From 65cd38c758a40d00723f41faf6d1af67a3e2e201 Mon Sep 17 00:00:00 2001
From: jsirianni <joe.sirianni@bluemedora.com>
Date: Mon, 31 Jan 2022 16:06:34 -0500
Subject: [PATCH] remove service account credentials from gke example

---
 examples/k8s/gke/README.md  | 20 +++++---------------
 examples/k8s/gke/agent.yaml |  6 ++----
 2 files changed, 7 insertions(+), 19 deletions(-)

diff --git a/examples/k8s/gke/README.md b/examples/k8s/gke/README.md
index a38999c5a..6a89104a1 100644
--- a/examples/k8s/gke/README.md
+++ b/examples/k8s/gke/README.md
@@ -8,29 +8,19 @@ API Server.
 
 1. Service account with permission to the Kubernetes API server
 2. Config map: Contains the Stanza configurations
-3. Credentials secret: Contains Google Cloud [service account credentials JSON file](https://cloud.google.com/docs/authentication/getting-started)
-4. Persistent volume: Allows the Stanza events agent database to persist between restarts and pod evictions
-5. Statefulset: A single replica statefulset for reading Kubernetes events
-6. Daemonset: For reading logs from each Kubernetes node
+3. Persistent volume: Allows the Stanza events agent database to persist between restarts and pod evictions
+4. Statefulset: A single replica statefulset for reading Kubernetes events
+5. Daemonset: For reading logs from each Kubernetes node
 
 ## Prerequisites
 
 1. Google Cloud account with Cloud Logging API enabled
-2. Google service account with [roles/logging.logWriter](https://cloud.google.com/logging/docs/access-control)
-3. Kubernetes Cluster with a storageclass capable of providing persistent volumes
-4. Edit `agent.yaml`'s configmap (at the top) to include:
+2. Google GKE cluster with [write permission to cloud logging](https://developers.google.com/identity/protocols/oauth2/scopes#logging)
+3. Edit `agent.yaml`'s configmap (at the top) to include:
   - Your cluster name: an arbitrary value that will be added to each log entry as a label
 
 ## Deployment Steps
 
-Create the credentials secret. Download your Google service accounts JSON key and name it `log_credentials.json`.
-**NOTE**: The file name `log_credentials.json` is required, as that will be the name of the key that is referenced 
-when mounting the secret.
-```bash
-kubectl create secret generic stanza-agent-credentials \
-  --from-file=log_credentials.json
-```
-
 Deploy Stanza
 ```bash
 kubectl apply -f agent.yaml
diff --git a/examples/k8s/gke/agent.yaml b/examples/k8s/gke/agent.yaml
index bd4268881..2ab0609a9 100644
--- a/examples/k8s/gke/agent.yaml
+++ b/examples/k8s/gke/agent.yaml
@@ -14,14 +14,12 @@ data:
       - /var/log/containers/stanza-*_*-*.log
       start_at: end
 
-    - credentials_file: /stanza_home/log_destinations/google_cloud/log_credentials.json
-      type: google_cloud_output
+    - type: google_cloud_output
   events.yaml: |2-
     pipeline:
     - type: kubernetes_events
       cluster_name: CHANGE_ME
-    - credentials_file: /stanza_home/log_destinations/google_cloud/log_credentials.json
-      type: google_cloud_output
+    - type: google_cloud_output
 ---
 kind: ServiceAccount
 apiVersion: v1