Skip to main content

Install on GCP


Please view the Prerequisites and ensure you have met all requirements before proceeding with the installation.

Install Wayfinder

The terraform-google-wayfinder Terraform Module can be used to provision and manage a licensed edition of Appvia Wayfinder on GCP.

Follow the steps below to get up and running quickly, using the predefined quickstart example.


  1. Within your GCP Project, create a Public DNS Zone which can be used for the Wayfinder Portal and API DNS Records.
  2. Clone down the terraform-google-wayfinder repository and navigate to examples/quickstart, or copy the contents of this directory to your local machine.
  3. Copy the terraform.tfvars.example file to terraform.tfvars and populate the variables with your own values.


  1. Authenticate using the gcloud CLI.
  2. Run terraform init to initialise the Terraform modules.
  3. Run terraform plan -out=wayfinder.tfplan to view the resources that will be created.
  4. Run terraform apply wayfinder.tfplan

Wayfinder GCP Installation via Terraform

Advanced Configuration

Configure an Identity Provider (IDP)

If you have an existing IDP, you can configure it during installation by providing the Client ID, Client Secret and Server URL (or Azure Tenant ID) as variables to the module. The Terraform code below shows an example of how to do this, disabling the creation of the local administrator user in the process:

module "wayfinder" {
create_localadmin_user = false
wayfinder_idp_details = {
type = var.idp_provider
clientId = "idp-client-id"
clientSecret = "idp-client-secret"
serverUrl = var.idp_provider == "generic" ? "idp-server-url" : ""
azureTenantId = var.idp_provider == "aad" ? "idp-azure-tenant-id" : ""

Use an existing Virtual Network

If you have an existing Virtual Network and Subnet (e.g. one already connected to your corporate VPN), you can deploy Wayfinder into your own network by providing the Network and Subnetwork names as variables to the main module:

module "wayfinder" {
gcp_network_name = var.gcp_network_name
gcp_subnetwork_name = var.gcp_subnetwork_name

Additionally, you can set disable_internet_access = true to make the GKE API, Wayfinder API and Portal only accessible from within your corporate network (not exposed via public load balancers).

Access Wayfinder GKE Management Cluster

If you need to access the Wayfinder GKE Management Cluster (e.g. for debugging purposes, providing logs to Appvia Support), you can do so by running the following command:

gcloud container clusters get-credentials <GKE_MANAGEMENT_CLUSTER_NAME> --region <GCP_REGION> --project <GCP_PROJECT>