Static Credentials
Using static credentials
This section contains example Resource Definitions using static credentials for connecting to GKE clusters.
gke-static-credentials.yaml
: use static credentials defined via environment variables. This format is for use with the Humanitec CLI.gke-static-credentials-cloudaccount.yaml
: use static credentials defined via a Cloud Account. This format is for use with the Humanitec CLI.
gke-static-credentials-cloudaccount.yaml
(view on GitHub)
:
# Connect to a GKE cluster using static credentials defined via a Cloud Account
apiVersion: entity.humanitec.io/v1b1
kind: Definition
metadata:
id: gke-static-credentials-cloudaccount
entity:
name: gke-static-credentials-cloudaccount
type: k8s-cluster
# The driver_account references a Cloud Account of type "gcp"
# which needs to be configured for your Organization.
driver_account: gcp-static-creds
driver_type: humanitec/k8s-cluster-gke
driver_inputs:
values:
loadbalancer: 35.10.10.10
name: demo-123
zone: europe-west2-a
project_id: my-gcp-project
gke-static-credentials.yaml
(view on GitHub)
:
# NOTE: Providing inline credentials as shown in this example is discouraged and will be deprecated.
# Using a Cloud Account is the recommended approach instead.
# Make sure all ${ENVIRONMENT_VARIABLES} are set when applying this Resource Definition.
apiVersion: entity.humanitec.io/v1b1
kind: Definition
metadata:
id: gke-static-credentials
entity:
name: gke-static-credentials
type: k8s-cluster
driver_type: humanitec/k8s-cluster-gke
driver_inputs:
values:
loadbalancer: 35.10.10.10
name: demo-123
zone: europe-west2-a
project_id: my-gcp-project
secrets:
# The "credentials" data correspond to the content of the credentials.json
# that Google Cloud generates for a service account key
credentials:
type: service_account
project_id: my-gcp-project
# Example private_key_id: 48b483fbf1d6e80fb4ac1a4626eb5d8036e3520f
private_key_id: ${PRIVATE_KEY_ID}
# Example private_key in one line: -----BEGIN PRIVATE KEY-----\\n...key...data...\\n...key...data...\\n...\\n-----END PRIVATE KEY-----\\n
private_key: ${PRIVATE_KEY}
# Example client_id: 206964217359046819490
client_id: ${CLIENT_ID}
client_email: [email protected]
auth_uri: https://accounts.google.com/o/oauth2/auth
token_uri: https://oauth2.googleapis.com/token
auth_provider_x509_cert_url: https://www.googleapis.com/oauth2/v1/certs
client_x509_cert_url: https://www.googleapis.com/robot/v1/metadata/x509/my-service-account%40my-gcp-project.iam.gserviceaccount.com