Nodejs firebase-admin authenticate with application default credentials in Google Kubernetes engine

Question

I am trying integrate firebase-admin sdk to kubernetes cluster but I am getting following error on my pod. Cluster should have needed permissions.

FIREBASE WARNING: Provided authentication credentials for the app named 
"[DEFAULT]" are invalid. This usually indicates your app was not 
initialized correctly. Make sure the "credential" property provided to 
initializeApp() is authorized to access the specified "databaseURL" and 
is from the correct project.

Initialization code:

var admin = require("firebase-admin");

admin.initializeApp({
  credential: admin.credential.applicationDefault(),
  databaseURL: "https://<DATABASE_NAME>.firebaseio.com"
});

In my development environment initialization works such fine. gcloud is authenticated against my project.

How application default credentials are enabled to Kubernetes engine?

Thanks in advance.

Answer 1

Have you configured a service account within the Kubernetes/Container cluster to authenticate to your database/other Google Cloud Platform services?

Service accounts can not only be used for providing the required authorization to use Google Cloud Platform APIs but Kubernetes/Container Engine apps can also use them to authenticate to other services.

You can import the credentials created by the service account into the container cluster so that applications you run in Kubernetes can make use of them.

The Kubernetes Secret resource type enables you to store the credentials/key inside the container cluster so that applications deployed on the cluster can use them directly.

As Hiranya points out in his comment, the GOOGLE_APPLICATION_CREDENTIALS environment variable needs to then point to the key.

Take a look at this page, in particular steps 3, 4 and 5 for more details on how to do this.