This message was deleted.
# generals
sparse-intern-71089
09/09/2019, 4:04 PMThis message was deleted.
b
busy-umbrella-36067
09/09/2019, 4:06 PMI think you have to wrap all the properties you need which are outputs inside of a
pulumi.allc
cool-egg-852
09/09/2019, 4:06 PM Copy code
const gcpCredentials = new k8s.core.v1.Secret('gcp-credentials', {
metadata: {
namespace: namespace.metadata.name,
labels: config.appLabels
},
type: 'Opaque',
stringData: {
'gcp-credentials.json': serviceAccount.key.privateKey.apply(x => Buffer.from(x, 'base64').toString('utf8'))
}
});cool-egg-852
09/09/2019, 4:07 PMThis is what we do in our projects
b
best-xylophone-83824
09/09/2019, 4:07 PMthat is just a key, not the whole json, right?
c
cool-egg-852
09/09/2019, 4:07 PMIt’s the entire GOOGLE_APPLICATION_CREDENTIALS file
cool-egg-852
09/09/2019, 4:08 PMSo we mount this secret in our pods, and use an env
GOOGLE_APPLICATION_CREDENTIALSb
best-xylophone-83824
09/09/2019, 4:10 PM@busy-umbrella-36067, if I set whole resource as stack output, it comes back as a plain JSON , so they already have a generic code which does all the promise resolution, I'll try to find it
best-xylophone-83824
09/09/2019, 4:10 PM@cool-egg-852, thanks, I'll check, but I recall there were problems with GOOGLE_APPLICATION_CREDENTIALS in a ruby library project is using
best-xylophone-83824
09/09/2019, 4:10 PMworth a shot nevertheless
best-xylophone-83824
09/09/2019, 4:40 PM@cool-egg-852,you were right, worked!
best-xylophone-83824
09/09/2019, 4:41 PMI was looking at .priavateKey in the stack output and though it is a whole .Key . got confused by the fact that inside that privateKey there is another
private_keyc
cool-egg-852
09/09/2019, 4:45 PMAh, yeah, it is confusing.
3 Views