Skip to main content
Version: 3.2

Migration with Stork on GKE

Pairing with a GKE cluster requires the following additional steps because you also need to pass in your Google Cloud credentials which will be used to generate access tokens. ​

Create a service account

Use the guide from Google Cloud to generate a service-account key and save it as gcs-key.json. You can also create this using the following command: ​

gcloud iam service-accounts keys create gcs-key.json --iam-account <your_iam_account>

Create a Secret from the service-account key

On the source cluster, create a secret in kube-system namespace with the service account JSON file created in the previous step: ​

kubectl create secret  generic --from-file=gcs-key.json -n kube-system gke-creds

secret/gke-creds created

Pass the Secret to Stork

​ The credentials created in the previous step need to be provided to Stork. When deployed through Portworx Operator, add the following to the stork section of the StorageCluster spec: ​

  stork:
enabled: true
volumes:
- name: gke-creds
mountPath: /root/.gke
readOnly: true
secret:
secretName: gke-creds
env:
- name: CLOUDSDK_AUTH_CREDENTIAL_FILE_OVERRIDE
value: /root/.gke/gcs-key.json

Update ClusterRoleBinding

​ Create a clusterrolebinding to give your account the cluster-admin role:

kubectl create clusterrolebinding stork-cluster-admin-binding --clusterrole=cluster-admin --user=<your_iam_account>