'Unable to use gsutil with workload identity feature for GKE cluster
I enabled the workload identity feature for my GKE cluster and it works fine.
I have no issues accessing gcloud commands with the right IAM permissions for the Google Cloud service account, however I am unsure how I could use gsutil commands inside a kubernetes pod when workload_identity is enabled.
Basically my question is, when workload_identity is enabled, is there a way to use gsutil ?
I see this error when use gsutil inside my pod
You are attempting to access protected data with no configured
credentials. Please visit https://cloud.google.com/console#/project
and sign up for an account, and then run the "gcloud auth login"
command to configure gsutil to use these credentials.
How can we allow gsutil use gcloud credentials ?
Solution 1:[1]
gsutil doesn't support workload identity. An alternative is:
gcloud alpha storage cp
Solution 2:[2]
When installing standalone, I didn't succeed to get gsutil to work with workload identity. However, if you install it as part of Google Cloud CLI package it worked like a charm.
As stated above
gcloud alpha storage cp
will do the work, however, upload is much slower if you are using multithreading (-m option).
Sources
This article follows the attribution requirements of Stack Overflow and is licensed under CC BY-SA 3.0.
Source: Stack Overflow
| Solution | Source |
|---|---|
| Solution 1 | Jeremy Caney |
| Solution 2 | SiniG |