Andrey/docker-erpnext
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity
main
docker-erpnext/documentation/deployment-guides/00-prerequisites.md
Brian Tan Seng 294cbdca9d ⏺ Perfect! I've created a comprehensive Google Cloud deployment guide for ERPNext with GKE. 
Here's what I've delivered:

  📚 Documentation Created

  1. 01-gke-deployment.md - Complete step-by-step GKE deployment guide
  2. 02-cloud-run-analysis.md - Detailed feasibility analysis for Cloud Run vs GKE
  3. 03-production-setup.md - Production hardening, security, monitoring, and best practices

  🗂️ Supporting Files

  Kubernetes Manifests (Ready-to-Deploy)

  - namespace.yaml - Namespace with security policies and resource quotas
  - storage.yaml - Storage classes and persistent volume claims
  - configmap.yaml - Application configuration and optimized Nginx config
  - redis.yaml - Production-ready Redis deployment
  - mariadb.yaml - Secure MariaDB with health checks
  - erpnext-backend.yaml - ERPNext backend with autoscaling and security
  - erpnext-frontend.yaml - Nginx frontend with security headers
  - erpnext-workers.yaml - Queue workers and scheduler with autoscaling
  - ingress.yaml - Ingress with SSL/TLS and security configurations
  - jobs.yaml - Site creation, backup, and migration jobs

  Automation Scripts

  - deploy.sh - Complete automated deployment script with error handling
  - backup-restore.sh - Comprehensive backup and restore functionality

  🎯 Key Features Included

  🔒 Security First

  - Private GKE clusters
  - Pod security standards
  - Network policies
  - RBAC configuration
  - Secrets management
  - Security headers and CSP

  🚀 Production Ready

  - High availability setup
  - Horizontal Pod Autoscaling
  - Pod Disruption Budgets
  - Health checks and probes
  - Rolling updates
  - Resource optimization

  📊 Monitoring & Observability

  - Prometheus and Grafana integration
  - Custom ERPNext dashboards
  - Alerting rules
  - Log aggregation
  - Performance metrics

  💾 Backup & Recovery

  - Automated daily backups
  - Point-in-time recovery
  - Cross-region storage
  - Manual backup/restore scripts

  🎛️ Easy Deployment

  - One-command deployment script
  - Environment variable configuration
  - Comprehensive error handling
  - Status monitoring

  🚀 Quick Start

  To deploy ERPNext on GKE, users can now simply:

  cd documentation/deployment-guides/gcp/scripts/
  export PROJECT_ID=your-gcp-project
  export DOMAIN=erpnext.yourdomain.com
  ./deploy.sh deploy

  The guides provide both automated and manual deployment options, allowing users to choose
  based on their expertise and requirements. The Cloud Run analysis helps decision-making
  between different deployment strategies.

  All files are production-ready with security best practices, monitoring, and operational
  procedures included. The documentation is structured to support both first-time deployments
  and ongoing operations.
2025-08-22 18:13:04 +08:00

7.3 KiB
Raw Permalink Blame History

Google Cloud Prerequisites for ERPNext Deployment

Overview

This guide covers the prerequisites and initial setup required for deploying ERPNext on Google Cloud Platform (GCP).

🔧 Required Tools

1. Google Cloud SDK

# Install gcloud CLI
curl https://sdk.cloud.google.com | bash
exec -l $SHELL

# Initialize gcloud
gcloud init
gcloud auth login
gcloud config set project YOUR_PROJECT_ID

2. kubectl (Kubernetes CLI)

# Install kubectl
gcloud components install kubectl

# Verify installation
kubectl version --client

3. Docker (for local testing)

# Install Docker
curl -fsSL https://get.docker.com -o get-docker.sh && sh get-docker.sh

# Enable Docker BuildKit
export DOCKER_BUILDKIT=1

4. Helm (for Kubernetes package management)

# Install Helm
curl https://raw.githubusercontent.com/helm/helm/main/scripts/get-helm-3 | bash

# Verify installation
helm version

🏗️ Google Cloud Project Setup

1. Create or Select Project

# Create new project
gcloud projects create erpnext-production --name="ERPNext Production"

# Set as current project
gcloud config set project erpnext-production

# Enable billing (required for most services)
# This must be done via the Console: https://console.cloud.google.com/billing

2. Enable Required APIs

# Enable essential APIs
gcloud services enable \
    container.googleapis.com \
    compute.googleapis.com \
    sqladmin.googleapis.com \
    secretmanager.googleapis.com \
    cloudbuild.googleapis.com \
    monitoring.googleapis.com \
    logging.googleapis.com

3. Set Default Region/Zone

# Set default compute region and zone
gcloud config set compute/region us-central1
gcloud config set compute/zone us-central1-a

# Verify configuration
gcloud config list

🔐 Security Setup

1. Service Account Creation

# Create service account for ERPNext
gcloud iam service-accounts create erpnext-gke \
    --display-name="ERPNext GKE Service Account" \
    --description="Service account for ERPNext GKE deployment"

