Mobile versionDie Anwendung gibt diesen Fehler aus, wenn sie versucht, LOG.info("Standardanmeldeinformationen: " + ServiceAccountCredentials.getApplicationDefault());
Code: Select all
"Your default credentials were not found. To set up Application Default Credentials for your environment, see https://cloud.google.com/docs/authentication/external/set-up-adc.","message":"Your default credentials were not found. To set up Application Default Credentials for your environment, see https://cloud.google.com/docs/authentication/external/set-up-adc.","name":"java.io.IOException","extendedStackTrace":[{"class":"com.google.auth.oauth2.DefaultCredentialsProvider","method":"getDefaultCredentials","file":"DefaultCredentialsProvider.java","line":127,"exact":false,"location":"com.google.auth.google-auth-library-oauth2-http-1.22.0.jar","version":"1.22.0"},{"class":"com.google.auth.oauth2.GoogleCredentials","method":"getApplicationDefault","file":"GoogleCredentials.java","line":152,"exact":false,"location":"com.google.auth.google-auth-library-oauth2-http-1.22.0.jar","version":"1.22.0"},
Ich habe die Schritte wie folgt befolgt Google Doc und richten Sie ein KSA und ein GSA ein, binden und kommentieren Sie sie wie beschrieben. Der GSA wird die Rolle eines Editors zugewiesen.
Auf dem Container, in dem mein Dienst ausgeführt wird, kann ich die entsprechende GSA als aktives Konto sehen, wenn ich gcloud auth list ausführe. Ich kann auch die folgenden Curl-Befehle erfolgreich auf dem Container ausführen.
Code: Select all
curl http://metadata.google.internal/computeMetadata/v1/ -H "Metadata-Flavor: Google"
Code: Select all
curl http://metadata.google.internal/computeMetadata/v1/instance/service-accounts/default/token -H "Metadata-Flavor: Google"
So sieht meine „deployment.yaml“ aus
Code: Select all
apiVersion: apps/v1
kind: Deployment
metadata:
labels:
app: my-app
name: my-app
namespace: dataservice
spec:
progressDeadlineSeconds: 600
replicas: 2
revisionHistoryLimit: 10
selector:
matchLabels:
app: my-app
strategy:
rollingUpdate:
maxSurge: 25%
maxUnavailable: 25%
type: RollingUpdate
template:
metadata:
annotations:
timestamp: "2025-01-01T00:00:00Z"
labels:
app: my-app
spec:
serviceAccountName: service-account-experimental
nodeSelector:
iam.gke.io/gke-metadata-server-enabled: "true"
initContainers:
- name: init
image: gcr.io/google.com/cloudsdktool/cloud-sdk:alpine
command:
- sh
- -c
- |
echo "Initializing configuration";
cp /keys/app/config.properties /etc/my-app/config.properties;
volumeMounts:
- mountPath: /keys/app/
name: my-app
readOnly: true
- name: key-storage
mountPath: /etc/app/
containers:
- image: my-image:latest
name: dataservice
livenessProbe:
httpGet:
path: /health/live
port: 8080
initialDelaySeconds: 60
periodSeconds: 10
failureThreshold: 2
timeoutSeconds: 5
readinessProbe:
httpGet:
path: /health/ready
port: 8080
initialDelaySeconds: 10
periodSeconds: 10
resources:
requests:
cpu: "1"
memory: "1Gi"
limits:
cpu: "2"
memory: "2Gi"
env:
- name: JAVA_OPTS
value: "-Xmx512m -Xms512m"
ports:
- containerPort: 8080
volumeMounts:
- mountPath: /etc/secrets
name: secrets
readOnly: true
- mountPath: /etc/config
name: config
readOnly: true
dnsPolicy: ClusterFirst
restartPolicy: Always
terminationGracePeriodSeconds: 30
volumes:
- name: secrets
secret:
secretName: my-secrets
- name: config
configMap:
name: my-config
- name: app-config
secret:
secretName: app-config
- name: key-storage
emptyDir: {}
Code: Select all
apiVersion: v1
kind: ServiceAccount
metadata:
name: service-account-experimental
namespace: dataservice
annotations:
iam.gke.io/gcp-service-account: gservice-account-test@my_project_id.iam.gserviceaccount.com
