Installing Ascender on GKE

Overview

This guide covers the prerequisites and configuration specific to deploying Ascender on Google Kubernetes Engine. For common configuration variables (Ascender application, Ascender Pro, PostgreSQL, TLS), see the main install guide.

Prerequisites

Warning

gcloud credentials must be configured as root before running the installer. Complete the Authenticating with gcloud section below before editing any configuration.

In addition to the general prerequisites, GKE installations require:

Rocky Linux version 9
A Google Cloud project with the following APIs enabled:
- Cloud DNS API
- Kubernetes Engine API
The authenticated GCP account must have the roles/container.admin IAM role (Kubernetes Engine Admin) on the project. This is required for NGINX Ingress Controller deployment, which creates ClusterRoles in the cluster.
The gcloud CLI installed and authenticated on the machine running the installer

Authenticating with gcloud

Initialize and log in:
```
gcloud init
```
This opens a browser for Google account authentication, then prompts you to select a project and default region/zone.
Create application default credentials:
```
gcloud auth application-default login
```

If you already have gcloud installed and need to switch projects:


gcloud config set project <PROJECT_ID>

DNS Zone Setup (if using Google Cloud DNS)

If you plan to use Google Cloud DNS for automated DNS management, create a hosted zone before running the installer. Instructions are available at Create, modify, and delete zones.

After creating the zone, note:

The zone name (used as GOOGLE_DNS_MANAGED_ZONE)
The DNS name (used as ASCENDER_DOMAIN)

Example Configuration

If you do not have the ascender-install directory, clone it:


git clone https://github.com/ctrliq/ascender-install.git

If you already have it, pull the latest changes:


cd ascender-install
git pull

Generate a TLS certificate for Ascender:


openssl req -x509 -newkey rsa:4096 -keyout ascender.key -out ascender.crt -days 365 -nodes \
  -subj "/CN=<ascender.example.com>" \
  -addext "subjectAltName=DNS:<ascender.example.com>"

Replace <ascender.example.com> with your ASCENDER_HOSTNAME value.


vim custom.config.yml


k8s_platform: gke
k8s_lb_protocol: https

GKE_PROJECT_ID: <my-ascender-project>
GKE_CLUSTER_NAME: <ascender-prod>
GKE_CLUSTER_STATUS: provision
GKE_CLUSTER_ZONE: <us-central1-a>
GKE_K8S_VERSION: "<check gcloud container get-server-config>"
GKE_INSTANCE_TYPE: e2-medium
GKE_NUM_WORKER_NODES: 3
GKE_WORKER_VOLUME_SIZE: 100

USE_GOOGLE_DNS: true
GOOGLE_DNS_MANAGED_ZONE: <example-com>

tls_crt_path: "{{ playbook_dir }}/../ascender.crt"
tls_key_path: "{{ playbook_dir }}/../ascender.key"

ASCENDER_HOSTNAME: <ascender.example.com>
ASCENDER_DOMAIN: <example.com>
ASCENDER_NAMESPACE: ascender
ASCENDER_ADMIN_USER: admin
ASCENDER_ADMIN_PASSWORD: "<change-me>"
ASCENDER_VERSION: 25.3.5
ASCENDER_OPERATOR_VERSION: 2.19.4

ascender_garbage_collect_secrets: true

LEDGER_INSTALL: true
LEDGER_HOSTNAME: <ledger.example.com>
LEDGER_NAMESPACE: ledger
LEDGER_REGISTRY:
  BASE: depot.ciq.com
  USERNAME: <DEPOT USERNAME>
  PASSWORD: <DEPOT TOKEN>
LEDGER_ADMIN_PASSWORD: "<change-me>"
LEDGER_DB_PASSWORD: "<change-me>"
LEDGER_VERSION: latest
LEDGER_WEB_IMAGE: depot.ciq.com/ascender-ledger-pro/ascender-ledger-pro-images/ledger-web
LEDGER_PARSER_IMAGE: depot.ciq.com/ascender-ledger-pro/ascender-ledger-pro-images/ledger-parser
LEDGER_DB_IMAGE: depot.ciq.com/ascender-ledger-pro/ascender-ledger-pro-images/ledger-db

Running the Installer

From the ascender-install directory:


./setup.sh

Verifying the Installation

Confirm all pods are running:


kubectl get pods -n ascender

All pods should reach Running or Completed status. If Ascender Pro was installed:


kubectl get pods -n ledger

Check the load balancer was created and has an external IP:


kubectl get ingress -n ascender

Connecting to the Web UI

After installation, access Ascender at https://ASCENDER_HOSTNAME (the value you configured). Log in with ASCENDER_ADMIN_USER and ASCENDER_ADMIN_PASSWORD.

GKE Configuration Reference

Add these variables to your custom.config.yml alongside the common configuration.

Cluster Settings

Variable	Default	Description
`GKE_PROJECT_ID`	(required)	Google Cloud project ID
`GKE_CLUSTER_NAME`	`ascender-gke-cluster`	Name of the GKE cluster
`GKE_CLUSTER_STATUS`	`provision`	Cluster lifecycle action. See below
`GKE_CLUSTER_ZONE`	`us-central1-a`	Google Cloud zone for the cluster

GKE_CLUSTER_STATUS controls what the installer does with the cluster:

provision: Create a new GKE cluster, then install Ascender
configure: Use an existing cluster by name, but apply required configuration
no_action: Use an existing cluster as-is with no changes before installing Ascender

Node Pool (required when provisioning)

These variables are used when GKE_CLUSTER_STATUS is provision:

Variable	Default	Description
`GKE_K8S_VERSION`	(no default)	Kubernetes version (GKE-specific version string). GKE versions change frequently. Check available versions with: `gcloud container get-server-config --zone=<zone> --format="value(validMasterVersions[0])"`
`GKE_INSTANCE_TYPE`	`e2-medium`	Worker node machine type
`GKE_NUM_WORKER_NODES`	`3`	Number of worker nodes
`GKE_WORKER_VOLUME_SIZE`	`100`	Boot disk size per worker node in GB

DNS

Variable	Default	Description
`USE_GOOGLE_DNS`	`true`	Use Google Cloud DNS for automated DNS management
`GOOGLE_DNS_MANAGED_ZONE`	(required if using Cloud DNS)	Name of the Cloud DNS hosted zone

If USE_GOOGLE_DNS is true, the installer automatically creates DNS records for ASCENDER_HOSTNAME (and LEDGER_HOSTNAME if Ascender Pro is installed).

If set to false, you must manually create DNS records with your provider pointing those hostnames to the load balancers created by the installer.

Installing Ascender on EKS Installing Ascender on RKE2