0

做公司限制,我必须为不同的谷歌服务使用不同的服务帐户。

其中一个帐户用于 pubsub,第二个帐户用于 bigquery。

我已经获得了 pubsub 身份验证以与 spring 一起使用。

片段

    @Autowired
private ClientConfiguration clientConfiguration;
private Context context = new Context();
.
.
.
context.setClientConfiguration(clientConfiguration);
String projectId = clientConfiguration.getSubscriptionProjectDefault();
List<ReceivedMessage> receivedMessageList = getPubSubMessages(projectId, clientConfiguration.getSubscriptionNameDefault(), Integer.parseInt(clientConfiguration.getNumMaxOfMessages()));

为bigquery执行这些步骤时,密钥的路径是“/secret/secret_name”。当执行 URL 所说的操作时,我在文件中得到一个空指针异常。这是片段:

log.debug("PATH_BIG_QUERY_CREDENTIALS:"+System.getenv("PATH_BIG_QUERY_CREDENTIALS"));
String pathBigQueryCredentials = System.getenv("PATH_BIG_QUERY_CREDENTIALS");

File credentialsPath = new File(pathBigQueryCredentials);

FileInputStream serviceAccountStream = new FileInputStream(credentialsPath);
GoogleCredentials credentials = ServiceAccountCredentials.fromStream(serviceAccountStream);

BigQuery bigquery = BigQueryOptions.newBuilder().setCredentials(credentials).build().getService();

使用第二个服务帐户的正确方法是什么?这是不可商量的:(

4

1 回答 1

1

答案实际上是在 deployment.yaml

要挂载多个秘密,它需要如下:

---
# POD - API configuration (with Google Endpoints)
apiVersion: extensions/v1beta1
kind: Deployment
metadata:
  name: event-keeper-acl
spec:
  # Number of replicas
  replicas: 1
  template:
    metadata:
      labels:
        app: app_name
        tier: backend
    spec:
      containers:
        - name: app_name
          image: REGISTRY_HOSTNAME/PROJECT_ID/REPOSITORY_NAME:IMAGE_TAG
          imagePullPolicy: Always
          ports:
            - containerPort: 8080
          env:
            - name: GOOGLE_APPLICATION_CREDENTIALS
              value: "/secret/secret_name_1"
            - name: PATH_BIG_QUERY_CREDENTIALS
              value: "/secret/secret_name_2"
          volumeMounts:
            - name: service-secrets
              mountPath: /secret
              readOnly: true
          envFrom:
            - configMapRef:
                name: app-name-config-map
      volumes:
        - name: service-secrets
          projected:                  # <----- THIS ENABLES MULTIPLE SECRETS IN SAME MOUNT POINT
            sources:
            - secret:
                name: secret_name_1
            - secret:
                name: secret_name_2
于 2020-01-08T12:21:43.080 回答