mirrors/velero
1
0
Fork 0
mirror of https://github.com/vmware-tanzu/velero.git synced 2026-01-05 13:05:17 +00:00
Code Issues Actions Packages Projects Releases Wiki Activity
Files
main
velero/site/content/docs/v0.7.0/gcp-config.md
Tony Batard c663ce15ab Hugo migration (#2720) 
* Move files to a Hugo structure

Signed-off-by: Tony Batard <tbatard@pivotal.io>
2020-08-13 09:09:15 -07:00

3.5 KiB
Raw Permalink Blame History

title, layout
title layout
Run Ark on GCP docs

You can run Kubernetes on Google Cloud Platform in either of:

  • Kubernetes on Google Compute Engine virtual machines
  • Google Kubernetes Engine

If you do not have the gcloud and gsutil CLIs locally installed, follow the user guide to set them up.

Create GCS bucket

Heptio Ark requires an object storage bucket in which to store backups. Create a GCS bucket, replacing placeholder appropriately:

gsutil mb gs://<YOUR_BUCKET>/

Create service account

To integrate Heptio Ark with GCP, create an Ark-specific Service Account:

  1. View your current config settings:

    gcloud config list

    Store the project value from the results in the environment variable $PROJECT_ID.

  2. Create a service account:

    gcloud iam service-accounts create heptio-ark \
    --display-name "Heptio Ark service account"

    Then list all accounts and find the heptio-ark account you just created:

    gcloud iam service-accounts list

    Set the $SERVICE_ACCOUNT_EMAIL variable to match its email value.

  3. Attach policies to give heptio-ark the necessary permissions to function:

    gcloud projects add-iam-policy-binding $PROJECT_ID \
    --member serviceAccount:$SERVICE_ACCOUNT_EMAIL \
    --role roles/compute.storageAdmin
gcloud projects add-iam-policy-binding $PROJECT_ID \
    --member serviceAccount:$SERVICE_ACCOUNT_EMAIL \
    --role roles/storage.admin

  4. Create a service account key, specifying an output file (credentials-ark) in your local directory:

    gcloud iam service-accounts keys create credentials-ark \
    --iam-account $SERVICE_ACCOUNT_EMAIL

Credentials and configuration

If you run Google Kubernetes Engine (GKE), make sure that your current IAM user is a cluster-admin. This role is required to create RBAC objects. See the GKE documentation for more information.

In the Ark root directory, run the following to first set up namespaces, RBAC, and other scaffolding. To run in a custom namespace, make sure that you have edited the YAML files to specify the namespace. See Run in custom namespace.

kubectl apply -f examples/common/00-prereqs.yaml

Create a Secret. In the directory of the credentials file you just created, run:

kubectl create secret generic cloud-credentials \
    --namespace <ARK_NAMESPACE> \
    --from-file cloud=credentials-ark

Specify the following values in the example files:

  • In file examples/gcp/00-ark-config.yaml:

  • In file examples/common/10-deployment.yaml:

    • Change spec.template.spec.containers[*].env.name to "GOOGLE_APPLICATION_CREDENTIALS".

  • (Optional) If you run the nginx example, in file examples/nginx-app/with-pv.yaml:

    • Replace <YOUR_STORAGE_CLASS_NAME> with standard. This is GCP's default StorageClass name.

Start the server

In the root of your Ark directory, run:

kubectl apply -f examples/gcp/00-ark-config.yaml
kubectl apply -f examples/common/10-deployment.yaml