K
Q

environment variables in Docker images in Kubernetes Cluster

1/30/2019

I'm working on some GCP apps which are dockerized in a Kubernetes cluster in GCP (I'm new to Docker and Kubernetes). In order to access some of the GCP services, the environment variable GOOGLE_APPLICATION_CREDENTIALS needs to point to a credentials file.
Should the environment variable be set and that file included in:
- each of the Docker images?
- the Kubernetes cluster?

GCP specific stuff
This is the actual error: com.google.api.gax.rpc.PermissionDeniedException: io.grpc.StatusRuntimeException: PERMISSION_DENIED: Request had insufficient authentication scopes.

-Should the environment variable be set and that file included in:
- each of the Compute Engine instances? - the main GCP console?

And, most importantly, HOW? :)

-- CCC
docker
google-cloud-platform
google-cloud-pubsub
google-kubernetes-engine
kubernetes

Similar Questions

OpenShift - List serviceaccounts with privileged scc
Kubernetes on GKE how to write data on PVC with readonlymany mode
How can i change a service running on one port number, now i want to run another service on same old port number
Rancher Cluster `cloud_provider` YAML: How to use Active Directory Domain Credentials (i.e. user name with back slash) in YAML?
Invalid resource manager ID in primary checkpoint record

1 Answer

1/30/2019

You'll need to create a service account (IAM & Admin > Service Accounts), generate a key for it in JSON format and then give it the needed permissions (IAM & Admin > IAM). If your containers need access to this, it's best practice to add it as a secret in kubernetes and mount it in your containers. Then set the environment variable to point to the secret which you've mounted:

export GOOGLE_APPLICATION_CREDENTIALS="[PATH_TO_SECRET]"

This page should get you going: https://cloud.google.com/kubernetes-engine/docs/tutorials/authenticating-to-cloud-platform#step_4_import_credentials_as_a_secret

-- Tony
Source: StackOverflow