Open martinkaberg opened 2 years ago
So found out what the issue is GOOGLE_APPLICATION_CREDENTIALS environment variable is not available when mount executes gcsfuse. It would be nice if --key-file option supported workload identity, or if we could have another option for that file.
Now i created a simple work around. I renamed gcsfuse binary to _gcsfuse and wrote bash script called gcsfuse
cat gcsfuse
#!/bin/bash
export GOOGLE_APPLICATION_CREDENTIALS=/var/run/secrets/tokens/gcp-ksa/google-application-credentials.json
/usr/local/bin/_gcsfuse $@
Thanks for the helpful feedback here! We'll investigate the feasibility of using workload identity in gcsfuse.
Any fixes around it?
GOOGLE_APPLICATION_CREDENTIALS
Hi @amoghmishra-sl, as I understood, mount helper is running through the root, and the GOOGLE_APPLICATION_CREDENTIALS
environment variable is not set in root environment.
You can try to set this environment variable in the root mentioned like this and check if it is working or not.
Let me know if it works for you.
Thanks, Tulsi Shah.
@martinkaberg - Can you share details of the machine and how the workload identity is setup.
I am not able to get mount helper to work with federated workload identity. Just running gcsfuse works fine on the same system. Outputs below.
terminal stalls for a few minutes
then prints this message
On the same system i am able to mount using the gcsfuse command