I'm using Elastic Heartbeat in a Kubernetes Cluster.
I'm trying to setup google cloud platform module to Heartbeat, the documentation say:
metricbeat.modules:
- module: googlecloud
metricsets:
- compute
region: "us-"
project_id: "your project id"
credentials_file_path: "your JSON credentials file path"
exclude_labels: false
period: 1m
I have my credentials.json file to access to GCP, however, I can't put this credentials into kubernetes pod with Heartbeat.
I tried with a kubernetes secret, but the module configuration does not allow this. Just allow put a path.
How I can put this credentials into my heartbeat pod?
Thanks!
Solved!
I created a secret with my credentials.json file and I mounted the secret as volumen in the pod.
Configuration:
secret.yaml:
apiVersion: v1
kind: Secret
metadata:
name: credentials-secret
type: Opaque
stringData:
sa_json: |
{
"type": "service_account",
"project_id": "erased",
"private_key_id": "erased",
"private_key": "-----BEGIN PRIVATE KEY-----erased-----END PRIVATE KEY-----\n",
"client_email": "erased",
"client_id": "erased",
"auth_uri": "https://accounts.google.com/o/oauth2/auth",
"token_uri": "https://oauth2.googleapis.com/token",
"auth_provider_x509_cert_url": "https://www.googleapis.com/oauth2/v1/certs",
"client_x509_cert_url": "https://www.googleapis.com/robot/v1/metadata/x509/xxxxx.iam.gserviceaccount.com"
}
deployment.yaml:
---
volumeMounts:
- mountPath: /etc/gcp
name: service-account-credentials-volume
readOnly: true
---
---
---
volumes:
- name: service-account-credentials-volume
secret:
secretName: credentials-secret
items:
- key: sa_json
path: credentials.json