google-cloud-platformgoogle-cloud-storagegoogle-cloud-rungcsfuse

GCSFuse not finding default credentials when running a cloud run app docker locally


I am working on mounting a Cloud Storage Bucket to my Cloud Run App, using the example and code from the official tutorial https://cloud.google.com/run/docs/tutorials/network-filesystems-fuse

The application uses docker only (no cloudbuild.yaml)

The docker file compiles with out issue using command:

docker build --platform linux/amd64 -t fusemount .

I then start docker run with the following command

docker run --rm -p 8080:8080 -e PORT=8080 fusemount

and when run gcsfuse is triggered with both the directory endpoint and the bitbucket URL

gcsfuse --debug_gcs --debug_fuse gs://<my-bucket> /mnt/gs

But the connection fails:

022/12/11 13:54:35.325717 Start gcsfuse/0.41.9 (Go version go1.18.4) for app "" using mount point: /mnt/gcs 2022/12/11 13:54:35.618704 Opening GCS connection... 2022/12/11 13:57:26.708666 Failed to open connection: GetTokenSource: DefaultTokenSource: google: could not find default credentials. See https://developers.google.com/accounts/docs/application-default-credentials for more information.

I have already set up the application-defaut credentials with the following command:

gcloud auth application-default login

and I have a python based cloud function project that I have tested on the same local machine which has no problem accessing the same storage bucket with the same default login credentials.

What am I missing?


Solution

  • Google libraries search for ~/.config/gcloud when using APPLICATION_DEFAULT authorization approach. Your local Docker container doesn't contain this config when running locally.

    So, you might want to mount it when running a container:

    $ docker run --rm -v /home/$USER/.config/gcloud:/root/.config/gcloud -p 8080:8080 -e PORT=8080 fusemount
    

    Some notes:

    1. I'm not sure which OS you are using, so that replace /home/$USER with a real path to your home
    2. Same, I'm not sure your image has /root home, so make sure that path from 1. is mounted properly
    3. Make sure your local user is authorized to gcloud cli, as you mentioned, using this command gcloud auth application-default login

    Let me know, if this helped.