From 75fdf32e4c490bf8e880b2c9bce20aa94981d83d Mon Sep 17 00:00:00 2001 From: Nolan Brubaker Date: Wed, 6 Dec 2017 12:06:50 -0500 Subject: [PATCH 1/3] Document GKE cluster-admin step When using GKE, an additional step is needed to become cluster admin. Without this, generating the RBAC scaffolding will result in an error. Signed-off-by: Nolan Brubaker --- docs/cloud-provider-specifics.md | 3 +++ 1 file changed, 3 insertions(+) diff --git a/docs/cloud-provider-specifics.md b/docs/cloud-provider-specifics.md index 9ebaadb57..9cabbcb10 100644 --- a/docs/cloud-provider-specifics.md +++ b/docs/cloud-provider-specifics.md @@ -155,6 +155,8 @@ To integrate Heptio Ark with GCP, you should follow the instructions below to cr In the Ark root directory, run the following to first set up namespaces, RBAC, and other scaffolding: +When using Google Kubernetes Engine (GKE), be sure to make your current IAM user a cluster-admin. See [their docs][22] for more information. + ```bash kubectl apply -f examples/common/00-prereqs.yaml ``` @@ -441,4 +443,5 @@ ark restore create nginx-backup [19]: https://kubernetes.io/docs/concepts/storage/persistent-volumes/#reclaiming [20]: /CHANGELOG.md [21]: /docs/build-from-scratch.md +[22]: https://cloud.google.com/kubernetes-engine/docs/how-to/role-based-access-control#prerequisites_for_using_role-based_access_control From ccdbee6b16c261efa62f35d88c276868570dfe19 Mon Sep 17 00:00:00 2001 From: Nolan Brubaker Date: Tue, 19 Dec 2017 15:37:51 -0500 Subject: [PATCH 2/3] Clarify different deployment options on GCP. Signed-off-by: Nolan Brubaker --- docs/cloud-provider-specifics.md | 7 ++++++- 1 file changed, 6 insertions(+), 1 deletion(-) diff --git a/docs/cloud-provider-specifics.md b/docs/cloud-provider-specifics.md index 9cabbcb10..cafc7b201 100644 --- a/docs/cloud-provider-specifics.md +++ b/docs/cloud-provider-specifics.md @@ -105,6 +105,10 @@ Now that you have your IAM user credentials stored in a Secret, you need to repl ### GCP +There are two ways to use Kubernetes on Google's Cloud Platform - Kubernetes running on top of Google Compute Engine +virtual machines, or through the Google Kubernetes Engine. The instructions provided here should work on either, +with one noted exception. + #### Service account creation To integrate Heptio Ark with GCP, you should follow the instructions below to create an Ark-specific [Service Account][15]. @@ -153,9 +157,10 @@ To integrate Heptio Ark with GCP, you should follow the instructions below to cr #### Credentials and configuration +When using Google Kubernetes Engine (GKE), be sure to make your current IAM user a cluster-admin. See [their docs][22] for more information. + In the Ark root directory, run the following to first set up namespaces, RBAC, and other scaffolding: -When using Google Kubernetes Engine (GKE), be sure to make your current IAM user a cluster-admin. See [their docs][22] for more information. ```bash kubectl apply -f examples/common/00-prereqs.yaml From 7392cdf37b7d835904e1e8b3c45f08ed2f5518ba Mon Sep 17 00:00:00 2001 From: Nolan Brubaker Date: Tue, 19 Dec 2017 15:40:22 -0500 Subject: [PATCH 3/3] Clarify why cluster-admin is needed Signed-off-by: Nolan Brubaker --- docs/cloud-provider-specifics.md | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/docs/cloud-provider-specifics.md b/docs/cloud-provider-specifics.md index cafc7b201..958343f73 100644 --- a/docs/cloud-provider-specifics.md +++ b/docs/cloud-provider-specifics.md @@ -157,11 +157,11 @@ To integrate Heptio Ark with GCP, you should follow the instructions below to cr #### Credentials and configuration -When using Google Kubernetes Engine (GKE), be sure to make your current IAM user a cluster-admin. See [their docs][22] for more information. +When using Google Kubernetes Engine (GKE), be sure to make your current IAM user a cluster-admin, since creating RBAC objects requires it. +See [their docs][22] for more information. In the Ark root directory, run the following to first set up namespaces, RBAC, and other scaffolding: - ```bash kubectl apply -f examples/common/00-prereqs.yaml ```