Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Replace workload identity with workload identity federation #2451

Open
NimJay opened this issue Mar 29, 2024 · 1 comment
Open

Replace workload identity with workload identity federation #2451

NimJay opened this issue Mar 29, 2024 · 1 comment
Labels
priority: p3 Desirable enhancement or fix. May not be included in next release. type: feature request ‘Nice-to-have’ improvement, new feature or different behavior or design.

Comments

@NimJay
Copy link
Collaborator

NimJay commented Mar 29, 2024
edited

Describe request or inquiry

  • We can now bind Google Cloud IAM roles directly to Kubernetes ServiceAccount — instead of using Google Service Accounts as a link between the roles and Kubernetes ServiceAccount.
  • We do this through a feature called Workload identity federation.

What purpose/environment will this feature serve?
@NimJay NimJay added type: feature request ‘Nice-to-have’ improvement, new feature or different behavior or design. priority: p3 Desirable enhancement or fix. May not be included in next release. labels Mar 29, 2024
@mathieu-benoit
Copy link
Contributor

Simplifying a lot the setup of the KSA/GSA, etc. indeed!

JFYI: I just updated this blog post with this new approach with Online Boutique and Spanner: https://medium.com/p/f7248e077339, just sharing! ;)

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
priority: p3 Desirable enhancement or fix. May not be included in next release. type: feature request ‘Nice-to-have’ improvement, new feature or different behavior or design.
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
2 participants
@NimJay @mathieu-benoit