Organizations can integrate with cloud services as part of the ArcGIS Enterprise on Kubernetes architecture. Benefits include increased reliability and resilience, decreased operational costs and cluster resource requirements, and an ease of administration and management of the associated workloads compared to system managed options.
ArcGIS Enterprise on Kubernetes organizations can add cloud services when configuring a new organization and during backup store registration. Existing organizations can migrate to a cloud object store by creating a backup, undeploying, configuring the organization with a cloud object store, and restoring from the backup. Migrating to a cloud relational store after organization configuration is not currently supported.
The following cloud storage services can be used for the organization's object store or backup store location:
- Amazon Simple Storage Service (S3)
- Azure Blob
- Google Cloud Storage
The following cloud database services can used for the organization's relational store:
- Amazon RDS for PostgreSQL
- Amazon Aurora for PostgreSQL
- Azure Database for PostgreSQL - Flexible Server
- Google Cloud SQL for PostgreSQL
- Google Cloud AlloyDB for PostgreSQL
Note:
The PostgreSQL instance must be at version 15.x with the PostGIS extension enabled.
An ArcGIS Enterprise on Kubernetes organization accesses different endpoints for various purposes. The cloud object store and cloud relational store replace the system managed object store and relational store StatefulSets. For more information on what these stores are used for, see System architecture. The cloud service object is then used to connect to the external object store when required by workloads within the cluster. Similarly, the cloud backup store uses a cloud service object to create and restore backups to the organization.
The following sections explain how cloud providers and services are structured within the Admin API and how updating credentials is handled.
Cloud provider vs. cloud service
A cloud provider is the parent object that can contain several associated cloud services. The providers currently supported by ArcGIS Enterprise on Kubernetes are Amazon Web Services (AWS), Microsoft Azure, and Google Cloud Platform (GCP). A single cloud provider can have multiple cloud services as child objects, as shown below:
Cloud object store credentials
If you set the object store to use a cloud provider when configuring an organization, the associated credential type and keys are appended to the provider-level resource. This allows for the use of a single credential for numerous cloud services, as shown below:
If a cloud service does not have specific credentials, it will default to use provider-level credentials, as shown below:
When updating credentials at the cloud service level, only that service will be affected. When updating credentials at a cloud provider level, all storage services that depend on that credential will be updated accordingly. A notification will appear in ArcGIS Enterprise Manager to indicate that the global, provider-level credential is being updated. This will cause a refresh of dependent cloud storage services to use the updated credentials.
The credential authentication type can also be updated from access key or storage account key to IAM role or managed identity, respectively. This allows for flexibility in the method by which the application authenticates with the configured cloud services.
Cloud relational store credentials
If you set the relational store to use a cloud database service, ArcGIS Enterprise on Kubernetes will use the database administrator credentials you provided to create the initial database connection as well as a variety of users, schemas, and databases that store hosted feature data and administrative records such as customization and configuration settings.
Updating credentials at the cloud service level will not impact other services, and updating credentials at the cloud provider level will not impact any associated cloud database services.