remove service account credentials from gke example

observIQ · Jan 31, 2022 · 65cd38c · 65cd38c
1 parent c21d300
commit 65cd38c
Show file tree

Hide file tree

Showing 2 changed files with 7 additions and 19 deletions.
diff --git a/examples/k8s/gke/README.md b/examples/k8s/gke/README.md
@@ -8,29 +8,19 @@ API Server.
 
 1. Service account with permission to the Kubernetes API server
 2. Config map: Contains the Stanza configurations
-3. Credentials secret: Contains Google Cloud [service account credentials JSON file](https://cloud.google.com/docs/authentication/getting-started)
-4. Persistent volume: Allows the Stanza events agent database to persist between restarts and pod evictions
-5. Statefulset: A single replica statefulset for reading Kubernetes events
-6. Daemonset: For reading logs from each Kubernetes node
+3. Persistent volume: Allows the Stanza events agent database to persist between restarts and pod evictions
+4. Statefulset: A single replica statefulset for reading Kubernetes events
+5. Daemonset: For reading logs from each Kubernetes node
 
 ## Prerequisites
 
 1. Google Cloud account with Cloud Logging API enabled
-2. Google service account with [roles/logging.logWriter](https://cloud.google.com/logging/docs/access-control)
-3. Kubernetes Cluster with a storageclass capable of providing persistent volumes
-4. Edit `agent.yaml`'s configmap (at the top) to include:
+2. Google GKE cluster with [write permission to cloud logging](https://developers.google.com/identity/protocols/oauth2/scopes#logging)
+3. Edit `agent.yaml`'s configmap (at the top) to include:
   - Your cluster name: an arbitrary value that will be added to each log entry as a label
 
 ## Deployment Steps
 
-Create the credentials secret. Download your Google service accounts JSON key and name it `log_credentials.json`.
-**NOTE**: The file name `log_credentials.json` is required, as that will be the name of the key that is referenced 
-when mounting the secret.
-```bash
-kubectl create secret generic stanza-agent-credentials \
-  --from-file=log_credentials.json
-```
-
 Deploy Stanza
 ```bash
 kubectl apply -f agent.yaml

diff --git a/examples/k8s/gke/agent.yaml b/examples/k8s/gke/agent.yaml
@@ -14,14 +14,12 @@ data:
       - /var/log/containers/stanza-*_*-*.log
       start_at: end
 
-    - credentials_file: /stanza_home/log_destinations/google_cloud/log_credentials.json
-      type: google_cloud_output
+    - type: google_cloud_output
   events.yaml: |2-
     pipeline:
     - type: kubernetes_events
       cluster_name: CHANGE_ME
-    - credentials_file: /stanza_home/log_destinations/google_cloud/log_credentials.json
-      type: google_cloud_output
+    - type: google_cloud_output
 ---
 kind: ServiceAccount
 apiVersion: v1