Creating required GCP resources

In addition to the prerequisites from the previous page, this guide also requires additional cloud resources to be created, which are outlined in the following subsections.

Artifact registry

The GCP artifact registry is used for storing the example Anjuna Confidential Pod images. The following commands can be used to enable it for your GCP project and create a registry:

$ gcloud services enable artifactregistry.googleapis.com --project ${ANJ_PROJ}
$ gcloud artifacts repositories create anjuna-k8s-toolset \
  --project ${ANJ_PROJ} \
  --location ${ANJ_REGION} \
  --repository-format=docker

Service account for artifact registry

A service account will be needed to enable accessing the artifact registry when deploying Anjuna Confidential Pods into your cluster. The resources needed (i.e., service account, role, and access key file registry-access-key.json) can be created with the following commands:

$ gcloud iam service-accounts create ${ANJ_SACCT_IMAGE_PULLER} --project ${ANJ_PROJ}
$ gcloud projects add-iam-policy-binding ${ANJ_PROJ} \
  --member serviceAccount:${ANJ_SACCT_IMAGE_PULLER}@${ANJ_PROJ}.iam.gserviceaccount.com \
  --role roles/artifactregistry.reader
$ gcloud iam service-accounts keys create registry-access-key.json \
  --iam-account ${ANJ_SACCT_IMAGE_PULLER}@${ANJ_PROJ}.iam.gserviceaccount.com

Container image Cloud Storage bucket

A storage bucket is needed to store the Confidential Container disk images. If you do not have a bucket that can be used for that purpose, create a new one with the following command:

$ gcloud storage buckets create gs://${ANJ_BUCKET_NAME}

Load and push the Anjuna Kubernetes Toolset images

Log in to Artifact Registry

A logged in session is needed with the target Docker artifact registry. To log in to the artifact registry, run the following command:

$ gcloud auth configure-docker ${ANJ_IMAGE_REGISTRY} --project ${ANJ_PROJ}

Load the Anjuna Kubernetes Toolset services image

In order to build Anjuna Confidential Pod disk images, a special Container image needs to be available in your build environment. Run the following to configure your environment correctly:

$ docker load -i ${ANJ_K8S_TOOLSET_DIR}/anjuna-k8s-sev-services-image.tar