{"id":25050646,"url":"https://github.com/steadybit/extension-gcp","last_synced_at":"2026-04-20T11:04:32.091Z","repository":{"id":191379499,"uuid":"683029922","full_name":"steadybit/extension-gcp","owner":"steadybit","description":"A Steadybit discovery and action implementation to inject faults into various Google Cloud services.","archived":false,"fork":false,"pushed_at":"2026-03-09T13:43:17.000Z","size":1196,"stargazers_count":1,"open_issues_count":0,"forks_count":0,"subscribers_count":1,"default_branch":"main","last_synced_at":"2026-03-09T18:25:18.595Z","etag":null,"topics":["attack","chaos","chaos-engineering","gcp","google","google-cloud","google-cloud-platform","resilience","vm"],"latest_commit_sha":null,"homepage":"https://hub.steadybit.com/extension/com.steadybit.extension_gcp","language":"Go","has_issues":true,"has_wiki":null,"has_pages":null,"mirror_url":null,"source_name":null,"license":"mit","status":null,"scm":"git","pull_requests_enabled":true,"icon_url":"https://github.com/steadybit.png","metadata":{"files":{"readme":"README.md","changelog":"CHANGELOG.md","contributing":"CONTRIBUTING.md","funding":null,"license":"LICENSE","code_of_conduct":null,"threat_model":null,"audit":null,"citation":null,"codeowners":null,"security":null,"support":null,"governance":null,"roadmap":null,"authors":null,"dei":null,"publiccode":null,"codemeta":null,"zenodo":null,"notice":null,"maintainers":null,"copyright":null,"agents":null,"dco":null,"cla":null}},"created_at":"2023-08-25T12:34:57.000Z","updated_at":"2026-03-09T13:43:21.000Z","dependencies_parsed_at":"2023-08-29T16:39:38.206Z","dependency_job_id":"f305b6e1-724e-42f6-8aae-02483d78a9f3","html_url":"https://github.com/steadybit/extension-gcp","commit_stats":{"total_commits":114,"total_committers":5,"mean_commits":22.8,"dds":0.6491228070175439,"last_synced_commit":"2e5d57c9904ddfeeda80d5022108ac82956f6688"},"previous_names":["steadybit/extension-gcp"],"tags_count":59,"template":false,"template_full_name":"steadybit/extension-scaffold","purl":"pkg:github/steadybit/extension-gcp","repository_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/steadybit%2Fextension-gcp","tags_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/steadybit%2Fextension-gcp/tags","releases_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/steadybit%2Fextension-gcp/releases","manifests_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/steadybit%2Fextension-gcp/manifests","owner_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/owners/steadybit","download_url":"https://codeload.github.com/steadybit/extension-gcp/tar.gz/refs/heads/main","sbom_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/steadybit%2Fextension-gcp/sbom","scorecard":null,"host":{"name":"GitHub","url":"https://github.com","kind":"github","repositories_count":286080680,"owners_count":30314401,"icon_url":"https://github.com/github.png","version":null,"created_at":"2022-05-30T11:31:42.601Z","updated_at":"2026-03-09T20:05:46.299Z","status":"ssl_error","status_checked_at":"2026-03-09T19:57:04.425Z","response_time":61,"last_error":"SSL_connect returned=1 errno=0 peeraddr=140.82.121.6:443 state=error: unexpected eof while reading","robots_txt_status":"success","robots_txt_updated_at":"2025-07-24T06:49:26.215Z","robots_txt_url":"https://github.com/robots.txt","online":false,"can_crawl_api":true,"host_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub","repositories_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories","repository_names_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repository_names","owners_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/owners"}},"keywords":["attack","chaos","chaos-engineering","gcp","google","google-cloud","google-cloud-platform","resilience","vm"],"created_at":"2025-02-06T09:17:06.925Z","updated_at":"2026-04-20T11:04:32.080Z","avatar_url":"https://github.com/steadybit.png","language":"Go","funding_links":[],"categories":[],"sub_categories":[],"readme":"\u003cimg src=\"./logo.svg\" height=\"130\" align=\"right\" alt=\"Google Cloud logo\"\u003e\n\n# Steadybit extension-gcp\n\nA [Steadybit](https://www.steadybit.com/) discovery and attack implementation to inject faults into various Google Cloud / GCP services.\n\nLearn about the capabilities of this extension in our [Reliability Hub](https://hub.steadybit.com/extension/com.steadybit.extension_gcp).