在kubernetes的帮助下,我在GKE上运行日常工作.每天基于kubernetes中配置的cron,一个新容器旋转并尝试将一些数据插入到BigQuery中.
我们拥有的设置是我们在GCP中有两个不同的项目在一个项目中我们在其他项目中维护BigQuery中的数据我们所有的GKE都在运行所以当GKE必须与不同的项目资源交互时我的猜测是我必须设置一个环境名称为GOOGLE_APPLICATION_CREDENTIALS的变量,指向服务帐户json文件,但由于每天kubernetes正在启动一个新容器,我不知道应该如何以及在何处设置此变量.
提前致谢!
---
apiVersion: v1
kind: Secret
metadata:
name: my-data-service-account-credentials
type: Opaque
data:
sa_json: "bas64JsonServiceAccount"
---
apiVersion: v1
kind: Pod
metadata:
name: adtech-ads-apidata-el-adunit-pod
spec:
containers:
- name: adtech-ads-apidata-el-adunit-container
volumeMounts:
- name: service-account-credentials-volume
mountPath: "/etc/gcp"
readOnly: true
volumes:
- name: service-account-credentials-volume
secret:
secretName: my-data-service-account-credentials
items:
- key: sa_json
path: sa_credentials.json
apiVersion: batch/v2alpha1
kind: CronJob
metadata:
name: adtech-ads-apidata-el-adunit
spec:
schedule: "*/5 * * * *"
suspend: false
concurrencyPolicy: Replace
successfulJobsHistoryLimit: 10
failedJobsHistoryLimit: 10
jobTemplate:
spec:
template:
spec:
containers:
- …