diff --git a/site/content/en/docs/handbook/addons/gcp-auth.md b/site/content/en/docs/handbook/addons/gcp-auth.md index 46f71bbe1d..21b6d2fe62 100644 --- a/site/content/en/docs/handbook/addons/gcp-auth.md +++ b/site/content/en/docs/handbook/addons/gcp-auth.md @@ -5,9 +5,16 @@ weight: 1 date: 2020-07-15 --- -## Tutorial -If you have a containerized GCP app with a Kubernetes yaml, you can automatically add your credentials to all your deployed pods dynamically with this minikube addon. You just need to have a credentials file, which can be generated with `gcloud auth application-default login`. If you already have a json credentials file you want specify, use the GOOGLE_APPLICATION_CREDENTIALS environment variable. +The gcp-auth addon automatically and dynamically configures pods to use your credentials, allowing applications to access Google Cloud services as if they were running within Google Cloud. + +The addon normally uses the [Google Application Default Credentials](https://google.aip.dev/auth/4110) as configured with `gcloud auth application-default login`. If you already have a json credentials file you want specify, such as to use a service account, set the GOOGLE_APPLICATION_CREDENTIALS environment variable to point to that file. + +The addon normally uses the default gcloud project as configured with `gcloud config set project `. If you want to use a different project, set the `GOOGLE_CLOUD_PROJECT` environment variable to the desired project. + +The pods are configured with the `GOOGLE_APPLICATION_DEFAULTS` environment variable is set, which is automatically used by GCP client libraries, and the `GOOGLE_CLOUD_PROJECT` environment variable is set, as are several other historical environment variables. The addon also configures [registry pull secrets](https://kubernetes.io/docs/tasks/configure-pod-container/pull-image-private-registry/) to allow the cluster to access container images hosted in your project's [Artifact Registry](https://cloud.google.com/artifact-registry) and [Google Container Registry](https://cloud.google.com/container-registry). + +## Tutorial - Start a cluster: @@ -90,4 +97,4 @@ If you had already deployed pods to your minikube cluster before enabling the gc 1. If you use a Deployment to deploy your pods, just delete the existing pods with `kubectl delete pod `. The deployment will then automatically recreate the pod and it will have the correct credentials. -2. minikube can delete and recreate your pods for you, by running `minikube addons enable gcp-auth --refresh`. It does not matter if you have already enabled the addon or not. \ No newline at end of file +2. minikube can delete and recreate your pods for you, by running `minikube addons enable gcp-auth --refresh`. It does not matter if you have already enabled the addon or not.