Creating a new Service Account

K10 requires a newly created service account to contain the following roles:

roles/compute.storageAdmin

The following steps should be used to create the service account and add the required permissions:

$ myproject=$(gcloud config get-value core/project)
$ gcloud iam service-accounts create k10-test-sa --display-name "K10 Service Account"
$ k10saemail=$(gcloud iam service-accounts list --filter "k10-test-sa" --format="value(email)")
$ gcloud iam service-accounts keys create --iam-account=${k10saemail} k10-sa-key.json
$ gcloud projects add-iam-policy-binding ${myproject} --member serviceAccount:${k10saemail} --role roles/compute.storageAdmin

Installing K10 with the new Service Account

Use the base64 tool to encode the k10-sa-key.json file generated above and install K10 with the newly created credentials.

$ sa_key=$(base64 -w0 k10-sa-key.json)
$ helm install k10 kasten/k10 --namespace=kasten-io --set secrets.googleApiKey=$sa_key