Common Examples
Storing GCP Service Account Credentials on the Management Kubernetes Cluster
You can store your GCP Service Account JSON on your management Kubernetes cluster. Doing so ensures that the credentials never leave your environment, but you are responsible for creating the Kubernetes Secret object.
First, create a namespace that will contain the secret. Prodvana will also run jobs in this namespace to manage your Google Cloud Run services.
kubectl create namespace NAMESPACE
Next, follow Kubernetes documentation for creating a Secret, storing the content of the Service Account JSON as the secret.
Update your Cloud Run Runtime config file to point to this new namespace and secret.
runtime:
name: my-cloud-run-runtime
googleCloudRun:
proxyRuntime:
runtime: KUBERNETES_RUNTIME
containerOrchestration:
k8s:
namespace: NAMESPACE # must match the namespace above
serviceAccountJson:
kubernetesSecret:
secretName: SECRET_NAME # Secret name you picked when you created the secret
key: KEY_IN_SECRET # Kubernetes Secrets are dictionaries with string keys. This is the key pointing to the AWS account secret
project: GCP_PROJECT
region: REGION
Updated 9 months ago