Configure cloud credentials

Self-managed Primary Sites need additional cloud credentials to import data from its corresponding Edge Sites.

Use the instructions below to configure your Primary Site cloud credentials, then Continue installation.

Google Cloud Platform (GCP)

Install a Secret named gcp-cloud-credential into the foxglove namespace. This secret should contain a single key credentials.json with the contents of json key file.

Use the kubectl command to set the secret from an existing credentials.json file.

kubectl create secret generic gcp-cloud-credential \
  -n foxglove \
  --from-file=./credentials.json

The Primary Site deployment will mount this secret into a volume and read the credentials.json file to initialize the GCP client.

Amazon Web Services (AWS)

Authenticate using IAM Roles associated with service accounts or access key and secret credentials.

Service accounts

Create your IAM Roles in AWS to have appropriate access to the lake and inbox buckets. Set up the EKS OIDC provider to allow the roles assumed by the services.

Edit the serviceAccount section in the Helm chart, and add the IAM Role's Amazon Resource Name (ARN) as annotation for the inboxListener, streamService and garbageCollector services:

serviceAccount:
  enabled: true
  annotations:
    eks.amazonaws.com/role-arn: arn:aws:iam::xxxxxxxxxxxx:role/foxglove-inbox-listener-sa-role

Access key

Install a Secret named cloud-credentials into the foxglove namespace. This secret should contain the credentials for your AWS key:

Check out the following example secret configuration file:

apiVersion: v1
kind: Secret
metadata:
  name: cloud-credentials
type: Opaque
stringData:
  AWS_ACCESS_KEY_ID: AKIAIOSFODNN7EXAMPLE
  AWS_SECRET_ACCESS_KEY: wJalrXUtnFEMI/K7MDENG/bPxRfiCYEXAMPLEKEY
  AWS_DEFAULT_REGION: us-west-2

Azure

Install a Secret named cloud-credentials into the foxglove namespace. This secret should contain the credentials for your Azure account: