I'm setting up a new K8S Cluster (1.13.7-gke.8) on GKE and I want the Google cloud logging API to report properly namespace and instance names.
This is executed in a new GKE cluster with workload-identity enabled.
I started workload container to test the access to metadata service and these are the results:
kubectl run -it --generator=run-pod/v1 --image google/cloud-sdk --namespace prod --rm workload-identity-testAnd from the container after executing:
curl "http://metadata.google.internal/computeMetadata/v1/instance/attributes/" -H "Metadata-Flavor: Google"I expect the output of cluster-name, container-name, and namespace-id, but the actual output is only cluster-name.
I was getting the same but when I ran the following the metadata showed up:
gcloud beta container node-pools create [NODEPOOL_NAME] \
--cluster=[CLUSTER_NAME] \
--workload-metadata-from-node=EXPOSEDHowever, you will only get cluster-name from the metadada. For example,
root@workload-identity-test:/# curl "http://metadata.google.internal/computeMetadata/v1/instance/attributes/" -H "Metadata-Flavor: Google"
cluster-location
cluster-name
cluster-uid
configure-sh
created-by
disable-legacy-endpoints
enable-oslogin
gci-ensure-gke-docker
gci-update-strategy
google-compute-enable-pcid
instance-template
kube-env
kube-labels
kubelet-config
user-dataIf you are looking at getting namespaces and containers, I suggest you look at talking directly to the Kubernetes API which essentially what the 'Workloads' tab on GKE does. I'm not really sure what you are trying to do with the 'Google cloud logging API' but maybe you can elaborate on a different question.