Configuring GCS Artifact Credentials

Spinnaker supports using GCS objects as artifacts.

Spinnaker stages that read data from artifacts can consume GCS objects as artifacts.

Prerequisites

You need a Google Cloud Platform (GCP) project to host a bucket in. The next steps assume you’ve already created a project , and installed <code>gcloud</code> . You can check that gcloud is installed and authenticated by running:

gcloud info

Downloading credentials

Spinnaker needs a service account to authenticate as against GCP, with the roles/storage.admin role enabled. If you don’t already have such a service account with the corresponding JSON key downloaded, you can run the following commands to do so:

SERVICE_ACCOUNT_NAME=spin-gcs-artifacts-account
SERVICE_ACCOUNT_DEST=~/.gcp/gcs-artifacts-account.json

gcloud iam service-accounts create \
    $SERVICE_ACCOUNT_NAME \
    --display-name $SERVICE_ACCOUNT_NAME

SA_EMAIL=$(gcloud iam service-accounts list \
    --filter="displayName:$SERVICE_ACCOUNT_NAME" \
    --format='value(email)')

PROJECT=$(gcloud config get-value project)

gcloud projects add-iam-policy-binding $PROJECT \
    --role roles/storage.admin --member serviceAccount:$SA_EMAIL

mkdir -p $(dirname $SERVICE_ACCOUNT_DEST)

gcloud iam service-accounts keys create $SERVICE_ACCOUNT_DEST \
    --iam-account $SA_EMAIL

Once you have run these commands, your GCS JSON key is sitting in a file called $SERVICE_ACCOUNT_DEST.

Editing Your Artifact Settings

All that’s required are the following values:

# Same as in Prerequisites section above
SERVICE_ACCOUNT_DEST=~/.gcp/gcs-artifacts-account.json

ARTIFACT_ACCOUNT_NAME=my-gcs-artifact-account

First, enable artifact support .

Next, add an artifact account:

hal config artifact gcs account add $ARTIFACT_ACCOUNT_NAME \
    --json-path $SERVICE_ACCOUNT_DEST

And enable GCS artifact support:

hal config artifact gcs enable

There are more options described here if you need more control over your configuration.