Organizations can integrate with cloud services as part of the ArcGIS Enterprise on Kubernetes architecture. Benefits include increased reliability and resilience, decreased operational costs and cluster resource requirements, and ease of administration and management of the associated workloads compared to system managed options.
ArcGIS Enterprise on Kubernetes organizations can add cloud services when configuring a new organization and during backup store registration. Existing organizations can migrate to a cloud object store by creating a backup, undeploying the organization, configuring the organization with a cloud object store, and restoring from the backup. Migrating to a cloud relational store after organization configuration is not currently supported.
The following cloud storage services can be used for the organization's object store or backup store location:
- Amazon Simple Storage Service (S3)
- Azure Blob
- Google Cloud Storage
The following cloud database services can used for the organization's relational store:
- Amazon RDS for PostgreSQL
- Amazon Aurora PostgreSQL
- Azure Database for PostgreSQL - Flexible Server
- Google Cloud SQL for PostgreSQL
- Google Cloud AlloyDB for PostgreSQL
Note:
The PostgreSQL instance must be at version 15.x with the PostGIS extension enabled.
An ArcGIS Enterprise on Kubernetes organization accesses different endpoints for various purposes. The cloud object store and cloud relational store replace the system managed object store and relational store StatefulSets. For more information about what these stores are used for, see System architecture. The cloud service object is then used to connect to the external object store when required by workloads within the cluster. Similarly, the cloud backup store uses a cloud service object to create and restore backups to the organization.
The sections below describe how cloud providers and services are structured within the Admin API and how updating credentials is handled.
Cloud provider versus cloud service
A cloud provider is the parent object that can contain several associated cloud services. The providers currently supported by ArcGIS Enterprise on Kubernetes are Amazon Web Services (AWS), Microsoft Azure, and Google Cloud Platform (GCP). A single cloud provider can have multiple cloud services as child objects as shown in the following image:
Cloud object store credentials
If you set the object store to use a cloud provider when configuring an organization, the associated credential type and keys are appended to the provider-level resource. This allows for the use of a single credential for numerous cloud services as shown in the following image:
If a cloud service does not have specific credentials, it uses provider-level credentials by default, as shown in the following image:
When updating credentials at the cloud service level, only that service is affected. When updating credentials at the cloud provider level, all storage services that depend on that credential are updated accordingly. A notification appears in ArcGIS Enterprise Manager to indicate that the global, provider-level credential is being updated. This causes a refresh of dependent cloud storage services to use the updated credentials.
The credential authentication type can also be updated from access key or storage account key to IAM role or managed identity, respectively. This allows for flexibility in how the application authenticates with the configured cloud services.
Cloud relational store credentials
If you set the relational store to use a cloud database service, ArcGIS Enterprise on Kubernetes uses the database administrator credentials you provided to create the initial database connection as well as a variety of users, schemas, and databases that store hosted feature data and administrative records such as customization and configuration settings.
Updating credentials at the cloud service level does not impact other services, and updating credentials at the cloud provider level does not impact any associated cloud database services.