# Grant necessary roles
gcloud projects add-iam-policy-binding erpnext-production \
    --member="serviceAccount:erpnext-gke@erpnext-production.iam.gserviceaccount.com" \
    --role="roles/container.developer"

gcloud projects add-iam-policy-binding erpnext-production \
    --member="serviceAccount:erpnext-gke@erpnext-production.iam.gserviceaccount.com" \
    --role="roles/secretmanager.secretAccessor"

2. Create Service Account Key (Optional)

# Generate service account key (for local development)
gcloud iam service-accounts keys create ~/erpnext-gke-key.json \
    --iam-account=erpnext-gke@erpnext-production.iam.gserviceaccount.com

# Set environment variable
export GOOGLE_APPLICATION_CREDENTIALS=~/erpnext-gke-key.json

3. Secret Manager Setup

# Create secrets for ERPNext
gcloud secrets create erpnext-admin-password \
    --data-file=<(echo -n "YourSecurePassword123!")

gcloud secrets create erpnext-db-password \
    --data-file=<(echo -n "YourDBPassword123!")

gcloud secrets create erpnext-api-key \
    --data-file=<(echo -n "your-api-key-here")

gcloud secrets create erpnext-api-secret \
    --data-file=<(echo -n "your-api-secret-here")

💾 Storage Configuration

1. Cloud SQL (Managed Database Option)

# Create Cloud SQL instance for production
gcloud sql instances create erpnext-db \
    --database-version=MYSQL_8_0 \
    --cpu=2 \
    --memory=7680MB \
    --storage-size=100GB \
    --storage-type=SSD \
    --region=us-central1 \
    --backup \
    --maintenance-window-day=SUN \
    --maintenance-window-hour=3

# Create database
gcloud sql databases create erpnext --instance=erpnext-db

# Create database user
gcloud sql users create erpnext \
    --instance=erpnext-db \
    --password=YourDBPassword123!

2. Persistent Disks (for GKE Storage)

# Create persistent disks for ERPNext data
gcloud compute disks create erpnext-sites-disk \
    --size=50GB \
    --type=pd-ssd \
    --zone=us-central1-a

gcloud compute disks create erpnext-assets-disk \
    --size=20GB \
    --type=pd-ssd \
    --zone=us-central1-a

🌐 Networking Setup

1. VPC Network (Optional - for advanced setups)

# Create custom VPC network
gcloud compute networks create erpnext-vpc \
    --subnet-mode=custom

# Create subnet
gcloud compute networks subnets create erpnext-subnet \
    --network=erpnext-vpc \
    --range=10.0.0.0/24 \
    --region=us-central1

# Create firewall rules
gcloud compute firewall-rules create erpnext-allow-internal \
    --network=erpnext-vpc \
    --allow=tcp,udp,icmp \
    --source-ranges=10.0.0.0/24

gcloud compute firewall-rules create erpnext-allow-http \
    --network=erpnext-vpc \
    --allow=tcp:80,tcp:443,tcp:8080 \
    --source-ranges=0.0.0.0/0

📊 Monitoring and Logging

1. Enable Monitoring

# Monitoring is enabled by default with the APIs
# Verify monitoring is working
gcloud logging logs list --limit=5

2. Create Log-based Metrics (Optional)

# Create custom log metric for ERPNext errors
gcloud logging metrics create erpnext_errors \
    --description="ERPNext application errors" \
    --log-filter='resource.type="k8s_container" AND resource.labels.container_name="backend" AND severity="ERROR"'

🔍 Verification Checklist

Before proceeding to deployment, verify:

# Check project and authentication
gcloud auth list
gcloud config get-value project

# Verify APIs are enabled
gcloud services list --enabled | grep -E "(container|compute|sql)"

# Check service account exists
gcloud iam service-accounts list | grep erpnext-gke

# Verify secrets are created
gcloud secrets list | grep erpnext

# Check kubectl configuration
kubectl cluster-info --show-labels 2>/dev/null || echo "GKE cluster not yet created"

💡 Cost Optimization Tips

1. Use Preemptible Instances

  • For non-production workloads
  • 60-91% cost savings
  • Automatic restarts handled by Kubernetes

2. Right-size Resources

  • Start with smaller instances
  • Monitor usage and scale as needed
  • Use Horizontal Pod Autoscaler

3. Storage Optimization

  • Use Standard persistent disks for non-critical data
  • Enable automatic storage increases
  • Regular cleanup of logs and temporary files

🚨 Security Best Practices

  1. Never commit secrets to code

    • Always use Secret Manager
    • Use Workload Identity when possible

  2. Network Security

    • Use private GKE clusters
    • Implement proper firewall rules
    • Enable network policies

  3. Access Control

    • Use IAM roles with least privilege
    • Enable audit logging
    • Regular security reviews

📚 Additional Resources

➡️ Next Steps

After completing prerequisites:

  1. GKE Deployment: Follow 01-gke-deployment.md
  2. Cloud Run Assessment: Review 02-cloud-run-analysis.md
  3. Production Hardening: See 03-production-setup.md

⚠️ Important: Keep track of all resources created for billing purposes. Use resource labels and proper naming conventions for easier management.