\n\n## Configuration\n\n| Environment Variable                                   | Helm value                       | Meaning                                                                                                                                                                                               | Required | Default                                        |\n|--------------------------------------------------------|----------------------------------|-------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------|----------|------------------------------------------------|\n| `STEADYBIT_EXTENSION_CREDENTIALS_KEYFILE_PATH`         | gcp.credentialsKeyfilePath       | To authorize using a JSON key file via location path (https://cloud.google.com/iam/docs/managing-service-account-keys)                                                                                | false    | Tries to get a client with default google apis |\n| `STEADYBIT_EXTENSION_PROJECT_ID`                       | gcp.projectID                    | Legacy single-project configuration. Kept for backward compatibility. Mutually exclusive with `STEADYBIT_EXTENSION_PROJECT_IDS` and `STEADYBIT_EXTENSION_PROJECTS_ADVANCED`.                          | false    |                                                |\n| `STEADYBIT_EXTENSION_PROJECT_IDS`                      | gcp.projectIDs                   | Comma-separated list of GCP project IDs to discover. All projects are accessed with the same credentials (ADC or `CREDENTIALS_KEYFILE_PATH`).                                                         | false    |                                                |\n| `STEADYBIT_EXTENSION_PROJECTS_ADVANCED`                | gcp.projectsAdvanced             | JSON array configuring per-project service-account impersonation, e.g. `[{\"projectId\":\"proj-a\",\"impersonateServiceAccount\":\"sa@proj-a.iam.gserviceaccount.com\"}]`.                                    | false    |                                                |\n| `STEADYBIT_EXTENSION_WORKER_THREADS`                   | gcp.workerThreads                | Number of goroutines used to fan discovery across configured projects.                                                                                                                                | false    | 1                                              |\n| `STEADYBIT_EXTENSION_DISCOVERY_ATTRIBUTES_EXCLUDES_VM` | discovery.attributes.excludes.vm | List of Target Attributes which will be excluded during discovery. Checked by key equality and supporting trailing \"*\"                                                                                | false    |                                                |\n\nExactly one of `STEADYBIT_EXTENSION_PROJECT_ID`, `STEADYBIT_EXTENSION_PROJECT_IDS`, or `STEADYBIT_EXTENSION_PROJECTS_ADVANCED` must be set; setting more than one fails startup.\n\nThe extension supports all environment variables provided by [steadybit/extension-kit](https://github.com/steadybit/extension-kit#environment-variables).\n\nWhen installed as linux package this configuration is in`/etc/steadybit/extension-gcp`.\n\n### Authorization configuration\n\nProvide the credentials to authorize the extension to access the Google Cloud API. The extension supports two ways to provide the credentials:\nProvide a JSON key file via the environment variable `STEADYBIT_EXTENSION_CREDENTIALS_KEYFILE_PATH` and mount it to the extension.\nOr create a secret with the key `credentialsKeyfileJson` and provide the json there.\n\n### Multi-project configuration\n\nThe extension can discover resources across multiple GCP projects. Two modes are supported:\n\n#### Shared credentials (simple)\n\nList the projects in `STEADYBIT_EXTENSION_PROJECT_IDS` / `gcp.projectIDs`. The same identity (ADC or keyfile) is used to call every project, so that identity must hold the required permissions in each project.\n\n```\n--set gcp.projectIDs=\"proj-a,proj-b,proj-c\"\n```\n\n#### Per-project service-account impersonation (advanced)\n\nUse `STEADYBIT_EXTENSION_PROJECTS_ADVANCED` / `gcp.projectsAdvanced` to define a dedicated service account per project. At runtime the extension's base identity exchanges tokens via the IAM Credentials API (`iam.serviceAccounts.getAccessToken`) to act as each target service account. This is the recommended pattern for environments that isolate permissions per project.