Organizations can choose to integrate with cloud-native services as part of the ArcGIS Enterprise on Kubernetes architecture. Benefits of integrating with cloud managed stores include an increase of reliability and resilience, a decrease of operational costs and cluster resource requirements, and an ease of administration and management of the associated workloads in comparison to system managed options.
Starting at the 11.2 release, ArcGIS Enterprise on Kubernetes organizations can use cloud-native services during organization configuration and backup store registration. You can integrate cloud object stores such as Amazon Simple Storage Service (S3), Azure Blob, and Google Cloud Storage as your organization's object store or backup store location.
An ArcGIS Enterprise on Kubernetes organization accesses different endpoints for various purposes. At the 11.2 release, the cloud object store is used for purposes outlined in System architecture and replaces the system managed object store StatefulSet. The cloud service object is then used to connect to the external object store when required by workloads within the cluster. Similarly, the cloud backup store uses a cloud service object to create and restore backups to the organization.
The following sections will explain how cloud providers and services are structured within the Admin API and how updating credentials is handled.
Cloud provider vs. cloud service
A cloud provider is the parent object that can contain several associated cloud services. The providers currently supported by ArcGIS Enterprise on Kubernetes are Amazon Web Services (AWS), Microsoft Azure, and Google Cloud Platform (GCP). A single cloud provider can have multiple cloud services as child objects, as shown below:
If you set the object store to use a cloud provider when configuring an organization, the associated credential type and keys are appended to the provider level resource. This allows for the use of a single credential for numerous cloud services, as shown below:
If a cloud service does not have specific credentials, it will default to use provider-level credentials, as shown below:
Updating credentials
When updating credentials at the cloud service level, only that service will be affected. When updating credentials at a cloud provider level, all services that depend on that credential will be updated accordingly. A notification will appear in ArcGIS Enterprise Manager to indicate that the global, provider level credential is being updated. This will cause a refresh of dependent cloud services to use the updated credentials.
The credential authentication type can also be updated from access key or storage account key to IAM role or managed identity, respectively. This allows for flexibility in the method by which the application authenticates with the configured cloud services.