Share Anthos Snapshots with Google Support
If you have a problem with registered clusters outside Google Cloud that you can't resolve yourself, you may be asked to create a snapshot of your cluster and share it with the team. This page tells you how to share this information with Google Cloud Support.
Allow Google Cloud Support to view your uploaded cluster snapshot
For some support cases, you may need to take a snapshot of the affected cluster for the Google Cloud Support team. Instead of sending the snapshot file via email, you can upload the file to a Cloud Storage bucket and share access to the bucket with the team. See Identity and Access Management permissions for gsutil commands for the permissions you need to grant access to a storage bucket.
Create cluster snapshot
The process for creating a snapshot depends on your cluster type:
- GKE on AWS (previous generation): Follow the instructions in Create a snapshot
- GKE on VMware: Follow the instructions in Upload snapshots to a Cloud Storage bucket to create a cluster snapshot and upload the cluster snapshot to a Cloud Storage bucket. Note the location of the snapshot in the output.
- GKE on Bare Metal: Follow the instructions in How to create a default snapshot to create a cluster snapshot and upload the cluster snapshot to a Cloud Storage bucket. These instructions also show you how to grant Google Cloud Support access to the bucket.
- Attached clusters: Use this script as a reference to create a snapshot.
Create a Google Cloud service account
Create a dedicated Google Cloud service account to be used by the support team. You do this by running the following command:
gcloud services enable connectgateway.googleapis.com --project=PROJECT_ID gcloud beta services identity create --service=connectgateway.googleapis.com --project=PROJECT_ID
...where:
- PROJECT_ID is the Project ID of the cluster snapshot's storage bucket.
Share access with Google Cloud Support
Grant read-only access of the bucket's storage object to the dedicated Google Cloud service account used by the support team for your case. You do this by running the following command:
GKE on Bare Metal release 1.15.0 and higher
To share access with Google Support, use the following command:
gsutil iam ch \
serviceAccount:service-PROJECT_NUMBER@gcp-sa-anthossupport.iam.gserviceaccount.com:roles/storage.objectViewer \
gs://BUCKET_NAME
Replace BUCKET_NAME
with the name of the bucket into which your snapshot was uploaded. By default,
the bucket name starts with anthos-snapshot-.
To revoke access to your bucket:
gsutil iam ch -d \
serviceAccount:service-PROJECT_NUMBER@gcp-sa-anthossupport.iam.gserviceaccount.com \
gs://BUCKET_NAME
GKE on VMware releasee 1.15.0 and higher
As described in Upload snapshots to a Cloud Storage bucket,
when you create a snapshot with the --share-with flag, it is automatically
shared with Google Support. No additional command is needed.
Manually share access to an uploaded snapshot
gsutil iam ch \
serviceAccount:service-PROJECT_NUMBER@gcp-sa-anthossupport.iam.gserviceaccount.com:roles/storage.legacyObjectReader \
gs://BUCKET_NAME/CLUSTER_NAME/SNAPSHOT_FILE_NAME
...where:
- PROJECT_NUMBER is your project's ID number, used to create an identifier for the support case service account. You can get this value in the Google Cloud console by visiting the IAM and Admin settings page.
- BUCKET_NAME/CLUSTER_NAME/SNAPSHOT_FILE_NAME is the snapshot location you noted when you created the cluster snapshot.
After the support case is closed, Google will disable the service account. If you want to revoke Google's permission to access your Cloud Storage bucket, run the following command:
gsutil iam ch -d \ serviceAccount:service-PROJECT_NUMBER@gcp-sa-anthossupport.iam.gserviceaccount.com \ gs://BUCKET_NAME/CLUSTER_NAME/SNAPSHOT_FILE_NAME