Skip to main content
Version: 2.7

GKE cluster prerequisites

Make sure the following prerequisites are met before you add a GCP cluster in Portworx Backup:

  • Installation prerequisites are met

  • Stork is on all application clusters

  • In GCP console, create a GCP role with the following permissions:

    compute.disks.addResourcePolicies
    compute.disks.create
    compute.disks.createSnapshot
    compute.disks.delete
    compute.disks.get
    compute.disks.getIamPolicy
    compute.disks.list
    compute.disks.removeResourcePolicies
    compute.disks.resize
    compute.disks.setIamPolicy
    compute.disks.setLabels
    compute.disks.update
    compute.disks.use
    compute.disks.useReadOnly
    compute.snapshots.create
    compute.snapshots.delete
    compute.snapshots.get
    compute.snapshots.getIamPolicy
    compute.snapshots.list
    compute.snapshots.setIamPolicy
    compute.snapshots.setLabels
    compute.snapshots.useReadOnly
    container.apiServices.get
    container.apiServices.getStatus
    container.apiServices.list
    container.auditSinks.get
    container.auditSinks.list
    container.backendConfigs.get
    container.backendConfigs.list
    container.bindings.get
    container.bindings.list
    container.certificateSigningRequests.get
    container.certificateSigningRequests.list
    container.clusterRoleBindings.get
    container.clusterRoleBindings.list
    container.clusterRoles.get
    container.clusterRoles.list
    container.clusters.get
    container.clusters.list
    container.componentStatuses.get
    container.componentStatuses.list
    container.configMaps.get
    container.configMaps.list
    container.controllerRevisions.get
    container.controllerRevisions.list
    container.cronJobs.get
    container.cronJobs.getStatus
    container.cronJobs.list
    container.csiDrivers.get
    container.csiDrivers.list
    container.csiNodeInfos.get
    container.csiNodeInfos.list
    container.csiNodes.get
    container.csiNodes.list
    container.customResourceDefinitions.get
    container.customResourceDefinitions.getStatus
    container.customResourceDefinitions.list
    container.daemonSets.get
    container.daemonSets.getStatus
    container.daemonSets.list
    container.deployments.get
    container.deployments.getScale
    container.deployments.getStatus
    container.deployments.list
    container.endpointSlices.get
    container.endpointSlices.list
    container.endpoints.get
    container.endpoints.list
    container.events.get
    container.events.list
    container.frontendConfigs.get
    container.frontendConfigs.list
    container.horizontalPodAutoscalers.get
    container.horizontalPodAutoscalers.getStatus
    container.horizontalPodAutoscalers.list
    container.ingresses.get
    container.ingresses.getStatus
    container.ingresses.list
    container.initializerConfigurations.get
    container.initializerConfigurations.list
    container.jobs.get
    container.jobs.getStatus
    container.jobs.list
    container.leases.get
    container.leases.list
    container.limitRanges.get
    container.limitRanges.list
    container.localSubjectAccessReviews.list
    container.managedCertificates.get
    container.managedCertificates.list
    container.mutatingWebhookConfigurations.get
    container.mutatingWebhookConfigurations.list
    container.namespaces.create
    container.namespaces.get
    container.namespaces.getStatus
    container.namespaces.list
    container.namespaces.update
    container.namespaces.updateStatus
    container.networkPolicies.get
    container.networkPolicies.list
    container.nodes.get
    container.nodes.getStatus
    container.nodes.list
    container.operations.list
    container.persistentVolumeClaims.get
    container.persistentVolumeClaims.getStatus
    container.persistentVolumeClaims.list
    container.persistentVolumes.get
    container.persistentVolumes.getStatus
    container.persistentVolumes.list
    container.petSets.get
    container.petSets.list
    container.podDisruptionBudgets.create
    container.podDisruptionBudgets.delete
    container.podDisruptionBudgets.get
    container.podDisruptionBudgets.getStatus
    container.podDisruptionBudgets.list
    container.podDisruptionBudgets.update
    container.podDisruptionBudgets.updateStatus
    container.podPresets.get
    container.podPresets.list
    container.podSecurityPolicies.get
    container.podSecurityPolicies.list
    container.podTemplates.get
    container.podTemplates.list
    container.pods.get
    container.pods.getLogs
    container.pods.getStatus
    container.pods.list
    container.priorityClasses.get
    container.priorityClasses.list
    container.replicaSets.get
    container.replicaSets.getScale
    container.replicaSets.getStatus
    container.replicaSets.list
    container.replicationControllers.get
    container.replicationControllers.getScale
    container.replicationControllers.getStatus
    container.replicationControllers.list
    container.resourceQuotas.get
    container.resourceQuotas.getStatus
    container.resourceQuotas.list
    container.roleBindings.get
    container.roleBindings.list
    container.roles.get
    container.roles.list
    container.runtimeClasses.get
    container.runtimeClasses.list
    container.scheduledJobs.get
    container.scheduledJobs.list
    container.secrets.get
    container.secrets.list
    container.selfSubjectAccessReviews.list
    container.serviceAccounts.get
    container.serviceAccounts.list
    container.services.get
    container.services.getStatus
    container.services.list
    container.statefulSets.get
    container.statefulSets.getScale
    container.statefulSets.getStatus
    container.statefulSets.list
    container.storageClasses.get
    container.storageClasses.list
    container.storageStates.get
    container.storageStates.getStatus
    container.storageStates.list
    container.storageVersionMigrations.get
    container.storageVersionMigrations.getStatus
    container.storageVersionMigrations.list
    container.subjectAccessReviews.list
    container.thirdPartyObjects.create
    container.thirdPartyObjects.delete
    container.thirdPartyObjects.get
    container.thirdPartyObjects.list
    container.thirdPartyObjects.update
    container.thirdPartyResources.get
    container.thirdPartyResources.list
    container.updateInfos.get
    container.updateInfos.list
    container.validatingWebhookConfigurations.get
    container.validatingWebhookConfigurations.list
    container.volumeAttachments.get
    container.volumeAttachments.getStatus
    container.volumeAttachments.list
    container.volumeSnapshotClasses.get
    container.volumeSnapshotClasses.list
    container.volumeSnapshotContents.get
    container.volumeSnapshotContents.getStatus
    container.volumeSnapshotContents.list
    container.volumeSnapshots.get
    container.volumeSnapshots.getStatus
    container.volumeSnapshots.list
    containeranalysis.notes.list
    containeranalysis.notes.listOccurrences
    containeranalysis.occurrences.list
    resourcemanager.projects.get
    storage.buckets.create
    storage.buckets.delete
    storage.buckets.get
    storage.buckets.getIamPolicy
    storage.buckets.list
    storage.buckets.setIamPolicy
    storage.buckets.update
    storage.hmacKeys.create
    storage.hmacKeys.delete
    storage.hmacKeys.get
    storage.hmacKeys.list
    storage.hmacKeys.update
    storage.multipartUploads.create
    storage.multipartUploads.list
    storage.multipartUploads.listParts
    storage.objects.create
    storage.objects.delete
    storage.objects.get
    storage.objects.getIamPolicy
    storage.objects.list
    storage.objects.setIamPolicy

