Vespa Cloud Enclave builds on top of some tooling that it is necessary to become familiar with before getting started. Terraform is especially important, and understanding the basics is necessary. Going through a tutorial for AWS will help.
In addition, please see our Terraform guidelines for how our modules should be deployed in a continually deployed and tested manner.
Setting up Enclave in your account requires:
Contact support@vespa.ai stating which tenant should be on-boarded to use Vespa Cloud Enclaves. Also include the GCP Project ID to associate with the tenant.
Note: We strongly recommend dedicated accounts to use for your Vespa Cloud Enclaves. Resources in these accounts will be fully managed by Vespa Cloud.
The same used in step one must be prepared for deploying Vespa applications. Use Terraform to set up the necessary resources using the modules published by the Vespa team.
A minimal example can be found in the GitHub repository.
If you are unfamiliar with Terraform: It is a tool to manage resources and their configuration in various cloud providers, like AWS and GCP. Terraform has published an GCP tutorial, and we strongly encourage Enclave users to read and follow the Terraform recommendations for CI/CD.
By default all applications are deployed on resources in Vespa Cloud accounts.
To deploy in your Enclave account,
updatedeployment.xml
to reference the account
used in step 1.
<deployment version='1.0' cloud-account='gcp:a-project-id'>
<prod>
<region>gcp-us-central1-f</region>
<region>gcp-europe-west3-b</region>
</prod>
</deployment>
When deploying to production zones in a tenant controlled GCP project, beware that system tests and staging tests can run in either in the tenant account or in Vespa Cloud’s account. If running tests in the tenant account is desirable, test and staging zones must also be provisioned in step 2 in the Onboarding guide.
See the multi-region example for details.
If your GCP organization is using domain restriction for identities you will need to permit Vespa.ai GCP identities to be added to your project.
For Vespa Cloud the organization ID to allow identities from is: 1056130768533, and the Google Customer ID is C00u32w3e.