Installing Trieve on GCP (GKE)

Things you need

  • Domain name
  • helm cli
  • google cloud cli
  • kubectl
  • k9s (optional)

Clone the Trieve repository

git clone https://github.com/devflowinc/trieve.git
cd trieve

Login to GCP

gcloud auth login

Provision Terraform

Copy the default vars.tfvars.example file and fill in the values

cp terraform/gcloud/vars.tfvars.example terraform/gcloud/vars.tfvars

Modify terraform/gcloud/vars.tfvars with your project id, cluster name, region, and zone.

project = "***********-*******-******"
cluster_name = "trievegcp"
region = "us-west2"
zone = "us-west2-a"

Finally run terraform apply to provision the resources.

cd terraform/gcloud
terraform init
terraform apply -var vars.tfvars

This will provision the following:

  • GKE cluster
  • Elasticache instance
  • CloudSQL Postgres instance.

Login to the cluster

gcloud container clusters get-credentials --region us-east1-b trievegcp

Install Trieve Depenedencies

Trieve depends on the following:

  • Clickhouse We are using clickhouse-operator
  • Keycloak (or some other oidc compliant Auth Provider)
  • Qdrant We are using qdrant-operator
  • Redis We are using Elasticache
  • Postgres We are using CloudSQL

Ingress nginx + Cert Manager (optional)

Ingress-nginx + Cert manager is how we will expose the trieve services to the internet. Feel free to use whatever ingress controller you are comfortable with.

For this guide we will be using ingress-nginx and cert-manager only for the keycloak installation.


# To install ingress-nginx
kubectl apply -f https://raw.githubusercontent.com/kubernetes/ingress-nginx/controller-v1.12.0-beta.0/deploy/static/provider/cloud/deploy.yaml
# To install cert-manager
kubectl apply -f https://github.com/cert-manager/cert-manager/releases/download/v1.16.2/cert-manager.yaml
# To install ClusterIssuer for keycloak
kubectl apply -f helm/test-production/keycloak-extras/cluster-issuer.yaml

Clickhouse

First install the clickhouse operator and clickhouse installation.

Note that this has a preconfigured password and user. We will use these in the helm chart. They will need to be changed in a production environment according to your password policy.

kubectl apply -f helm/test-production/clickhouse/
# Apply twice to ensure crds are installed
kubectl apply -f helm/test-production/clickhouse/

Check the status of the clickhouse installation.

kubectl get ClickhouseInstallations

NAME                CLUSTERS   HOSTS   STATUS      HOSTS-COMPLETED   AGE
trieve-clickhouse   1          1       Completed                     3m3s

OIDC Compliant server (Keycloak)

This is an example of installing keycloak on GCP. You can use any other OIDC compliant provider. Note that this is using postgresql as a statefulset with a prefilled username/password, you can use a managed service like CloudSQL or CloudNativePG. For higher security.

This also includes a KeycloakRealm that contains the recommended default settings for a keycloak realm. This also has a prefilled clientSecret which should be rotated post installation.

kubectl apply -f helm/test-production/keycloak/
# Apply twice to ensure crds are installed
kubectl apply -f helm/test-production/keycloak/

kubectl get sts trieve-keycloak

Qdrant helm chart

For Qdrant we recommend you install it via helm chart, with these values.yaml. Note that this is for a qdrant cluster with 3 nodes and 10 GB ram per node.

Each node also has qdrant-node taint on it, so that the trieve pods can be scheduled on the same nodes types

Note that apiKey is also preset to qdrant-api-key, this may need to be changed if you plan on enabling qdrant ingress.

helm repo add qdrant https://qdrant.github.io/qdrant-helm
helm repo update
helm upgrade -i qdrant qdrant/qdrant -f helm/test-production/qdrant-values.yaml

Verify Qdrant is installed

kubectl get sts qdrant

NAME     READY   AGE
qdrant   3/3     54s

Redis

For simplicity, we are using the GCP managed redis. This was configured in the terraform script. You can view the ip using

cd terraform/gcloud
terraform output redis_host

set values in the helm/values.gcp.yaml file

config:
  redis:
    uri: redis://<your-redis-uri>

Postgresql (via cloud-sql-proxy)

First install cloudsql proxy


kubectl apply -f ./helm/test-production/cloud-sql-proxy.yaml

Be sure to update helm/values.gcp.yaml with the correct connection string if you modified the default values

...
postgres:
  dbURI: "postgres://postgres:password@cloud-sql:5432/postgres"
...

Install Trieve

If you followed the steps above, values.gcp.yaml should be mostly preconfigured for you. The only thing needed to modify are the domain names. Replace every instance of yourdomain.com with your domain name.

We highlight the locations where you need to replace yourdomain.com with your domain name below.

Modify domain names

domains:
  dashboard:
    host: dashboard.yourdomain.com
    class: gce
  server:
    host: api.yourdomain.com
    class: gce
  search:
    host: search.yourdomain.com
    class: gce
  chat:
    host: chat.yourdomain.com
    class: gce
...
config:
...
  vite:
    apiHost: https://api.yourdomain.com/api
    searchUiUrl: https://search.yourdomain.com
    chatUiUrl: https://chat.yourdomain.com
    dashboardUrl: https://dashboard.yourdomain.com
...
  trieve:
	baseServerUrl: "https://api.yourdomain.com"
  oidc:
    issuerUrl: "https://auth.yourdomain.com/realms/trieve"
    authRedirectUrl: "https://auth.yourdomain.com/realms/trieve/protocol/openid-connect/auth"

Install the helm chart


helm upgrade -i -f helm/values.gcp.yaml trieve-gcp helm/

Verify the installation

After installing, kubectl get deployments should look like this.

NAME                READY   UP-TO-DATE   AVAILABLE   AGE
bktree-worker       1/1     1            1           14m
chat                1/1     1            1           14m
crawl-worker        1/1     1            1           14m
dashboard           1/1     1            1           14m
delete-worker       1/1     1            1           14m
group-worker        1/1     1            1           14m
ingest              10/10   10           10          14m
keycloak-operator   1/1     1            1           46m
redis               1/1     1            1           46m
search              1/1     1            1           14m
server              3/3     1            0           14m
sync-qdrant         0/0     0            0           14m
word-worker         1/1     1            1           14m

Set Ingress

Get Ingress ip address


kubectl get ingress

You will get an output like this:

ingress-chat                gce    chat.yourdomain.com        4.157.193.10   80, 443   7m43s
ingress-dashboard           gce    dashboard.yourdomain.com   4.157.193.10   80, 443   7m43s
ingress-keycloak            gce    auth.yourdomain.com        4.157.193.10   80, 443   20m
ingress-search              gce    search.yourdomain.com      4.157.193.10   80, 443   7m43s
ingress-server              gce    api.yourdomain.com         4.157.193.10   80, 443   7m43s

Add A records

Add A records to your domain registrar with the IP address of the ingress.

chat.yourdomain.com      -> 4.157.193.10 # Example IP
dashboard.yourdomain.com -> 4.157.193.10 # Example IP
search.yourdomain.com    -> 4.157.193.10 # Example IP
api.yourdomain.com       -> 4.157.193.10 # Example IP

You will also need to update any other references to that domain name in the helm/values.gcp.yaml file.

Ensure you run helm upgrade -i -f helm/values.gcp.yaml trieve-gcp helm/ after making changes. to apply them.

AWS Self HostingAzure