Skip to content

Latest commit

 

History

History
109 lines (78 loc) · 2.34 KB

README.md

File metadata and controls

109 lines (78 loc) · 2.34 KB

GCSBC - Google Cloud Storage Bucket Cache

How to use Google Cloud Storage Bucket inside container and run cache file server for the contents.

2022 edition with Go!

Set up environment

Make gcsbc.env with following contents:

PROJECT_NAME=YOUR_GCP_PROJECT_NAME
BUCKET_NAME=YOUR_GCS_BUCKET_NAME

Apply it to current shell

source gcsbc.env

GCP service account

Make service account and bind role:

$ gcloud iam service-accounts create \
    gcsbc-service-account --display-name "gcsbc"
$ gcloud iam roles create gcsbc \
    --project ${PROJECT_NAME} \
    --file gcsbc-roles.yaml
$ gcloud projects add-iam-policy-binding ${PROJECT_NAME} \
    --member=serviceAccount:gcsbc-service-account@${PROJECT_NAME}.iam.gserviceaccount.com \
    --role=projects/${PROJECT_NAME}/roles/gcsbc \
    --condition=None

Generate key for the service account and set it to k8s secret:

$ gcloud iam service-accounts keys create gcsbc-key.json \
    --iam-account=gcsbc-service-account@${PROJECT_NAME}.iam.gserviceaccount.com

Test with docker

Build image:

docker build -t gcsbc:test .

Run container:

docker run -it --rm \
  --cap-add SYS_ADMIN --device /dev/fuse \
  -v `realpath gcsbc-key.json`:/sa-key.json \
  -e BUCKET_NAME=${BUCKET_NAME} \
  -p 8080:8080 \
  --entrypoint=/bin/sh \
  gcsbc:test

Mount bucket and run cache filer server (inside container):

$ gcsfuse --implicit-dirs --key-file=/sa-key.json ${BUCKET_NAME} /bucket
$ /app -r /bucket

Check bucket contents accessable from host browser.

Unmount bucket and exit (inside container)

fusermount -u ${BUCKET_NAME}
# Press Ctrl-D

Deploy GCSBC to k8s (GKE)

Push the image:

docker tag gcsbc:test gcr.io/${PROJECT_NAME}/gcsbc:latest
docker push gcr.io/${PROJECT_NAME}/gcsbc:latest

Make ga-key.to secret:

k create secret generic sa-key --from-file=gcsbc-key.json

Deploy:

k apply -f deploy-gcsbc.yaml

참조