Skip to content
Percona Operators Documentation

Rate this page
Thanks for your feedback
Thank you! The feedback has been submitted.

Get free database assistance or contact our experts for personalized support.

Get help from Percona

Google Cloud storage

To use Google Cloud Storage (GCS) as an object store for backups, you need the following information:

  • a GCS bucket name. Refer to the GCS bucket naming guidelines for bucket name requirements
  • authentication keys for your service account in JSON format.

Note

You can still use the S3-compatible implementation of GCS with HMAC. Refer to the Amazon S3 storage setup section for steps.

However, we don’t recommend their usage due to a known issue in PBM and encourage you to switch to using service accounts keys after the upgrade to the Operator version 1.21.0.

Configuration steps

  1. Create a service account , if you don’t have it already.

  2. Add JSON service keys for the service account . As the result a service account key file in JSON format with the private key and related information is automatically downloaded on your machine.

  3. Encode your keys in base64 format. You need to encode the service account email and the private key. You can get these values from the service account key file you downloaded when you created the service account keys.

    The following command shows how to encode a private key. Replace the placeholder with your private key and service account email:

    echo -n "-----BEGIN PRIVATE KEY-----\nPRIVATE_KEY\n-----END PRIVATE KEY-----\n" | base64

  4. Create the Kubernetes Secret configuration file and specify the encoded GCS credentials within:

    gcp-cs-secret.yaml
    apiVersion: v1
kind: Secret
metadata:
  name: gcp-cs-secret-key
type: Opaque
data:
  GCS_CLIENT_EMAIL: base_64_encoded_email
  GCS_PRIVATE_KEY: base_64_encoded_key

  5. Create the Kubernetes Secrets object. Replace the <namespace> placeholder with your value:

    kubectl apply -f gcp-cs-secret.yaml -n <namespace>

  6. Configure the GCS storage in the deploy/cr.yaml Custom Resource. Specify the following information:

    • Set storages.NAME.type to gcs (substitute the NAME part with some arbitrary name you will later use to refer this storage when making backups and restores).

    • Specify the bucket name for the storages.NAME.gcs.bucket option

    • Specify the Secrets object name you created for the storages.NAME.gcs.credentialsSecret option

    backup:
  storages:
    gcp-cs:
      type: gcs
      gcs:
        bucket: GCS-BACKUP-BUCKET-NAME-HERE
        credentialsSecret: gcp-cs-secret

  7. Apply the configuration:

    kubectl apply -f deploy/cr.yaml -n <namespace>
Last update: February 25, 2026
Created: February 25, 2026