Deploy BYOC on GCP
The Zilliz Cloud Bring Your Own Cloud (BYOC) solution allows you to create and run a Zilliz Cloud cluster within your own cloud infrastructure. This enhances data security, reduces data breach risks, and improves performance and scalability. This topic describes how to deploy BYOC on Google Cloud Platform (GCP).
Before you start
Before starting the deployment process, ensure that the following prerequisites are met:
-
You have an active BYOC subscription. This will create a default BYOC organization under your Zilliz Cloud account. If you do not have one, contact our sales team to get started.
-
You are the organization owner within Zilliz Cloud to have deployment permissions. For information on user roles, refer to User Roles.
-
You have a Google Cloud project ready to use. Please ensure you have the project ID handy, as it will be required during the deployment process. For more information on GCP project IDs, refer to GCP official documentation.
-
You have launched Cloud Shell within your GCP account. This is required for authorizing Zilliz Cloud to deploy necessary BYOC components on GCP. For more information, refer to Launch Cloud Shell.
Procedure
Step 1: Access Zilliz Cloud console
-
Log in to the Zilliz Cloud console using the account you provided to Zilliz Cloud technical support during the contract signing process.
-
In the console, enter the organization labeled BYOC.
-
In the left-side navigation pane of the BYOC organization page, choose Settings > Cloud Provider Settings > + Deploy BYOC.
Step 2: Configure cloud provider settings
-
In the Deploy BYOC - Provide Project ID step, enter your GCP project ID and click Confirm.
To get the GCP project ID, go to GCP Dashboard, and copy the Project ID from the page.
Copy the Project ID from the GCP Dashboard, and paste it into the Authorization dialog box on Zilliz Cloud.
-
Copy the provided command. Paste and run this command in your GCP Cloud Shell to authorize Zilliz Cloud to deploy the necessary components for you on GCP.
$ gcloud projects add-iam-policy-binding zilliz-byoc-user-prj1 --member=serviceAccount:org-xxxxxxxxxxxxxxxxxxxxxx@zilliz-byoc.iam.gserviceaccount.com --role=roles/ownerTo run this command, you may need to authorize Google Cloud Shell properly. When prompted to select a condition to bind, enter 2, indicating that None condition will apply.
The output is similar to the following.
Updated IAM policy for project [zilliz-byoc-user-prj1].
bindings:
- members:
- serviceAccount:service-xxxxxxxxxxxxx@compute-system.iam.gserviceaccount.com
role: roles/compute.serviceAgent
- members:
- serviceAccount:service-xxxxxxxxxxxxx@container-engine-robot.iam.gserviceaccount.com
role: roles/container.serviceAgent
- members:
- serviceAccount:service-xxxxxxxxxxxxx@containerregistry.iam.gserviceaccount.com
role: roles/containerregistry.ServiceAgent
- members:
- serviceAccount:xxxxxxxxxxxxx-compute@developer.gserviceaccount.com
- serviceAccount:xxxxxxxxxxxxx@cloudservices.gserviceaccount.com
role: roles/editor
- members:
- serviceAccount:service-xxxxxxxxxxxxx@gcp-sa-networkconnectivity.iam.gserviceaccount.com
role: roles/networkconnectivity.serviceAgent
- members:
- serviceAccount:org-dcldgccnayyzehwirxxxxx@zilliz-byoc.iam.gserviceaccount.com
- serviceAccount:org-dolzzalbbzzdnlbowxxxxx@zilliz-byoc.iam.gserviceaccount.com
role: roles/owner
- members:
- serviceAccount:service-xxxxxxxxxxxxx@gcp-sa-pubsub.iam.gserviceaccount.com
role: roles/pubsub.serviceAgent
- condition:
description: zilliz byoc gcs admin
expression: resource.name.startsWith("projects/_/buckets/zilliz-byoc")
title: zilliz_byoc_gcs_admin
members:
- serviceAccount:zilliz-byoc-xxxxxxxxxxxx@zilliz-byoc-user-prj1.iam.gserviceaccount.com
role: roles/storage.admin
etag: BwYY34esoSs=
version: 3 -
Then, click Next Step: Deployment Settings.
Step 3: Configure deployment settings
-
In the Deploy BYOC - Deployment Settings step, choose a region for your BYOC cluster and specify the netmask.
-
Cloud Region: Select the GCP region where you want to deploy BYOC. Currently, only gcp-us-west1 is available.
-
Netmask: Select a subnet mask for BYOC deployment under your preferred VPC. Zilliz will create a new VPC under your Google Cloud account for BYOC deployment. We recommend you select a suitable network segment based on the size of the BYOC cluster and long-term business plans.
-
-
After verifying the minimum resources required for deployment, click Start Deploying. Wait until the deployment process is completed.
Monitor deployment progress
Once the deployment starts, you can check the status of the deployment in the console. You will receive email notifications regarding the deployment result.
Verify the results
The deployment takes about 30 minutes to complete.
You can review the resources created in your GCP project. For a list of necessary resources, refer to Understand required resources.
To check the resource usage, you can choose License in the left navigation pane, and click View Details to learn more.
Reference
The following table lists the minimum resources required for BYOC deployment.
As your cluster is set up across different Availability Zones (AZs) within your Virtual Private Cloud (VPC), you may have to pay for some internal network traffic. For details, refer to Google Cloud official documentation.
Resource type | GCP | ||
|---|---|---|---|
Resource name | Requirements | Description | |
Virtual Machine | Instance | 64 vCPU, 256 GiB in total:
| The instance is created by the machine group and is used to run Zilliz Cloud services. |
Object Storage | Bucket | 2 buckets, with 0 size at initialization | Stores Milvus data. |
Block Storage | Persistent disk | 1 TB or more | Local storage such as etcd and pulsar to store Milvus indexes. |
Public IP address | Public IP | 1 public IP address | For NAT gateway. |
Private network | Private Network VPC | 1 private network (VPC) | Deploys BYOC cloud environment with individual VPC. |
Network channels | Network Channel PrivateLink | 2 network channel private links | Used by Zilliz to interact with BYOC environment, send control requests, and receive alerts. |
DNS | DNS | 1 | For the setup of a private link to send alerts to Zilliz Cloud. |
LB | Load balancer | 1+ | For Zilliz Proxy and Milvus |