signingError after deploying node js code into google kubernetes engine

Question

I am using getSignedUrl to get a public authenticated url for a video. It is working fine in my local machine. But after deploying it in GKE, it is not working. I have checked a related question on SigningError with Firebase getSignedUrl(). But I don't see a service account for GKE to configure those roles. I have already assigned full storage and service enabled permissions to the cluster while creating the kubernetes cluester.

Do I have to add any more permissions to get rid of this error or should I do anything else.

Answer 1

This issue got fixed. I have followed this link https://cloud.google.com/kubernetes-engine/docs/tutorials/authenticating-to-cloud-platform#console to fix this issue.

We have to access the service account from the GKE. Google cloud service accounts are not directly accessed by the GKE. I have Followed the below steps to access google cloud service account from GKE.

1. We have to create service account with the required roles - Storage Object Creator and Service Account Token Creator.
2. Generate a key and save the json file in your app for one time.
3. Add volume, volumeMounts, GOOGLE_APPLICATION_CREDENTIALS env variable to deployment.yaml
4. Use kubectl create secret generic [key name] --from-file=key.json=PATH-TO-KEY-FILE.json
5. Deploy your manifest using kubectl apply -f deployment.yaml.

These steps will provide access to storage and service account which will fix the signingError.