GCP Deployment
Deploy the FailZero agent on Google Cloud Platform using Compute Engine or GKE.Compute Engine
1. Create Service Account
2. Grant IAM Permissions
The agent needs permissions to execute failover operations:Grant only the permissions needed for your DR plan. These are examples for common failover operations.
3. Create VM Instance
4. Using Secret Manager (Recommended)
Store sensitive values in Secret Manager:GKE (Kubernetes)
1. Create Kubernetes Secret
2. Deploy Agent
3. Workload Identity (Recommended)
Use Workload Identity for secure credential management:IAM Permissions
Minimum Required
| Resource Type | Role | Purpose |
|---|---|---|
| Cloud SQL | roles/cloudsql.admin | Promote replicas |
| Cloud DNS | roles/dns.admin | Update DNS records |
Optional (Based on DR Plan)
| Resource Type | Role | Purpose |
|---|---|---|
| Compute Engine | roles/compute.instanceAdmin.v1 | Scale instance groups |
| Secret Manager | roles/secretmanager.secretAccessor | Read secrets |
| Cloud Storage | roles/storage.admin | Backup operations |
| Pub/Sub | roles/pubsub.publisher | Notifications |
Verify Deployment
Compute Engine
GKE
Troubleshooting
Permission denied errors:- Verify IAM roles are assigned to the service account
- Check the service account is attached to the VM/pod
- Ensure Workload Identity is configured correctly (GKE)
- Check firewall rules allow outbound HTTPS (port 443)
- Verify VPC allows egress to
api.failzero.io
- Confirm token is correct and not expired
- Check logs for specific error messages
Next Steps
Example Plans
GCP-specific DR configurations
CLI Reference
Deploy and manage plans

