Version: 3.1

Migration with Stork on GKE

Pairing with a GKE cluster requires the following additional steps because you also need to pass in your Google Cloud credentials which will be used to generate access tokens.

Create a service account

Use the guide from Google Cloud to generate a service-account key and save it as gcs-key.json. You can also create this using the following command:

gcloud iam service-accounts keys create gcs-key.json --iam-account <your_iam_account>

Create a Secret from the service-account key

On the source cluster, create a secret in kube-system namespace with the service account JSON file created in the previous step:

kubectl create secret  generic --from-file=gcs-key.json -n kube-system gke-creds

secret/gke-creds created

Pass the Secret to Stork

The credentials created in the previous step need to be provided to Stork. When deployed through Portworx Operator, add the following to the stork section of the StorageCluster spec:

  stork:
    enabled: true    
    volumes:
    - name: gke-creds
      mountPath: /root/.gke
      readOnly: true
      secret:
        secretName: gke-creds
    env:
    - name: CLOUDSDK_AUTH_CREDENTIAL_FILE_OVERRIDE
      value: /root/.gke/gcs-key.json

Update ClusterRoleBinding

Create a clusterrolebinding to give your account the cluster-admin role:

kubectl create clusterrolebinding stork-cluster-admin-binding --clusterrole=cluster-admin --user=<your_iam_account>

Create a service account​

Create a Secret from the service-account key​

Pass the Secret to Stork​

Update ClusterRoleBinding​

Create a service account

Create a Secret from the service-account key

Pass the Secret to Stork

Update ClusterRoleBinding