccount.com
The k8s service account to be bound to the GCP service account is named bufstream-service-account.
Alternatively, you can use service account credentials.
- Create a k8s secret containing the service account credentials:
$ kubectl create secret --namespace bufstream generic bufstream-service-account-credentials \
--from-file=credentials.json=<credentials.json>
- Set the
secretNamein the configuration:
Configure etcd
Bufstream requires an etcd cluster. To set up an example deployment of etcd on Kubernetes, use
the Bitnami etcd Helm chart with the following values:
$ helm install \
--namespace bufstream \
bufstream-etcd \
oci://registry-1.docker.io/bitnamicharts/etcd \
--version 10.2.4 \
-f - <<EOF
replicaCount: 3
persistence:
enabled: true
size: 10Gi
storageClass: "premium-rwo"
autoCompactionMode: periodic
autoCompactionRetention: 30s
removeMemberOnContainerTermination: false
resourcesPreset: none
# By default, no resource requests/limits are present on the etcd pods.
# Optionally, configure resources/limits by setting the values below:
# resources:
# requests:
# cpu: 1
# memory: 1024Mi
# limits:
# memory: 1024Mi
auth:
rbac:
create: false
enabled: false
token:
enabled: false
metrics:
useSeparateEndpoint: true
customLivenessProbe:
httpGet:
port: 9090
path: /livez
scheme: "HTTP"
initialDelaySeconds: 10
periodSeconds: 30
timeoutSeconds: 15
failureThreshold: 10
customReadinessProbe:
httpGet:
port: 9090
path: /readyz
scheme: "HTTP"
initialDelaySeconds: 20
timeoutSeconds: 10
extraEnvVars:
- name: ETCD_LISTEN_CLIENT_HTTP_URLS
value: "http://0.0.0.0:8080"
EOF
Warning
etcd is sensitive to disk performance, so we recommend using SSD-backed disks, such as the premium-rwo in the
example above.
Then, configure Bufstream to connect to the etcd cluster:
metadata:
use: etcd
etcd:
# etcd addresses to connect to
addresses:
- host: "bufstream-etcd.bufstream.svc.cluster.local"
port: 2379
Configure observability
The observability block is used to configure the collection and exporting of metrics and traces from your
application, using Prometheus or OTLP:
observability:
# Optional, set the log level
# logLevel: INFO
# otlpEndpoint: "" # Optional, OTLP endpoint to send traces and metrics to..
metrics:
# Optional, can be either "NONE", "STDOUT", "HTTP", "HTTPS" or "PROMETHEUS"
# When set to HTTP or HTTPS, will send OTLP metrics
# When set to PROMETHEUS, will expose prometheus metrics for scraping on port 9090 under /metrics
exporter: "NONE"
tracing:
# Optional, can be either "NONE", STDOUT", "HTTP", or "HTTPS"
# When set to HTTP or HTTPS, will send OTLP metrics
exporter: "NONE"
# Optional, trace sampling ratio, defaults to 0.1
# traceRatio: 0.1
4. Install the Helm chart
After following the steps above, the set of Helm values should be similar to the example below:
storage:
use: gcs
gcs:
bucket: "my-bucket-name"
bufstream:
serviceAccount:
annotations:
iam.gke.io/gcp-service-account: my-gcp-service-account@my-gcp-project.iam.gserviceaccount.com
metadata:
use: etcd
etcd:
# etcd addresses to connect to
addresses:
- host: "bufstream-etcd.bufstream.svc.cluster.local"
port: 2379
observability:
metrics:
exporter: "PROMETHEUS"
Using the bufstream-values.yaml Helm values file, install the Helm chart for the cluster and set the correct
Bufstream version:
$ helm install bufstream oci://us-docker.pkg.dev/buf-images-1/bufstream/charts/bufstream \
--version "0.x.x" \
--namespace=bufstream \
--values bufstream-values.yaml
If you change any configurations in the bufstream-values.yaml file, re-run the command.