How I can send a credentials json file to kubernetes pod?

2/11/2021

I'm using Elastic Heartbeat in a Kubernetes Cluster.

I'm trying to setup google cloud platform module to Heartbeat, the documentation say:

    metricbeat.modules:
    - module: googlecloud
      metricsets:
        - compute
      region: "us-"
      project_id: "your project id"
      credentials_file_path: "your JSON credentials file path"
      exclude_labels: false
      period: 1m

I have my credentials.json file to access to GCP, however, I can't put this credentials into kubernetes pod with Heartbeat.

I tried with a kubernetes secret, but the module configuration does not allow this. Just allow put a path.

How I can put this credentials into my heartbeat pod?

Thanks!

-- Alejandro Sotillo
elasticsearch
heartbeat
kubernetes

1 Answer

2/11/2021

Solved!

I created a secret with my credentials.json file and I mounted the secret as volumen in the pod.

Configuration:

secret.yaml:

apiVersion: v1
kind: Secret
metadata:
  name: credentials-secret
type: Opaque
stringData:
  sa_json: |
    {
      "type": "service_account",
      "project_id": "erased",
      "private_key_id": "erased",
      "private_key": "-----BEGIN PRIVATE KEY-----erased-----END PRIVATE KEY-----\n",
      "client_email": "erased",
      "client_id": "erased",
      "auth_uri": "https://accounts.google.com/o/oauth2/auth",
      "token_uri": "https://oauth2.googleapis.com/token",
      "auth_provider_x509_cert_url": "https://www.googleapis.com/oauth2/v1/certs",
      "client_x509_cert_url": "https://www.googleapis.com/robot/v1/metadata/x509/xxxxx.iam.gserviceaccount.com"
    }

deployment.yaml:

---
          volumeMounts:
          - mountPath: /etc/gcp
            name: service-account-credentials-volume
            readOnly: true
---
---
---
        volumes:
        - name: service-account-credentials-volume
          secret:
            secretName: credentials-secret
            items:
            - key: sa_json
              path: credentials.json
-- Alejandro Sotillo
Source: StackOverflow