I am deploying java application at google kubernetes engine. Application correctly starts but fails when trying to request data. Exception is "DatastoreException, Missing or insufficient permissions". I created service account with "Owner" role and provided service account key to kubernetes. Here is how i apply kubernetes deployment:

# delete old secret
kubectl delete secret google-key --ignore-not-found
# file with key 
kubectl create secret generic google-key --from-file=key.json
kubectl apply -f prod-kubernetes.yml

Here is deployment config:

apiVersion: v1
kind: Service
metadata:
  annotations:
    service.alpha.kubernetes.io/tolerate-unready-endpoints: "true"
  name: user
  labels:
    app: user
spec:
  type: NodePort
  ports:
  - port: 8000
    name: user
    targetPort: 8000
    nodePort: 32756
  selector:
    app: user
---
apiVersion: extensions/v1beta1
kind: Deployment
metadata:
  name: userdeployment
spec:
  replicas: 1
  template:
    metadata:
      labels:
        app: user
    spec:
      volumes:
      - name: google-cloud-key
        secret:
          secretName: google-key
      containers:
      - name: usercontainer
        image: gcr.io/proj/user:v1
        imagePullPolicy: Always
        volumeMounts:
        - name: google-cloud-key
          mountPath: /var/secrets/google
        env:
        - name: GOOGLE_APPLICATION_CREDENTIALS
          value: /var/secrets/google/key.json
        ports:
        - containerPort: 8000

I wonder why it is not working? I have used this config in previous deployment and had success. UPD: I made sure that /var/secrets/google/key.json exist at pod. I print Files.exists(System.getEnv("GOOGLE_APPLICATION_CREDENTIALS")) to log. I also print content of this file - it seems not corrupted.