问题描述
我在 Kubernetes 集群中使用 Elastic Heartbeat。
我正在尝试将谷歌云平台模块设置为 Heartbeat,文档说:
metricbeat.modules:
- module: googlecloud
metricsets:
- compute
region: "us-"
project_id: "your project id"
credentials_file_path: "your JSON credentials file path"
exclude_labels: false
period: 1m
我有我的凭据.json 文件可以访问 GCP,但是,我无法将此凭据放入带有 Heartbeat 的 kubernetes pod。
我尝试使用 kubernetes secret,但模块配置不允许这样做。只允许放置路径。
如何将此凭据放入我的心跳 Pod?
谢谢!
解决方法
解决了!
我使用我的凭据.json 文件创建了一个机密,并将该机密作为卷挂载在 pod 中。
配置:
secret.yaml:
apiVersion: v1
kind: Secret
metadata:
name: credentials-secret
type: Opaque
stringData:
sa_json: |
{
"type": "service_account","project_id": "erased","private_key_id": "erased","private_key": "-----BEGIN PRIVATE KEY-----erased-----END PRIVATE KEY-----\n","client_email": "erased","client_id": "erased","auth_uri": "https://accounts.google.com/o/oauth2/auth","token_uri": "https://oauth2.googleapis.com/token","auth_provider_x509_cert_url": "https://www.googleapis.com/oauth2/v1/certs","client_x509_cert_url": "https://www.googleapis.com/robot/v1/metadata/x509/xxxxx.iam.gserviceaccount.com"
}
deployment.yaml:
---
volumeMounts:
- mountPath: /etc/gcp
name: service-account-credentials-volume
readOnly: true
---
---
---
volumes:
- name: service-account-credentials-volume
secret:
secretName: credentials-secret
items:
- key: sa_json
path: credentials.json