    Associate this new GCP role to a service account used on the cluster where you want to install Portworx Backup. Save the JSON key for this service account for future reference. Also, select this service account in the node security settings while deploying the cluster where you want to install Portworx Backup.

  • Generate Kubeconfig for GKE clusters

  • Google cloud account is added in Portworx Backup

Generate Kubeconfig for GKE clusters

To add a GKE cluster in Portworx Backup, you need kubeconfig details. You can fetch kubeconfig details either through Cloud Shell or gcloud CLI.

Kubeconfig with Cloud Shell

Run the below commands in Cloud Shell to get kubeconfig data:

  1. Disable the new binary plugin for authentication:

    export USE_GKE_GCLOUD_AUTH_PLUGIN=False

    For more information, refer kubectl authentication in GKE.

  2. Connect to your GKE cluster:

    gcloud container clusters get-credentials <GKE-clustername> --zone <zone-name> --project <project-name>
  3. Get the kubeconfig for your GKE cluster:

    kubectl config view –-flatten –-minify

    Above steps fetch the required kubeconfig information. In the kubeconfig details, please make sure the user section holds data related to auth-provider and not that of exec.

    A sample output (fragment from kubeconfig details) from users section with auth-provider related data:

    users:
    - name: <GKE-cluster-name>
    user:
    auth-provider:
    config:
    access-token: <access-token>
    cmd-args: config config-helper --format=json
    cmd-path: /root/gcloud/google-cloud-sdk/bin/gcloud
    expiry: "2023-03-28T13:05:32Z"
    expiry-key: '{.credential.token_expiry}'
    token-key: '{.credential.access_token}'
    name: gcp

Kubeconfig with gcloud CLI

  1. Install the gcloud CLI, refer installation instructions for more details.

  2. Initialize gcloud CLI:

    gcloud init
  3. Run the commands listed in step 1, 2, and 3 in Kubeconfig with Cloud Shell topic on your gcloud CLI to obtain kubeconfig details.

Related topic: