1

I would like to pass my Google Cloud Platform's service account JSON credentials file to a docker container so that the container can access a cloud storage bucket. So far I tried to pass the file as an environment parameter on the run command like this:

  • Using the --env flag: docker run -p 8501:8501 --env GOOGLE_APPLICATION_CREDENTIALS=/Users/gcp_credentials.json" -t -i image_name
  • Using the -e flag and even exporting the same env variable in the command line: docker run -p 8501:8501 -e GOOGLE_APPLICATION_CREDENTIALS=/Users/gcp_credentials.json" -t -i image_name

But nothing worked, and I always get the following error when running the docker container:

W external/org_tensorflow/tensorflow/core/platform/cloud/google_auth_provider.cc:184] All attempts to get a Google authentication bearer token failed, returning an empty token. Retrieving token from files failed with "Not found: Could not locate the credentials file.".

How to pass the google credentials file to a container running locally on my personal laptop?

pedro malheiro
  • 11
  • 2
  • If you are running on Compute Engine, use a volume mount. Then you can specify **GOOGLE_APPLICATION_CREDENTIALS=/volume/mount/path" as a normal environment variable inside your container. – John Hanley May 23 '22 at 00:28
  • Does this answer your question? [Add a file in a docker image](https://stackoverflow.com/questions/56670437/add-a-file-in-a-docker-image) – Martin Zeitler May 23 '22 at 04:09
  • @JohnHanley It rather seems to be the situation, to connect from a local container to GCS in order to run TF2, despite the question doesn't literally state that. – Martin Zeitler May 23 '22 at 04:27
  • @MartinZeitler - Hi Martin, I am not sure what you mean. The only Google service that supports running Docker is Compute Engine. That is why I said, "If you are running on Compute Engine". – John Hanley May 23 '22 at 06:11
  • @JohnHanley The question does not tell where the container runs, while the `docker` command seemingly had been issued in a local shell ...that's why I'd assume this scenario. Ir probably doesn't even matter where it runs, while the task is to add a config file into it. – Martin Zeitler May 23 '22 at 06:28
  • Does my article help? https://medium.com/google-cloud/use-google-cloud-user-credentials-when-testing-containers-locally-acb57cd4e4da – guillaume blaquiere May 23 '22 at 07:20
  • Hi @JohnHanley, like Martin said, Im running the container in my personal laptop. Sorry for forgetting to mention it on my post, which I have just edited accordingly. Thank you – pedro malheiro May 23 '22 at 08:58
  • Docker volume mount work on your laptop as well. – John Hanley May 23 '22 at 18:04

2 Answers2

1

You cannot "pass" an external path, but have to add the JSON into the container.

Martin Zeitler
  • 59,798
  • 15
  • 122
  • 186
0

Two ways to do it:

secrets - work with docker swarm mode.

  • create docker secrets
  • use secret with a container using --secret

Advantage being, secrets are encrypted. Secrets are decrypted when mounted to containers.

gagan
  • 95
  • 1
  • 6