New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Support for GCP application default credentials #612
Comments
In general, more principled solution for sharing a path between a host and container inside minikube would be nice. Besides .config I also share a code for some containers (e.g. to avoid restarting django in minikube every time code changes). |
Hey @kozikow what OS/Driver combination are you using? We automatically mount in /Users on OSX, but we need to implement something similar for other platforms still. |
There is addon being made to address this. |
I don't think these two issues are equivalent - unless I'm mistaken, this one is about application code inside a container having access to the application default credentials (e.g. to use google-cloud-go without any explicit initialization), whereas #925 is about k8s itself authorizing with ADC to pull containers from a user's private registry. Can we open this issue back up? It would be magical to be able to run containers that rely on inbuilt auth mechanisms in an environment (I believe other cloud environments have equivalents to Google Cloud's ADC) - at the moment the only thing I can think of is to have a yaml file for minikube with a secrets volume mount, and a yaml file for the actual deployment |
@drtriumph I can definitely see this could be useful. I have opened a new issue for this here: |
When running on GKE, "application default credentials" allow me to talk to various GCP services like stackdriver, bigquery, etc. without manually managing .p12 or .json credential keys.
When running locally, the only option to access those credentials locally is to use "gcloud auth login", that populates data in ~/.config/gcloud. Acquiring those credentials requires browser interaction, so it can't be performed in the container. The only option is to share my "host" ~/.config with ~/.config inside containers.
I have it working locally, but in very crude way:
If minikube would providing some way of avoiding the custom hostPath/mountPath it would be easier to use GCP services from minikube
The text was updated successfully, but these errors were encountered: