Connect Kubernetes service account to Google Cloud service account
Question
I'm developing a service running in Google Kubernetes Engine and I would like to use Google Cloud functionality from that service. I have created a service account in Google Cloud with all the necessary roles and I would like to use these roles from the pod running my service.
I have read this: https://cloud.google.com/kubernetes-engine/docs/tutorials/authenticating-to-cloud-platform and I was wondering if there is an easier way to "connect" the two kinds of service accounts ( defined in Kubernetes - defined in Google Cloud IAM )?
Thanks
2 answers
solution1
0 ACCPTED 2019-05-24 11:07:44
I don't think there is any direct link. K8s service accounts are purely internal. You could try granting GIAM permissions to serviceaccount:name but that seems unlikely to work. More likely you would put the Google SA credentials in a secret and then write an RBAC policy giving your K8s SA read access to it.
solution2
0 2022-09-12 07:29:02
Read that topic. You need to enbale Workload Identity on your cluster and than you can annotate kubernetes service account with IAM on google. https://cloud.google.com/kubernetes-engine/docs/how-to/workload-identity
The technical post webpages of this site follow the CC BY-SA 4.0 protocol. If you need to reprint, please indicate the site URL or the original address.Any question please contact:yoyou2525@163.com.