Use the default instructions in the README. When Workload Identity is enabled, use the Workload Identity instructions.
Bank of Anthos was designed to work on any Kubernetes cluster and has no GCP-specific requirements except for Google Cloud Operations instrumentation - the source code of Bank of Anthos will try to export logs, metrics, and traces to GCP by default. This requires authentication to a GCP project - in GKE, this authentication (GOOGLE_APPLICATION_CREDENTIALS) is inferred from the Node's Compute Engine instance service account (or, if Workload identity is enabled, from a separate service account). In a non GKE cluster, you have to mount those GCP credentials into your Pods directly.
If you want to turn off metrics/logs/traces export from a non-GKE cluster into Google Cloud Operations: set ENABLE_METRICS=false and ENABLE_TRACING=false in each Deployment YAML. No further action is needed, and the Bank of Anthos services will not look for GOOGLE_APPLICATION_CREDENTIALS since they don't need to send any telemetry to GCP.
If you want to export metrics/logs/traces from a non-GKE cluster into Google Cloud Operations:
-
Create a Google Cloud project or navigate into one you've already created. Ensure you've created a Google Cloud Operations workspace for your project.
-
Create a Service Account. Grant the Service Account the following roles:
Monitoring Metric Writer,Cloud Trace Agent,Logs Writer. -
Download a Service Account key (JSON) to your local machine.
-
Create a Kubernetes secret in your non-GKE cluster, using the key you downloaded:
kubectl create secret generic pubsub-key --from-file=key.json=PATH-TO-KEY-FILE.json
-
Update your Deployment YAMLs to mount in that secret as your
GOOGLE_APPLICATION_CREDENTIALSenv variable. See this example for how to mount a secret as an env variable in a Pod. -
Deploy the app, where the
ENABLE_METRICSandENABLE_TRACINGvariables are both set totrue.