Skip to content

Instantly share code, notes, and snippets.

@Neutrollized
Last active March 4, 2023 19:35
Show Gist options
  • Save Neutrollized/8314af014251354442edfaa4e490c713 to your computer and use it in GitHub Desktop.
Save Neutrollized/8314af014251354442edfaa4e490c713 to your computer and use it in GitHub Desktop.
Medium: Workload Identity explained using kaniko
apiVersion: v1
kind: Pod
metadata:
name: kaniko-k8s-secret
spec:
containers:
- name: kaniko
image: gcr.io/kaniko-project/executor:v1.9.1
args: ["--dockerfile=Dockerfile",
"--context=gs://${GCS_BUCKET}/path/to/context.tar.gz",
"--destination=gcr.io/${PROJECT}/${IMAGE_NAME}:${IMAGE_TAG}",
"--cache=true"]
volumeMounts:
- name: kaniko-secret
mountPath: /secret
env:
- name: GOOGLE_APPLICATION_CREDENTIALS
value: /secret/kaniko-secret.json
restartPolicy: Never
volumes:
- name: kaniko-secret
secret:
secretName: kaniko-secret
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment