Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

[Bug] Could not GCP Workload Identity enabled #3756

Open
2 tasks done
GurayCetin opened this issue Nov 29, 2024 · 0 comments
Open
2 tasks done

[Bug] Could not GCP Workload Identity enabled #3756

GurayCetin opened this issue Nov 29, 2024 · 0 comments
Labels
bug Something isn't working needs-triage

Comments

@GurayCetin
Copy link

Kubecost Helm Chart Version

2.4.3

Kubernetes Version

v1.30.5-gke.1443001

Kubernetes Platform

GKE

Description

I could not use workload identity enabled, it's asking for table name & private key in UI and also values.yaml without key row │ 6T00:00:00+0000): error retrieving CUD rates: GetFlexibleCUDRates: queryCUDAmountPayed: query error bigquery: constructing client: missing 'type' field in credentials │

values.yaml:

kubecostProductConfigs:
  cloudIntegrationJSON: |-
    {
      "gcp": [
        {
          "projectID": "billing-logs-6767",
          "billingDataDataset": "billing_ngshop"
        }
      ]
    }

UI is different asking for table name and private key (required)

I have added service account annotations as well with nodeSelector

nodeSelector:
  iam.gke.io/gke-metadata-server-enabled: "true"

serviceAccount:
  annotations:
    iam.gke.io/gcp-service-account: [email protected]

Also i think documentation is not up-to-date cause it's asking for project id & dataset but in UI is asking for table name additionally. So how can i manage to enable workload identity?

kubecostProductConfigs:
  cloudIntegrationJSON: |-
    {
      "gcp": [
        {
          "projectID": "my-project-id",
          "billingDataDataset": "detailedbilling.my-billing-dataset",
          "key": {
            "type": "service_account",
            "project_id": "my-project-id",
            "private_key_id": "my-private-key-id",
            "private_key": "my-pem-encoded-private-key",
            "client_email": "[email protected]",
            "client_id": "my-client-id",
            "auth_uri": "auth-uri",
            "token_uri": "token-uri",
            "auth_provider_x509_cert_url": "my-x509-provider-cert",
            "client_x509_cert_url": "my-x509-cert-url"
          }
        }
      ]
    }

Steps to reproduce

  1. using gke cluster and it's integration for dataset for billing and related helm release values.yaml for kubecost.

Expected behavior

enabling gcp integration with workload identity without keys or private key.

Impact

No response

Screenshots

No response

Logs

No response

Slack discussion

No response

Troubleshooting

  • I have read and followed the issue guidelines and this is a bug impacting only the Helm chart.
  • I have searched other issues in this repository and mine is not recorded.
@GurayCetin GurayCetin added bug Something isn't working needs-triage labels Nov 29, 2024
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
bug Something isn't working needs-triage
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
1 participant
@GurayCetin