kuberneteskubernetes-podgo-cd

Copy file from pod to GCE bucket


I am using gocd for ci/cd. Result is tar archive. I need to copy resulting tar to GCE bucket.

I have gocd-agent docker image with included google sdk.

I know how to use gcloud with service account from local machine, but not from inside pod.

How to use service account assigned to pod with gcloud auth on pod?

Final goal is to use gsutil to copy above mentioned archive to bucket in same project.


Solution

  • My first thought would be to create Secret based on the service account, reference it in a pod yaml definiton to mount to some file and then run gcloud auth from the pod using that file. There's more info in Google cloud docs. Another option which is quite new is to use Workload Identitiy. Seems you'd need to configure GKE cluster to enable this option. And it's working for some versions of GKE.