If you use the GCP Artifact Registry, follow these instructions to create a test environment.
This tutorial assumes that you have a GCP project called sap-kyma-jellyfish-dev
.
-
Create an Artifact Registry repository. For tutorial purposes, call it
operator-test
.gcloud artifacts repositories create operator-test \ --repository-format=docker \ --location europe-west3
-
To make it work with remote clusters such as in Gardener, specify the Read access to the repository, if possible anonymously:
gcloud artifacts repositories add-iam-policy-binding operator-test \ --location=europe-west3 --member=allUsers --role=roles/artifactregistry.reader
-
Under the assumption you're creating and using a service account called
operator-test-sa
, authenticate against your registry:gcloud auth configure-docker \ europe-west3-docker.pkg.dev
-
For productive purposes, create a service account. For tutorial purposes, call it
operator-test-sa
.gcloud iam service-accounts create operator-test-sa \ --display-name="Operator Test Service Account"
-
To get the necessary permissions, assign roles to your service account.
TIP: For details, read Required roles.
gcloud projects add-iam-policy-binding sap-kyma-jellyfish-dev \ --member='serviceAccount:operator-test-sa@sap-kyma-jellyfish-dev.iam.gserviceaccount.com' \ --role='roles/artifactregistry.reader' \ --role='roles/artifactregistry.writer'
-
Impersonate the service account:
gcloud auth print-access-token --impersonate-service-account operator-test-sa@sap-kyma-jellyfish-dev.iam.gserviceaccount.com
-
Verify your login:
gcloud auth print-access-token --impersonate-service-account operator-test-sa@sap-kyma-jellyfish-dev.iam.gserviceaccount.com | docker login -u oauth2accesstoken --password-stdin https://europe-west3-docker.pkg.dev/sap-kyma-jellyfish-dev/operator-test
Export
GCR_DOCKER_PASSWORD
for thedocker-push
make command:export GCR_DOCKER_PASSWORD=$(gcloud auth print-access-token --impersonate-service-account operator-test-sa@sap-kyma-jellyfish-dev.iam.gserviceaccount.com)
-
Adjust the
docker-push
command inMakefile
:.PHONY: docker-push docker-push: ## Push docker image with the manager. ifneq (,$(GCR_DOCKER_PASSWORD)) docker login $(IMG_REGISTRY) -u oauth2accesstoken --password $(GCR_DOCKER_PASSWORD) endif docker push ${IMG}
-
Use the following setup in conjunction with Kyma CLI:
kyma alpha create module --module-config-file ${module config file} -c oauth2accesstoken:$GCR_DOCKER_PASSWORD