@@ -18,12 +18,37 @@ gcloud compute routers nats create kctf-${CLUSTER_NAME}-nat-config --router-regi
1818
1919get_cluster_creds
2020
21- kubectl create configmap gcsfuse-config --namespace kube-system
22- kubectl create secret generic gcsfuse-secrets --namespace kube-system
21+ # GCSFUSE
22+
23+ SUFFIX=$( echo " ${PROJECT} -${CLUSTER_NAME} -${ZONE} " | sha1sum)
24+ BUCKET_NAME=" kctf-gcsfuse-${SUFFIX: 0: 16} "
25+ GSA_NAME=" ${BUCKET_NAME} "
26+ GSA_EMAIL=$( gcloud iam service-accounts list --filter " name:${GSA_NAME} " ' get(email)' || true)
27+ if [ -z " ${GSA_EMAIL} " ; then
28+ gcloud iam service-accounts create " ${GSA_NAME} " " kCTF GCSFUSE service account ${CLUSTER_NAME} ${ZONE} " " kCTF GCSFUSE ${CLUSTER_NAME} ${ZONE} "
29+ GSA_EMAIL=$( gcloud iam service-accounts list --filter " name:${GSA_NAME} " ' get(email)' )
30+ fi
31+ if ! gsutil du " gs://${BUCKET_NAME} /" ; then
32+ gsutil mb -l eu " gs://${BUCKET_NAME} /"
33+ gsutil uniformbucketlevelaccess set on " gs://${BUCKET_NAME} /"
34+ fi
35+ gcloud projects add-iam-policy-binding " ${PROJECT} " " serviceAccount:${GSA_EMAIL} "
36+
37+ KEY_PATH=$( mktemp -d)
38+
39+ gcloud iam service-accounts keys create " ${KEY_PATH} " " ${GSA_EMAIL} "
40+
41+ kubectl create secret generic gcsfuse-secrets --from-file=" ${KEY_PATH} "
42+
43+ rm -rf $( dirname " ${KEY_PATH} " )
44+
45+ kubectl create configmap gcsfuse-config --from-literal=gcs_bucket=" ${BUCKET_NAME} "
46+
47+ kubectl create -f " ${DIR} /config/daemon-gcsfuse.yaml"
48+
2349
2450kubectl create -f " ${DIR} /config/apparmor.yaml"
2551kubectl create -f " ${DIR} /config/daemon.yaml"
26- kubectl create -f " ${DIR} /config/daemon-gcsfuse.yaml"
2752kubectl create -f " ${DIR} /config/network-policy.yaml"
2853kubectl create -f " ${DIR} /config/allow-dns.yaml"
2954kubectl patch ServiceAccount default --patch " automountServiceAccountToken: false"
0 commit comments