K
Q

Calling Google APIs from within k8s cluster

3/25/2020

According to "Finding credentials automatically" from Google Cloud:

...ADC (Application Default Credentials) is able to implicitly find the credentials as long as the GOOGLE_APPLICATION_CREDENTIALS environment variable is set, or as long as the application is running on Compute Engine, GKE, App Engine, or Cloud Functions.

Do I understand correctly that GOOGLE_APPLICATION_CREDENTIALS does not need to be present, if I want to call Google Cloud APIs in current Google Cloud project?

Let's say I'm in a container in a pod, what can I do from within acontainer to test that calling Google Cloud APIs just work™?

-- gmile
google-api
google-cloud-platform
google-oauth
kubernetes

Similar Questions

Configuring Inbound security rules of Azure Load Balancer
Where does k8s master server resides?
is there any limit to create ingress gateways
Error while starting POD in a newly created kubernetes cluster (ContainerCreating)

1 Answer

3/25/2020

Check out https://cloud.google.com/kubernetes-engine/docs/how-to/workload-identity for how to up permissions for your pods. You have to do some mapping a so Google knows which pods get which perks, but after that it’s auto-magic as you mentioned. Otherwise calls will use the node-level google permissions which are generally minimal.

-- coderanger
Source: StackOverflow