0

When I have created a cluster with some nodes on GKE, which user does Google interpret my requests as coming from? E.g. if I open a console on one of the nodes and do an API call to the Stackdriver API. Which user does the API think I am?

$ kubectl exec -it my-app bash
$ rails c
irb(main):005:0* Google::Cloud::ErrorReporting.report \
                 Exception.new(msg: "from console")
=> nil
irb(main):006:0> {:msg=>"from console"} (Exception)
Google::Cloud::PermissionDeniedError: 7:User not authorized.

I thought I was Compute Engine default service account, but that can't be right? I gave that service account the Owner role to test and it still fails.

Do I need to install gcloud on my Docker images on GKE so that I can authenticate as an service account with the correct roles before I start rails?

Yuri Grinshteyn
  • 592
  • 2
  • 11
martins
  • 7,647
  • 6
  • 41
  • 67
  • Possible duplicate of [Stackdriver Error reporting for Ruby, running on GKE](https://stackoverflow.com/questions/54019706/stackdriver-error-reporting-for-ruby-running-on-gke) – Alioua Jan 03 '19 at 17:14

1 Answers1

0

I think your question is answered here: https://cloud.google.com/kubernetes-engine/docs/tutorials/authenticating-to-cloud-platform

You need to use the json key for the service account you'd like to use to access the API as a secret in your GKE cluster.

Yuri Grinshteyn
  • 592
  • 2
  • 11