Authorize Access to Object Storage on Google Cloud

This guide will walk you through configuring Rok to have access to object storage resources on Google Cloud.

What You'll Need

Procedure

  1. Go inside your clone of the GitOps repo:

    root@rok-tools:~# cd ~/ops/deployments
    
  2. Edit rok/rok-cluster/overlays/deploy/kustomization.yaml to set the parent of the deploy kustomization overlay to gke:

    bases:
    - ../gke  # <-- Edit this line to point to the gke overlay
    
  3. Retrieve your bucket prefix. Copy the output to your clipboard, as you are going to use this value in the next step:

    root@rok-tools:~/ops/deployments# echo ${BUCKET_PREFIX?}
    
  4. Edit rok/rok-cluster/overlays/deploy/patches/configvars.yaml to set daemons.s3d.bucket_prefix to your bucket prefix and daemons.s3d.gcp.project_id to the ID of your Google project.

    spec:
      configVars:
        daemons.s3d.bucket_prefix: "<BUCKET_PREFIX>"  # <-- Update this line with your bucket prefix
        daemons.s3d.gcp.project_id: "<PROJECT_ID>"  # <-- Update this line with your GCP project ID
    
  5. Retrieve the email of the Google service account you created for Rok. Copy the output to your clipboard, as you are going to use this value in the next step:

    root@rok-tools:~/ops/deployments# echo ${GCP_SERVICE_ACCOUNT_EMAIL?}
    
  6. Edit rok/rok-cluster/overlays/deploy/patches/storage.yaml to set the spec.s3.region field to your GCP region, the spec.s3.GCPServiceAccount field to the email of the Google service account you created for Rok, and the spec.s3.endpoint field to https://storage.googleapis.com.

    spec:
      s3:
        endpoint: "https://storage.googleapis.com"  # <-- Update this line with the Google Cloud Storage endpoint.
        region: "<REGION>"  # <-- Update this line with your GCP region
        GCPServiceAccount: "<GCP_SERVICE_ACCOUNT_EMAIL>"  # <-- Update this line with your GCP service account email
    
  7. Track all changes in the git repository:

    root@rok-tools:~/ops/deployments# git add rok/rok-cluster
    
  8. Commit the changes:

    root@rok-tools:~/ops/deployments# git commit -m "Configure object storage access for Rok"
    

Verify

This section is a work in progress.

Summary

You have successfully provided Rok with access to the object storage service of your cloud provider.

What's Next

The next step is to grant Rok access to Arrikto's private container registry, so that it can pull images from it.