Authorize Access to Object Storage on Google Cloud

This guide will walk you through configuring Rok to have access to object storage resources on Google Cloud.

What You’ll Need

• A configured management environment.
• Your clone of the Arrikto GitOps repository.
• An existing GKE cluster.
• A cloud identity with access to your cloud provider’s storage service.

Procedure

1. Go inside your clone of the GitOps repo:

   

   root@rok-tools:~# cd ~/ops/deployments

2. Edit rok/rok-cluster/overlays/deploy/kustomization.yaml to set the parent of the deploy kustomization overlay to gke:

   

   bases: - ../gke # <-- Edit this line to point to the gke overlay

3. Retrieve your bucket prefix. Copy the output to your clipboard, as you are going to use this value in the next step:

   

   root@rok-tools:~/ops/deployments# echo ${BUCKET_PREFIX?} rok-myproject-us-east1-b-arrikto-cluster

4. Edit rok/rok-cluster/overlays/deploy/patches/configvars.yaml to set daemons.s3d.bucket_prefix to your bucket prefix.

   

   spec: configVars: daemons.s3d.bucket_prefix: <BUCKET_PREFIX> # <-- Update this line with your bucket prefix

5. Retrieve the ID of your Google project. Copy the output to your clipboard, as you are going to use this value in the next step:

   

   root@rok-tools:~/ops/deployments# echo ${PROJECT_ID?} myproject

6. Edit rok/rok-cluster/overlays/deploy/patches/configvars.yaml to set daemons.s3d.gcp.project_id to the ID of your Google project.

   

   spec: configVars: daemons.s3d.gcp.project_id: <PROJECT_ID> # <-- Update this line with your GCP project ID

7. Edit rok/rok-cluster/overlays/deploy/patches/storage.yaml to set the spec.s3.endpoint field to https://storage.googleapis.com.

   

   spec: s3: endpoint: https://storage.googleapis.com # <-- Update this line with the Google Cloud Storage endpoint.

8. Retrieve the GCP region. Copy the output to your clipboard, as you are going to use this value in the next step:

   

   root@rok-tools:~/ops/deployments# echo ${REGION?} us-east1

9. Edit rok/rok-cluster/overlays/deploy/patches/storage.yaml to set the spec.s3.region field to your GCP region.

   

   spec: s3: region: <REGION> # <-- Update this line with your GCP region

10. Retrieve the email of the Google service account you created for Rok. Copy the output to your clipboard, as you are going to use this value in the next step:

    

    root@rok-tools:~/ops/deployments# echo ${GCP_SERVICE_ACCOUNT_EMAIL?} rok-arrikto-cluster@myproject.iam.gserviceaccount.com

11. Edit rok/rok-cluster/overlays/deploy/patches/storage.yaml to set the spec.s3.GCPServiceAccount field to the email of the Google service account you created for Rok.

    

    spec: s3: GCPServiceAccount: <GCP_SERVICE_ACCOUNT_EMAIL> # <-- Update this line with your GCP service account email

12. Track all changes in the git repository:

    

    root@rok-tools:~/ops/deployments# git add rok/rok-cluster

13. Commit the changes:

    

    root@rok-tools:~/ops/deployments# git commit -m "Configure object storage access for Rok"

Verify

This section is a work in progress.

Summary

You have successfully provided Rok with access to the object storage service of your cloud provider.

What’s Next

The next step is to grant Rok access to Arrikto’s private container registry, so that it can pull images from it.

• Grant Rok Access to Private Docker Registry

PreviousNext