mirror of
https://github.com/openshift/openshift-docs.git
synced 2026-02-06 06:46:26 +01:00
122 lines
3.0 KiB
Plaintext
122 lines
3.0 KiB
Plaintext
// Module included in the following assemblies:
|
|
//
|
|
// * migration/migrating_3_4/configuring-replication-repository-3-4.adoc
|
|
// * migration/migrating_4_1_4/configuring-replication-repository-4-1-4.adoc
|
|
// * migration/migrating_4_2_4/configuring-replication-repository-4-2-4.adoc
|
|
[id='migration-configuring-gcp_{context}']
|
|
= Configuring a Google Cloud Provider storage bucket as a replication repository
|
|
|
|
You can configure a Google Cloud Provider (GCP) storage bucket as a replication repository.
|
|
|
|
.Prerequisites
|
|
|
|
* The GCP storage bucket must be accessible to the source and target clusters.
|
|
* You must have link:https://cloud.google.com/storage/docs/gsutil_install[`gsutil`] installed.
|
|
* If you are using the snapshot copy method:
|
|
** The source and target clusters must be in the same region.
|
|
** The source and target clusters must have the same storage class.
|
|
** The storage class must be compatible with snapshots.
|
|
|
|
.Procedure
|
|
|
|
. Run `gsutil init` to log in:
|
|
+
|
|
.Example output
|
|
[source,terminal]
|
|
----
|
|
Welcome! This command will take you through the configuration of gcloud.
|
|
|
|
Your current configuration has been set to: [default]
|
|
|
|
To continue, you must login. Would you like to login (Y/n)?
|
|
----
|
|
|
|
. Set the `BUCKET` variable:
|
|
+
|
|
[source,terminal]
|
|
----
|
|
$ BUCKET=<bucket_name> <1>
|
|
----
|
|
<1> Specify your bucket name.
|
|
|
|
. Create a storage bucket:
|
|
+
|
|
[source,terminal]
|
|
----
|
|
$ gsutil mb gs://$BUCKET/
|
|
----
|
|
|
|
. Set the `PROJECT_ID` variable to your active project:
|
|
+
|
|
[source,terminal]
|
|
----
|
|
$ PROJECT_ID=$(gcloud config get-value project)
|
|
----
|
|
|
|
. Create a `velero` IAM service account:
|
|
+
|
|
[source,terminal]
|
|
----
|
|
$ gcloud iam service-accounts create velero \
|
|
--display-name "Velero Storage"
|
|
----
|
|
|
|
. Create the `SERVICE_ACCOUNT_EMAIL` variable:
|
|
+
|
|
[source,terminal]
|
|
----
|
|
$ SERVICE_ACCOUNT_EMAIL=$(gcloud iam service-accounts list \
|
|
--filter="displayName:Velero Storage" \
|
|
--format 'value(email)')
|
|
----
|
|
|
|
. Create the `ROLE_PERMISSIONS` variable:
|
|
+
|
|
[source,terminal]
|
|
----
|
|
$ ROLE_PERMISSIONS=(
|
|
compute.disks.get
|
|
compute.disks.create
|
|
compute.disks.createSnapshot
|
|
compute.snapshots.get
|
|
compute.snapshots.create
|
|
compute.snapshots.useReadOnly
|
|
compute.snapshots.delete
|
|
compute.zones.get
|
|
)
|
|
----
|
|
|
|
. Create the `velero.server` custom role:
|
|
+
|
|
[source,terminal]
|
|
----
|
|
$ gcloud iam roles create velero.server \
|
|
--project $PROJECT_ID \
|
|
--title "Velero Server" \
|
|
--permissions "$(IFS=","; echo "${ROLE_PERMISSIONS[*]}")"
|
|
----
|
|
|
|
. Add IAM policy binding to the project:
|
|
+
|
|
[source,terminal]
|
|
----
|
|
$ gcloud projects add-iam-policy-binding $PROJECT_ID \
|
|
--member serviceAccount:$SERVICE_ACCOUNT_EMAIL \
|
|
--role projects/$PROJECT_ID/roles/velero.server
|
|
----
|
|
|
|
. Update the IAM service account:
|
|
+
|
|
[source,terminal]
|
|
----
|
|
$ gsutil iam ch serviceAccount:$SERVICE_ACCOUNT_EMAIL:objectAdmin gs://${BUCKET}
|
|
----
|
|
|
|
. Save the IAM service account keys to the `credentials-velero` file in the current directory:
|
|
+
|
|
[source,terminal]
|
|
----
|
|
$ gcloud iam service-accounts keys create credentials-velero \
|
|
--iam-account $SERVICE_ACCOUNT_EMAIL
|
|
----
|