Creating a new Service Account

K10 requires a newly created service account to contain the following roles:

roles/compute.storageAdmin

The following steps should be used to create the service account and add the required permissions:

myproject=$(gcloud config get-value core/project)
gcloud iam service-accounts create k10-test-sa --display-name "K10 Service Account"
k10saemail=$(gcloud iam service-accounts list --filter "k10-test-sa" --format="value(email)")
gcloud iam service-accounts keys create --iam-account=${k10saemail} k10-sa-key.json
gcloud projects add-iam-policy-binding ${myproject} --member serviceAccount:${k10saemail} --role roles/compute.storageAdmin

Installing K10 with the new Service Account

Use the base64 tool to encode the k10-sa-key.json file generated above and install K10 with the newly created credentials.

sa_key=$(base64 -w0 k10-sa-key.json)
helm install kasten/k10 --name=k10 --namespace=kasten-io --set secrets.googleApiKey=$sa_key