GCP Self Hosting
Learn how to self-host Trieve on Google Cloud Platform
GCP GKE
Things you need
- Domain name
- helm cli
- google cloud cli
- kubectl
- k9s (optional)
aws configure
Provision Terraform
aws should be configured with your IAM credentails chosen. Run the following commands to create the EKS cluster
cd terraform/gcloud
terraform init
terraform apply
This should provision an eks cluster with elb and ebs drivers
3 Create values.yaml
export SENTRY_CHAT_DSN=https://********************************@sentry.trieve.ai/6
export ENVIRONMENT=gcloud
export DOMAIN=example.com # Only used for local
export EXTERNAL_DOMAIN=example.com
export DASHBOARD_URL=https://dashboard.example.com
export SALT=goodsaltisveryyummy
export SECRET_KEY=1234512345123451234512345123451234512345123451234512345123451234512345123451234h
export ADMIN_API_KEY=asdasdasdasdasd
export OIDC_CLIENT_SECRET=YllmLDTy67MbsUBrUAWvQ7z9aMq0QcKx
export ISSUER_URL=https://oidc.example.com
export AUTH_REDIRECT_URL=https://oidc.example.com/realms/trieve/protocol/openid-connect/auth
export REDIRECT_URL=https://oidc.example.com/realms/trieve/protocol/openid-connect/auth
export SMTP_RELAY=smtp.gmail.com
export SMTP_USERNAME=trieve@gmail.com
export SMTP_PASSWORD=pass************
export SMTP_EMAIL_ADDRESS=triever@gmail.com
export LLM_API_KEY=sk-or-v1-**************************************************************** # Open Router API KEY
export OPENAI_API_KEY=sk-************************************************ # OPENAI API KEY
export OPENAI_BASE_URL=https://api.openai.com/v1
export S3_ENDPOINT=https://<bucket>.s3.amazonaws.com
export S3_ACCESS_KEY=ZaaZZaaZZaaZZaaZZaaZ
export S3_SECRET_KEY=ssssssssssssssssssssTTTTTTTTTTTTTTTTTTTT
export S3_BUCKET=trieve
export AWS_REGION=us-east-1 # Useful if your bucket is in s3
export STRIPE_API_KEY=sk_test_***************************************************************************************************
export STRIPE_WEBHOOK_SECRET=sk_test_***************************************************************************************************
helm/from-env.sh
This step generates a file in helm/values.yaml
. It alllows you to modify the environment variables
4. Deploy the helm chart
gcloud container clusters get-credentials test-cluster
helm install -f helm/values.yaml trieve helm/
Ensure everything has been deployed with
kubectl get pods
SubChart usage
Postgres, Redis, and qdrant are installed within this helm chart via a subchart. You can opt out of using the helm chart installation and using a managed service can be toggled via. the useSubChart
parameters and setting the uri
to a managed service. We reccomend placing at least Postgres and Redis out side of the helm chart and keeping Qdrant in the helm chart for a production usecase.
6. Set DNS records
First get the ingress addresses using
kubectl get ingress
You will get output that looks like this
NAME CLASS HOSTS ADDRESS PORTS AGE
ingress-chat <none> chat.domain.com 25.50.100.31 80 9s
ingress-dashboard <none> dashboard.domain.com 25.50.100.32 80 9s
ingress-search <none> search.domain.co 25.50.100.35 80 9s
ingress-server <none> api.domain.com 25.50.100.36 80 9s
Set CNAME’s accordingly, we recommend using Cloudflare to CNAME and provision the SSL Cert Once you set the ingress rules properly, the server should be able to properly deploy.
7. Setup/OIDC provider and Authorized Redirect URL’S
The last step is to setup an OIDC compliant server like keycloak
for authentication and get an issuerUrl
and clientSecret
. This is how you do it within Keycloak.
A) Create a new realm called trieve
B) Go into Clients and create a new client called trieve
.
Enable client authentication and set the following allowed redirect url’s
- https://api.domain.com/*
- https://search.domain.com/*
- https://chat.domain.com/*
- https://dashboard.domain.com/*
You will get the client secret in the Credentials
tab.
You will need to set the following values in the helm/values.yaml
file, it should be prefilled already with default values
config:
oidc:
clientSecret: $OIDC_CLIENT_SECRET
clientId: trieve
issuerUrl: https://auth.domain.com/realms/trieve
authRedirectUrl: https://auth.domain.com/realms/trieve/protocol/openid-connect/auth
Testing
The fastest way to test is using the Trieve CLI
trieve login # Make sure to set the api url to https://api.domain.com
trieve dataset example