Kubernetes plugin - Service account authorization in Google Cloud

[Jonas Lindström]

Hello,

I am trying to use the Kubernetes plugin to start Jenkins agents in Google Kubernetes Engine. For server to server applications, Google recommends that you create a GCP service account and then generate a key file (JSON format) for this service account. The key file can then be used to generate short-lived tokens for kubectl.

https://cloud.google.com/docs/authentication/production

However, I have been unable to figure out from the documentation how to use this method of authentication with the Kubernetes plugin. I am using gcloud and kubectl commands to deploy applications to Google Kubernetes Engine, so I know that the service account itself has sufficient permissions. (Note that this is a GCP service account, not a kubectl serviceaccount.)

I can retrieve the access token for a service account with 

gcloud auth application-default print-access-token

but this token is short-lived and meant for debugging, so it's not very usable.

[Carlos Sanchez]

the right way for Kubernetes apps is to create a ServiceAccount

https://cloud.google.com/solutions/jenkins-on-kubernetes-engine

https://cloud.google.com/solutions/jenkins-on-kubernetes-engine-tutorial

https://github.com/jenkinsci/kubernetes-plugin#running-in-google-container-engine-gke

--
You received this message because you are subscribed to the Google Groups "Jenkins Users" group.
To unsubscribe from this group and stop receiving emails from it, send an email to jenkinsci-use...@googlegroups.com.
To view this discussion on the web visit https://groups.google.com/d/msgid/jenkinsci-users/8bc468cf-28aa-43e4-9504-435fc00b8691%40googlegroups.com.
For more options, visit https://groups.google.com/d/optout.