Authorize Access to Object Storage on Google Cloud¶

This guide will walk you through configuring Rok to have access to object storage resources on Google Cloud.

Overview

What You'll Need ¶

Go inside your clone of the GitOps repo:
```
root@rok-tools:~# cd ~/ops/deployments
```
Edit rok/rok-cluster/overlays/deploy/kustomization.yaml to set the parent of the deploy kustomization overlay to gke:
```
bases:
- ../gke  # <-- Edit this line to point to the gke overlay
```
Retrieve your bucket prefix. Copy the output to your clipboard, as you are going to use this value in the next step:
```
root@rok-tools:~/ops/deployments# echo ${BUCKET_PREFIX?}
rok-myproject-us-east1-b-arrikto-cluster
```

Edit rok/rok-cluster/overlays/deploy/patches/configvars.yaml to set daemons.s3d.bucket_prefix to your bucket prefix.

spec:
  configVars:
    daemons.s3d.bucket_prefix: <BUCKET_PREFIX>  # <-- Update this line with your bucket prefix

Retrieve the ID of your Google project. Copy the output to your clipboard, as you are going to use this value in the next step:
```
root@rok-tools:~/ops/deployments# echo ${PROJECT_ID?}
myproject
```

Edit rok/rok-cluster/overlays/deploy/patches/configvars.yaml to set daemons.s3d.gcp.project_id to the ID of your Google project.

spec:
  configVars:
    daemons.s3d.gcp.project_id: <PROJECT_ID>  # <-- Update this line with your GCP project ID

Edit rok/rok-cluster/overlays/deploy/patches/storage.yaml to set the spec.s3.endpoint field to https://storage.googleapis.com.

spec:
  s3:
    endpoint: https://storage.googleapis.com  # <-- Update this line with the Google Cloud Storage endpoint.

Retrieve the GCP region. Copy the output to your clipboard, as you are going to use this value in the next step:
```
root@rok-tools:~/ops/deployments# echo ${REGION?}
us-east1
```
Edit rok/rok-cluster/overlays/deploy/patches/storage.yaml to set the spec.s3.region field to your GCP region.
```
spec:
  s3:
    region: <REGION>  # <-- Update this line with your GCP region
```
Retrieve the email of the Google service account you created for Rok. Copy the output to your clipboard, as you are going to use this value in the next step:
```
root@rok-tools:~/ops/deployments# echo ${GCP_SERVICE_ACCOUNT_EMAIL?}
rok-arrikto-cluster@myproject.iam.gserviceaccount.com
```
Edit rok/rok-cluster/overlays/deploy/patches/storage.yaml to set the spec.s3.GCPServiceAccount field to the email of the Google service account you created for Rok.
```
spec:
  s3:
    GCPServiceAccount: <GCP_SERVICE_ACCOUNT_EMAIL>  # <-- Update this line with your GCP service account email
```

Track all changes in the git repository:

root@rok-tools:~/ops/deployments# git add rok/rok-cluster

Commit the changes:

root@rok-tools:~/ops/deployments# git commit -m "Configure object storage access for Rok"

This section is a work in progress.

You have successfully provided Rok with access to the object storage service of your cloud provider.

The next step is to grant Rok access to Arrikto's private container registry, so that it can pull images from it.