Services accounts secret

The Services Accounts Secret represent service accounts of the google cloud platform. They were embedded in kubernetes "secrets" to be able to be used in the different jobs, cronJobs and services.

Creation

Service accounts must be created by an administrator. Steps :

Create the service account from the google cloud platform.
Generate a json key from it.
Create the kubernetes secret using the following command :

kubectl create secret generic <name-of-the-secret> --from-file=./name-of-the-secret.json --namespace deploy

**The name of the service account and the json file must be the same. Ex:**

kubectl create secret generic svc-account --from-file=svc-account.json

Add the "secret" in the desired group (s) and synchronize them with the database. more informations

Usage

The service account must be defined in manifest.json when creating a job or service. The environment var "GOOGLE_APPLICATION_CREDENTIALS" is automatically set to use the corresponding service account in pods deployed.