Use Google Default Credentials Model #1
Description
Describe The problem
Generally when using Google Cloud Credentials Model if you set GOOGLE_APPLICATION_CREDENTIALS then the application will look for the credentials at that specified path, this allow for voluming in docker containers to be smoother as when you volume in something like Kubernetes the volume will overwrite any files in the volume directory, hence if you attempted to do something like this:
containers:
- name: gsuite-permission-sync
image: quay.io/google-cloud-tools/grafana-permission-sync:v1.0.6
imagePullPolicy: IfNotPresent
resources: {}
args:
- --configPath=/app/config/config.yaml
env:
- name: GRAFANA_PASS
valueFrom:
secretKeyRef:
name: grafana
key: admin-password
volumeMounts:
- name: gsuite-config
mountPath: "/app/config"
- name: gsuite-credentials
mountPath: /app/
subPath: credentials.json
readOnly: true
This will overwrite the binary found in /app, however this is the directory that the application looks for the credentials.json
Proposed Solution
If you used the GOOGLE_APPLICATION_CREDENTIALS way you could do something like this:
containers:
- name: gsuite-permission-sync
image: quay.io/google-cloud-tools/grafana-permission-sync:v1.0.6
imagePullPolicy: IfNotPresent
resources: {}
args:
- --configPath=/app/config/config.yaml
env:
- name: GRAFANA_PASS
valueFrom:
secretKeyRef:
name: grafana
key: admin-password
- name: GOOGLE_APPLICATION_CREDENTIALS
value: /app/credentials/credentials.json
volumeMounts:
- name: gsuite-config
mountPath: "/app/config"
- name: gsuite-credentials
mountPath: /app/credentials
subPath: credentials.json
readOnly: true
Which would look for the credentials in the folder /app/credentials specifically. I'm not sure if this is possible currently but just not documented but when I try the above I get the following error:
"msg":"unable to create google directory service","error":"open /app/credentials.json: no such file or directory"