use gcsfuse to mount google cloud storage buckets in a docker container

Question

I am trying to mount a google cloud bucket from within a docker container and get the following error:

[root@cdbdc9ccee5b workdir]# gcsfuse -o allow_other  --debug_gcs --key-file=/src/gcloud_service_account.json my-bucket-name /gcloud
Using mount point: /gcloud
Opening GCS connection...
Opening bucket...
daemonize.Run: readFromProcess: sub-process: mountWithArgs: mountWithConn:     setUpBucket: OpenBucket: Bad credentials for bucket "my-bucket". Check the bucket name and your credentials.

My credentials work on my host machine, but not on the running container. The API says not to use root to connect, but you can override that with the -o allow_other flag (fuse flag). Any ideas are appreciated.

This is running on a centos7 base image

Answer 1

You really want to avoid running containers using the --privileged option. I believe you only need to add the SYS_ADMIN capability and access to the /dev/fuse device.

docker run \
    --rm -it \
    --cap-add SYS_ADMIN \
    --device /dev/fuse \
    ubuntu

Answer 2

Update: I was able to get gcsfuse to mount. I had to run docker with the --priviledged option. (thanks #thaJeztah for the breadcrumb!)

Answer 3

Root versus not is a red herring here; the credentials in question are GCS credentials.

See here for documentation on handing GCS credentials to gcsfuse. The easiest way to do this is with the credentials you configured your GCE VM with originally (assuming you're running on GCE), which is what makes running gcsfuse work without any further effort usually. But if that doesn't work, you can use the flag --key-file to give gcsfuse a path to a JSON key file you download from the Google Developers Console.