How to use Google Cloud Storage Bucket inside container and run cache file server for the contents.
2022 edition with Go!
Make gcsbc.env with following contents:
PROJECT_NAME=YOUR_GCP_PROJECT_NAME
BUCKET_NAME=YOUR_GCS_BUCKET_NAMEApply it to current shell
source gcsbc.envMake service account and bind role:
$ gcloud iam service-accounts create \
gcsbc-service-account --display-name "gcsbc"
$ gcloud iam roles create gcsbc \
--project ${PROJECT_NAME} \
--file gcsbc-roles.yaml
$ gcloud projects add-iam-policy-binding ${PROJECT_NAME} \
--member=serviceAccount:gcsbc-service-account@${PROJECT_NAME}.iam.gserviceaccount.com \
--role=projects/${PROJECT_NAME}/roles/gcsbc \
--condition=NoneGenerate key for the service account and set it to k8s secret:
$ gcloud iam service-accounts keys create gcsbc-key.json \
--iam-account=gcsbc-service-account@${PROJECT_NAME}.iam.gserviceaccount.comBuild image:
docker build -t gcsbc:test .Run container:
docker run -it --rm \
--cap-add SYS_ADMIN --device /dev/fuse \
-v `realpath gcsbc-key.json`:/sa-key.json \
-e BUCKET_NAME=${BUCKET_NAME} \
-p 8080:8080 \
--entrypoint=/bin/sh \
gcsbc:testMount bucket and run cache filer server (inside container):
$ gcsfuse --implicit-dirs --key-file=/sa-key.json ${BUCKET_NAME} /bucket
$ /app -r /bucketCheck bucket contents accessable from host browser.
Unmount bucket and exit (inside container)
fusermount -u ${BUCKET_NAME}
# Press Ctrl-DPush the image:
docker tag gcsbc:test gcr.io/${PROJECT_NAME}/gcsbc:latest
docker push gcr.io/${PROJECT_NAME}/gcsbc:latestMake ga-key.to secret:
k create secret generic sa-key --from-file=gcsbc-key.jsonDeploy:
k apply -f deploy-gcsbc.yaml