Authorize Access to Object Storage on Google Cloud¶
This guide will walk you through configuring Rok to have access to object storage resources on Google Cloud.
Overview
What You’ll Need¶
- A configured management environment.
- Your clone of the Arrikto GitOps repository.
- An existing GKE cluster.
- A cloud identity with access to your cloud provider’s storage service.
Procedure¶
Go inside your clone of the GitOps repo:
root@rok-tools:~# cd ~/ops/deploymentsEdit
rok/rok-cluster/overlays/deploy/kustomization.yaml
to set the parent of thedeploy
kustomization overlay togke
:bases: - ../gke # <-- Edit this line to point to the gke overlayRetrieve your bucket prefix. Copy the output to your clipboard, as you are going to use this value in the next step:
root@rok-tools:~/ops/deployments# echo ${BUCKET_PREFIX?} rok-myproject-us-east1-b-arrikto-clusterEdit
rok/rok-cluster/overlays/deploy/patches/configvars.yaml
to setdaemons.s3d.bucket_prefix
to your bucket prefix.spec: configVars: daemons.s3d.bucket_prefix: <BUCKET_PREFIX> # <-- Update this line with your bucket prefixRetrieve the ID of your Google project. Copy the output to your clipboard, as you are going to use this value in the next step:
root@rok-tools:~/ops/deployments# echo ${PROJECT_ID?} myprojectEdit
rok/rok-cluster/overlays/deploy/patches/configvars.yaml
to setdaemons.s3d.gcp.project_id
to the ID of your Google project.spec: configVars: daemons.s3d.gcp.project_id: <PROJECT_ID> # <-- Update this line with your GCP project IDEdit
rok/rok-cluster/overlays/deploy/patches/storage.yaml
to set thespec.s3.endpoint
field tohttps://storage.googleapis.com
.spec: s3: endpoint: https://storage.googleapis.com # <-- Update this line with the Google Cloud Storage endpoint.Retrieve the GCP region. Copy the output to your clipboard, as you are going to use this value in the next step:
root@rok-tools:~/ops/deployments# echo ${REGION?} us-east1Edit
rok/rok-cluster/overlays/deploy/patches/storage.yaml
to set thespec.s3.region
field to your GCP region.spec: s3: region: <REGION> # <-- Update this line with your GCP regionRetrieve the email of the Google service account you created for Rok. Copy the output to your clipboard, as you are going to use this value in the next step:
root@rok-tools:~/ops/deployments# echo ${GCP_SERVICE_ACCOUNT_EMAIL?} rok-arrikto-cluster@myproject.iam.gserviceaccount.comEdit
rok/rok-cluster/overlays/deploy/patches/storage.yaml
to set thespec.s3.GCPServiceAccount
field to the email of the Google service account you created for Rok.spec: s3: GCPServiceAccount: <GCP_SERVICE_ACCOUNT_EMAIL> # <-- Update this line with your GCP service account emailTrack all changes in the git repository:
root@rok-tools:~/ops/deployments# git add rok/rok-clusterCommit the changes:
root@rok-tools:~/ops/deployments# git commit -m "Configure object storage access for Rok"
Summary¶
You have successfully provided Rok with access to the object storage service of your cloud provider.
What’s Next¶
The next step is to grant Rok access to Arrikto’s private container registry, so that it can pull images from it.