From de9b4898a3e23e3382194c2454af983e03641657 Mon Sep 17 00:00:00 2001 From: Udit Gaurav Date: Thu, 4 Sep 2025 21:15:52 +0530 Subject: [PATCH] docs: [CHAOS-9841]: Update docs for GCP auth to use SA JSON Signed-off-by: Udit Gaurav --- .../gcp/gcp-sql-instance-failover.md | 24 ++++---- .../gcp/gcp-vm-disk-loss-by-label.md | 24 ++++---- .../chaos-faults/gcp/gcp-vm-disk-loss.md | 24 ++++---- .../gcp/gcp-vm-instance-stop-by-label.md | 24 ++++---- .../chaos-faults/gcp/gcp-vm-instance-stop.md | 24 ++++---- .../chaos-faults/gcp/gcp-vm-service-kill.md | 24 ++++---- .../prepare-secret-for-gcp.md | 57 ++++++++++--------- 7 files changed, 113 insertions(+), 88 deletions(-) diff --git a/docs/chaos-engineering/faults/chaos-faults/gcp/gcp-sql-instance-failover.md b/docs/chaos-engineering/faults/chaos-faults/gcp/gcp-sql-instance-failover.md index cf04bb9d09a..2c019a94ee9 100644 --- a/docs/chaos-engineering/faults/chaos-faults/gcp/gcp-sql-instance-failover.md +++ b/docs/chaos-engineering/faults/chaos-faults/gcp/gcp-sql-instance-failover.md @@ -28,16 +28,20 @@ metadata: name: cloud-secret type: Opaque stringData: - type: - project_id: - private_key_id: - private_key: - client_email: - client_id: - auth_uri: - token_uri: - auth_provider_x509_cert_url: - client_x509_cert_url: + gcp.auth: |- + { + "type": "service_account", + "project_id": "", + "private_key_id": "", + "private_key": "", + "client_email": "", + "client_id": "", + "auth_uri": "https://accounts.google.com/o/oauth2/auth", + "token_uri": "https://oauth2.googleapis.com/token", + "auth_provider_x509_cert_url": "https://www.googleapis.com/oauth2/v1/certs", + "client_x509_cert_url": "" + "universe_domain": "googleapis.com" + } ``` ### Mandatory tunables diff --git a/docs/chaos-engineering/faults/chaos-faults/gcp/gcp-vm-disk-loss-by-label.md b/docs/chaos-engineering/faults/chaos-faults/gcp/gcp-vm-disk-loss-by-label.md index 0606268df68..3d40c6efa79 100644 --- a/docs/chaos-engineering/faults/chaos-faults/gcp/gcp-vm-disk-loss-by-label.md +++ b/docs/chaos-engineering/faults/chaos-faults/gcp/gcp-vm-disk-loss-by-label.md @@ -28,16 +28,20 @@ metadata: name: cloud-secret type: Opaque stringData: - type: - project_id: - private_key_id: - private_key: - client_email: - client_id: - auth_uri: - token_uri: - auth_provider_x509_cert_url: - client_x509_cert_url: + gcp.auth: |- + { + "type": "service_account", + "project_id": "", + "private_key_id": "", + "private_key": "", + "client_email": "", + "client_id": "", + "auth_uri": "https://accounts.google.com/o/oauth2/auth", + "token_uri": "https://oauth2.googleapis.com/token", + "auth_provider_x509_cert_url": "https://www.googleapis.com/oauth2/v1/certs", + "client_x509_cert_url": "" + "universe_domain": "googleapis.com" + } ``` ### Mandatory tunables diff --git a/docs/chaos-engineering/faults/chaos-faults/gcp/gcp-vm-disk-loss.md b/docs/chaos-engineering/faults/chaos-faults/gcp/gcp-vm-disk-loss.md index 512ee52a344..f6b6c8b1183 100644 --- a/docs/chaos-engineering/faults/chaos-faults/gcp/gcp-vm-disk-loss.md +++ b/docs/chaos-engineering/faults/chaos-faults/gcp/gcp-vm-disk-loss.md @@ -29,16 +29,20 @@ metadata: name: cloud-secret type: Opaque stringData: - type: - project_id: - private_key_id: - private_key: - client_email: - client_id: - auth_uri: - token_uri: - auth_provider_x509_cert_url: - client_x509_cert_url: + gcp.auth: |- + { + "type": "service_account", + "project_id": "", + "private_key_id": "", + "private_key": "", + "client_email": "", + "client_id": "", + "auth_uri": "https://accounts.google.com/o/oauth2/auth", + "token_uri": "https://oauth2.googleapis.com/token", + "auth_provider_x509_cert_url": "https://www.googleapis.com/oauth2/v1/certs", + "client_x509_cert_url": "" + "universe_domain": "googleapis.com" + } ``` ## Fault tunables diff --git a/docs/chaos-engineering/faults/chaos-faults/gcp/gcp-vm-instance-stop-by-label.md b/docs/chaos-engineering/faults/chaos-faults/gcp/gcp-vm-instance-stop-by-label.md index 23ef251a0d0..cdca50acc40 100644 --- a/docs/chaos-engineering/faults/chaos-faults/gcp/gcp-vm-instance-stop-by-label.md +++ b/docs/chaos-engineering/faults/chaos-faults/gcp/gcp-vm-instance-stop-by-label.md @@ -26,16 +26,20 @@ metadata: name: cloud-secret type: Opaque stringData: - type: - project_id: - private_key_id: - private_key: - client_email: - client_id: - auth_uri: - token_uri: - auth_provider_x509_cert_url: - client_x509_cert_url: + gcp.auth: |- + { + "type": "service_account", + "project_id": "", + "private_key_id": "", + "private_key": "", + "client_email": "", + "client_id": "", + "auth_uri": "https://accounts.google.com/o/oauth2/auth", + "token_uri": "https://oauth2.googleapis.com/token", + "auth_provider_x509_cert_url": "https://www.googleapis.com/oauth2/v1/certs", + "client_x509_cert_url": "" + "universe_domain": "googleapis.com" + } ``` ### Mandatory tunables diff --git a/docs/chaos-engineering/faults/chaos-faults/gcp/gcp-vm-instance-stop.md b/docs/chaos-engineering/faults/chaos-faults/gcp/gcp-vm-instance-stop.md index 78969167594..63847049549 100644 --- a/docs/chaos-engineering/faults/chaos-faults/gcp/gcp-vm-instance-stop.md +++ b/docs/chaos-engineering/faults/chaos-faults/gcp/gcp-vm-instance-stop.md @@ -29,16 +29,20 @@ metadata: name: cloud-secret type: Opaque stringData: - type: - project_id: - private_key_id: - private_key: - client_email: - client_id: - auth_uri: - token_uri: - auth_provider_x509_cert_url: - client_x509_cert_url: + gcp.auth: |- + { + "type": "service_account", + "project_id": "", + "private_key_id": "", + "private_key": "", + "client_email": "", + "client_id": "", + "auth_uri": "https://accounts.google.com/o/oauth2/auth", + "token_uri": "https://oauth2.googleapis.com/token", + "auth_provider_x509_cert_url": "https://www.googleapis.com/oauth2/v1/certs", + "client_x509_cert_url": "" + "universe_domain": "googleapis.com" + } ``` ### Mandatory tunables diff --git a/docs/chaos-engineering/faults/chaos-faults/gcp/gcp-vm-service-kill.md b/docs/chaos-engineering/faults/chaos-faults/gcp/gcp-vm-service-kill.md index 6781810f9ab..dd46d5eb9da 100644 --- a/docs/chaos-engineering/faults/chaos-faults/gcp/gcp-vm-service-kill.md +++ b/docs/chaos-engineering/faults/chaos-faults/gcp/gcp-vm-service-kill.md @@ -35,16 +35,20 @@ metadata: name: cloud-secret type: Opaque stringData: - type: - project_id: - private_key_id: - private_key: - client_email: - client_id: - auth_uri: - token_uri: - auth_provider_x509_cert_url: - client_x509_cert_url: + gcp.auth: |- + { + "type": "service_account", + "project_id": "", + "private_key_id": "", + "private_key": "", + "client_email": "", + "client_id": "", + "auth_uri": "https://accounts.google.com/o/oauth2/auth", + "token_uri": "https://oauth2.googleapis.com/token", + "auth_provider_x509_cert_url": "https://www.googleapis.com/oauth2/v1/certs", + "client_x509_cert_url": "" + "universe_domain": "googleapis.com" + } ``` ### Mandatory