4.5.4. 配置 Google Cloud Platform

您可以将 Google Cloud Platform (GCP) 存储桶配置为 Migration Toolkit for Containers (MTC) 的复制仓库。

先决条件

AWS S3 存储桶必须可以被源和目标集群访问。
您必须安装了 gsutil。
如果您使用快照复制方法：
- 源和目标集群必须位于同一区域。
- 源和目标集群必须具有相同的存储类。
- 存储类必须与快照兼容。

流程

登录到 gsutil:

gsutil init

$ gsutil init

Copy to Clipboard

输出示例

Welcome! This command will take you through the configuration of gcloud.

Your current configuration has been set to: [default]

To continue, you must login. Would you like to login (Y/n)?

Welcome! This command will take you through the configuration of gcloud.

Your current configuration has been set to: [default]

To continue, you must login. Would you like to login (Y/n)?

Copy to Clipboard

设置 BUCKET 变量：
```
BUCKET=<bucket>
```
```
$ BUCKET=<bucket> 
```
1
Copy to Clipboard
1 2 1
指定存储桶名称。

创建存储桶：

gsutil mb gs://$BUCKET/

$ gsutil mb gs://$BUCKET/

Copy to Clipboard

将 PROJECT_ID 变量设置为您的活跃项目：

PROJECT_ID=`gcloud config get-value project`

$ PROJECT_ID=`gcloud config get-value project`

Copy to Clipboard

创建 velero IAM 服务帐户：

gcloud iam service-accounts create velero \
    --display-name "Velero Storage"

$ gcloud iam service-accounts create velero \
    --display-name "Velero Storage"

Copy to Clipboard

创建 SERVICE_ACCOUNT_EMAIL 变量：

SERVICE_ACCOUNT_EMAIL=`gcloud iam service-accounts list \
  --filter="displayName:Velero Storage" \
  --format 'value(email)'`

$ SERVICE_ACCOUNT_EMAIL=`gcloud iam service-accounts list \
  --filter="displayName:Velero Storage" \
  --format 'value(email)'`

Copy to Clipboard

创建 ROLE_PERMISSIONS 变量：

ROLE_PERMISSIONS=(

$ ROLE_PERMISSIONS=(
    compute.disks.get
    compute.disks.create
    compute.disks.createSnapshot
    compute.snapshots.get
    compute.snapshots.create
    compute.snapshots.useReadOnly
    compute.snapshots.delete
    compute.zones.get
)

Copy to Clipboard

创建 velero.server 自定义角色：

gcloud iam roles create velero.server \
    --project $PROJECT_ID \
    --title "Velero Server" \
    --permissions "$(IFS=","; echo "${ROLE_PERMISSIONS[*]}")"

$ gcloud iam roles create velero.server \
    --project $PROJECT_ID \
    --title "Velero Server" \
    --permissions "$(IFS=","; echo "${ROLE_PERMISSIONS[*]}")"

Copy to Clipboard

为项目添加 IAM 策略绑定：

gcloud projects add-iam-policy-binding $PROJECT_ID \
    --member serviceAccount:$SERVICE_ACCOUNT_EMAIL \
    --role projects/$PROJECT_ID/roles/velero.server

$ gcloud projects add-iam-policy-binding $PROJECT_ID \
    --member serviceAccount:$SERVICE_ACCOUNT_EMAIL \
    --role projects/$PROJECT_ID/roles/velero.server

Copy to Clipboard

更新 IAM 服务帐户：

gsutil iam ch serviceAccount:$SERVICE_ACCOUNT_EMAIL:objectAdmin gs://${BUCKET}

$ gsutil iam ch serviceAccount:$SERVICE_ACCOUNT_EMAIL:objectAdmin gs://${BUCKET}

Copy to Clipboard

将 IAM 服务帐户的密钥保存到当前目录中的 credentials-velero 文件中：

gcloud iam service-accounts keys create credentials-velero \
  --iam-account $SERVICE_ACCOUNT_EMAIL

$ gcloud iam service-accounts keys create credentials-velero \
  --iam-account $SERVICE_ACCOUNT_EMAIL

Copy to Clipboard

您可以使用 credentials-velero 文件将 GCP 添加为复制存储库。

返回顶部

4.5.4. 配置 Google Cloud Platform

学习

尝试、购买和销售

社区

关于红帽文档

让开源更具包容性

關於紅帽

Theme

Red Hat legal and privacy links

Red Hat legal and privacy links