Credentials
Credentials
Using static credentials
This section contains example Resource Definitions using static credentials for connecting to GKE clusters.
gke-static-credentials.yaml: use static credentials defined via environment variables. This format is for use with the Humanitec CLI .gke-static-credentials-cloudaccount.yaml: use static credentials defined via a Cloud Account . This format is for use with the Humanitec CLI .
Using temporary credentials
This section contains example Resource Definitions using temporary credentials for connecting to GKE clusters.
gke-temporary-credentials.yaml: use temporary credentials defined via a Cloud Account. This format is for use with the Humanitec CLIgke-temporary-credentials.tf: uses temporary credentials defined via a Cloud Account. This format is for use with the Humanitec Terraform provider
Resource Definitions
gke-static-credentials-cloudaccount.yaml
(
view on GitHub
)
:
# Connect to a GKE cluster using static credentials defined via a Cloud Account
apiVersion: entity.humanitec.io/v1b1
kind: Definition
metadata:
id: gke-static-credentials-cloudaccount
entity:
name: gke-static-credentials-cloudaccount
type: k8s-cluster
# The driver_account references a Cloud Account of type "gcp"
# which needs to be configured for your Organization.
driver_account: gcp-static-creds
driver_type: humanitec/k8s-cluster-gke
driver_inputs:
values:
loadbalancer: 35.10.10.10
name: demo-123
zone: europe-west2-a
project_id: my-gcp-project
gke-static-credentials.yaml
(
view on GitHub
)
:
# NOTE: Providing inline credentials as shown in this example is discouraged and will be deprecated.
# Using a Cloud Account is the recommended approach instead.
apiVersion: entity.humanitec.io/v1b1
kind: Definition
metadata:
id: gke-static-credentials
entity:
name: gke-static-credentials
type: k8s-cluster
driver_type: humanitec/k8s-cluster-gke
driver_inputs:
values:
loadbalancer: 35.10.10.10
name: demo-123
zone: europe-west2-a
project_id: my-gcp-project
secrets:
# The "credentials" data correspond to the content of the credentials.json
# that Google Cloud generates for a service account key
credentials:
type: service_account
project_id: my-gcp-project
# Example private_key_id: 48b483fbf1d6e80fb4ac1a4626eb5d8036e3520f
private_key_id: 48b483fbf1d6e80fb4ac1a4626eb5d8036e3520f
# Example private_key in one line: -----BEGIN PRIVATE KEY-----\\n...key...data...\\n...key...data...\\n...\\n-----END PRIVATE KEY-----\\n
private_key: my-private-key
# Example client_id: 206964217359046819490
client_id: "206964217359046819490"
client_email: [email protected]
auth_uri: https://accounts.google.com/o/oauth2/auth
token_uri: https://oauth2.googleapis.com/token
auth_provider_x509_cert_url: https://www.googleapis.com/oauth2/v1/certs
client_x509_cert_url: https://www.googleapis.com/robot/v1/metadata/x509/my-service-account%40my-gcp-project.iam.gserviceaccount.com
gke-temporary-credentials.yaml
(
view on GitHub
)
:
# Connect to a GKE cluster using temporary credentials defined via a Cloud Account
apiVersion: entity.humanitec.io/v1b1
kind: Definition
metadata:
id: gke-temporary-credentials
entity:
name: gke-temporary-credentials
type: k8s-cluster
# The driver_account references a Cloud Account of type "gcp-identity"
# which needs to be configured for your Organization.
driver_account: gcp-temporary-creds
driver_type: humanitec/k8s-cluster-gke
driver_inputs:
values:
loadbalancer: 35.10.10.10
name: demo-123
zone: europe-west2-a
project_id: my-gcp-project
gke-static-credentials-cloudaccount.tf
(
view on GitHub
)
:
resource "humanitec_resource_definition" "gke-static-credentials-cloudaccount" {
driver_type = "humanitec/k8s-cluster-gke"
id = "gke-static-credentials-cloudaccount"
name = "gke-static-credentials-cloudaccount"
type = "k8s-cluster"
driver_account = "gcp-static-creds"
driver_inputs = {
values_string = jsonencode({
"loadbalancer" = "35.10.10.10"
"name" = "demo-123"
"zone" = "europe-west2-a"
"project_id" = "my-gcp-project"
})
}
}
gke-static-credentials.tf
(
view on GitHub
)
:
resource "humanitec_resource_definition" "gke-static-credentials" {
driver_type = "humanitec/k8s-cluster-gke"
id = "gke-static-credentials"
name = "gke-static-credentials"
type = "k8s-cluster"
driver_inputs = {
values_string = jsonencode({
"loadbalancer" = "35.10.10.10"
"name" = "demo-123"
"zone" = "europe-west2-a"
"project_id" = "my-gcp-project"
})
secrets_string = jsonencode({
"credentials" = {
"type" = "service_account"
"project_id" = "my-gcp-project"
"private_key_id" = "48b483fbf1d6e80fb4ac1a4626eb5d8036e3520f"
"private_key" = "my-private-key"
"client_id" = "206964217359046819490"
"client_email" = "[email protected]"
"auth_uri" = "https://accounts.google.com/o/oauth2/auth"
"token_uri" = "https://oauth2.googleapis.com/token"
"auth_provider_x509_cert_url" = "https://www.googleapis.com/oauth2/v1/certs"
"client_x509_cert_url" = "https://www.googleapis.com/robot/v1/metadata/x509/my-service-account%40my-gcp-project.iam.gserviceaccount.com"
}
})
}
}
gke-temporary-credentials.tf
(
view on GitHub
)
:
resource "humanitec_resource_definition" "gke-temporary-credentials" {
driver_type = "humanitec/k8s-cluster-gke"
id = "gke-temporary-credentials"
name = "gke-temporary-credentials"
type = "k8s-cluster"
driver_account = "gcp-temporary-creds"
driver_inputs = {
values_string = jsonencode({
"loadbalancer" = "35.10.10.10"
"name" = "demo-123"
"zone" = "europe-west2-a"
"project_id" = "my-gcp-project"
})
}
}