I’m successfully using GCS with kubernetes and instance level oauth
permissions in a GKE cluster.
Note there are basically 3 ways you can authenticate with GCP resources;
- gcloud client.
- instance level authorisation.
- service account JSON file with minimal access.
For a kubernetes cluster the last option placed in a k8s secret or similar
mapped into the container is probably the best approach. You’ll need to set
an environment variable GOOGLE_APPLICATION_CREDENTIALS pointing to the path
in the container. I would suggest testing it locally first in a docker
container so you can easily isolate any issues. If you do on your dev
machine directly ensure you’re logged out as the sdk will iterate through
the various methods.
On Sat, Sep 1, 2018 at 20:34, Mehdi <mehdi.se...@gmail.com> wrote:
> Hello,
>
> I'm having the exact same issue and can't figure out why. Did you solve
> your problem and found a way to get past this?
>
> Thanks,
> Mehdi
>
>
> On Friday, 3 August 2018 19:34:54 UTC+2, AB wrote:
>>
>> We have a java application running in Kubernetes cluster deployment.
>> We're using Google Cloud Bucket as storage. We were using Java Files.move
>> method to move files from our Persistent Volume Claim (PVC) to the storage
>> bucket:
>>
>> import java.nio.file.Files;
>>
>> Files.move(source, target, StandardCopyOption.REPLACE_EXISTING)
>>
>> But we're getting poor write performance. So we tried exploring [Google
>> Cloud Storage API][1] to move files from our PVC to bucket.
>>
>> try {
>> log.info("before getService");
>>
>> Storage storage = StorageOptions.newBuilder()
>> .setCredentials(GoogleCredentials.create(aToken)).build()
>> .getService();
>>
>> // aToken is the access token of the service account
>>
>> log.info("after getService");
>> } catch (Exception e) {
>> log.error("Error while creating storage object - ", e);
>> }
>>
>> But only "before getService" is getting logged. And nothing happens after
>> that. No exception is thrown. The process gets stuck in getService()
>>
>> The same application works on local deployment with Google Storage
>> Bucket, but is not working on Kubernetes deployment.
>>
>> --
> You received this message because you are subscribed to the Google Groups
> "Kubernetes user discussion and Q&A" group.
> To unsubscribe from this group and stop receiving emails from it, send an
> email to kubernetes-users+unsubscr...@googlegroups.com.
> To post to this group, send email to kubernetes-users@googlegroups.com.
> Visit this group at https://groups.google.com/group/kubernetes-users.
> For more options, visit https://groups.google.com/d/optout.
>
--
- sent from my mobile
--
You received this message because you are subscribed to the Google Groups
"Kubernetes user discussion and Q&A" group.
To unsubscribe from this group and stop receiving emails from it, send an email
to kubernetes-users+unsubscr...@googlegroups.com.
To post to this group, send email to kubernetes-users@googlegroups.com.
Visit this group at https://groups.google.com/group/kubernetes-users.
For more options, visit https://groups.google.com/d/optout.
