VPC Deployment with GCP
VPC deployments are an Enterprise feature. Please email sales@datafold.com to enable your account.
Create a Domain Name
Create a DNS A-record for the domain (for example, datafold.domain.tld) where Datafold will be hosted. For the DNS record, there are two options:
- Public-facing: When the domain is publicly available, we will provide an SSL certificate for the endpoint.
- Internal: It is also possible to have Datafold disconnected from the internet. This would require an internal DNS (for example, AWS Route 53) record that points to the Datafold instance. It is possible to provide your own certificate for setting up the SSL connection.
Once the deployment is complete, you will point that A-record to the IP address of the Datafold service.
Create a New Project
For isolation reasons, it is best practice to create a new project within your GCP organization. Please call it something like yourcompany-datafold to make it easy to identify:
After a minute or so, you should receive confirmation that the project has been created. Afterward, you should be able to see the new project.
Set IAM Permissions
Navigate to the IAM tab in the sidebar and click Grant Access to invite Datafold to the project.
Add your Datafold solutions engineer as a principal and assign them as an owner of your project. The owner role is only required temporarily while we configure and test the initial Datafold deployment. We'll inform you when it is ok to revoke this permission.
The service account will run under “Project/Editor”, “Service Networking/Service Networking Admin” permissions. We'll enable the following GCP APIs to run Datafold:
- Cloud Resource Manager API
- Cloud Billing API
- Identity and Access Management (IAM) API
- Kubernetes Engine API
- Service Networking API
- Compute Engine API
- Service Management API
- Cloud SQL Admin API
- Google Cloud Memorystore for Redis API
Once the access has been granted, make sure to notify Datafold so we can initiate the deployment.