\n\n```yaml\ngcp:\n  projectsAdvanced: |\n    [\n      {\"projectId\":\"proj-a\",\"impersonateServiceAccount\":\"extension@proj-a.iam.gserviceaccount.com\"},\n      {\"projectId\":\"proj-b\",\"impersonateServiceAccount\":\"extension@proj-b.iam.gserviceaccount.com\"}\n    ]\n```\n\nPrerequisites for impersonation:\n\n1. Each target project has a dedicated service account (e.g. `extension@proj-a.iam.gserviceaccount.com`) with the IAM roles it needs to perform the configured attacks.\n2. The identity the extension runs as (its base ADC or keyfile service account) has the `roles/iam.serviceAccountTokenCreator` role on every target service account. See [Service account impersonation](https://cloud.google.com/iam/docs/service-account-impersonation).\n\n## Installation\n\n### Kubernetes\n\nDetailed information about agent and extension installation in kubernetes can also be found in\nour [documentation](https://docs.steadybit.com/install-and-configure/install-agent/install-on-kubernetes).\n\n#### Recommended (via agent helm chart)\n\nAll extensions provide a helm chart that is also integrated in the\n[helm-chart](https://github.com/steadybit/helm-charts/tree/main/charts/steadybit-agent) of the agent.\n\nYou must provide additional values to activate this extension.\n\n```\n--set extension-gcp.enabled=true \\\n--set extension-gcp.gcp.projectID=YOUR_GCP_PROJECT_ID \\\n--set extension-gcp.gcp.credentialsKeyfilePath=PATH_TO_JSON_FILE \\\n```\n\nAdditional configuration options can be found in\nthe [helm-chart](https://github.com/steadybit/extension-gcp/blob/main/charts/steadybit-extension-gcp/values.yaml) of the\nextension.\n\n#### Alternative (via own helm chart)\n\nIf you need more control, you can install the extension via its\ndedicated [helm-chart](https://github.com/steadybit/extension-gcp/blob/main/charts/steadybit-extension-gcp).\n\n```bash\nhelm repo add steadybit-extension-gcp https://steadybit.github.io/extension-gcp\nhelm repo update\nhelm upgrade steadybit-extension-gcp \\\n    --install \\\n    --wait \\\n    --timeout 5m0s \\\n    --create-namespace \\\n    --namespace steadybit-agent \\\n    --set gcp.projectID=YOUR_GCP_PROJECT_ID \\\n    --set gcp.credentialsKeyfilePath=PATH_TO_JSON_FILE \\\n    steadybit-extension-gcp/steadybit-extension-gcp\n```\n\n### Linux Package\n\nPlease use\nour [agent-linux.sh script](https://docs.steadybit.com/install-and-configure/install-agent/install-on-linux-hosts)\nto install the extension on your Linux machine. The script will download the latest version of the extension and install\nit using the package manager.\n\nAfter installing, configure the extension by editing `/etc/steadybit/extension-gcp` and then restart the service.\n\n## Extension registration\n\nMake sure that the extension is registered with the agent. In most cases this is done automatically. Please refer to\nthe [documentation](https://docs.steadybit.com/install-and-configure/install-agent/extension-registration) for more\ninformation about extension registration and how to verify.\n\n## IAM Permissions\n\n### Discovery\n\nTo discover vm instances, the extension needs the following IAM permissions:\n\n- `compute.instances.list`\n\n### Attack\n\nTo attack vm instances, the extension needs the following IAM permissions:\n\n- `compute.instances.reset`\n- `compute.instances.stop`\n- `compute.instances.suspend`\n- `compute.instances.delete`\n- `compute.instances.start`\n\n### Create Role and ServiceAccount\n\n1. Create a service role \"steadybit-extension-gcp\" with the following permissions:\n\n- `compute.instances.list`\n- `compute.instances.reset`\n- `compute.instances.stop`\n- `compute.instances.suspend`\n- `compute.instances.delete`\n- `compute.instances.start`\n\n2. Create a service account using the role \"steadybit-extension-gcp\".\n3. Create an access key for that service account and download the JSON key to key.json\n4. Create a kubernetes secret with the key.json file:\n```bash\nkubectl create secret generic extension-gcp -n steadybit-agent \\\n    --from-file=credentialsKeyfileJson=./key.json\n```\n\n5. Apply the helm chart while refenrencing the created secret\n\n\n## Version and Revision\n\nThe version and revision of the extension:\n- are printed during the startup of the extension\n- are added as a Docker label to the image\n- are available via the `version.txt`/`revision.txt` files in the root of the image\n","project_url":"https://awesome.ecosyste.ms/api/v1/projects/github.com%2Fsteadybit%2Fextension-gcp","html_url":"https://awesome.ecosyste.ms/projects/github.com%2Fsteadybit%2Fextension-gcp","lists_url":"https://awesome.ecosyste.ms/api/v1/projects/github.com%2Fsteadybit%2Fextension-gcp/lists"}