Deploy the dataplane
If you have not yet set up the required GCP resources (GKE cluster, GCS, Artifact Registry, Workload Identity), see Prepare infrastructure first.
Assumptions
- You have a Union.ai organization, and you know the control plane URL for your organization (e.g.
https://your-org-name.us-east-2.unionai.cloud). - You have a cluster name provided by or coordinated with Union.
- You have a GKE cluster with Workload Identity enabled, running one of the most recent three minor Kubernetes versions. Learn more
- You have configured GCS bucket(s), Artifact Registry, and Workload Identity as described in Prepare infrastructure.
Prerequisites
Deploy the Union.ai operator
-
Add the Union.ai Helm repo:
helm repo add unionai https://unionai.github.io/helm-charts/ helm repo update -
Use the
uctl selfserve provision-dataplane-resourcescommand to generate a new client and client secret for communicating with your Union control plane, provision authorization permissions for the app to operate on the Union cluster name you have selected, generate values file to install dataplane in your Kubernetes cluster and provide follow-up instructions:uctl config init --host=<YOUR_UNION_CONTROL_PLANE_URL> uctl selfserve provision-dataplane-resources --clusterName <YOUR_SELECTED_CLUSTERNAME> --provider gcp-
The command will output the ID, name, and a secret that will be used by the Union services to communicate with your control plane. It will also generate a YAML file specific to the provider that you specify, in this case
gcp. -
Save the secret that is displayed. Union does not store the credentials; rerunning the same command can be used to retrieve the secret later.
-
-
Update the generated values file with your infrastructure details:
Using the environment variables from the prepare infrastructure step:
- Set
global.METADATA_BUCKETto${BUCKET_PREFIX}-metadata. - Set
global.FAST_REGISTRATION_BUCKETto${BUCKET_PREFIX}-fast-reg. - Set
global.BACKEND_IAM_ROLE_ARNto${GSA_NAME}@${PROJECT_ID}.iam.gserviceaccount.com. - Set
global.WORKER_IAM_ROLE_ARNto the same value (or a separate GSA if you use distinct worker permissions). - Set
storage.bucketNameto${BUCKET_PREFIX}-metadata. - Set
storage.fastRegistrationBucketNameto${BUCKET_PREFIX}-fast-reg. - Set
storage.regionto${REGION}. - Set
storage.gcp.projectIdto${PROJECT_ID}. - Set
commonServiceAccount.annotations."iam.gke.io/gcp-service-account"to${GSA_NAME}@${PROJECT_ID}.iam.gserviceaccount.com. - Set
imageBuilder.registryNameto${AR_REPOSITORY}(defaults tounion-dataplane; the chart auto-generates the full Artifact Registry URL from the project ID and region).
- Set
-
Install the data plane Helm chart:
helm upgrade --install union unionai/dataplane \ -f <GENERATED_VALUES_FILE> \ --namespace union \ --create-namespace \ --force-conflicts -
Create an API key for your organization. This is required for v2 workflow executions on the data plane. If you have already created one, rerun the same command to propagate the key to the new cluster:
uctl create apikey --keyName EAGER_API_KEY --org <YOUR_ORG_NAME> -
Once deployed you can check to see if the cluster has been successfully registered to the control plane:
uctl get cluster ----------- ------- --------------- ----------- | NAME | ORG | STATE | HEALTH | ----------- ------- --------------- ----------- | <cluster> | <org> | STATE_ENABLED | HEALTHY | ----------- ------- --------------- ----------- 1 rows -
Follow the Quickstart to run your first workflow and verify your cluster is working correctly.