Connect kubernetes pod to a GCS bucket using JS
To connect from a Kubernetes pod to a Google Cloud Storage (GCS) bucket using JavaScript, you need to follow these steps:
- Set up your GCP Service Account and Credentials:
- Create a service account in Google Cloud Platform (GCP) that has access to the GCS bucket.
- Download the service account key file in JSON format.
- Store the Service Account Key securely:
- Store the service account key as a Kubernetes Secret to keep it secure.
- You can use the following command to create a secret:
kubectl create secret generic gcs-key --from-file=key.json=/path/to/service-account-key.json
3. Configure your Kubernetes Pod to use the Secret:
- Modify your Kubernetes Pod configuration (e.g., in a Deployment YAML file) to mount the secret as a volume and set an environment variable for the GCS credentials.
apiVersion: v1
kind: Pod
metadata:
name: gcs-example-pod
spec:
containers:
- name: gcs-container
image: node:18 # Use a Node.js image
volumeMounts:
- name: gcs-key-volume
mountPath: /secrets
env:
- name: GOOGLE_APPLICATION_CREDENTIALS
value: "/secrets/key.json"
volumes:
- name: gcs-key-volume
secret:
secretName: gcs-key
In this YAML:
- The secret is mounted as a volume inside the container at
/secrets
. - The
GOOGLE_APPLICATION_CREDENTIALS
environment variable points to the location of the service account key.
4. Install the Google Cloud Storage client library:
- Inside your Node.js project, install the Google Cloud Storage library:
npm install @google-cloud/storage
5. Use the Google Cloud Storage client in your JavaScript code:
const { Storage } = require('@google-cloud/storage');
// Creates a client using Application Default Credentials
const storage = new Storage();
async function listBuckets() {
try {
const [buckets] = await storage.getBuckets();
console.log('Buckets:');
buckets.forEach(bucket => {
console.log(bucket.name);
});
} catch (err) {
console.error('ERROR:', err);
}
}
listBuckets();
- This script initializes the Google Cloud Storage client using the credentials specified in the
GOOGLE_APPLICATION_CREDENTIALS
environment variable. - It lists all the buckets that the service account has access to.
6. Deploy your application to Kubernetes:
- Apply your Kubernetes configuration to deploy the pod:bash
7. Access the GCS bucket:
- When the pod is running, it will be able to authenticate using the service account credentials and interact with GCS as specified in your JavaScript code.
This setup ensures secure access to GCS using a service account in a Kubernetes environment, following best practices for credentials management and secure access.