Skip to content

Files

Latest commit

 

History

History
31 lines (16 loc) · 2.31 KB

environments.md

File metadata and controls

31 lines (16 loc) · 2.31 KB

Running in Kubernetes Environments

GKE

Use the default instructions in the README. When Workload Identity is enabled, use the Workload Identity instructions.

Non-GKE Kubernetes Clusters

Bank of Anthos was designed to work on any Kubernetes cluster and has no GCP-specific requirements except for Google Cloud Operations instrumentation - the source code of Bank of Anthos will try to export logs, metrics, and traces to GCP by default. This requires authentication to a GCP project - in GKE, this authentication (GOOGLE_APPLICATION_CREDENTIALS) is inferred from the Node's Compute Engine instance service account (or, if Workload identity is enabled, from a separate service account). In a non GKE cluster, you have to mount those GCP credentials into your Pods directly.

If you want to turn off metrics/logs/traces export from a non-GKE cluster into Google Cloud Operations: set ENABLE_METRICS=false and ENABLE_TRACING=false in each Deployment YAML. No further action is needed, and the Bank of Anthos services will not look for GOOGLE_APPLICATION_CREDENTIALS since they don't need to send any telemetry to GCP.

If you want to export metrics/logs/traces from a non-GKE cluster into Google Cloud Operations:

  1. Create a Google Cloud project or navigate into one you've already created. Ensure you've created a Google Cloud Operations workspace for your project.

  2. Create a Service Account. Grant the Service Account the following roles: Monitoring Metric Writer, Cloud Trace Agent, Logs Writer.

  3. Download a Service Account key (JSON) to your local machine.

  4. Create a Kubernetes secret in your non-GKE cluster, using the key you downloaded:

kubectl create secret generic pubsub-key --from-file=key.json=PATH-TO-KEY-FILE.json
  1. Update your Deployment YAMLs to mount in that secret as your GOOGLE_APPLICATION_CREDENTIALS env variable. See this example for how to mount a secret as an env variable in a Pod.

  2. Deploy the app, where the ENABLE_METRICS and ENABLE_TRACING variables are both set to true.