Skip to content

Instantly share code, notes, and snippets.

@magickatt
Created February 24, 2023 15:21
Show Gist options
  • Save magickatt/94529989ba664d380431efd6a392caab to your computer and use it in GitHub Desktop.
Save magickatt/94529989ba664d380431efd6a392caab to your computer and use it in GitHub Desktop.
Google Kubernetes Engine manifest for Workload Identity using Google Cloud IAM
apiVersion: v1
kind: ServiceAccount
metadata:
# Create a GKE Service Account that binds to a GCP Service Account
name: my_service_gke_serviceaccount
namespace: default
annotations:
iam.gke.io/gcp-service-account: my-project-gcp-serviceaccount@project-123456.iam.gserviceaccount.com
---
apiVersion: v1
kind: Pod
metadata:
name: workload-identity-test
namespace: default
spec:
containers:
- image: google/cloud-sdk:slim
name: workload-identity-test
command: ["sleep","infinity"]
# Run this Pod using the GKE Service Account (above)
serviceAccountName: my_service_gke_serviceaccount
nodeSelector:
iam.gke.io/gke-metadata-server-enabled: "true"
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment