Unauthorized error in CloudQuery deployment with API key usage guidance needed

Hi guys, I am deploying CloudQuery in my Kubernetes cluster and I am getting an unauthorized error:

{"level":"warn","module":"cli","time":"2024-03-14T11:12:59Z","message":"when using the CloudQuery registry, it's recommended to log in via `cloudquery login`. Logging in allows for better rate limits and downloading of premium plugins"}

I want to use CLOUDQUERY_API_KEY=<your-api-key>, but I am not sure where I should use the API key. I cannot export it on the server directly, and I want to use it as a secret. However, I have no idea how to do this in the config or cronjob. Can someone please share an example as well?

I have created the secret and used it in the cronjob, but it didn’t work.

Hi @live-bonefish,

If you set CLOUDQUERY_API_KEY as an environment variable, it should work.

Can you share your Kubernetes configs maybe, so we can have a look at what the problem could be?

apiVersion: v1
kind: ConfigMap
metadata:
  name: cloudquery-apikey
  namespace: cloudquery
data:
  CLOUDQUERY_API_KEY: xxxxxxxxxx

Could you share the cronjob config as well?

Also, I don’t know if you’ve seen it, but there is a tutorial on deploying to Kubernetes here. It doesn’t show CLOUDQUERY_API_KEY specifically, but it does use other secrets.

So if you see, I am doing something like this:

envFrom:
  - secretRef:
      name: cloudquery-secret-test

Ok, thanks. Did you create the secret like this?

kubectl create secret generic cloudquery-secret-test \
--from-literal=CLOUDQUERY_API_KEY=<your_key>

I don’t have a specific example for CLOUDQUERY_API_KEY, but it’s an environment variable like any other.

i am not sure what I am doing wrong here

Can you double-check the command you used to create the secret and make sure there are no typos or anything?

You can also do

kubectl describe secret cloudquery-secret-test

Ahh man, it was the typo in the token. Thank you, I appreciate the help @herman!