Connect to Google Cloud Platform (GCP)
Integrate Kubiya with GCP using service account keys or runner-level authentication.
Connect to Google Cloud Platform (GCP)
Integrate Kubiya with Google Cloud Platform (GCP) to allow agents to manage resources and services within your GCP projects.
Authentication Methods
Kubiya supports two primary methods for authenticating agents with GCP:
-
Kubiya Secret: Store a GCP Service Account Key (JSON) as a Kubiya Secret. The tool or agent configuration must then reference this secret. Kubiya injects the key into the tool's environment (e.g., via the
GOOGLE_APPLICATION_CREDENTIALSenvironment variable pointing to a temporary file path containing the key). -
Runner Service Account (Workload Identity): If your Kubiya runner is hosted within GCP (e.g., GKE), configure Workload Identity to associate a Kubernetes service account (used by the runner pods) with a GCP service account. Tools executed by the runner will automatically inherit the permissions of the associated GCP service account without needing explicit secrets.
Using Runner Service Account / Workload Identity is generally recommended for improved security as it avoids handling long-lived service account keys.
Configuration Steps (Placeholder)
Instructions on how to configure each method will be added here.
- Using Kubiya Secret:
- Create GCP Service Account and Key.
- Create Kubiya Secret with the key content.
- Configure tools/agents to use the secret.
- Using Runner Service Account:
- Configure Workload Identity in GCP/GKE.
- Ensure runner pods use the correct Kubernetes service account.
- Tools automatically authenticate using the environment.
Assigning to Agents
Once configured (details depend on method), ensure the relevant tools or agents are set up to use the chosen GCP authentication mechanism.