Deploy on GCP
Prerequisites
- You can install VMClarity using the CLI, so you have to have gcloud on your computer available beforehand. For details on installing and configuring gcloud, see the official installation guide.
- If you have already installed VMClarity before and want to reinstall it, you have to manually restore deleted roles that were created during the previous installation.
Deployment steps
To install VMClarity on Google Cloud Platform (GCP), complete the following steps.
-
Download the newest GCP deployment release from GitHub and extract it to any location.
wget https://github.com/openclarity/vmclarity/releases/download/v1.1.1/gcp-deployment-v1.1.1.tar.gz
-
Create a new directory, extract the files and navigate to the directory.
mkdir gcp-deployment-v1.1.1 tar -xvzf gcp-deployment-v1.1.1.tar.gz -C gcp-deployment-v1.1.1 cd gcp-deployment-v1.1.1
-
Copy the example configuration file and rename it.
cp vmclarity-config.example.yaml vmclarity-config.yaml
-
The following table contains all the fields that can be set in the
vmclarity-config.yaml
file. You have to set at least the required ones.Field Required Default Description zone
yes The Zone to locate the VMClarity server. machineType
yes The machine type for the VMClarity server. region
yes The region to locate VMClarity. scannerMachineType
e2-standard-2
Machine type to use for the Scanner instances. scannerSourceImage
projects/ubuntu-os-cloud/global/images/ubuntu-2204-jammy-v20230630
Source image to use for the Scanner instances. databaseToUse
SQLite
The database that VMClarity should use. apiserverContainerImage
ghcr.io/openclarity/vmclarity-apiserver:1.1.1
The container image to use for the apiserver. orchestratorContainerImage
ghcr.io/openclarity/vmclarity-orchestrator:1.1.1
The container image to use for the orchestrator. uiContainerImage
ghcr.io/openclarity/vmclarity-ui:1.1.1
The container image to use for the ui. uibackendContainerImage
ghcr.io/openclarity/vmclarity-ui-backend:1.1.1
The container image to use for the uibackend. scannerContainerImage
ghcr.io/openclarity/vmclarity-cli:1.1.1
The container image to use for the scanner. exploitDBServerContainerImage
ghcr.io/openclarity/exploit-db-server:v0.2.4
The container image to use for the exploit db server. trivyServerContainerImage
docker.io/aquasec/trivy:0.41.0
The container image to use for the trivy server. grypeServerContainerImage
ghcr.io/openclarity/grype-server:v0.7.0
The container image to use for the grype server. freshclamMirrorContainerImage
ghcr.io/openclarity/freshclam-mirror:v0.2.0
The container image to use for the fresh clam mirror server. postgresqlContainerImage
docker.io/bitnami/postgresql:12.14.0-debian-11-r28
The container image to use for the postgresql server. assetScanDeletePolicy
Always
When asset scans should be cleaned up after scanning. postgresDBPassword
Postgres DB password. Only required if DatabaseToUse is Postgresql. externalDBName
DB to use in the external DB. Only required if DatabaseToUse is External. externalDBUsername
Username for the external DB. Only required if the DatabaseToUse is External. externalDBPassword
Password for the external DB. Only required if the DatabaseToUse is External. externalDBHost
Hostname or IP for the external DB. Only required if the DatabaseToUse is External. externalDBPort
Port for the external DB. Only required if the DatabaseToUse is External. -
Deploy VMClarity using gcloud deployment-manager.
gcloud deployment-manager deployments create <vmclarity deployment name> --config vmclarity-config.yaml
-
Open an SSH tunnel to the VMClarity server with gcloud. For further information on how to create an SSH connection with gcloud to one of your instances check the official page.
gcloud compute ssh --project=<project id> --zone=<zone name> <name of your VM> -- -NL 8080:localhost:80
-
Open the VMClarity UI in your browser at http://localhost:8080/. The dashboard opens.
-
(Optional) If needed, you can access the API athttp://localhost:8080/api. For details on the API, see API Reference.
Next steps
Complete the First tasks on the UI.
Uninstall VMClarity
-
You can uninstall VMClarity using the gcloud manager.
gcloud deployment-manager deployments delete <vmclarity deployment name>
Restore deleted roles
-
On the IAM & Admin page on GCP, open the Roles tab, then search for VMClarity in the filter input.
-
Now manually undelete the Discoverer Snapshotter and Scanner roles to set their statuses from Deleted to Enabled.