add workload identity docs #223
Conversation
jennybc
left a comment
There was a problem hiding this comment.
Thanks very much for this! I made a few comments inline.
Once we resolve those conversations and this is "done", I will do one round of copy edits and do stuff like "one sentence per line", FYI. And then I'll merge it.
vignettes/non-interactive-auth.Rmd
Outdated
| iam.gke.io/gcp-service-account=my-service-key@my-project.iam.gserviceaccount.com | ||
| ``` | ||
|
|
||
| This key will now be available to add to pods within the cluster. For Airflow, you can pass them in using the `GKEPodOperator(...., namespace='my-namespace', service_account_name='bq-service-account')` |
There was a problem hiding this comment.
Is the call to GKEPodOperator() R code? If so, can you add namespace qualification, e.g. pkg::fcn()?
There was a problem hiding this comment.
It is not, its Airflow code and now I look its recently updated to GKEStartPodOperator - I will update the example with a link https://github.com/GoogleCloudPlatform/python-docs-samples/blob/HEAD/composer/workflows/gke_operator.py
| # code within the Docker container | ||
|
|
||
| options(gargle.gce.use_ip = TRUE) | ||
| gargle::credentials_gce("[email protected]") |
There was a problem hiding this comment.
This could be a call to PKG_auth(service_account = "[email protected]"), yeah? If the PKG package is using gargle in the standard way, then I think this should "just work" and is using higher-level, more user-facing functions.
There was a problem hiding this comment.
Yes, I'm stuck a bit with my "old" way to be sure which auth method is used, but the preferred way you specify should be encouraged
|
@MarkEdmondson1234 So do you consider this done and I am free to make more cosmetic / stylistic changes and merge? |
|
Yes please do |
Closes #197, relates to #222