K
Q

How to authenticate with Google Cloud from a Rails application deployed in k8s

2/20/2020

We use the method in the first code block in java, but I don't see a corresponding method in the rails documentation, Only the second code block:

Storage storage = StorageOptions.getDefaultInstance().getService();

storage = Google::Cloud::Storage.new(
  project: "my-todo-project",
  keyfile: "/path/to/keyfile.json"
)

If we use an application specific service account in the kubernetes cluster. How do we configure the Rails application to work in the local developer environment and also run with a k8s cluster?

Also, I would prefer not to use a project_id and a keyfile to initialize, since I will have to manage multiple such JSON files during the initialization process in dev, qa, staging, production environments.

-- Rpj
google-cloud-platform
google-cloud-storage
kubernetes
ruby-on-rails

Similar Questions

Pods are not starting up after reboot. /run/flannel/subnet.env was not found but exists
Kubernates cluster instance
Fluentd error: “buffer space has too many data”
Is there a way to provide custom value other than ClientIP for sessionAffinity in kubernetes?

2 Answers

2/21/2020

Before moving your app to multiple environments, you should set up your deployment pipeline which will handle how your app is configured for different environments, including configuration of service accounts.

Below you can find two official google cloud documentations on how to do it, plus one example in gitlab, so you can follow what better suits you.

Continuous deployment to Google Kubernetes Engine using Jenkins

Continuous Delivery Pipelines with Spinnaker and Google Kubernetes Engine

Git Lab - continuous-deployment-on-kubernetes

Also, regarding the parameters of instantiation of the cloud storage object, as you can see on the same documentation you provided at your question, the project parameter is the identifier of your storage in the cloud, so if you do not set that your app will not be able to find it. For the Keyfile, it is what allow your service account to authenticate, so you can't make it work without it as well.

I hope This information helped you.

-- ralemos
Source: StackOverflow
2/21/2020

I would recommend initializing without arguments and using the default discovery of credentials as discussed in the Authentication guide.

When running on Google Cloud Platform (GCP), including Google Compute Engine (GCE), Google Kubernetes Engine (GKE), Google App Engine (GAE), Google Cloud Functions (GCF) and Cloud Run, the credentials will be discovered automatically.

For the local developer environment, we always use environment variables with initializing without arguments and the default discovery.

-- quartzmo
Source: StackOverflow