higebu/gcp_workload_identity_test_on_gke_autopilot.md

Created April 25, 2022 23:54

Star (0) You must be signed in to star a gist
Fork (0) You must be signed in to fork a gist

Learn more about clone URLs
Clone this repository at <script src="https://gist.github.com/higebu/d4c6b4d1107307d4b8f20c6cfb2237c8.js"></script>
Save higebu/d4c6b4d1107307d4b8f20c6cfb2237c8 to your computer and use it in GitHub Desktop.

Download ZIP

[GCP] Workload Identity Test on GKE Autopilot

Raw

gcp_workload_identity_test_on_gke_autopilot.md

https://cloud.google.com/kubernetes-engine/docs/how-to/workload-identity?hl=ja

Autopilot では nodeSelector で iam.gke.io/gke-metadata-server-enabled が使えないので、 wi-test.yaml を下記のようにする (Autopilot ではデフォルトで iam.gke.io/gke-metadata-server-enabled は true になっている)

apiVersion: v1
kind: Pod
metadata:
  name: workload-identity-test
  namespace: default
spec:
  containers:
    - image: google/cloud-sdk:slim
      name: workload-identity-test
      command: ["sleep","infinity"]
  serviceAccountName: sql-proxy-account