Configuring GCS Artifact Credentials
Spinnaker stages that read data from artifacts can consume GCS objects as artifacts.
You need a
Google Cloud Platform
(GCP) project to host a bucket in. The next steps assume you’ve already
You can check that
gcloud is installed and authenticated by running:
Spinnaker needs a
to authenticate as against GCP, with the
roles/storage.admin role enabled. If
you don’t already have such a service account with the corresponding JSON key
downloaded, you can run the following commands to do so:
SERVICE_ACCOUNT_NAME=spin-gcs-artifacts-account SERVICE_ACCOUNT_DEST=~/.gcp/gcs-artifacts-account.json gcloud iam service-accounts create \ $SERVICE_ACCOUNT_NAME \ --display-name $SERVICE_ACCOUNT_NAME SA_EMAIL=$(gcloud iam service-accounts list \ --filter="displayName:$SERVICE_ACCOUNT_NAME" \ --format='value(email)') PROJECT=$(gcloud config get-value project) gcloud projects add-iam-policy-binding $PROJECT \ --role roles/storage.admin --member serviceAccount:$SA_EMAIL mkdir -p $(dirname $SERVICE_ACCOUNT_DEST) gcloud iam service-accounts keys create $SERVICE_ACCOUNT_DEST \ --iam-account $SA_EMAIL
Once you have run these commands, your GCS JSON key is sitting in a file
Editing Your Artifact Settings
All that’s required are the following values:
# Same as in Prerequisites section above SERVICE_ACCOUNT_DEST=~/.gcp/gcs-artifacts-account.json ARTIFACT_ACCOUNT_NAME=my-gcs-artifact-account
First, enable artifact support .
Next, add an artifact account:
hal config artifact gcs account add $ARTIFACT_ACCOUNT_NAME \ --json-path $SERVICE_ACCOUNT_DEST
And enable GCS artifact support:
hal config artifact gcs enable
There are more options described here if you need more control over your configuration.