GuidesAPI Reference
Log In

Common Examples

Suggest Edits

Storing GCP Service Account Credentials on the Management Kubernetes Cluster

You can store your GCP Service Account JSON on your management Kubernetes cluster. Doing so ensures that the credentials never leave your environment, but you are responsible for creating the Kubernetes Secret object.

First, create a namespace that will contain the secret. Prodvana will also run jobs in this namespace to manage your Google Cloud Run services.

kubectl create namespace NAMESPACE

Next, follow Kubernetes documentation for creating a Secret, storing the content of the Service Account JSON as the secret.

Update your Cloud Run Runtime config file to point to this new namespace and secret.

runtime:
  name: my-cloud-run-runtime
  googleCloudRun:
    proxyRuntime:
      runtime: KUBERNETES_RUNTIME
      containerOrchestration:
        k8s:
          namespace: NAMESPACE  # must match the namespace above
    serviceAccountJson:
      kubernetesSecret:
        secretName: SECRET_NAME  # Secret name you picked when you created the secret
          key: KEY_IN_SECRET  # Kubernetes Secrets are dictionaries with string keys. This is the key pointing to the AWS account secret
    project: GCP_PROJECT
    region: REGION

Updated 4 months ago