tunables diff --git a/docs/chaos-engineering/faults/chaos-faults/gcp/security-configurations/prepare-secret-for-gcp.md b/docs/chaos-engineering/faults/chaos-faults/gcp/security-configurations/prepare-secret-for-gcp.md index 2ae4254bbb3..c73a11380c6 100644 --- a/docs/chaos-engineering/faults/chaos-faults/gcp/security-configurations/prepare-secret-for-gcp.md +++ b/docs/chaos-engineering/faults/chaos-faults/gcp/security-configurations/prepare-secret-for-gcp.md @@ -14,21 +14,21 @@ Create a service account to derive the authentication secret to run experiments 1. Set your current project. Replace <project-id> with your project ID: - ```bash +```bash gcloud config set project - ``` +``` 2. Create a new service account. Replace <service-account-name> with the name you want to give to the service account: - ```bash - gcloud iam service-accounts create - ``` +```bash + gcloud iam service-accounts create +``` ### Step 2: Generate new JSON key file 3. After you create a new service account, generate a new JSON key file. Replace <service-account-name> with the name of your service account and <key-file> with the path where you want to save the key file: ```bash - gcloud iam service-accounts keys create \ + gcloud iam service-accounts keys create \ --iam-account @.iam.gserviceaccount.com ``` @@ -37,15 +37,16 @@ The generated JSON key file will contain the fields you mentioned, and it looks ```json { "type": "service_account", - "project_id": "", - "private_key_id": "", - "private_key": "", - "client_email": "@.iam.gserviceaccount.com", - "client_id": "", + "project_id": "", + "private_key_id": "", + "private_key": "", + "client_email": "", + "client_id": "", "auth_uri": "https://accounts.google.com/o/oauth2/auth", "token_uri": "https://oauth2.googleapis.com/token", "auth_provider_x509_cert_url": "https://www.googleapis.com/oauth2/v1/certs", - "client_x509_cert_url": "https://www.googleapis.com/robot/v1/metadata/x509/%40.iam.gserviceaccount.com" + "client_x509_cert_url": "", + "universe_domain": "googleapis.com" } ``` @@ -59,25 +60,25 @@ The generated JSON key file will contain the fields you mentioned, and it looks name: cloud-secret type: Opaque stringData: - type: "" - project_id: "" - private_key_id: "" - private_key: - client_email: "" - client_id: "" - auth_uri: "" - token_uri: "" - auth_provider_x509_cert_url: "" - client_x509_cert_url: "" + gcp.auth: |- + { + "type": "service_account", + "project_id": "", + "private_key_id": "", + "private_key": "", + "client_email": "", + "client_id": "", + "auth_uri": "https://accounts.google.com/o/oauth2/auth", + "token_uri": "https://oauth2.googleapis.com/token", + "auth_provider_x509_cert_url": "https://www.googleapis.com/oauth2/v1/certs", + "client_x509_cert_url": "" + "universe_domain": "googleapis.com" + } ``` -:::warning -Newline (\n) characters within the private key are crucial. Avoid using double quotes to prevent their loss. -::: - ### Step 4: Apply the secret YAML in desired namespace 5. Apply the secret YAML file you created earlier in the chaos infrastructure namespace using the command: - ```bash +```bash kubectl apply -f secret.yaml -n - ``` +```