Portworx
PORTWORX.COM

Migration with Stork on GKE

Pairing with a GKE cluster requires the following additional steps because you also need to pass in your Google Cloud credentials which will be used to generate access tokens.

Create a service account

Use the guide from Google Cloud to generate a service-account key and save it as gcs-key.json. You can also create this using the following command:

gcloud iam service-accounts keys create gcs-key.json --iam-account <your_iam_account>

Create a Secret from the service-account key

On the source cluster, create a secret in kube-system namespace with the service account JSON file created in the previous step:

kubectl create secret  generic --from-file=gcs-key.json -n kube-system gke-creds
secret/gke-creds created

Pass the Secret to Stork

When Stork is deployed through the Operator

The credentials created in the previous step need to be provided to Stork. When deployed through Portworx Operator, add the following to the stork section of the StorageCluster spec:

  stork:
    enabled: true    
    volumes:
    - name: gke-creds
      mountPath: /root/.gke/gcs-key.json
      readOnly: true
      secret:
        secretName: gke-creds
    env:
    - name: CLOUDSDK_AUTH_CREDENTIAL_FILE_OVERRIDE
      value: /root/.gke/gcs-key.json

When Stork is deployed using the Portworx DaemonSet model

Mount the secret created above in the Stork deployment by performing the following steps.

  1. Run the following command to make updates:

    kubectl edit deployment -n kube-system stork

  2. Add the following under spec.template.spec:

    volumes:
- name: gke-creds
  secret:
    secretName: gke-creds

  3. Add the following under spec.template.spec.containers:

    volumeMounts:
- mountPath: /root/.gke/
  name: gke-creds
  readOnly: true

  4. Add the following under spec.template.spec.containers:

    env:
- name: CLOUDSDK_AUTH_CREDENTIAL_FILE_OVERRIDE
  value: /root/.gke/gcs-key.json

  5. Save the changes and wait for all the Stork pods to be in running state after applying the changes:

    kubectl get pods -n kube-system -l name=stork

Update ClusterRoleBinding

Create a clusterrolebinding to give your account the cluster-admin role:

kubectl create clusterrolebinding stork-cluster-admin-binding --clusterrole=cluster-admin --user=<your_iam_account>
arrow_back_ios Previous
Migration with Stork on EKS
Next arrow_forward_ios
Migration with Stork on OKE
Last edited: Tuesday, May 9, 2023
Questions? Visit the Portworx forum.