K
Q

How can I use google cloud storage inside kubernetes?

11/14/2016

I'm using node js & am wanting to upload files to a bucket of mine. I've setup the secret:

NAME                         TYPE                                  DATA      AGE
cloudsql-oauth-credentials   Opaque                                1         5d
default-token-dv9kj          kubernetes.io/service-account-token   3         5d

The service_account does have access to my google cloud storage API as I've set that up already & tested it locally (on my own computer). I'm unsure how I can reference the location of the service account json file?!

Here is my volumes mount:

"volumes": [{
    "name": "cloudsql-oauth-credentials",
     "secret": {
         "secretName": "cloudsql-oauth-credentials"
     }
 }

Here is the code where I'm setting up the google-cloud storage variable:

var gcs = require('@google-cloud/storage')({
  projectId: 'projectID-38838',
  keyFilename: process.env.NODE_ENV == 'production' 
      ? JSON.parse(process.env.CREDENTIALS_JSON) // Parsing js doesn't work
      : '/Users/james/auth/projectID-38838.json' // This works locally
});
var bucket = gcs.bucket('bucket-name');

Now if I want to use this inside my docker container on kubernetes, I'll have to reference the json file location...But I don't know where it is?!

I've tried setting the Credentials file as an environment variable, but I cannot parse a js object to the keyFilename object. I have to parse a file location. I set the env variable up like so:

{           
 "name": "CREDENTIALS_JSON",
  "valueFrom": {
        "secretKeyRef": {
             "name": "cloudsql-oauth-credentials",
             "key": "credentials.json"
        }
   }
 },

How can I reference the location of the service_account json file inside my kubernetes pod?!

-- James111
google-app-engine
google-cloud-platform
google-cloud-storage
kubernetes

Similar Questions

Kubernetes: Map multiple Services to 1 external endpoint
go-mysql connection refused when connecting to kubernetes mysql service
kubernetes default gateway not routing to local network
Eureka and Kubernetes

1 Answer

11/14/2016

Look here in the section Using Secrets as Files from a Pod.

Basically, you need to specify two things when mounting a secret volume. The bit that you have + some extra info. There might be some redundancies with the key but this is what I do and it works.

When creating a secret, create it with a key:
kubectl create secret generic cloudsql-oauth-credentials --from-file=creds=path/to/json

Then

"volumes": [{
    "name": "cloudsql-oauth-credentials",
    "secret": {
        "secretName": "cloudsql-oauth-credentials"
        "items": [{
            "key": "creds",
            "path": "cloudsql-oauth-credentials.json"
        }]

    }
}

But then also specify where it goes in the container definiton (in Pod, Deployment, Replication Controller - whatever you use):

"spec": {
    "containers": [{
        "name": "mypod",
        "image": "myimage",
        "volumeMounts": [{
            "name": "cloudsql-oauth-credentials",
            "mountPath": "/etc/credentials",
            "readOnly": true
        }]
}],

The file will be mapped to /etc/credentials/cloudsql-oauth-credentials.json.

-- Robert Lacok
Source: StackOverflow