Skip to main content
Version: 8.5.9

Creating a New Service Account

Veeam Kasten requires a newly created service account to contain the following roles: 

roles/compute.storageAdmin

:::info Note

Currently, the Google Service Account key needs to be created in the same GCP account as the GKE cluster. :::

The following steps should be used to create the service account and add the required permissions: 

$ myproject=$(gcloud config get-value core/project)
$ gcloud iam service-accounts create k10-test-sa --display-name "K10 Service Account"
$ k10saemail=$(gcloud iam service-accounts list --filter "k10-test-sa" --format="value(email)")
$ gcloud iam service-accounts keys create --iam-account=${k10saemail} k10-sa-key.json
$ gcloud projects add-iam-policy-binding ${myproject} --member serviceAccount:${k10saemail} --role roles/compute.storageAdmin

Installing Veeam Kasten with the new Service Account

Use the base64 tool to encode the k10-sa-key.json file generated above, and then install Veeam Kasten with the newly created credentials. 

$ sa_key=$(base64 -w0 k10-sa-key.json)
$ helm install k10 kasten/k10 --namespace=kasten-io --set secrets.googleApiKey=$sa_key

Using a Custom Project ID

If the Google Service Account belongs to a project other than the one in which the cluster is located, then the project's ID for the cluster must also be provided during the installation. 

$ sa_key=$(base64 -w0 k10-sa-key.json)
$ helm install k10 kasten/k10 \
      --namespace=kasten-io \
      --set secrets.googleApiKey=$sa_key \
      --set secrets.googleProjectId=<project-id>

Existing Secret Usage

It is possible to use an existing secret to provide Service Account and Project ID.

To do so, the following Helm option can be used:

--set secrets.googleClientSecretName=<secret name>

:::info Note

Please ensure that the secret exists in the namespace where Veeam Kasten is installed. The default namespace assumed throughout this documentation is kasten-io. ::: 

apiVersion: v1
kind: Secret
metadata:
  name: my-google-creds
  namespace: kasten-io
data:
  google-api-key: MjMzODAyNWMEXAMPLEAPIKEY
  google-project-id: UlVMOFF+dnpwM1EXAMPLEPROJECTID
type: Opaque